Haack's Wiki

User Tools

Site Tools

Trace:
computing:jellyfin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:jellyfin [2025/11/30 18:34] oemb1905computing:jellyfin [2025/11/30 18:37] (current) oemb1905
Line 17: Line 17:
 First, we need to install the required packages: First, we need to install the required packages:
  
-sudo apt update && sudo apt upgrade -y +  sudo apt update && sudo apt upgrade -y 
-sudo apt install ffmpeg wget nano curl snapd ufw fail2ban postfix apache2 php8.4-fpm php8.4-mysql php8.4-curl php8.4-gd php8.4-mbstring php8.4-xml php8.4-zip apt-transport-https ca-certificates gnupg +  sudo apt install ffmpeg wget nano curl snapd ufw fail2ban postfix apache2 php8.4-fpm php8.4-mysql php8.4-curl php8.4-gd php8.4-mbstring php8.4-xml php8.4-zip apt-transport-https ca-certificates gnupg 
-sudo a2enmod ssl headers +  sudo a2enmod ssl headers 
  
 Once your LAMP stack is installed, edit your 000-default.conf host for your Jellyfin domain. After that, cut it a certificate before proceeding: Once your LAMP stack is installed, edit your 000-default.conf host for your Jellyfin domain. After that, cut it a certificate before proceeding:
  
-sudo apt install certbot letsencrypt python3-certbot-apache +  sudo apt install certbot letsencrypt python3-certbot-apache 
-sudo certbot --authenticator standalone --installer apache -d gnulinux.media --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"+  sudo certbot --authenticator standalone --installer apache -d gnulinux.media --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
  
 Later, we will switch the 000-default.conf virtual host to use a reverse proxy, but for now, it helps to create the certificate with the mostly stock configuration. Now, let's install Jellyfin: Later, we will switch the 000-default.conf virtual host to use a reverse proxy, but for now, it helps to create the certificate with the mostly stock configuration. Now, let's install Jellyfin:
  
-sudo mkdir -p /etc/apt/keyrings +  sudo mkdir -p /etc/apt/keyrings 
-curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/jellyfin.gpg +  curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/jellyfin.gpg 
-echo "deb [arch=$( dpkg --print-architecture ) signed-by=/etc/apt/keyrings/jellyfin.gpg] https://repo.jellyfin.org/debian trixie main" | sudo tee /etc/apt/sources.list.d/jellyfin.list +  echo "deb [arch=$( dpkg --print-architecture ) signed-by=/etc/apt/keyrings/jellyfin.gpg] https://repo.jellyfin.org/debian trixie main" | sudo tee /etc/apt/sources.list.d/jellyfin.list 
-sudo apt update +  sudo apt update 
-sudo apt install -y jellyfin +  sudo apt install -y jellyfin 
-sudo systemctl enable jellyfin +  sudo systemctl enable jellyfin 
-sudo systemctl start jellyfin+  sudo systemctl start jellyfin
  
 Once Jellyfin is installed and running, let's create the media directory and set permissions: Once Jellyfin is installed and running, let's create the media directory and set permissions:
  
-sudo mkdir -p /srv/jellyfin/media/{Family,Movies,Friends,Presentations,Television} +  sudo mkdir -p /srv/jellyfin/media/{Family,Movies,Friends,Presentations,Television} 
-sudo chown -R jellyfin:jellyfin /srv/jellyfin/media +  sudo chown -R jellyfin:jellyfin /srv/jellyfin/media 
-sudo find /srv/jellyfin/media -type d -exec chmod 755 {} + +  sudo find /srv/jellyfin/media -type d -exec chmod 755 {} + 
-sudo find /srv/jellyfin/media -type f -exec chmod 644 {} ++  sudo find /srv/jellyfin/media -type f -exec chmod 644 {} +
  
 Now that Jellyfin is installed and has a properly setup media directory, we can prepare and configure apache and php for the reverse proxy. Now that Jellyfin is installed and has a properly setup media directory, we can prepare and configure apache and php for the reverse proxy.
  
-sudo a2enmod proxy proxy_http rewrite proxy_fcgi setenvif sudo a2enconf php8.4-fpm +  sudo a2enmod proxy proxy_http rewrite proxy_fcgi setenvif sudo a2enconf php8.4-fpm 
-sudo a2dismod mpm_prefork php8.4  +  sudo a2dismod mpm_prefork php8.4  
-sudo a2enmod mpm_event+  sudo a2enmod mpm_event
  
 Now that the modules that the reverse proxy requires are enabled, we can safely swap out the contents of 000-default.conf and the auto-generated 000-default-le.conf. Enter something like this in the http virtual host: Now that the modules that the reverse proxy requires are enabled, we can safely swap out the contents of 000-default.conf and the auto-generated 000-default-le.conf. Enter something like this in the http virtual host:
  
 +<code bash>
 <VirtualHost *:80> <VirtualHost *:80>
  
Line 76: Line 77:
  
 </VirtualHost> </VirtualHost>
 +</code>
  
 And, for the https virtual host, something like: And, for the https virtual host, something like:
  
 +<code bash>
 <VirtualHost *:443> <VirtualHost *:443>
  
Line 106: Line 109:
  
 </VirtualHost> </VirtualHost>
 +</code>
  
 Since we created the Let's Encrypt certs on the stock configuration, we can simply drop these configurations in and restart apache. Everything should just work. Just in case, check your configuration and debug accordingly before proceeding: Since we created the Let's Encrypt certs on the stock configuration, we can simply drop these configurations in and restart apache. Everything should just work. Just in case, check your configuration and debug accordingly before proceeding:
  
-sudo apache2ctl configtest +  sudo apache2ctl configtest 
-sudo systemctl restart apache2+  sudo systemctl restart apache2
  
