Jellyfin is a powerful and versatile media server that stands out for its open-source nature and compatibility with various platforms. Unlike Plex, which has a mix of free and premium features, Jellyfin offers an entirely free solution, making it a popular choice among media enthusiasts. Debian users, in particular, appreciate Jellyfin’s alignment with open-source principles, ensuring transparency, customization, and community-driven support.
Key Features of Jellyfin:
- Completely Free and Open Source: No premium tiers; all features are available to everyone.
- Cross-Platform Support: Available on Linux, Windows, macOS, and various NAS devices.
- Live TV and DVR Functionality: Stream live television and record shows directly through the server.
- Extensive Metadata Management: Automatically fetches metadata for your media, ensuring a rich viewing experience.
- Highly Customizable: Numerous plugins and themes allow for personalized server setups.
- Multiple User Profiles: Create and manage user profiles with separate libraries and viewing histories.
- Remote Access: Stream your media from anywhere with secure remote access.
Jellyfin’s popularity among Debian users can be attributed to its seamless integration with the Debian ecosystem, leveraging the stability and security that Debian is known for. The open-source nature of Jellyfin aligns with Debian’s philosophy, providing users with a transparent and customizable media server experience.
With the introduction out of the way, let’s explore how to install Jellyfin on Debian using terminal commands and various methods.
Refreshing Debian System Before Jellyfin Installation
Starting on a clean slate ensures optimal compatibility with Jellyfin. Consequently, the first step is to update the Debian system, aligning all packages to their latest versions. This act minimizes the chance of encountering compatibility issues during the installation process.
Invoke the terminal and input:
sudo apt update && sudo apt upgrade
This dual command will refresh all existing packages, ensuring an updated system.
Install Required Jellyfin Installation Packages
Next on our checklist is to acquire the necessary packages vital for Jellyfin’s successful installation. The packages can vary based on the Debian version and distribution in use.
Access the terminal and run:
sudo apt install software-properties-common apt-transport-https ca-certificates curl -y
This command will download several critical packages:
apt-transport-https
allows Debian to fetch packages securely over HTTPS.ca-certificates
stores SSL certificates, verifying the authenticity of the websites from which packages are downloaded.curl
is a command-line tool that allows files to be downloaded from the internet.
Import Jellyfin Media Server APT Repositories
Jellyfin Media Server isn’t available in the default repository. Thus, we must import the Jellyfin GPG key and repository to install. This step verifies the authenticity of the Jellyfin package.
Begin by importing the GPG key. In the terminal, run:
curl -fsSL https://repo.jellyfin.org/debian/jellyfin_team.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/jellyfin.gpg > /dev/null
Following the import of the GPG key, the Jellyfin repository needs to be added. You have a choice between the stable and unstable versions. While the stable version offers a well-tested, reliable experience, the unstable version allows access to the latest, albeit less tested, features.
Stable Jellyfin Version, run:
echo "deb [arch=$( dpkg --print-architecture ) signed-by=/usr/share/keyrings/jellyfin.gpg] https://repo.jellyfin.org/debian $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/jellyfin.list
Unstable Jellyfin Version, run:
echo "deb [arch=$( dpkg --print-architecture ) signed-by=/usr/share/keyrings/jellyfin.gpg] https://repo.jellyfin.org/debian $(lsb_release -cs) unstable" | sudo tee /etc/apt/sources.list.d/jellyfin.list
To update your system with the newly added repository, run the following:
sudo apt update
After executing this command, the system’s repository listing will be updated, ensuring recognition of the Jellyfin Media Server.
Finalize Jellyfin Media Server Installation via APT Command
Having imported the Jellyfin repository and GPG key, it’s time to move forward with installing the Jellyfin Media Server. The process is straightforward and completed with a simple command:
sudo apt install jellyfin jellyfin-ffmpeg5 jellyfin-server jellyfin-web
The command above directs the system to fetch and install the Jellyfin package from the repository we added earlier. Upon successful execution, the Jellyfin service will be installed and automatically start running on your Debian system.
