While Cloudflare tunnels do work, streaming Jellyfin through them is technically against their TOS and they could shut you down for doing so. Instead, I recommend setting up Pangolin with a cheap VPS. Although, it will cost ~$5 a month or so.
I have a static IP (didn’t particularly want it but my ISP required it for port forwarding for some reason). I’m not currently hosting anything, at least not anything externally accessible, but when I did I had a tiny AWS instance configured as a reverse proxy to a separate reverse proxy VM in my house. It worked for me and if anything I hosted ever got compromised it escaped my notice.
However, I think the advantage of using something like Cloudflare rather than the way I did it (and as it sounds like you might) is threat mitigation. Especially stuff like DDoS protection.
Jellyfin: free Cloudflared: free
Jellyfin behind Cloudflared is probably the best move ATM.
It’s not specifically against TOS, they do provide you some modest protection against infiltration.
combine that with running it from a container with RO access to your media and you have a damn nice home solution.
While Cloudflare tunnels do work, streaming Jellyfin through them is technically against their TOS and they could shut you down for doing so. Instead, I recommend setting up Pangolin with a cheap VPS. Although, it will cost ~$5 a month or so.
You don’t have to use a tunnel, for example I use a reverse proxy to a domain I own, and set a cache rule so cloudflare doesn’t get mad.
I really need to take a weekend to learn Jellyfin and set it up in my environment.
Duckdns is free too
I have a static IP (didn’t particularly want it but my ISP required it for port forwarding for some reason). I’m not currently hosting anything, at least not anything externally accessible, but when I did I had a tiny AWS instance configured as a reverse proxy to a separate reverse proxy VM in my house. It worked for me and if anything I hosted ever got compromised it escaped my notice.
However, I think the advantage of using something like Cloudflare rather than the way I did it (and as it sounds like you might) is threat mitigation. Especially stuff like DDoS protection.