I think I understand now. Thank you! I will be changing my paths then. It’s kind of a moot point since I’ll change my paths anyway, but for the sake of my own curiosity, i have a follow up question. Feel free to disregard it if you don’t feel like taking the time to answer.

Hypothetically, my docker setup only allows jellyfin to see /mnt/user as /storage. So jellyfin would report the path to Morbius as being:

/storage/hdd1/media/movies/Morbius_all_morbed_up.mkv

when in all actuality it would be:

/mnt/user/hdd1/media/movies/Morbius_all_morbed_up.mkv

My intuition tells me that the file path that jellyfin “sees” would be the security risk. So “/storage/hdd1/…” Is that correct?

Can someone ELI5 this for me? I have a jellyfin docker stack set up through dockstarter and managed through portainer. I also own a domain that uses cloudflare to access my Jellyfin server. Since everything is set up through docker, the containers volumes are globally set to only have access to my media storage. Assuming that my setup is insecure, wouldn’t that just mean that “hackers” would only be able to stream free media from my server?