No. As I said, apps don’t work. I cobbled together an API key service that let’s you have an API key (password) in the server URL in Rust for myself. This works with Apps, but it is a bit too messy and single purpose for me to open source it right now. Maybe one day.

Honestly, I may have to write one at some point. I just used the documentation of those two tools to set it up.

So use a reverse proxy with authentiacation before access to Jellyfin is allowed. I use Caddy forward_auth with Authelia for this. Unless you also want to use the apps without VPN, this works great.