To confirm that the Jellyfin service is operational and running as expected, execute the following command:
systemctl status jellyfin
The output of this command will provide the current status of the Jellyfin service. A successful installation will indicate an “active” or “running” status. If, for some reason, the Jellyfin service is not running, you can manually start it with the following:
sudo systemctl start jellyfin
For a smooth user experience, it is recommended to set Jellyfin to start automatically upon system boot. This way, your media server will be ready anytime you boot up your system.
Use the following command to enable the Jellyfin service to start on boot:
sudo systemctl enable jellyfin
At this juncture, the Jellyfin Media Server should be successfully installed and set to run automatically during system boot. You can now use Jellyfin to organize, manage, and stream your media content in a customized and efficient way.
Initial Setup of Jellyfin Media Server
Once the Jellyfin Media Server installation is completed, the journey towards shaping your personalized media center begins. The following guidelines will walk you through the initial configuration of the Jellyfin Media Server.
Step 1: Accessing the Jellyfin Web UI
First, to bring the Jellyfin server into action, you need to access its Web User Interface (Web UI). To do so, open your preferred web browser and navigate to the IP address of your Debian server, suffixed by the default Jellyfin port 8096
.
For instance, if you are accessing the Jellyfin server on the machine where it’s installed, you can type the following URL in your browser’s address bar:
http://127.0.0.1:8096
Upon hitting enter, you’ll be greeted by the Jellyfin welcome screen, marking the commencement of the initial server setup process.
Note: Remember to replace 127.0.0.1
with the actual IP address of your server if you’re accessing the Jellyfin server from a different machine.
Step 2: Setting the Jellyfin Media Server Display Language
During the initial setup of your Jellyfin server, the first task is to choose your preferred display language for the Jellyfin interface.
After selecting, hit the “Next ->” button to advance to the subsequent step.
Step 3: Creating a Jellyfin Media Server Administrative Account
Next, you’ll be guided to create a username and password for your Jellyfin account. This account will provide administrative privileges on the Jellyfin server, empowering you to manage media libraries and user accounts and tweak server settings.
Note: Create a strong and unique password incorporating uppercase and lowercase letters, numbers, and symbols to ensure robust security for your Jellyfin server.
Once you’ve set up your username and password, click the “Next ->” button to proceed.
Step 4: Configuring Jellyfin Media Libraries
The fourth step in the Jellyfin server setup is configuring your media libraries. Media libraries are where you add and organize your media content on Jellyfin. You can establish multiple libraries for different media types, such as movies, TV shows, and music.
Add your media files to these libraries to sort and display your media content on Jellyfin. To do so, click the large “+” or “Add Media Library” button from the Jellyfin dashboard.
Step 5: Adding Media Content to Jellyfin Media Server
Adding your media content to Jellyfin is straightforward. Once you’ve selected the “Add Media Library” button, you can designate the media type you wish to add, such as movies, TV shows, or music. Follow the prompts to incorporate your media folder. Additionally, you can specify the metadata language for your media content. The metadata language provides supplementary information such as episode descriptions, actor bios, and album artwork.
Once you’ve added your media libraries, you can proceed to the next step by clicking the “Next ->” button.
Step 6: Setting Metadata Language on Jellyfin Media Server
The subsequent screen is the Metadata Language screen, where you can pick your preferred language for the metadata of your media content. The metadata enriches your media content with additional information, including cast and crew details, plot summaries, and reviews.
Step 7: Configuring Jellyfin Media Server Remote Access
The next step in setting up the Jellyfin server is enabling remote access. This feature lets you access your media from anywhere with an internet connection.
To set this up:
- Enable remote connections to your Jellyfin server.
- Turn on automatic port mapping. This ensures incoming traffic routes correctly to your Jellyfin server for continuous streaming.
If you have no desire for remote access, disable it.
Note: If you’re unfamiliar with the concept, automatic port mapping redirects network traffic from one port to another. This is key for securing your media content, ensuring that only authorized traffic reaches your media files and network.
Once you have decided what is required for your remote access setup, click the “Next ->” button to proceed.
Step 8: Completing the Initial Setup
Having reached this point, you’re just one click away from finishing the initial setup of your Jellyfin server. After completing the above steps, the following screen will confirm that the installation process is over and your server is ready for action.
Step 9: Logging into the Jellyfin Server
After the setup, it’s time to step into your media server. Navigate to the Jellyfin Web UI, and enter the username and password you set up during the initial configuration.
