You really can’t in practice. Maybe look into Simplex Chat

It does though

Do not expose Jellyfin to the internet. Local network is mostly fine since the real threats are the bots

I personally wouldn’t expose anything to the internet. You could always setup a computer on a different network that routes traffic over netbird

Well the other option would be a VPN

The implementation

It runs JavaScript and the actual algorithm could use improvement.

Isn’t that for VoIP?

What?

Not to mention it relies on security though obscurity

It wouldn’t be that hard to figure out and bypass

Anubis is more of a economic solution. It doesn’t stop bots but it does make companies pay more to access content instead of having server operators foot the bill.

Anubis sucks

However, the number of viable options is limited.

Why did you choose Vxlan over regular vlans?

Are you running EVPN-Vxlan at all?

I personally would keep a Firewall and a access point

I personally like OpenWRT since it is Linux based

They need to switch to cookie based auth instead of doing the weird think with the URLs

I don’t get it

How do you control access?

I’m working on deploying Client side certificates that are validated by Caddy

Do you know if that will break applications?

Put Jellyfin behind something else that requires authentication before you can access Jellyfin at all

Docker CE is also just as foss

Docker community edition is fully foss

I like Podman but In don’t think foss is the driving factor in this case

Run Docker inside a LXC or VM

Fair enough