I don’t disagree, and I am one of the VPN advocates you mention. Generally there is no issue with exposing jellyfin via proxy to the internet.

The original question seemed to imply an over-secure solution so a lot of over-secure solutions exist. There is good cause to operate services, like jellyfin, via some permanent VPN.

I would not publicly expose ssh. Your home IP will get scanned all the time and external machines will try to connect to your ssh port.

Over the top for security would be to setup a personal VPN and only watch it over the VPN. If you are enabling other users and you don’t want them on your network; using a proxy like nginx is the way.

Being new to this I would look into how to set these things up in docker using docker-compose.

I’m not your pal, friend.

You can accomplish the same with any VPN solution that supports split tunneling.

If you wanted to go overboard, don’t even make the server accessible publicly. Distribute keys to a Wireguard network that is accessible publicly. Mandate your players obtain keys from you to play.

Is not*

Edit:

It’s a punitive system, not a rehabilitative system. Americans still believe that punishment is the only way to handle deviancy. Most believe the punishments are not hard enough, this is the “tough on crime” take conservatives have been running on for decades.

The point of interest is what happens when those extremists are accused of crimes. Suddenly, exceptions should be carved out for them.

You still don’t read.

You asked a simple question about “better” which is pretty subjective for whooping out the references along accusations of falsehood.

“virally open source”

Which answered the original question quite succinctly. I wish you would have read more carefully before…

I transcode to ramdisk.