Selfhosted

Synology with Emby (do not use the connect service they offer) running behind my fortinet firewall. DDNS with my own domain name and ssl cert. Open 1 custom port (not 443) for it, and that's it. Geoblock every country but my own, which basically eliminated all random traffic that was hitting hit. I've been running it this way for 5 years now and have no issues to report.

I'm using a cheap VPS that connects over Tailscale to my home server. The VPS runs Nginx Proxy Manager, has a firewall and the provider offers DDOS protection and that's it.

Unifi teleport. A zero configuration VPN to my home network.

Headscale server on cheap vps with tailscale clients.

I'm trying to self host navidrome in docker with a cloudflare domain and reverse proxy on the same network. Still fiddling myself since I keep getting a 403 cloudflare no access error.

Essentially, using cert provided by cloudflare where they proxy to my ip. From there the reverse proxy routes to my service. If I'm understanding it right, anyone with my domain would only see cloudflare ip instead of my own. Someone correct me if I'm wrong. I'm still learning this stuff as well.

Prior to this, I was using tailscale which worked fine but I'd have to connect via tailscale everytime and some instances, it wouldn't connect properly at all.

no idea how safe or secure but i use cloudflare tunnel to point my jellyfin port on my computer

My router has a VPN server built-in. I usually use that.

With wireguard i set up an easy VPN, then vpn to the home network and use jellyfin.

If i cant use vpn, i have Jellyfin behind a caddy server with automatic https and some security settings.

Set up a VPN, use PiVPN

I use LSIO container stack so SWAG for the proxy. They have really good documentation and active discord docs.linuxserver.io