Please take this discussion to this post: https://lemmy.ml/post/28376589
Main content
Selfhosting is always a dilemma in terms of security for a lot of reasons. Nevertheless, I have one simple goal: selfhost a Jellyfin instance in the most secure way possible. I don't plan to access it anywhere but home.
TL;DR
I want the highest degree of security possible, but my hard limits are:
- No custom DNS
- Always-on VPN
- No self-signed certificates (unless there is no risk of MITM)
- No external server
Full explanation
I want to be able to access it from multiple devices, so it can't be a local-only instance.
I have a Raspberry Pi 5 that I want to host it on. That means I will not be hosting it on an external server, and I will only be able to run something light like securecore rather than something heavy like Qubes OS. Eventually I would like to use GrapheneOS to host it, once Android's virtual machine management app becomes more stable.
It's still crazy to me that 2TB microSDXC cards are a real thing.
I would like to avoid subscription costs such as the cost of buying a domain or the cost of paying for a VPN, however I prioritize security over cost. It is truly annoying that Jellyfin clients seldom support self-signed certificates, meaning the only way to get proper E2EE is by buying a domain and using a certificate authority. I wouldn't want to use a self-signed certificate anyways, due to the risk of MITM attacks. I am a penetration tester, so I have tested attacks by injecting malicious certificates before. It is possible to add self-signed certificates as trusted certificates for each system, but I haven't been able to get that to work since it seems clients don't trust them anyways.
Buying a domain also runs many privacy risks, since it's difficult to buy domains without handing over personal information. I do not want to change my DNS, since that risks browser fingerprinting if it differs from the VPN provider. I always use a VPN (currently ProtonVPN) for my devices.
If I pay for ProtonVPN (or other providers) it is possible to allow LAN connections, which would help significantly, but the issue of self-signed certificates still lingers.
With that said, it seems my options are very limited.
Your post is very confusing. You want to use it only locally (on your home), but it can't be a local-only instance.
You want to e2ee everything, but fail to mention why. There is no reason to do that on your own network.
I do not know why you want to use a VPN and what you want to do with it. Where do you want to connect to?
What is the attack vector you're worried about? Are there malicious entities on your network?
By "local-only" I meant on-device
Privacy and security.
Networks are not a trusted party in any capacity.
A VPN such as ProtonVPN or Mullvad VPN are used to displace trust from your ISP into your VPN provider and obscure your IP address while web browsing (among other benefits that I don't utilize).
These are good questions but not ones I can answer briefly.
My short answer: you're overthinking it way too hard and I think sticking that microSD-Card into the device you want to watch on is your best bet.
You're chasing ghosts.
If you don't trust the devices inside your own house, no amount of VPNs or e2ee are going to help.
If it's entirely on your lan, your isp isn't involved and a VPN is just adding unnecessary complications.