It depends on what you’re trying to do with it. Typically people only use Macs as servers when they’re doing development for Apple products.

Provide them with VPN access. If that’s too much for them, then they don’t get access. Tough. On the scale of security vs convenience, that’s nothing.

If you really really want, you should at least see if you can put a WAF in front, and put the server itself somewhere it doesn’t have access to the rest of your network (a DMZ) so that if and when it gets hacked, it doesn’t compromise the entire network.

Step one is check with the university IT department. Don’t put random unmanageable shit on other people’s networks.

Why a Mac running Linux? I can’t think of a use case for that.

I still don’t recommend putting jellyfin on the Internet. It’s not designed for it. There are some API endpoints you can access without authentication, not to mention potential authentication bypass vulnerabilities.

5 minutes is also probably too frequent. Leases are usually significantly longer. You might hit a rate limit and get blocked.

Then yes. The VPS provider will get it instead.

Probably through that link in your screenshot that says “logs”. Or directly on the server. Consult the documentation.

Safe from what?

And if you want to make it fancy, make that a wrapper script that checks the incoming file type. MP3s get transcoded, text files get opened, …

What’s in the logs?

If it’s on the Internet, yes.

Given the state of the Internet, you should keep a healthy level of paranoia. I always recommend exposing as little as possible, and that means using only a VPN and not putting jellyfin itself on the Internet.

Technically yes, but as long as your WAN gateway doesn’t provide a route, clients will only know how to reach your own gateway.

Agreed. Separate device. If your VM or hypervisor dies, or you misconfigure something, you take your Internet down. Not a fun thing to recover from.

You only need one port. WAN to switch, switch to router. The router routes and sends it back to the switch, and the switch to the LAN. Vice versa for outbound traffic. It’s called a router on a stick.

Not recommended if you’re paranoid about security, because a malicious client or particularly malformed inbound traffic could bypass your router. For general use it’s perfectly fine.

Gentrification is a bold choice for sure.

Pretty much any router will handle that.

If you want do open source, you can do something like opnwrt on hardware they support. Or, build the whole thing yourself with opnsense on any device that can run FreeBSD.

Points for keeping a straight face.

Okay, so it’s a program you have to specifically install, not a library and not installed by default.

Regardless, yeah it should not be doing that.

You have a link where I can read more about this?

Microsexit. No, that’s worse.

Some. There was a video the other day showing one of them emaciated, because there is no food in Gaza.