====== JellyFin ======
[[https://jellyfin.org/|JellyFin]] is an Open Source Media Server
There are other options. At least the main two are Emby and Plex. Emby actually was open-source too until they decided to close up the code and JellyFin was born from it's fork. Plesk is a different solution, proprietary, which might be interesting for who don't want to mess with port-forwarding or similar issues.
A brief summary:
* JellyFin is open-source, you have full control on your media collection and vieweing.
* Emby used to be open-source, so i will pass on that. The only positive thing might be more clients (es: Samsung TV) than JellyFin.
* Plex is a proprietary solution that uses it's own servers to stream to you your collection. It's a hard pass for me.
===== Installation =====
You are lucky and the JellyFin mediaserver can be easily installed on Gentoo linux. You need to unmask it first:
echo www-apps/jellyfin ~amd64 >> /etc/portage/package.accept_keywords/servarr
then emerge it:
emerge -v jellyfin
As usual move the home folder to **/data/daemons/jellyfin**:
usermod -m -d /data/daemons/jellyfin jellyfin
and add the jellyfin user to the media group:
usermod -a -G media jellyfin
Now, JellyFin Gentoo default setup locates server directories under /var:
* the data folder under /var/lib
* the cache folder under /var/cache/jellyfin
* the configuration folder under /etc/jellyfin/
* the logs folder under /var/logs/jellyfin
which i don't like for a few reasons:
* this will clutter and fill the Gentoo installation disk (/dev/sda)
* this will NOT survive a /dev/sda disk crash (which is not RAID-1)
* this will not be consistent: i want to have all database and data in the same RAID
to fix this, move those to /data/deamons/jellyfin:
mv /var/lib/jellyfin /data/daemons/jellyfin/data
mv /var/cache/jellyfin /data/daemons/jellyfin/cache
mv /etc/jellyfin /data/daemons/jellyfin/config
mv /var/logs/jellyfin /data/daemons/jellyfin/logs
in this case, differently from the *Arr's, you need to set these new paths in the JellyFin config file under **/etc/conf.d/jellyfin**:
# This is the directory that will hold all Jellyfin data, and is also used as a default base directory for some other paths below.
JELLYFIN_DATA_DIR=/data/daemons/jellyfin/data
# This is the directory where the Jellyfin logs will be stored.
JELLYFIN_LOG_DIR=/data/daemons/jellyfin/logs
# This is the directory containing the server cache.
JELLYFIN_CACHE_DIR=/data/daemons/jellyfin/cache
# This is the directory containing the server configuration files.
JELLYFIN_CONFIG_DIR=/data/daemons/jellyfin/config
That's is, JellyFin is installed.
==== SSO Configuration ====
JeyyFin can not work with basic-auth, or at least i didnt manage to properly make it work between the web GUI and the client apps. Moreover, the Jellyfin login screen cannot be disabled, so it's pretty pointless.
Instead, Jellyfin can support, via an external plugin, an OIDC Provider like Authelia. So first of all ensure your Authelia is correctly configured as OIDC Provider (see [[services:authelia|here]] the relevant chapter).
The SSO plugin is located [[https://github.com/9p4/jellyfin-plugin-sso/tree/main|here]].
In short you need to:
* Configure Authelia OIDC Client
* Add this plugin repository to Jellyfin configuration
* Load the SSO plugin
* Configure Jellyfin SSO plugin
This is the relevant Authelia config section (see [[https://www.authelia.com/integration/openid-connect/jellyfin/|here]] for more details):
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'jellyfin'
client_name: 'Jellyfin'
client_secret: '<<< generate secret >>>'
public: false
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://jellyfin.example.com/sso/OID/redirect/authelia'
scopes:
- 'openid'
- 'profile'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
both links above should provide enough information to help you sort the Jellyfin side.
==== Reverse-Proxy configuration ====
Before you proceed, you should make JellyFin web accessible via the reverse-proxy, so that access, configuration and usage will be simplified from the beginning.
Add this file to /etc/nginx/folders:
server {
server_name jellyfin.mydomain.com;
listen 443 ssl;
listen 8443 ssl;
http2 on;
access_log /var/log/nginx/jellyfin.mydomain.com_access_log main;
error_log /var/log/nginx/jellyfin.mydomain.com_error_log info;
location ^~ / {
proxy_pass http://127.0.0.1:8096;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Remote-User $remote_user;
proxy_buffering off;
}
client_max_body_size 100M;
}
Add the configuration to the Reverse Proxy and reload it. Check [[selfhost:nginx|The Reverse Proxy concept]] for more details.
=== Startup ===
Before starting JellyFin up, you need to edit a few last things. Edit the file **/data/daemons/jellyfin/config/network.xml** and change the following lines:
...
/
...
127.0.0.1
...
This will securize the service to run only behind the reverse proxy and set the proper Base URL for access.
Well, it's time to fire up the JellyFin (and set it up for autostart on reboot):
rc-update add jellyfin default
/etc/init.d/jellyfin start
At this point you should login to it and configure it trough the web GUI at [[http://10.0.0.1/jellyfin|10.0.0.1/jellyfin]]. You will need to point the media libraries to the folders into **/data/** (Music, Movies, etc). Populating your database will take some time, assuming you already have existing media.