I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?
I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?
Right, but I have wireguard on my opnsense. So when I want to reach https://jellyfin.example.com/ , if I am at home, it goes phone -> DNS -> proxy -> jellyfin (on the same network). If I am connected to the VPN, it goes from phone -> internet -> opnsense public ip -> wireguard subnet -> local subnet -> DNS -> proxy -> jellyfin. I see some unneeded extra steps here… Am I wrong?
Oh yeah, there’ll be some overhead if you’re running Wireguard on a router. Hitting your router’s public IP won’t go out to the internet though - the router will recognize that it’s its IP.
It’s common to run Wireguard on every computer/phone/tablet/etc where possible rather than just on the router, since this takes advantage of its peer-to-peer nature. For home use, that’s how it was originally designed to be used. Tailscale makes it a lot easier to configure it this way though - it’s a bit of work for vanilla Wireguard. Tailscale does support “subnet routers” if you have any devices that you want to access over the VPN that can’t run Tailscale.