Differences

This shows you the differences between two versions of the page.

--- services:jellyfin [2024/09/09 08:04] – willy
+++ services:jellyfin [2025/08/07 07:53] (current) – willy
@@ Line 6: / Line 6: @@
 A brief summary:
-  * JellyFin is open-source, you have full control on your media collection and vieweing.
+  * JellyFin is open-source, you have full control on your media collection and viewing.
   * Emby used to be open-source, so i will pass on that. The only positive thing might be more clients (es: Samsung TV) than JellyFin.
   * Plex is a proprietary solution that uses it's own servers to stream to you your collection. It's a hard pass for me.
@@ Line 12: / Line 12: @@
 ===== Installation =====
-You are lucky and the JellyFin mediaserver can be easily installed on Gentoo linux. You need to unmask it first:
+You are lucky and the JellyFin media-server can be easily installed on Gentoo linux. You need to unmask it first:
 <code bash>
 echo www-apps/jellyfin ~amd64 >> /etc/portage/package.accept_keywords/servarr
@@ Line 36: / Line 36: @@
   * the cache folder under /var/cache/jellyfin
   * the configuration folder under /etc/jellyfin/
-  * the logs folder under /var/logs/jellyfin
+  * the logs folder under /var/logs/jellyfin, which is just fine
 which i don't like for a few reasons:
@@ Line 48: / Line 48: @@
 mv /var/cache/jellyfin /data/daemons/jellyfin/cache
 mv /etc/jellyfin /data/daemons/jellyfin/config
-mv /var/logs/jellyfin /data/daemons/jellyfin/logs
 </code>
@@ Line 55: / Line 54: @@
 # This is the directory that will hold all Jellyfin data, and is also used as a default base directory for some other paths below.
 JELLYFIN_DATA_DIR=/data/daemons/jellyfin/data
-# This is the directory where the Jellyfin logs will be stored.
-JELLYFIN_LOG_DIR=/data/daemons/jellyfin/logs
 # This is the directory containing the server cache.
@@ Line 66: / Line 62: @@
 </code>
-That's is, JellyFin is installed.
+That's is, JellyFin is installed, now setup logrotation...
+Create the file **/etc/logrotata.d/jellyfin**:
+<file - jellyfin>
+/var/logs/jellyfin/*.log {
+    missingok
+    notifempty
+}
+</file>
+that's it.
+==== SSO Configuration ====
+JeyyFin can not work with basic-auth, or at least i didnt manage to properly make it work between the web GUI and the client apps. Moreover, the Jellyfin login screen cannot be disabled, so it's pretty pointless.
+Instead, Jellyfin can support, via an external plugin, an OIDC Provider like Authelia. So first of all ensure your Authelia is correctly configured as OIDC Provider (see [[services:authelia|here]] the relevant chapter).
+The SSO plugin is located [[https://github.com/9p4/jellyfin-plugin-sso/tree/main|here]].
+In short you need to:
+  * Configure Authelia OIDC Client
+  * Add this plugin repository to Jellyfin configuration
+  * Load the SSO plugin
+  * Configure Jellyfin SSO plugin
+This is the relevant Authelia config section (see [[https://www.authelia.com/integration/openid-connect/jellyfin/|here]] for more details):
+<code>
+identity_providers:
+  oidc:
+    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
+    ## See: https://www.authelia.com/c/oidc
+    clients:
+      - client_id: 'jellyfin'
+        client_name: 'Jellyfin'
+        client_secret: '<<< generate secret >>>'
+        public: false
+        authorization_policy: 'two_factor'
+        require_pkce: true
+        pkce_challenge_method: 'S256'
+        redirect_uris:
+          - 'https://jellyfin.example.com/sso/OID/redirect/authelia'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'groups'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_post'
+</code>
+both links above should provide enough information to help you sort the Jellyfin side.
 ==== Reverse-Proxy configuration ====

Willy's Wiki

User Tools

Differences