I’m using cloudflare tunnel to access my movie collection on selfhosted jellyfin. Jellyfin accounts are behind a strong password.
Considering it’s on the web, how bad is it? I’m not thinking about attacks, can I be flagged for piracy or things? Where does the ISP stand?
How would that work with a Jellyfin client running on a device like a Chromecast dongle? The code on the dongle doesn’t (IMHO) know how to log into an SSO service.
You would have to exclude the */api/ path in the authentik provide settings, so that if something wants to call the jellyfin api (like Swiftfin) it can go around the sso. It’s not the best practice for security but the only working way I have found.