I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.
My SSL/TLS encryption mode appears to be “Full”.
I would not depend on DNS records being private. On the off chance that one of the nameservers messes up, I would prefer if no subdomains are leaked.
But you’re correct, most of the time those leaks happen somewhere else.