User Tools

JellyFin

JellyFin is an Open Source Media Server

There are other options. At least the main two are Emby and Plex. Emby actually was open-source too until they decided to close up the code and JellyFin was born from it's fork. Plesk is a different solution, proprietary, which might be interesting for who don't want to mess with port-forwarding or similar issues.

A brief summary:

  • JellyFin is open-source, you have full control on your media collection and vieweing.
  • Emby used to be open-source, so i will pass on that. The only positive thing might be more clients (es: Samsung TV) than JellyFin.
  • Plex is a proprietary solution that uses it's own servers to stream to you your collection. It's a hard pass for me.

Installation

You are lucky and the JellyFin mediaserver can be easily installed on Gentoo linux. You need to unmask it first: 

echo www-apps/jellyfin ~amd64 >> /etc/portage/package.accept_keywords/servarr

then emerge it: 

emerge -v jellyfin

As usual move the home folder to /data/daemons/jellyfin: 

usermod -m -d /data/daemons/jellyfin jellyfin

and add the jellyfin user to the media group: 

usermod -a -G media jellyfin

Now, JellyFin Gentoo default setup locates server directories under /var:

  • the data folder under /var/lib
  • the cache folder under /var/cache/jellyfin
  • the configuration folder under /etc/jellyfin/
  • the logs folder under /var/logs/jellyfin

which i don't like for a few reasons:

  • this will clutter and fill the Gentoo installation disk (/dev/sda)
  • this will NOT survive a /dev/sda disk crash (which is not RAID-1)
  • this will not be consistent: i want to have all database and data in the same RAID

to fix this, move those to /data/deamons/jellyfin: 

mv /var/lib/jellyfin /data/daemons/jellyfin/data
mv /var/cache/jellyfin /data/daemons/jellyfin/cache
mv /etc/jellyfin /data/daemons/jellyfin/config
mv /var/logs/jellyfin /data/daemons/jellyfin/logs

in this case, differently from the *Arr's, you need to set these new paths in the JellyFin config file under /etc/conf.d/jellyfin: 

# This is the directory that will hold all Jellyfin data, and is also used as a default base directory for some other paths below.
JELLYFIN_DATA_DIR=/data/daemons/jellyfin/data

# This is the directory where the Jellyfin logs will be stored.
JELLYFIN_LOG_DIR=/data/daemons/jellyfin/logs

# This is the directory containing the server cache.
JELLYFIN_CACHE_DIR=/data/daemons/jellyfin/cache

# This is the directory containing the server configuration files.
JELLYFIN_CONFIG_DIR=/data/daemons/jellyfin/config

That's is, JellyFin is installed.

SSO Configuration

JeyyFin can not work with basic-auth, or at least i didnt manage to properly make it work between the web GUI and the client apps. Moreover, the Jellyfin login screen cannot be disabled, so it's pretty pointless.

Instead, Jellyfin can support, via an external plugin, an OIDC Provider like Authelia. So first of all ensure your Authelia is correctly configured as OIDC Provider (see here the relevant chapter).

The SSO plugin is located here.

In short you need to:

  • Configure Authelia OIDC Client
  • Add this plugin repository to Jellyfin configuration
  • Load the SSO plugin
  • Configure Jellyfin SSO plugin

This is the relevant Authelia config section (see here for more details): 

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'jellyfin'
        client_name: 'Jellyfin'
        client_secret: '<<< generate secret >>>'  
        public: false
        authorization_policy: 'two_factor'
        require_pkce: true
        pkce_challenge_method: 'S256'
        redirect_uris:
          - 'https://jellyfin.example.com/sso/OID/redirect/authelia'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_post'

both links above should provide enough information to help you sort the Jellyfin side.

Reverse-Proxy configuration

Before you proceed, you should make JellyFin web accessible via the reverse-proxy, so that access, configuration and usage will be simplified from the beginning.

Add this file to /etc/nginx/folders:

jellyfin.conf
server {
        server_name jellyfin.mydomain.com;
        listen 443 ssl; 
        listen 8443 ssl; 
        http2 on;
 
        access_log /var/log/nginx/jellyfin.mydomain.com_access_log main;
        error_log /var/log/nginx/jellyfin.mydomain.com_error_log info;
 
        location ^~ / {
                proxy_pass http://127.0.0.1:8096;
                proxy_pass_request_headers on;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
                proxy_set_header Remote-User $remote_user;
                proxy_buffering off;
        }
 
        client_max_body_size 100M;
}

Add the configuration to the Reverse Proxy and reload it. Check The Reverse Proxy concept for more details.

Startup

Before starting JellyFin up, you need to edit a few last things. Edit the file /data/daemons/jellyfin/config/network.xml and change the following lines: 

...
  <BaseUrl>/</BaseUrl>
...
  <LocalNetworkAddresses>
    <string>127.0.0.1</string>
  </LocalNetworkAddresses>
...

This will securize the service to run only behind the reverse proxy and set the proper Base URL for access.

Well, it's time to fire up the JellyFin (and set it up for autostart on reboot): 

rc-update add jellyfin default
/etc/init.d/jellyfin start

At this point you should login to it and configure it trough the web GUI at 10.0.0.1/jellyfin. You will need to point the media libraries to the folders into /data/ (Music, Movies, etc). Populating your database will take some time, assuming you already have existing media.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also, you acknowledge that you have read and understand our Privacy Policy. If you do not agree, please leave the website.

More information