Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Notes for jellyfin

bgstack15

Comments

Jellyfin is the Free Software Media System (from their website). I had installed a demo at some point in 2019 but that effort failed for undocumented reasons (the worst kind). I tried again this month, and am incredibly pleased! I also installed it on a beefy machine this time and not a flimsy 1-vCPU virtual machine with <2 GB of RAM. My media already conforms to the Plex media organization methodology, mostly. One hangup I still had was getting Chromecast support from the Android mobile app. While Jellyfin is available on f-droid, I learned, it does not contain the necessary bits to talk to Chromecast because it is the libre release. The Chromecast support is in the Play store version. However, to get Chromecast to operate successfully, I was told, you need to have https on the jellyfin connection. I use apache httpd for my reverse proxy, so it was thankfully easy to get my Let's Encrypt tls certificate on that. However, the jellyfin documentation that demonstrates using apache as a reverse proxy makes jellyfin take up the top-level virtual path, i.e., https://example.com/. I use my httpd instance for many things, so I could not afford to lose my entire site. The main networking page states that you can change the baseurl (which I believe is more accurately called base path, but now I'm quibbling) to use /jellyfin/ for example, but this breaks certain client softwares including Chromecast. So I experimented with just shoving it under a different port on apache httpd, and thankfully Chromecast handles it just fine! So as long as my users remember to add port 500 in the url, everything will work including the much-used Chromecast! My apache configs can be boiled down to the following.

Listen 192.168.300.52:500
SSLSessionCache   shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
<VirtualHost 192.168.300.52:500>
   ServerName  www.example.com:500
   ServerAlias www.example.com www server1 server1.ipa.internal.com internal.ignorelist.com

   SSLEngine on
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   SSLHonorCipherOrder on
   SSLCipherSuite          "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"

   SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem

   # This is important to allow the httpsonly part to work
   DocumentRoot   /var/www/external

   SSLProxyEngine On
   RewriteEngine On

   ProxyPreserveHost On
   ProxyPass "/.well-known/" "!"
   ProxyPass "/socket" "ws://vm4.ipa.internal.com:8096/socket"
   ProxyPassReverse "/socket" "ws://vm4.ipa.internal.com:8096/socket"
   ProxyPass "/" "http://vm4.ipa.internal.com:8096/"
   ProxyPassReverse "/" "http://vm4.ipa.internal.com:8096/"
</VirtualHost>

And for good measure, I added file /var/www/jellyfin/index.html with the following line, to act as a redirect for when people visit https://www.example.com/jellyfin/"

<meta http-equiv="Refresh" content="0; url=https://www.example.com:500/">

Comments