From e28f8dabec9421739d19449ab2b837473ac930a2 Mon Sep 17 00:00:00 2001 From: Micha Date: Mon, 18 May 2026 13:09:32 +0200 Subject: [PATCH] Add Jellyfin media server stack --- apps/jellyfin/docker-compose.yml | 31 +++++++++++++++++++++++++++++ security/authelia/configuration.yml | 1 + 2 files changed, 32 insertions(+) create mode 100644 apps/jellyfin/docker-compose.yml diff --git a/apps/jellyfin/docker-compose.yml b/apps/jellyfin/docker-compose.yml new file mode 100644 index 0000000..900fd63 --- /dev/null +++ b/apps/jellyfin/docker-compose.yml @@ -0,0 +1,31 @@ +services: + jellyfin: + image: jellyfin/jellyfin:10.11.8@sha256:1694ff069f0c9dafb283c36765175606866769f5d72f2ed56b6a0f1be922fc37 + container_name: jellyfin + restart: unless-stopped + user: "99:100" + environment: + TZ: Europe/Berlin + JELLYFIN_PublishedServerUrl: https://jellyfin.kaleschke.info + volumes: + - /mnt/user/appdata/jellyfin/config:/config + - /mnt/user/appdata/jellyfin/cache:/cache + - /mnt/user/media:/media:ro + - /mnt/user/photos:/photos:ro + networks: + - frontend_net + security_opt: + - no-new-privileges:true + labels: + - traefik.enable=true + - traefik.docker.network=frontend_net + - traefik.http.routers.jellyfin.rule=Host(`jellyfin.kaleschke.info`) + - traefik.http.routers.jellyfin.entrypoints=websecure + - traefik.http.routers.jellyfin.tls=true + - traefik.http.routers.jellyfin.tls.certresolver=le + - traefik.http.routers.jellyfin.middlewares=authelia@file,secure-headers@file + - traefik.http.services.jellyfin.loadbalancer.server.port=8096 + +networks: + frontend_net: + external: true diff --git a/security/authelia/configuration.yml b/security/authelia/configuration.yml index 88b3cc8..2b7e3a7 100644 --- a/security/authelia/configuration.yml +++ b/security/authelia/configuration.yml @@ -39,6 +39,7 @@ access_control: - vault.kaleschke.info - ntfy.kaleschke.info - git.kaleschke.info + - jellyfin.kaleschke.info policy: bypass # Admin-Dienste - 2FA erforderlich