Hi y’all, thanks for the help with my question yesterday. I did a bit of homework, and I think I’ve got things figured out. Here’s my revised plan:
-
configure a cron job to update DuckDNS with my IP address every 5 minutes
-
use ufw to block all incoming traffic, except to ports 80 and 443, to allow incoming traffic to reach Caddy
-
configure the Caddyfile to direct traffic from my DuckDNS subdomain to Jellyfin’s port
Does this seem right this time? Am I missing anything, or unnecessarily adding steps? Thanks in advance, I’ll get the hang of all this someday!
If it’s for your personal use and no one else is going to connect, why don’t you just configure a wireguard tunnel to remotely connect to your server as if you were in LAN without exposing anything?
I’d like to be able to share it with friends and family
Tailscale has the Funnel feature too, which puts the endpoint on Tailscale’s servers.
You could do both - Funnel for people who you don’t want to walk through setting up a client, and use the client for those who you’re willing to put the effort into.
My preference would be to avoid Tailscale, but I’ll check it out. Thanks!
I second this for the funnel feature
It made my whole issue with ports easy since it forwards only one open port
Tailscale allows you to do the same except you can create keys with limited access to only certain ports (just in case you don’t want them peeking around your server).