I don’t disagree, and I am one of the VPN advocates you mention. Generally there is no issue with exposing jellyfin via proxy to the internet.

The original question seemed to imply an over-secure solution so a lot of over-secure solutions exist. There is good cause to operate services, like jellyfin, via some permanent VPN.

I would not publicly expose ssh. Your home IP will get scanned all the time and external machines will try to connect to your ssh port.

Over the top for security would be to setup a personal VPN and only watch it over the VPN. If you are enabling other users and you don’t want them on your network; using a proxy like nginx is the way.

Being new to this I would look into how to set these things up in docker using docker-compose.

If you wanted to go overboard, don’t even make the server accessible publicly. Distribute keys to a Wireguard network that is accessible publicly. Mandate your players obtain keys from you to play.

You asked a question and someone offered a suggestion you were not looking in the right place. Then you become incredulous at their suggestion and start asking a whole bunch of sarcastic questions implying relevancy.

How about you google you problem and figure it out? No one will help you with that attitude.

You can restrict the size of the ramdisk so you do not end up killing processes. A large amount of ram is not mandatory.

tmpfs is the filesystem you are looking for. You can mount it like any other filesystem in /etc/fstab.

tmpfs /path/to/transcode/dir tmpfs defaults 0 0

I transcode to ramdisk.

It runs, unless you have very high-end cards where users are reporting crashes. The fix is to restrict FPS to keep your GPU mhz lower. Mostly AMD people but I have seen complaints from a couple team green too.

You win.