I’m not sure if you know this, but…that doesn’t fix most of the security issues in the linked list. All the reverse proxy does is handle hostname resolution and TLS termination (if you are using TLS). If the application being proxies still has an unauthenticated API, anyone can access it. If there’s an RCE vulnerability in any of them, you might get hacked.

I run Jellyfin publicly, but I do it behind a separate, locked-down reverse proxy (e.g., it explicitly hangs up any request for a Host header other than Jellyfin’s), in a kubernetes cluster, and I keep its pod isolated in its own namespace with restricted access to everything local except to my library via read-only NFS volumes hosted on a separate TrueNAS box. If there is any hack, all they get access to is a container that can read my media files. Even that kind of bothers me, honestly.

The overwhelming majority of Jellyfin users do not take precautions like this and are likely pretty vulnerable. Plex has a security team to address vulnerabilities when they happen, so those users would likely be a lot safer. I appreciate the love for FOSS on Lemmy, but it is scary how little most folks here acknowledge the tradeoffs they are making.

If you want to be on the hook for all IT requests from folks you share with, this is a fine approach. There are people out there who honestly don’t have a problem with that and more power to them. I doubt they are the majority, and a lot of selfhosters completely ignore this aspect of software. There is a reason non-free services exist beyond just “capitalism bad.” I mean, capitalism indeed bad, but your time is worth something.