Hit the “Sign in” button and dive into your personal media world.
Step 10: Explore the Jellyfin Media Server Dashboard
The dashboard is your command center once you log into your Jellyfin server. From here, you can manage your media libraries and user accounts and tweak server settings. Here are a few operations that you can carry out from the dashboard:
- Adding More Media Content: You can continually enrich your Jellyfin server by adding more media content. To do so, click the “Add Media Library” button and select the media type you want to add, such as movies, TV shows, or music. You’ll need to provide the necessary information, such as the library’s name, the location of the media files, and any specific settings for the media type.
- Configuring Customizations: To further enhance your viewing experience, Jellyfin allows you to customize the look and feel of your server. Configure customizations such as themes, language, and metadata by clicking on the “Dashboard” button and then selecting “General” or “Display” settings to make changes.
- Managing Users: As an administrator, you can manage access to your media content by adding, removing, and modifying user accounts. To carry out these operations, click on the “Users” button on the dashboard, then select “Add User” or “Edit User”.
Troubleshooting: How to Reset Jellyfin Media Server Initial Setup
There may be times when you encounter issues during the initial setup of your Jellyfin media server, or perhaps you wish to redo the setup for other reasons. Thankfully, resetting the setup process is a relatively uncomplicated procedure. By changing the IsStartupWizardCompleted
value in the system.xml
file and subsequently restarting the Jellyfin server, you can start the setup process anew.
Let’s dive into the step-by-step guide on how to achieve this:
Step 1: Accessing the system.xml File
To access the system.xml
file, we will utilize a built-in Linux command-line text editor called nano. Nano is a friendly, easy-to-use text editor installed on most Linux distributions by default. The command to open system.xml
using nano is as follows:
sudo nano /etc/jellyfin/system.xml
Executing this command opens the system.xml
file in the nano text editor, allowing you to make alterations to the file.
Step 2: Modifying the ‘IsStartupWizardCompleted’ Value
Within the system.xml
file, you’ll find a value named IsStartupWizardCompleted
. This value is pivotal in whether the setup wizard appears when you access the Jellyfin Web UI. It essentially acts as a toggle, with ‘true’ indicating that the setup has been completed and ‘false’ implying that it hasn’t.
Here is what the value looks like when the setup is marked as completed:
<IsStartupWizardCompleted>true</IsStartupWizardCompleted>
To reset the setup process, you’ll need to change this value to false
. To do this, replace the line with the following:
<IsStartupWizardCompleted>false</IsStartupWizardCompleted>
Once you’ve made this change, it tells the Jellyfin server that the initial setup is incomplete, enabling you to start over from the beginning.
Step 3: Restarting the Jellyfin Server
With the necessary changes made to system.xml
, it’s crucial to ensure these changes take effect. This can be done by restarting the Jellyfin server with the following command:
sudo systemctl restart jellyfin
This command tells the systemd utility, a system and service manager in Linux, to stop and then start the Jellyfin server again. Systemd then implements the changes we made in system.xml
.
Step 4: Initiating the Setup Process Again
Once you’ve restarted the Jellyfin server, you are ready to restart the setup process. You can do this by navigating to the Jellyfin Web UI via http://127.0.0.1:8096
. From here, you can proceed with the setup process as if it were your first time setting up Jellyfin.
Setup Permissions for Jellyfin Media Drives
Establishing the appropriate permissions is one key step in configuring your Jellyfin media server on your Debian system. This gives Jellyfin the necessary access to read and manage your media directories.
Unlike the traditional chown
and chgrp
commands in Linux change the ownership of files and directories; we’ll be using the setfacl command. The setfacl command provides more granular control over access permissions, which is useful when managing complex applications like Jellyfin.
Step 1: Installing the ACL Package
The Access Control List (ACL) package in Linux enhances the permission model, and it’s necessary for using the setfacl
command. To ensure you have it installed, you can use the apt
package manager with the following command:
sudo apt install acl -y
The sudo
prefix runs the command with superuser permissions, apt
is the package manager used to install, update, or remove software on Debian, and install acl
is the instruction to install the ACL package.
