I’m still not seeing how this solves the issue. You either use Cloudflare or your reverse proxy as the auth, which is secure but then people can only use your Jellyfin server through a web browser, or you publish actual Jellyfin and use its auth, but now you rely on its poor security.
Are you saying you integrate fail to ban with Jellyfin’s auth? If so that’s alright, but won’t stop anyone from using an exploit, just brute force attacks. I’m still also not sure why the VPS is required at all.
I’m still not seeing how this solves the issue. You either use Cloudflare or your reverse proxy as the auth, which is secure but then people can only use your Jellyfin server through a web browser, or you publish actual Jellyfin and use its auth, but now you rely on its poor security.
Are you saying you integrate fail to ban with Jellyfin’s auth? If so that’s alright, but won’t stop anyone from using an exploit, just brute force attacks. I’m still also not sure why the VPS is required at all.