I’m using cloudflare tunnel to access my movie collection on selfhosted jellyfin. Jellyfin accounts are behind a strong password.
Considering it’s on the web, how bad is it? I’m not thinking about attacks, can I be flagged for piracy or things? Where does the ISP stand?
You would have to exclude the */api/ path in the authentik provide settings, so that if something wants to call the jellyfin api (like Swiftfin) it can go around the sso. It’s not the best practice for security but the only working way I have found.