Step 2: Granting Jellyfin Access to Media Directories
Once you’ve ensured that ACL is installed, you can grant Jellyfin the necessary permissions to access your media directory and subdirectories. The following command applies the permissions recursively, using the -R
flag, which ensures all subdirectories and files within are also updated:
sudo setfacl -R -m u:jellyfin:rx /media/mymediadrive
In this command, setfacl
is setting the access control list, -R
applies the command recursively, -m
modifies the ACL, u:jellyfin:rx
grants the user ‘jellyfin’ read (r) and execute (x) permissions, and /media/mymediadrive
is the path to your media directory.
Step 3: Assigning Permissions to Individual Files or Directories
In cases where you need to assign permissions to individual media directories or files, the command is slightly different.
The -R
recursive flag is omitted, as shown below:
sudo setfacl -m u:jellyfin:rx /media/mymediadrive/example-name-of-file-or-directory
Additional Jellyfin Media Permission Command Examples
If you want to modify the permissions for multiple directories at once, you can do so by listing them one after the other, separated by spaces:
sudo setfacl -m u:jellyfin:rx /media/mymediadrive/dir1 /media/mymediadrive/dir2 /media/mymediadrive/dir3
Or, if you want to remove a specific permission, you can do so using the -x
flag, followed by the user and the permission:
sudo setfacl -x u:jellyfin:r /media/mymediadrive
This command removes the read permission for Jellyfin on the specified directory.
To summarize this section, the setfacl
command provides versatile control over permissions for your Jellyfin server. By properly setting up permissions for your media directories, you ensure the smooth operation of your Jellyfin server.
Further Commands For Jellyfin Media Server
Let’s delve deeper into the configuration of your Jellyfin media server on your Debian system. This section will cover setting up a Secure Shell (SSH) tunnel for remote access and configuring the UFW firewall for managing network traffic. Both steps are essential for enhancing the functionality and security of your media server.
Setup SSH for Remote Access
SSH, or Secure Shell, is a network protocol that provides a secure way to access a remote computer. It is beneficial if you intend to access your Debian Jellyfin media server from a different location.
Step 1: Install SSH Server for Jellyfin Access
Installing an SSH server on your Debian machine is the first step towards remote access. Execute the following command in your terminal to install the openssh-server
package:
sudo apt install openssh-server
Here, the sudo
command is used to execute the command with superuser permissions. The apt install
command is the package manager used on Debian to manage software installations, and openssh-server
is the package we are installing.
Step 2: Connecting to Jellyfin Media Server via SSH Tunnel
After successfully installing the SSH server, you can connect to your Jellyfin media server remotely. You can create an SSH tunnel using your server’s IP address. Replace {server-ip-address}
with your actual server’s IP address in the following command:
ssh {server-ip-address} -L 8096:localhost:8096
The SSH command initiates a secure connection to the server, and the -L
flag binds a local port (the first 8096
) to an IP address and port on the remote server (localhost:8096
). In other words, it forwards connections from your local machine to the remote server.
Step 3: Accessing Jellyfin Media Server through SSH Tunnel
With the SSH tunnel created, you can now access the Jellyfin Media Server through this URL in your web browser:
http://localhost:8096/web/index.html#/wizardstart.html
The http://localhost:8096/web
address redirects HTTP requests to the remote server. Once the initial setup is complete, you can access your Jellyfin media server by replacing {server-ip-address}
with your remote server IP address at https://{server-ip-address}:8096
.
Installation and Configuration of the UFW Firewall
UFW, or Uncomplicated Firewall, is a user-friendly front-end for managing iptables firewall rules. It’s essential for controlling incoming and outgoing network traffic on your Debian server.
Step 1: Enabling the UFW Firewall
UFW is not enabled by default in Debian, so you must enable it manually. To turn on the UFW firewall, enter the following command in your terminal:
sudo apt install ufw
sudo ufw enable
Step 2: Allowing Incoming Traffic on Port 8096
After activating the UFW firewall, you must allow incoming traffic on port 8096, as the Jellyfin Media Server requires this to function correctly. Execute the following command to open port 8096:
sudo ufw allow 8096
This instruction lets incoming traffic pass through port 8096, ensuring the Jellyfin Media Server can operate without hitches.
