“I have to get over this some time, why not now?”

~ Louis Wu, from Ringworld, written by Larry Niven.

“Because I’m not ready” is also a valid answer, but it gets your brain moving towards the goal I find.

Yikes, how Draconian. Id be fucking pissed if someone came in and forcibly open sourced a product I had invested millions in developing.

That’s overly complicated for some of the users - most of them aren’t very tech savvy, and they’re watching via all kinds of devices - TV’s, iOS, Kindle, etc.

I don’t see any major security reason for access requiring a VPN. Are there particular vulnerabilities that you’re concerned about, or just those that generally come from having a web-facing service?

A VPN would not be practical for my situation, as the instance is used by various family members and friends. I’m happy for them to use my JF instance but I’m not providing VPN services as well.

If you’re not referring to any specific vulnerabilities in JF then I feel confident there are no exceptional risks from allowing web access to JF? Just the usual ones?

Does jellyfin have known vulnerabilities for bots to exploit? It’s been up for several years with, afaik, no problems.

System has usual steps taken to harden it, JF is behind an apache proxy, letsencrypt handles ssl certs, fail2ban is running, and users are required to have strong passwords with no option to reset or self-register.

What’s the issue? I’ve run mine exposed for several years…

I love Jellyfin, but they need to sort their subtitle support out.

Is it Dashy?

Edit: nope, it’s Homepage