No awards are needed, just wanted to share my excitement that while my Jellyfin server still keeps loosing my entire library every 24 hours at least now it has a domain and ssl cert!

That is all. Happy Friday everyone

      • mic_check_one_two@lemmy.dbzer0.comEnglish
        3·
        4 hours ago

        There are a few security issues with it, but all of the worst known issues require a valid login token. So an attacker would already need to have valid login credentials before they could actually do anything bad. Things like being able to stream video without authentication (but it requires already having a list of the stored media on the server, which means you have been logged in before). Or being able to change other users’ settings (but it requires already being logged in to a valid user).

        Basically, make sure you use good passwords, and actually trust any other users to do the same.

      • tux7350@lemmy.worldEnglish
        21·
        4 hours ago

        Ya got three options.

        Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.

        Option B is to generate a certificate with Let’s Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.

        Option C is to buy a certificate from your DNS provider aka something like cloudflare.

        IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.

        I like helping and fixing stuff, if you’d like to know anything just ask :D

        • RunningInRVA@lemmy.worldEnglish
          41·
          4 hours ago

          None of these are client certificates btw. These are just ways to have your server use TLS encryption with any client that connects but it offers no authorization. If you want authorization with client certificates you need to implement mTLS (Mutual TLS).

          • tux7350@lemmy.worldEnglish
            2·
            4 hours ago

            Oooo ya know I actually don’t know about these. I’ve done both A and B for my homelab and C for work.

            Any good resources / insight into mTLS? I appreciate the response btw!

              • tux7350@lemmy.worldEnglish
                33·
                4 hours ago

                Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.

                But yeah I know how to fucking Google lol

                • RunningInRVA@lemmy.worldEnglish
                  43·
                  4 hours ago

                  Yes it’s a forum. But just because I corrected your error doesn’t mean I am obligated to do a whole fucking write up for you or go to google myself for you. Grow up.