User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
services:jellyfin [2024/02/27 12:38] – created willyservices:jellyfin [2024/11/28 12:48] (current) willy
Line 11: Line 11:
  
 ===== Installation ===== ===== Installation =====
- 
  
 You are lucky and the JellyFin mediaserver can be easily installed on Gentoo linux. You need to unmask it first: You are lucky and the JellyFin mediaserver can be easily installed on Gentoo linux. You need to unmask it first:
Line 67: Line 66:
 </code> </code>
  
-That's is, JellyFin is installed.+That's is, JellyFin is installed, now setup logrotation... 
 + 
 +Create the file **/etc/logrotata.d/jellyfin**: 
 +<file - jellyfin> 
 +/data/daemons/jellyfin/logs/*.log { 
 +    missingok 
 +    notifempty 
 +
 +</file> 
 + 
 +that's it. 
 + 
 +==== SSO Configuration ==== 
 + 
 +JeyyFin can not work with basic-auth, or at least i didnt manage to properly make it work between the web GUI and the client apps. Moreover, the Jellyfin login screen cannot be disabled, so it's pretty pointless. 
 + 
 +Instead, Jellyfin can support, via an external plugin, an OIDC Provider like Authelia. So first of all ensure your Authelia is correctly configured as OIDC Provider (see [[services:authelia|here]] the relevant chapter). 
 + 
 +The SSO plugin is located [[https://github.com/9p4/jellyfin-plugin-sso/tree/main|here]]. 
 + 
 +In short you need to: 
 +  * Configure Authelia OIDC Client 
 +  * Add this plugin repository to Jellyfin configuration 
 +  * Load the SSO plugin 
 +  * Configure Jellyfin SSO plugin 
 + 
 +This is the relevant Authelia config section (see [[https://www.authelia.com/integration/openid-connect/jellyfin/|here]] for more details): 
 +<code> 
 +identity_providers: 
 +  oidc: 
 +    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. 
 +    ## See: https://www.authelia.com/c/oidc 
 +    clients: 
 +      - client_id: 'jellyfin' 
 +        client_name: 'Jellyfin' 
 +        client_secret: '<<< generate secret >>>'   
 +        public: false 
 +        authorization_policy: 'two_factor' 
 +        require_pkce: true 
 +        pkce_challenge_method: 'S256' 
 +        redirect_uris: 
 +          - 'https://jellyfin.example.com/sso/OID/redirect/authelia' 
 +        scopes: 
 +          - 'openid' 
 +          - 'profile' 
 +          - 'groups' 
 +        userinfo_signed_response_alg: 'none' 
 +        token_endpoint_auth_method: 'client_secret_post' 
 +</code> 
 + 
 +both links above should provide enough information to help you sort the Jellyfin side. 
  
 ==== Reverse-Proxy configuration ==== ==== Reverse-Proxy configuration ====
Line 75: Line 125:
 Add this file to /etc/nginx/folders:  Add this file to /etc/nginx/folders: 
 <file txt jellyfin.conf> <file txt jellyfin.conf>
-location ^~ /jellyfin +server { 
-                auth_pam off; +        server_name jellyfin.mydomain.com; 
-        proxy_pass http://127.0.0.1:8096/jellyfin+        listen 443 ssl;  
-        proxy_pass_request_headers on; +        listen 8443 ssl;  
-        proxy_set_header Host $host; +        http2 on; 
-        proxy_set_header X-Real-IP $remote_addr; + 
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +        access_log /var/log/nginx/jellyfin.mydomain.com_access_log main; 
-        proxy_set_header X-Forwarded-Proto $scheme; +        error_log /var/log/nginx/jellyfin.mydomain.com_error_log info; 
-        proxy_set_header X-Forwarded-Host $http_host; + 
-        proxy_set_header Upgrade $http_upgrade; +        location ^~ / { 
-        proxy_set_header Connection $http_connection; +                proxy_pass http://127.0.0.1:8096; 
-        proxy_set_header Remote-User $remote_user; +                proxy_pass_request_headers on; 
-        proxy_buffering off;+                proxy_set_header Host $host; 
 +                proxy_set_header X-Real-IP $remote_addr; 
 +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 +                proxy_set_header X-Forwarded-Proto $scheme; 
 +                proxy_set_header X-Forwarded-Host $http_host; 
 +                proxy_set_header Upgrade $http_upgrade; 
 +                proxy_set_header Connection $http_connection; 
 +                proxy_set_header Remote-User $remote_user; 
 +                proxy_buffering off
 +        } 
 + 
 +        client_max_body_size 100M;
 } }
 </file> </file>
Line 98: Line 159:
 <code> <code>
 ... ...
-  <BaseUrl>/jellyfin</BaseUrl>+  <BaseUrl>/</BaseUrl>
 ... ...
   <LocalNetworkAddresses>   <LocalNetworkAddresses>

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information