Setup Jellyfin Apache or Nginx as a Reverse Proxy
Configuring a Reverse Proxy with Apache for Jellyfin
To make your Jellyfin Media Server accessible remotely, utilizing a reverse proxy is often the most effective method. Let’s explore how to set up Apache as a reverse proxy on your Debian system.
Step 1: Installing Apache Web Server
Installing the Apache web server on your Debian system is crucial. Run the following command to accomplish this:
sudo apt install apache2 -y
By default, Apache should be activated. However, if for some reason it isn’t, you can manually start it by issuing the command:
sudo systemctl start apache2
Step 2: Enabling Necessary Apache Modules
Subsequently, it’s time to enable the required modules. Execute the following command to do so:
sudo a2enmod proxy proxy_http headers proxy_wstunnel
Step 3: Creating a Virtual Host Configuration File
Now, create a new virtual host configuration file for Jellyfin with this command:
sudo nano /etc/apache2/sites-available/jellyfin.conf
This will enable you to edit your virtual host configuration using the nano text editor.
Step 4: Setting Up a Subdomain and Configuring the Virtual Host
To set up a subdomain, you need an active domain name. Numerous online services like NameCheap and Cloudflare allow you to purchase domain names. Once your subdomain is set up, you can configure your Apache virtual host. The following configuration should be added to your newly created jellyfin.conf
file:
<VirtualHost *:80>
ServerName jellyfin.example.com
Redirect permanent / https://jellyfin.example.com
ErrorLog /var/log/apache2/jellyfin-error.log
CustomLog /var/log/apache2/jellyfin-access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName jellyfin.example.com
DocumentRoot /var/www/html/jellyfin/public_html
ProxyPreserveHost On
ProxyPass "/socket" "ws://localhost:8096/socket"
ProxyPassReverse "/socket" "ws://localhost:8096/socket"
ProxyPass "/" "http://localhost:8096/"
ProxyPassReverse "/" "http://localhost:8096/"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/jellyfin.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jellyfin.example.com/privkey.pem
Protocols h2 http/1.1
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
ErrorLog /var/log/apache2/jellyfin-error.log
CustomLog /var/log/apache2/jellyfin-access.log combined
</VirtualHost>
</IfModule>
After editing, save the file by pressing CTRL+O and exit using CTRL+X.
Step 5: Validating the Apache Configuration
Before enabling the virtual host, it’s crucial to validate that there are no mistakes in your Apache configuration. Execute the following command to perform a dry run:
To use Apache as a reverse proxy, you need to enable the module with the following command:
sudo apache2ctl configtest
This command creates a symbolic link from the sites-available
directory to the sites-enabled
directory, thus enabling Apache to serve the virtual host.
Step 6: Enabling the Virtual Host
Once you’ve confirmed no errors in the configuration, it’s time to enable the virtual host. This can be achieved by issuing the following command:
sudo a2ensite jellyfin.conf
This command creates a symbolic link from the sites-available
directory to the sites-enabled
directory, thus enabling Apache to serve the virtual host.
Step 7: Restarting Apache
After enabling the virtual host, the final step is to restart the Apache service to reflect the changes. Use the following command to do so:
sudo systemctl restart apache2
This command stops the Apache service, applies the new virtual host settings, and restarts the service to load the updated configuration.
Setting Up Nginx as a Reverse Proxy for Your Jellyfin Media Server
Setting up a reverse proxy for your Jellyfin media server using Nginx entails several steps. Here, we explore the process in depth, breaking it into manageable pieces to ensure clarity and facilitate comprehension.
Nginx is a high-performance web server recognized for its stability, rich feature set, and low resource consumption. Configuring it as a reverse proxy for Jellyfin allows you to access your media server remotely.
Step 1: Installing Nginx
Start by installing Nginx with the following command:
sudo apt install nginx
This command installs Nginx using the apt
package management system. sudo
elevates the permissions, ensuring the command is executed with administrative privileges.
Step 2: Starting the Nginx Service
Once Nginx has been installed, you can start the Nginx service using the following command:
sudo systemctl start nginx
systemctl
is a command-line utility that allows you to control the systemd system and service manager, responsible for maintaining and controlling the Debian operating system. The start
command initializes the Nginx service.
Step 3: Ensuring Nginx is Enabled
To verify that Nginx starts automatically at boot, execute the following command:
sudo systemctl enable nginx
If executed correctly, the system should synchronize the state of the Nginx service with the SysV service script and ensure that Nginx is enabled at boot.