 Make sure you've run ss -tulpn and that you are only listening on ports with services you intend and desire to be on this instance. Don't proceed if you have rogue services listening. Once that's verified, you can optionally add a firewall on top for extra coverage: Make sure you've run ss -tulpn and that you are only listening on ports with services you intend and desire to be on this instance. Don't proceed if you have rogue services listening. Once that's verified, you can optionally add a firewall on top for extra coverage:
  
-sudo ufw allow 80 +  sudo ufw allow 80 
-sudo ufw allow 443 +  sudo ufw allow 443 
-sudo ufw allow 22 +  sudo ufw allow 22 
-sudo ufw enable+  sudo ufw enable
  
 Now, although this instance is only for family-based watching and viewing, not public, I still want to tweak mpm_event and fpm to be snappy. After all, I want the family's viewing experience to be as nice as possible. Indeed, the wifey BMWing about AirSonic Advanced being too clonky is why we are here, so let's make it shine! Now, although this instance is only for family-based watching and viewing, not public, I still want to tweak mpm_event and fpm to be snappy. After all, I want the family's viewing experience to be as nice as possible. Indeed, the wifey BMWing about AirSonic Advanced being too clonky is why we are here, so let's make it shine!
Line 123: Line 127:
 Adjust mpm_event for 8 cores and 400 workers. Again, overkill, but it certainly won't hurt anything. Head over to nano /etc/apache2/mods-available/mpm_event.conf and adjust the settings to something like this: Adjust mpm_event for 8 cores and 400 workers. Again, overkill, but it certainly won't hurt anything. Head over to nano /etc/apache2/mods-available/mpm_event.conf and adjust the settings to something like this:
  
-StartServers 4 +  StartServers 4 
-MinSpareThreads 25 +  MinSpareThreads 25 
-MaxSpareThreads 75 +  MaxSpareThreads 75 
-ThreadLimit 64 +  ThreadLimit 64 
-ThreadsPerChild 25 +  ThreadsPerChild 25 
-MaxRequestWorkers 400 +  MaxRequestWorkers 400 
-MaxConnectionsPerChild 0 +  MaxConnectionsPerChild 0 
-ServerLimit 16+  ServerLimit 16
  
 Again, I see lots of folks that still use apache pre-fork and, almost as bad, those that use mpm_event instead, but forget that it requires configuring to be usable by more than a handful of clients. Let's open up nano /etc/php/8.4/fpm/pool.d/www.conf and drop in some beefier settings to handle simultaneous requests better: Again, I see lots of folks that still use apache pre-fork and, almost as bad, those that use mpm_event instead, but forget that it requires configuring to be usable by more than a handful of clients. Let's open up nano /etc/php/8.4/fpm/pool.d/www.conf and drop in some beefier settings to handle simultaneous requests better:
  
-pm = dynamic +  pm = dynamic 
-pm.max_children = 200 +  pm.max_children = 200 
-pm.start_servers = 20 +  pm.start_servers = 20 
-pm.min_spare_servers = 10 +  pm.min_spare_servers = 10 
-pm.max_spare_servers = 20 +  pm.max_spare_servers = 20 
-pm.max_requests = 1000 +  pm.max_requests = 1000 
-request_terminate_timeout = 300s+  request_terminate_timeout = 300s
  
 Let's test the configuration and then restart the services: Let's test the configuration and then restart the services:
  
-sudo php-fpm8.4 -t +  sudo php-fpm8.4 -t 
-sudo systemctl restart php8.4-fpm apache2+  sudo systemctl restart php8.4-fpm apache2
  
 The rest of the setup is conducted on the web panel. So, navigate to your isntance, e.g., https://gnulinux.media, set up your admin user, record your password, etc. Then, go in and add each of the Libraries in the dashboard. Once you've added them, save and scan them. In my case, I get all of my files to my main production server using Nextcloud. Once they are on the Nextcloud instance, I use rsync to mirror or place them in appropriate instances. Here's a script I run nightly on the Jellyfin server, so that it picks up media I add each day. Of course, you can also run it manually as needed. I only included a few example directories to make the point. The rest of the setup is conducted on the web panel. So, navigate to your isntance, e.g., https://gnulinux.media, set up your admin user, record your password, etc. Then, go in and add each of the Libraries in the dashboard. Once you've added them, save and scan them. In my case, I get all of my files to my main production server using Nextcloud. Once they are on the Nextcloud instance, I use rsync to mirror or place them in appropriate instances. Here's a script I run nightly on the Jellyfin server, so that it picks up media I add each day. Of course, you can also run it manually as needed. I only included a few example directories to make the point.
  
-                                                                       #!/bin/bash+<code bash> 
 +#!/bin/bash
 #timer #timer
 DATE=`date +"%Y%m%d-%H:%M:%S"` DATE=`date +"%Y%m%d-%H:%M:%S"`
Line 178: Line 183:
 rm /root/logs/sync-media.log rm /root/logs/sync-media.log
 rm /tmp/sync-music.lock rm /tmp/sync-music.lock
 +</code>
  
 Again, this script runs daily and/or manually as needed. Sometimes I setup custom jails for fail2ban, but I am leaving this one stock for now. I think regular fail2ban with apache's and ssh's jails setup should be sufficient. The rest of Jellyfin can now be configured from your web panel. Again, this script runs daily and/or manually as needed. Sometimes I setup custom jails for fail2ban, but I am leaving this one stock for now. I think regular fail2ban with apache's and ssh's jails setup should be sufficient. The rest of Jellyfin can now be configured from your web panel.
  
  --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/11/30 18:33//  --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/11/30 18:33//
computing/jellyfin.1764527641.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki