I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.

My SSL/TLS encryption mode appears to be “Full”.

  • key@lemmy.keychat.org
    link
    fedilink
    English
    arrow-up
    66
    ·
    edit-2
    10 months ago

    That will always happen with something exposed to internet. Attackers scan every IP and domain they can looking for vulnerabilities to exploit. There’s software you can put in place to block requests that look like exploit attempts. Cloudfare WAF is one example. But those are mitigations only and not perfectly effective. Beyond that there’s not much you can do. Always make sure anything you expose to the internet is configured securely and kept up to date. If it makes you uncomfortable, reconsider exposing it like that.

    • ares35@kbin.social
      link
      fedilink
      arrow-up
      13
      ·
      edit-2
      10 months ago

      bots will start hitting a brand new subdomain on my web server literally seconds after creating it. looking for exploitable scripts like wordpress, usually.

      • Domi@lemmy.secnd.me
        link
        fedilink
        English
        arrow-up
        5
        ·
        10 months ago

        You can avoid these scans by only using wildcards on your DNS entries and SSL certificates.

        Both of these are commonly used by bots to find new domains.