In my understanding fail2ban will block ips if they are detected to do brutforce or use known exploits.

Crowdsec will share this IP via a blocklist to all subscribte systems. You will benefit form the detection of other systems and not only your own.

Docker containerizes jellyfin. If you use proxmox you don’t need to containerize in a “container”.