Comment by bjackman

You can use a reverse proxy and still have working app auth, I have set this up via Authelia with the OIDC Jellyfin plugin.

However:

- This is EVEN MORE complex than "just" a reverse proxy.

- I'm not really sure it wins much security, because...

- at least I'm not relying on Jellyfin's built-in auth but I'm now relying on its/the plugin's OIDC implementation to not be completely broken.

- attackers can still access unauthenticated endpoints.

Overall I really wish I could just do dumb proxy auth which would solve all these issues. But I dunno how that would work with authing from random clients like Wii (and more importantly for me, WebOS).