diff --git a/apps/jellyfin/docker-compose.yml b/apps/jellyfin/docker-compose.yml
new file mode 100644
index 0000000..900fd63
--- /dev/null
+++ b/apps/jellyfin/docker-compose.yml
@@ -0,0 +1,31 @@
+services:
+  jellyfin:
+    image: jellyfin/jellyfin:10.11.8@sha256:1694ff069f0c9dafb283c36765175606866769f5d72f2ed56b6a0f1be922fc37
+    container_name: jellyfin
+    restart: unless-stopped
+    user: "99:100"
+    environment:
+      TZ: Europe/Berlin
+      JELLYFIN_PublishedServerUrl: https://jellyfin.kaleschke.info
+    volumes:
+      - /mnt/user/appdata/jellyfin/config:/config
+      - /mnt/user/appdata/jellyfin/cache:/cache
+      - /mnt/user/media:/media:ro
+      - /mnt/user/photos:/photos:ro
+    networks:
+      - frontend_net
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=frontend_net
+      - traefik.http.routers.jellyfin.rule=Host(`jellyfin.kaleschke.info`)
+      - traefik.http.routers.jellyfin.entrypoints=websecure
+      - traefik.http.routers.jellyfin.tls=true
+      - traefik.http.routers.jellyfin.tls.certresolver=le
+      - traefik.http.routers.jellyfin.middlewares=authelia@file,secure-headers@file
+      - traefik.http.services.jellyfin.loadbalancer.server.port=8096
+
+networks:
+  frontend_net:
+    external: true
diff --git a/security/authelia/configuration.yml b/security/authelia/configuration.yml
index 88b3cc8..2b7e3a7 100644
--- a/security/authelia/configuration.yml
+++ b/security/authelia/configuration.yml
@@ -39,6 +39,7 @@ access_control:
         - vault.kaleschke.info
         - ntfy.kaleschke.info
         - git.kaleschke.info
+        - jellyfin.kaleschke.info
       policy: bypass
 
     # Admin-Dienste - 2FA erforderlich