In my understanding fail2ban will block ips if they are detected to do brutforce or use known exploits.

Crowdsec will share this IP via a blocklist to all subscribte systems. You will benefit form the detection of other systems and not only your own.

The smarter the tech, the dumber the privacy agreement

Docker containerizes jellyfin. If you use proxmox you don’t need to containerize in a “container”.