lorodoes
commented
1 month ago The Jellyfin server is what handles the client connections. Jellyfin can already do HTTPS, but I don't think it's possible for something like a Roku to do mTLS. My recommendation would be to put Jellyfin on either a non-standard port and/or put a WAF, firewall, fail2ban, and other security programs infront of and along with the jellyfin server. Simple stuff like make sure you patch your jellyfin server and using strong passwords. Lastly, you could ip address restrict your jellyfin, but that require you to know what ip address the roku is coming from and be able to add it to a list.
Describe the feature you'd like
Client Certificate for pre-auth.
In short, if you don’t have the client certificate & I have a Roku port open on the internet, you can’t even tell what it is unless you have the client cert
then you could proceed normal auth.
Ideas: