Andrew

Yep, a Tailscale funnel URL is publicly accessible to anyone who knows it. And while it doesn’t expose your machine’s IP, Jellyfin is exposed publicly. Only the port you configure is reachable, but that doesn’t make it secure in itself - you definitely need more security. I don't have anything critical on my server so I'm not overly concerned but I still use CSF to block traffic from most every other country and limit abuse.

Nobody here with a tailscale funnel?? It's such a simple way to get https access from anywhere without being on the tailnet.