Hi y’all, thanks for the help with my question yesterday. I did a bit of homework, and I think I’ve got things figured out. Here’s my revised plan:

  1. configure a cron job to update DuckDNS with my IP address every 5 minutes

  2. use ufw to block all incoming traffic, except to ports 80 and 443, to allow incoming traffic to reach Caddy

  3. configure the Caddyfile to direct traffic from my DuckDNS subdomain to Jellyfin’s port

Does this seem right this time? Am I missing anything, or unnecessarily adding steps? Thanks in advance, I’ll get the hang of all this someday!

  • Onomatopoeia@lemmy.cafeEnglish
    6·
    2 days ago

    Meh, I won’t expose ports anymore - last time I did I had someone hammering on it hard enough to slow my consumer router.

    I closed the port and would still have someone hammer it occasionally for months, hoping the port was still open.

    • compostgoblin@lemmy.blahaj.zoneOPEnglish
      4·
      2 days ago

      Just for my own education, if you don’t mind - how were you able to tell someone was hammering on the port if it was closed? Would fail2ban have been an option to stop them?

    • dgdft@lemmy.worldEnglish
      1·
      2 days ago

      Yeah, fair point — I was only talking RCE.

      That’s a real risk if you get hit by a lazy stuffing script, and I personally SSH tunnel my self-hosted to a public VPS to avoid that sorta thing.

      @Op, if you do notice slowdowns for your whole network & suspicious noise in your Jellyfin logs, the easy move is to configure fail2ban and ask your ISP to rotate your router’s IP for you.