this post was submitted on 27 Dec 2024
14 points (88.9% liked)

Jellyfin: The Free Software Media System

5895 readers
36 users here now

Current stable release: 10.10.5

Community Standards

Website

Forum

GitHub

Documentation

Feature Requests

Matrix (General Information & Help)

Matrix (Announcements)

Matrix (General Development)

Matrix (Off-Topic) - Come get to know the team and blow off steam!

Matrix Space - List of all the available rooms on Matrix.

Discord - Bridged to our Matrix rooms

founded 4 years ago
MODERATORS
 

People resoundingly suggested using containers. So I've been reading up. I know some things about containers and docker and what not. But there are a few decision points in the jellyfin container install instructions that I don't know the "why".

Data: They mount the media from disk, which is good cause it's on a NAS. But for the cache and config they use docker volumes. Why would I want a docker volume for the config? Wouldn't I want to be able to see it from outside the container easier? What am I gaining by having docker manage the volume?

Cache: I saw a very old post where someone mentioned telling docker to use ram for the cache. That "seems" in theory like a good idea for speed. I do have 16gb on the minipc that I am running this all on. But I don't see any recent mentions of it. Any pros/cons?

The user. I know from work experience that generally you don't want things running as root in the container. But... do you want a dedicated user for each service (jellyfin, arr*)? Or one for all services, but not your personal user? Or just use your personal user?

DLNA. I had to look that up. But I don't know how it is relevant. The whole point seems to be that jellyfin would be the interface. And DLNA seems like it would allow certified devices to discover media files?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 4 weeks ago (2 children)

The only thing I'd mention on the cache is to be a little careful, because depending on your actual use case you can use a LOT of transcode cache space.

If it's just you, doing one stream, it probably doesn't matter.

If it's you, and your 20 closest friends, well, uh, it can be quite a lot and maybe you won't want it in RAM.

As for the media, a bind mount is the way to go, and I'd also recommend doing it as a read-only mount: Jellyfin doesn't need the ability to modify that data, and in the event of a security oopsie (or a misconfigured user, or a 6 year old that gets 5 minutes alone with your mouse or....), it keeps someone from trashing your entire media library, assuming that's something you wouldn't want to have to spend the time gathering again.

For the user, I just have a 'service' account, and run the vast majority of my containers under that UID. Sure, maybe that's not the MOST secure, but it's worlds better than root, and container escapes are not exactly common so it's probably sufficient.

...and if you get DLNA working let me know, because I never have. I just use Jellyfin clients everywhere because that at least does what you expect in terms of showing the media in a usable format and playing it.

[–] [email protected] 2 points 4 weeks ago (1 children)

As for the media, a bind mount is the way to go, and I’d also recommend doing it as a read-only mount: Jellyfin doesn’t need the ability to modify that data, and in the event of a security oopsie (or a misconfigured user, or a 6 year old that gets 5 minutes alone with your mouse or…), it keeps someone from trashing your entire media library, assuming that’s something you wouldn’t want to have to spend the time gathering again.

My way to solve this:
My main user is a regular user with no deletion permissions in jellyfin. Anything that requires editing necessitates logging out and in with the admin account.
My docker container is mapped to a non-root user. Not perfectly save but sufficient (hopefully).
But my jellyfin container has R/W because I store nfo/metadata files alongside the media file.

[–] [email protected] 1 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

@Appoxo

I use 2 media folders, one for "new" media and one for existing media. Only the "new" media folder is R/W. Once it's metadata files are written out the media is moved to the existing media folder (which is mounted R-only).

[–] [email protected] 2 points 4 weeks ago (1 children)

What if you manually edit the metadata?
Seems like a hassle to me that requires too much manual input.

[–] SailorsLife 2 points 3 weeks ago

by the way... great discussion. I'm reading along and learning of things I didn't think of before. So thanks.

[–] SailorsLife 2 points 4 weeks ago (1 children)

"or a 6 year old that gets 5 minutes alone with your mouse" haha. I have a 10 year old with a tendency to be inquisitive with electronic devices. He is pure of heart, but we joke that some day the NSA is going to come knocking. He wouldn't hack a bank to get money, he would just be "exploring" what is possible instead of reading directions. lol. Question though. When you do want to delete something. I am guessing you logon to your media server and do it from your user account?

[–] [email protected] 3 points 4 weeks ago

I use the *arr stack for deletion, usually.

Lots of people have accounts on the jellyfin/jellyseerr stack, but I'm the only one with access to the *arrs, so I just manage it (mostly) from there.