Step 4: Checking the Status of Nginx
To confirm that Nginx is functioning correctly, use the following command:
systemctl status nginx
The status
command provides a snapshot of the current state of the Nginx service, including whether it is running or not.
Step 5: Configuring Nginx as a Reverse Proxy
Once Nginx is up and running, proceed to create a new server block file at /etc/nginx/conf.d/jellyfin.conf
. This configuration file is where you specify the settings for your reverse proxy.
You can create and edit this file using a text editor such as nano. Use the following command to open the file in nano:
sudo nano /etc/nginx/conf.d/jellyfin.conf
Step 6: Setting Up a Server Block File
A server block file defines a server in Nginx and its configurations. The essential elements you should consider while setting up a server block file are:
- The
listen
directive: Sets the IP address and port that Nginx listens on. For this example, port 80 is used. - The
server_name
directive: Sets the domain name or names that Nginx responds to. Replacejellyfin.example.com
with your domain name. - The
access_log
anderror_log
directives: Define the locations for the access and error logs. - The
location
directives: Define how Nginx should handle incoming requests. They configure theproxy_pass
directive, which forwards requests from Nginx to Jellyfin.
Here’s an example of what the server block file might look like:
server {
listen 80;
server_name jellyfin.example.com;
access_log /var/log/nginx/jellyfin.access;
error_log /var/log/nginx/jellyfin.error;
set $jellyfin jellyfin;
resolver 127.0.0.1 valid=30;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location = / {
return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
To save this file, press CTRL+O
and to exit the nano editor, press CTRL+X
. The directives provided in the server block file above help Nginx understand how to route incoming requests to Jellyfin, effectively serving as a reverse proxy.
Step 7: Verifying Your Nginx Configuration
Before proceeding, verifying that your Nginx configuration is error-free is paramount. This is accomplished by executing a dry run using the following command:
sudo nginx -t
The -t
option in this command tests the configuration file for syntax errors and other issues. If everything is in order, the output should confirm that the configuration file is fine and the test is successful.
Step 8: Reloading the Nginx Service
You’ll need to reload the service to enforce the changes you’ve made to Nginx. This is accomplished by executing the following command:
sudo systemctl reload nginx
Step 9: Accessing Your Jellyfin Media Server
After setting up Nginx as a reverse proxy for Jellyfin, you can access your Jellyfin Media Server remotely. Ensure your domain and DNS records point to your server’s IP address.
Once your domain and DNS are set up correctly, you can access the Jellyfin Media Server at the address you provided in the server block, for example, jellyfin.example.com. Nginx will direct incoming requests to Jellyfin’s web interface, making it easy to access your media library.
Note: It’s highly recommended to secure your connection with an SSL certificate. This encrypts the data transferred between the client and server, protecting sensitive information.
Step 10: Secure Your Server with Let’s Encrypt SSL Free Certificate
Securing your server with an SSL (Secure Sockets Layer) certificate is a significant step in ensuring your data’s integrity and confidentiality. SSL certificates facilitate an encrypted connection between the server and the client, protecting sensitive data from being intercepted in transit. Let’s Encrypt provides free SSL certificates, making securing your server straightforward and accessible.
Understanding Certbot and Let’s Encrypt
Let’s Encrypt utilizes agent software to automate the process of obtaining and renewing SSL certificates. One such agent is Certbot, an open-source tool the Electronic Frontier Foundation developed. Certbot facilitates the issuance and renewal of SSL certificates and configures your web server to use them.
Depending on your web server software, you must install a specific Certbot package. If your server runs Apache, you’ll need python3-certbot-apache
, and for Nginx, you’ll need python3-certbot-nginx
.
Installing Certbot for Apache:
Use the following command to install the Certbot Apache package:
sudo apt install python3-certbot-apache
Installing Certbot for Nginx:
Alternatively, if you’re running an Nginx server, use this command to install the Certbot Nginx package:
sudo apt install python3-certbot-nginx
Running Certbot to Obtain a Let’s Encrypt SSL Certificate
After installing the appropriate Certbot package, you can run Certbot to create and install an SSL certificate. You’ll need to specify the web server software in use with an option, either --apache
or --nginx
.
