Install Jellyfin Media Server on NAT VPS

NATVPS.id – Jellyfin is a media server open source which allows you to organize, perform flowand manage your personal media collection across devices while being in full control of your data. Not like platforms cloud flowJellyfin has no premium tiers, no tracking (telemetry), and no limits.

This article discusses the steps for installing Jellyfin on a NAT VPS using Docker Compose, along with NGINX configuration for reverse proxy. This article uses Ubuntu 22.04 as a reference, but you can use other distributions such as Debian and CentOS.

Port Forwarding Configuration

Considering we are using NAT, we need to add 2 port forwarding configurations on the Virtualizor panel (or other VPS panel according to provider), ie HTTP and HTTPS port forwarding for the Jellyfin domain.

For example, this article will use domains jellyfin.tutorial.mdinata.my.id to access Jellyfin. You are free to change the domain according to your choice. Note this domain, because we will use it again in the installation process.

Don’t forget to add a DNS record that goes to your VPS’ NAT public IP, like this:

If you are confused, please read our article regarding domain forwarding here: Explanation of Domain Forwarding in NAT VPS.

Install Docker

We will use Docker and Docker Compose for spread Warehouse Keeper.

First, Install curly using the command:

apt update && apt install curl -y

Then, run it script automatic installation of Docker by entering:

curl -fsSL get.docker.com | sh

Wait until the installation process is complete.

Install Jellyfin

First, create a new directory for Jellyfin:

mkdir /opt/jellyfin
cd /opt/jellyfin

Then, create a Docker Compose file:

apt install nano -y # Jika belum
nano docker-compose.yml

Fill in the following configuration:

# 
# Reference: 

services:
  jellyfin:
    image: lscr.io/linuxserver/jellyfin:latest
    container_name: jellyfin
    environment:
      - PUID=0 # root
      - PGID=0 # root
      - TZ=Asia/Jakarta
    volumes:
      - ./config:/config
      - ./media:/data
    ports:
      - 8096:8096
    restart: unless-stopped

Save the file with Ctrl-X, yThen Enter.

Finally, run Jellyfin

docker compose up -d

Wait for the process spread finished. The first deployment may take a few minutes due to downloading picture Jellyfin , as well as configuring it from the beginning.

NGINX (Reverse Proxy) Configuration

Jellyfin requires an encrypted connection using HTTPS for security password which is saved. So that we can access URLs with HTTPS via domains such as https://jellyfin.tutorial.mdinata.my.idwe can use reverse proxy like NGINX.

First, install NGINX via command:

# Hapus Apache2 dan pendukungnya (biasanya terpasang secara bawaan di VPS OpenVZ)
apt purge apache2* -y

# Install NGINX
apt install nginx -y

Create a new host configuration specifically for Jellyfin:

nano /etc/nginx/sites-available/jellyfin

Then paste the following configuration:

# 
# Reference: 

server {
      listen 80;
      server_name jellyfin.tutorial.mdinata.my.id;

      access_log /var/log/nginx/jellyfin.access;
      error_log /var/log/nginx/jellyfin.error;

      location / {
          proxy_pass 
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;

          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Protocol $scheme;
          proxy_set_header X-Forwarded-Host $http_host;

          # Disable buffering when the nginx proxy gets very resource heavy upon streaming
          proxy_buffering off;
      }

      location /socket {
          # Proxy Jellyfin Websockets traffic
          proxy_pass 
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Protocol $scheme;
          proxy_set_header X-Forwarded-Host $http_host;
      }

        # Security / XSS Mitigation Headers
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options "nosniff";

}

Change jellyfin.tutorial.mdinata.my.id with your domain.

Activate the configuration by:

ln -sf /etc/nginx/sites-available/jellyfin /etc/nginx/sites-enabled/

# Restart NGINX
systemctl restart nginx

Generate SSL Certificate (Let’s Encrypt)

In order for our domain to be accessible via HTTPS, we need to create an SSL certificate. We can use a free SSL certificate from Let’s Encrypt via Certbot.

Install Certbot and its NGINX plugin use the command:

apt install python3-certbot python3-certbot-nginx

So, produce certificate via Certbot with command

certbot --nginx -d jellyfin.tutorial.mdinata.my.id

Change jellyfin.tutorial.mdinata.my.id with your domain.

Happy! Vaultwarden is currently accessible via a secure HTTPS connection.

Access Jellyfin

Jellyfin can be accessed via your previous domain. Example: https://jellyfin.tutorial.mdinata.my.id.

Cover

That’s it for this article about the steps to install Jellyfin on a NAT VPS.

If you are confused or in doubt, don’t hesitate to ask in the Telegram group @IPv6Indonesia. Thank You!