Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/klutchell/mediaserver
docker-based plex & usenet media server using custom subdomains with tls
https://github.com/klutchell/mediaserver
Last synced: about 2 months ago
JSON representation
docker-based plex & usenet media server using custom subdomains with tls
- Host: GitHub
- URL: https://github.com/klutchell/mediaserver
- Owner: klutchell
- License: mit
- Created: 2016-12-26T16:34:54.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2024-04-17T14:52:21.000Z (5 months ago)
- Last Synced: 2024-04-17T22:21:57.012Z (5 months ago)
- Language: Makefile
- Homepage:
- Size: 1.56 MB
- Stars: 116
- Watchers: 8
- Forks: 26
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Docker Plex & Usenet Media Server
docker-based plex & usenet media server using custom subdomains over https
## Motivation
- host each service as a subdomain of a personal domain with letsencrypt
- run public maintained images with no modifications
- require minimal configuration and setup
## Features
- [Plex](https://plex.tv/) organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices.
- [NZBGet](https://nzbget.net/) is a usenet downloader, written in C++ and designed with performance in mind to achieve maximum download speed by using very little system resources.
- [Sonarr](https://sonarr.tv/) (formerly NZBdrone) is a PVR for usenet and bittorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
- [Radarr](https://radarr.video/) - A fork of Sonarr to work with movies à la Couchpotato.
- [NZBHydra2](https://github.com/theotherp/nzbhydra2) is a meta search application for NZB indexers, the "spiritual successor" to NZBmegasearcH, and an evolution of the original application NZBHydra.
- [Prowlarr](https://github.com/Prowlarr/Prowlarr) is a indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps.
- [Ombi](https://ombi.io/) is a self-hosted web application that automatically gives your shared Plex or Emby users the ability to request content by themselves.
- [Netdata](https://www.netdata.cloud/) - Troubleshoot slowdowns and anomalies in your infrastructure with thousands of metrics, interactive visualizations, and insightful health alarms.
- [Duplicati](https://www.duplicati.com/) - Free backup software to store encrypted backups online.
- [Traefik](https://traefik.io/) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
## Requirements
- dedicated server or PC with plenty of storage
- [docker](https://docs.docker.com/install/linux/docker-ce/debian/) and [docker-compose](https://docs.docker.com/compose/install/#install-compose)
- (optional) personal domain with configurable sub-domains (eg. plex.example.com)
## Direct Configuration
Copy `env.sample` to `.env` and populate all fields in the `COMMON` section.
Make sure to leave `ACME_EMAIL` blank for direct configuration.
## Secure Configuration
Copy `env.sample` to `.env` and populate all fields in the `COMMON` and `SECURE` sections.
Make sure to set `ACME_EMAIL` for secure configuration.
## Deployment
Pull and deploy containers with docker-compose.
```bash
make deploy
```
## Authorization
There are currently two methods of authentication enabled, and I recommend using them
both if the secure configuration is in use. If it's not exposed to the Internet you can
remove one or both of these middlewares from `docker-compose.secure.yml`.
### ipallowlist
This is our first layer of security, and probably the most important.
If you are using mediaserver locally and are not exposing any ports to the Internet, you can skip
this section or set `IPALLOWLIST=0.0.0.0/0,::/0` in your `.env` file.
To avoid unauthorized users from even seeing our login pages, we should set the `IPALLOWLIST` to
only IP ranges that we want to explictly allow access.
Access from any other IP will result in "403 Forbidden" giving you some peice of mind!
This functionality can be enabled/disabled per service in `docker-compose.secure.yml`
with the `ipallowlist` middleware.
By default Plex, Jellyfin, Ombi, and NZBHydra2 will allow all traffic.
### basicauth
This functionality can be enabled/disabled per service in `docker-compose.secure.yml`
with the `basicauth` middleware.
Users can be added to basic auth in 2 ways. If both methods are used they are merged and the
htpasswd file takes priority.
1. Add users in your `.env` file with the `BASICAUTH_USERS` variable.
2. Add users via htpasswd file in the traefik service.
The first user added requires `htpasswd -c` in order to create the password file.
Subsequent users should only use `htpasswd` to avoid overwriting the file.
```bash
docker-compose exec traefik apk add --no-cache apache2-utils
docker-compose exec traefik htpasswd -c /etc/traefik/.htpasswd
docker-compose exec traefik htpasswd /etc/traefik/.htpasswd
```
By default only Duplicati and Netdata have basic http auth enabled.
For the remaining services I suggest enabling the built-in authentication via the app.
This avoids the need to add manual exceptions for API access where required and simplifies our proxy rules.
For Sonarr, Radarr, Prowlar you can enable authentication under Settings->General->Security.
For Nzbget the default credentials are `nzbget:tegbzn6789` and can be changed under Settings->Security.
For NZBHydra2 you can add users under Config->Authorization.
## Author
Kyle Harding
[Buy me a beer](https://buymeacoffee.com/klutchell)
## Acknowledgments
I didn't create any of these docker images myself, so credit goes to the
maintainers, and the original software creators.
-
-
-
-
-
-
-
-
-
-