The Certbot command also accepts other options like --agree-tos
, --redirect
, --hsts
, and --staple-ocsp
. These options instruct Certbot to accept the terms of service, set up 301 redirects, add a Strict-Transport-Security header, and enable OCSP Stapling, respectively, all of which contribute to a more secure setup.
Remember to replace the placeholder email and domain name in the below commands with your email and domain.
If you’re running an Apache server, use the following command:
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d yourdomain.com
For an Nginx server, use this command:
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d yourdomain.com
Once Certbot successfully generates an SSL certificate and configures your server to use it, your server’s connection will be secure, and your website will be accessible via HTTPS.
Automating SSL Certificate Renewal with Cron
By default, Let’s Encrypt SSL certificates are valid for 90 days. To avoid service disruption, it’s recommended to set up an automated renewal process. Certbot provides a command to renew certificates, which can be scheduled to run regularly using cron, a job scheduler in Unix-like operating systems.
Testing Certificate Renewal:
Before scheduling the certificate renewal, ensure that the renewal process works correctly by performing a dry run:
sudo certbot renew --dry-run
Scheduling Certificate Renewal:
If the dry run is successful, you can schedule certificate renewals. Open the crontab file in edit mode using the following command:
sudo crontab -e
Then, add the following line at the end of the file to schedule a daily check for certificate renewal at 2:30 AM:
30 2 * * * /usr/bin/certbot renew --quiet
By saving and exiting the file, you establish an automated process where the cron checks daily for necessary certificate renewals. The --quiet
option ensures that cron runs this task silently unless an error occurs.
After completing these steps, you’ve effectively enhanced your server’s security by implementing Let’s Encrypt SSL certificates. You’ve also automated their renewal process, ensuring a continuous encrypted connection between your server and its clients.
Additional Commands For Jellyfin Media Server
Proper maintenance is key When dealing with software hosted on a server. Maintenance includes regular updates and, sometimes, software removal. This section covers how to update and remove the Jellyfin Media Server from your Debian system using APT, the Advanced Packaging Tool, which is essential to managing software on Debian-based systems.
Update Jellyfin Media Server on Debian
Keeping your Jellyfin Media Server up-to-date is essential for enjoying the latest features, security updates, and bug fixes. Since Jellyfin is a standard Debian package, you can use APT to manage its updates.
Checking for Available Updates
First, update your local package index with the latest information about available packages and their versions. This process involves the APT tool querying the remote repositories configured on your Debian system to see if the installed packages have newer versions.
Run the following command to update the package index:
sudo apt update
Upgrade Jellyfin Media Server
If the apt update
command indicates that a newer version of Jellyfin is available, upgrade the package using the apt upgrade
command:
sudo apt upgrade
The apt upgrade
command upgrades all upgradable packages on your system. It handles dependencies intelligently, ensuring that the system stays consistent.
Remove Jellyfin Media Server From Debian
There might be situations when you no longer need the Jellyfin Media Server on your Debian system. In that case, you can uninstall it.
Uninstalling Jellyfin
Use the following command to uninstall Jellyfin:
sudo apt remove jellyfin
This command instructs APT to remove the Jellyfin package from the system while keeping the configuration files, allowing you to re-install it in the future without losing your settings.
Removing the Jellyfin Repository
To prevent future updates or accidental re-installations of Jellyfin, removing the Jellyfin repository from your system is recommended. The repository configuration for Jellyfin resides in the /etc/apt/sources.list.d/
directory.
Use the following command to remove the Jellyfin repository:
sudo rm /etc/apt/sources.list.d/jellyfin.list
After running this command, your system will no longer have information about the Jellyfin repository. Consequently, it won’t check for or retrieve updates for Jellyfin during future update checks.
Wrapping Up the Jellyfin Server Installation
We’ve walked through setting up a Jellyfin Media Server on Debian-based systems, covering installation, reverse proxy setup with Apache or Nginx, SSL security with Let’s Encrypt, and maintenance using APT commands. This guide aimed to streamline your Jellyfin deployment and equip you with essential admin skills. Remember, the tech world is always evolving, so keep learning to ensure your server remains secure and efficient. A well-maintained server is key to a smooth media experience.