You could use TailScale or Zerotier, join all your devices to a private subnet, then use UFW on the Jellyfin server to deny all connections except those from your private subnet. Then all your devices in your Tailscale/Zerotier account can access one another from anywhere. Also works for shared folders in Windows, remote desktop, SSH, etc.. It's easy enough so that most enthusiasts can handle it without being 100% proficient in a Linux shell, VPNs, or firewalls. Should be lots of guides available with these ingredients.