Differences

This shows you the differences between two versions of the page.

--- services:jellyfin [2024/02/27 12:38] – created willy
+++ services:jellyfin [2025/08/07 07:53] (current) – willy
@@ Line 6: / Line 6: @@
 A brief summary:
-  * JellyFin is open-source, you have full control on your media collection and vieweing.
+  * JellyFin is open-source, you have full control on your media collection and viewing.
   * Emby used to be open-source, so i will pass on that. The only positive thing might be more clients (es: Samsung TV) than JellyFin.
   * Plex is a proprietary solution that uses it's own servers to stream to you your collection. It's a hard pass for me.
@@ Line 12: / Line 12: @@
 ===== Installation =====
+You are lucky and the JellyFin media-server can be easily installed on Gentoo linux. You need to unmask it first:
-You are lucky and the JellyFin mediaserver can be easily installed on Gentoo linux. You need to unmask it first:
 <code bash>
 echo www-apps/jellyfin ~amd64 >> /etc/portage/package.accept_keywords/servarr
@@ Line 37: / Line 36: @@
   * the cache folder under /var/cache/jellyfin
   * the configuration folder under /etc/jellyfin/
-  * the logs folder under /var/logs/jellyfin
+  * the logs folder under /var/logs/jellyfin, which is just fine
 which i don't like for a few reasons:
@@ Line 49: / Line 48: @@
 mv /var/cache/jellyfin /data/daemons/jellyfin/cache
 mv /etc/jellyfin /data/daemons/jellyfin/config
-mv /var/logs/jellyfin /data/daemons/jellyfin/logs
 </code>
@@ Line 56: / Line 54: @@
 # This is the directory that will hold all Jellyfin data, and is also used as a default base directory for some other paths below.
 JELLYFIN_DATA_DIR=/data/daemons/jellyfin/data
-# This is the directory where the Jellyfin logs will be stored.
-JELLYFIN_LOG_DIR=/data/daemons/jellyfin/logs
 # This is the directory containing the server cache.
@@ Line 67: / Line 62: @@
 </code>
-That's is, JellyFin is installed.
+That's is, JellyFin is installed, now setup logrotation...
+Create the file **/etc/logrotata.d/jellyfin**:
+<file - jellyfin>
+/var/logs/jellyfin/*.log {
+    missingok
+    notifempty
+}
+</file>
+that's it.
+==== SSO Configuration ====
+JeyyFin can not work with basic-auth, or at least i didnt manage to properly make it work between the web GUI and the client apps. Moreover, the Jellyfin login screen cannot be disabled, so it's pretty pointless.
+Instead, Jellyfin can support, via an external plugin, an OIDC Provider like Authelia. So first of all ensure your Authelia is correctly configured as OIDC Provider (see [[services:authelia|here]] the relevant chapter).
+The SSO plugin is located [[https://github.com/9p4/jellyfin-plugin-sso/tree/main|here]].
+In short you need to:
+  * Configure Authelia OIDC Client
+  * Add this plugin repository to Jellyfin configuration
+  * Load the SSO plugin
+  * Configure Jellyfin SSO plugin
+This is the relevant Authelia config section (see [[https://www.authelia.com/integration/openid-connect/jellyfin/|here]] for more details):
+<code>
+identity_providers:
+  oidc:
+    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
+    ## See: https://www.authelia.com/c/oidc
+    clients:
+      - client_id: 'jellyfin'
+        client_name: 'Jellyfin'
+        client_secret: '<<< generate secret >>>'
+        public: false
+        authorization_policy: 'two_factor'
+        require_pkce: true
+        pkce_challenge_method: 'S256'
+        redirect_uris:
+          - 'https://jellyfin.example.com/sso/OID/redirect/authelia'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'groups'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_post'
+</code>
+both links above should provide enough information to help you sort the Jellyfin side.
 ==== Reverse-Proxy configuration ====
@@ Line 75: / Line 121: @@
 Add this file to /etc/nginx/folders:
 <file txt jellyfin.conf>
-location ^~ /jellyfin {
+server {
-                auth_pam off;
+        server_name jellyfin.mydomain.com;
-        proxy_pass http://127.0.0.1:8096/jellyfin;
+        listen 443 ssl;
-        proxy_pass_request_headers on;
+        listen 8443 ssl;
-        proxy_set_header Host $host;
+        http2 on;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        access_log /var/log/nginx/jellyfin.mydomain.com_access_log main;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        error_log /var/log/nginx/jellyfin.mydomain.com_error_log info;
-        proxy_set_header X-Forwarded-Host $http_host;
-        proxy_set_header Upgrade $http_upgrade;
+        location ^~ / {
-        proxy_set_header Connection $http_connection;
+                proxy_pass http://127.0.0.1:8096;
-        proxy_set_header Remote-User $remote_user;
+                proxy_pass_request_headers on;
-        proxy_buffering off;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Forwarded-Host $http_host;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection $http_connection;
+                proxy_set_header Remote-User $remote_user;
+                proxy_buffering off;
+        }
+        client_max_body_size 100M;
 }
 </file>
@@ Line 98: / Line 155: @@
 <code>
 ...
-  <BaseUrl>/jellyfin</BaseUrl>
+  <BaseUrl>/</BaseUrl>
 ...
   <LocalNetworkAddresses>

Willy's Wiki

User Tools

Differences