Jellyfin is a free and open-source media streaming application that organizes, manages, and shares digital media files to networked devices. It allows you to stream the uploaded media files to your PC, Laptop, Mobile, and Roku. It provides an interactive web interface to manage all your photos, videos, and music. If you are looking for an alternative solution for Plex and Netflix, Jellyfin is the best option.
Features
- Free, open-source, and cross-platform
- Supports hardware acceleration of video encoding/decoding using FFMpeg
- Allow you to fetch metadata from TheTVDB and TheMovieDB
- No playback limit on mobile apps
This post will show you how to install Jellyfin media streaming application with Nginx and Let’s Encrypt SSL on Debian 11.
Prerequisites
- A server running Debian 11.
- A valid domain name pointed with your server IP.
- A root password is configured on the server.
Install Jellyfin
Before starting, you will need to add the Jellyfin repository to the APT. To do so, first install the required dependencies using the following command:
apt-get install apt-transport-https ca-certificates gnupg2 curl git -y
Once all the dependencies are installed, add the GPG key and repository with the following command:
wget -O - https://repo.jellyfin.org/jellyfin_team.gpg.key | apt-key add -
echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/debian bullseye main" | tee /etc/apt/sources.list.d/jellyfin.list
Next, update the repository and install the Jellyfin using the following command:
apt-get update -y
apt-get install jellyfin -y
Once the Jellyfin has been installed, you can verify the status of the Jellyfin using the following command:
systemctl status jellyfin
You will get the following output:
? jellyfin.service - Jellyfin Media Server
Loaded: loaded (/lib/systemd/system/jellyfin.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/jellyfin.service.d
??jellyfin.service.conf
Active: active (running) since Fri 2022-02-04 03:48:50 UTC; 9s ago
Main PID: 4989 (jellyfin)
Tasks: 19 (limit: 2341)
Memory: 85.0M
CPU: 4.069s
CGroup: /system.slice/jellyfin.service
??4989 /usr/bin/jellyfin --webdir=/usr/share/jellyfin/web --restartpath=/usr/lib/jellyfin/restart.sh --ffmpeg=/usr/lib/jellyfin->
Feb 04 03:48:56 debian11 jellyfin[4989]: [03:48:56] [INF] ServerId: 809b343f6da845699dd6447e1bb4f061
Feb 04 03:48:56 debian11 jellyfin[4989]: [03:48:56] [INF] Registering publisher for urn:schemas-upnp-org:device:MediaServer:1 on 127.0.0.1/32
Feb 04 03:48:56 debian11 jellyfin[4989]: [03:48:56] [WRN] 127.0.0.1/32: GetBindInterface: Loopback 127.0.0.1 returned.
Feb 04 03:48:56 debian11 jellyfin[4989]: [03:48:56] [INF] Executed all pre-startup entry points in 0:00:00.2808517
Feb 04 03:48:56 debian11 jellyfin[4989]: [03:48:56] [INF] Core startup complete
Feb 04 03:48:57 debian11 jellyfin[4989]: [03:48:57] [INF] Executed all post-startup entry points in 0:00:00.2169291
Feb 04 03:48:57 debian11 jellyfin[4989]: [03:48:57] [INF] Startup complete 0:00:06.7385186
Feb 04 03:48:59 debian11 jellyfin[4989]: [03:48:59] [INF] StartupTrigger fired for task: Update Plugins
Feb 04 03:48:59 debian11 jellyfin[4989]: [03:48:59] [INF] Queuing task PluginUpdateTask
Feb 04 03:48:59 debian11 jellyfin[4989]: [03:48:59] [INF] Executing Update Plugins
By default, Jellyfin listens on port 8096. You can check it with the following command:
ss -antpl | grep 8096
You will get the following output:
LISTEN 0 512 0.0.0.0:8096 0.0.0.0:* users:(("jellyfin",pid=4989,fd=289))
Configure Nginx as a Reverse Proxy for Jellyfin
Next, you will need to install and configure the Nginx as a reverse proxy for Jellyfin. First, install the Nginx with the following command:
apt-get install nginx -y
Next, create an Nginx virtual host configuration file with the following command:
nano /etc/nginx/conf.d/jellyfin.conf
Add the following lines:
server {
listen 80;
server_name jellyfin.example.com;
access_log /var/log/nginx/jellyfin.access;
error_log /var/log/nginx/jellyfin.error;
resolver 127.0.0.1 valid=30;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location / {
# Proxy main Jellyfin traffic
proxy_pass http://localhost:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://localhost:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://localhost:8096/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
Save and close the file then verify the Nginx for any syntax error.
nginx -t
You will get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, restart the Nginx to apply the changes:
systemctl reload nginx
To check the status of the Nginx uses the following command:
systemctl status nginx
You should see the following output:
? nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-02-04 03:49:27 UTC; 55s ago
Docs: man:nginx(8)
Process: 6314 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 6315 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 6454 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
Main PID: 6395 (nginx)
Tasks: 2 (limit: 2341)
Memory: 2.8M
CPU: 66ms
CGroup: /system.slice/nginx.service
??6395 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
??6455 nginx: worker process
Feb 04 03:49:27 debian11 systemd[1]: Starting A high performance web server and a reverse proxy server...
Feb 04 03:49:27 debian11 systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Feb 04 03:49:27 debian11 systemd[1]: Started A high performance web server and a reverse proxy server.
Feb 04 03:50:17 debian11 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Feb 04 03:50:17 debian11 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Access Jellyfin Web Interface
Now, open your web browser and access the Jellyfin web interface using the URL http://jellyfin.example.com. You will be redirected to the following page:
Select your language and click on the Next button. You should see the following page:
Provide your admin user, password and click on the Next button. You should see the following page:
Click on the Next button. You should see the following page:
Select your metadata language and click on the Next button. You should see the following page:
Select your preferred option and click on the Next button. Once the Jellyfin has been installed, you should see the following page:
Click on the Finish button. You will be redirected to the Jellyfin login page:
Provide your admin username, password, and click on the Sign In button. You should see the Jellyfin dashboard on the following page:
Secure Jellyfin with Let’s Encrypt
Next, you will need to install the Certbot client package to install and manage the Let’s Encrypt SSL.
First, install the Certbot with the following command:
apt-get install certbot python3-certbot-nginx -y
Once the installation is finished, run the following command to install the Let’s Encrypt SSL on your website:
certbot --nginx -d jellyfin.example.com
You will be asked to provide a valid email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for jellyfin.example.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/jellyfin.conf
Next, choose whether or not to redirect HTTP traffic to HTTPS as shown below:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to finish the installation. You should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/jellyfin.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://jellyfin.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=jellyfin.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/jellyfin.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/jellyfin.example.com/privkey.pem Your cert will expire on 2022-05-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le - We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
Conclusion
Congratulations! you have successfully installed Jellyfin with Nginx and Let’s Encrypt SSL on Debian 11. You can now start uploading your media and stream them from mobile devices.
