9·
1 month agoSeems likely. Cheap VPSs are often used by beginners, so they’re prime targets for hackers. Known VPS IP-ranges probably get hammered constantly by hackers, who are hoping you set up a service temporarily without enabling any security, or perhaps with a weak temporary password of 1234 or something.
If there was a Jellyfin app that supported adding a custom header to the server connection, you could set your reverse proxy to just let the connections with that secret key header through, and make everything else go through the extra auth middleware. But as far as I know, none of the Jellyfin apps have that feature, even though it has been requested. Lots of other selfhosted apps do have the feature though, and I use it in a few places as well.