Under https://jellyfin.org/docs/general/administration/hardware-acceleration/amd#debian-and-ubuntu-linux

I see step 5 suggesting to use Ubuntu's sources file
These instructions are for both Ubuntu and Debian
rocm repo does not have a debian directory which suggests debian is not officially supported.

Is this expected to work on Debian as well?

Hello, I previously submitted a mockup of the site's redesigned UI but that seems to be lost.
here is the image:

I do have some other suggestions too, if you like this redesign

Kubuntu (and probably Ubuntu/others) run systemd-resolved on 127.0.0.53:53, however the example nginx config at https://jellyfin.org/docs/general/networking/nginx/ has the following line:
resolver 127.0.0.1 valid=30;
Not modifying that IP address results in an HTTP 502 when attempting to access Jellyfin.

I propose adding the following comment directly above that line to clarify:

For Ubuntu and derivatives, modify the below configuration directive to read "resolver 127.0.0.53 valid=30"

Problems

1. The URIs for the Jellyfin GPG key in the manual Debian / Ubuntu installation instructions have been outdated since they were changed 2 years ago. As a result, these instructions are fundamentally broken for users that don't have the experience to troubleshoot the issue on their own.
2. In the same sections / code blocks, the preceding mkdir command also errors out on systems where /etc/apt/keyrings already exists. This isn't a critical issue, but it could confuse inexperienced users to see the error message, particularly when pasting and running the entire code block in one shot.

Solutions

I'll be opening a PR, in a few moments, with the following changes:

1. Update all URIs in the documentation pointing to the Jellyfin GPG key (there were only two).
2. Update the mkdir commands to mkdir -p, so they don't error out when the directory already exists.

How it looks on next.jellyfin.org:

How it should look (and how it does look on Jellyfin.org ):

Tested with firefox 104 on Fedora 36.

The listing of clients supporting jellyfin on the downloads page is already very useful, especially with the filters implemented (Recommended vs All section, clients vs server, + device type and platform filters).

What could also be useful is a way to sort these entries by date-added. What I do currently to get a hold of new jellyfin clients is look through recent commits of the data/clients.ts file.
Replicating that on the official .org/downloads website via sorting option (+ adding date-added attribute on that ts file) would be a nice to have.

The RSS feed generated for the new blog is in a different location than the current blog site. We should add a post build script to copy the feed to the old location so RSS clients subscribed to the feed continue to work.

To get various required fixes, I'm trying to switch from branch release-10.8.z to master. I've re-built jellyfin and jellyfin-web successfully but launching the web browser in either Chrome or Firefox shows a CSP error. For example, from Chrome:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'".

    at ./index.jsx (main.jellyfin.bundle.js?8b2376313fc177f319ea:348:1)
    at __webpack_require__ (runtime.bundle.js?8b2376313fc177f319ea:31:42)
    at __webpack_exec__ (main.jellyfin.bundle.js?8b2376313fc177f319ea:8551:61)
    at main.jellyfin.bundle.js?8b2376313fc177f319ea:8552:1378
    at __webpack_require__.O (runtime.bundle.js?8b2376313fc177f319ea:70:23)
    at main.jellyfin.bundle.js?8b2376313fc177f319ea:8553:56
    at webpackJsonpCallback (runtime.bundle.js?8b2376313fc177f319ea:316:39)
    at main.jellyfin.bundle.js?8b2376313fc177f319ea:9:53
first.js:1 App Version: 3.9.0

I wanted to play with API and couldn't figure out why /Users/AuthenticateByName throws error. Only after inspecting request in browser's dev tools I found X-Emby-Authorization header and then had to go to server source to understand how to construct value for the header. I know there're SDKs but I don't need / want to use them.

Hi,

I tried to use the install-debuntu.sh script on raspberry pi legacy os based on debian Buster and I was getting the error

Sorry, we don't support the Debian codename ""

I checked the script and my os-release file and on line 87 of the script the REPO_OS is correctly set to debian but the VERSION variable was missing.
Adding after line 87,
VERSION="$( awk -f'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release )"
worked to get jellyfin up and running.

Thanks for the continuing good work.

The old docs site used urls ending in .html. This does not work out of the box with docusaurus. We should add the Client Redirects Plugin to support that url format.

We had some good feedback with content improvement suggestions. We should create individual issues for these and apply them.

https://old.reddit.com/r/jellyfin/comments/xme1vr/the_next_generation_of_the_jellyfin_website/

Hello, I saw that you guys are rebuilding the site and docs, I wanted to help, so I made a mockup for the site.

New Design Mockup:

The hero page will have a particle js canvas(can be removed).

I know there are some alignment issues but that will be fixed in the html.

I can make this on my own f you guys like it. if you guys like it comment below and I will start making it.

I now understand that a static site like this should have minimal JS so I will try to keep the JS animation to minimal(2-3 at most, that won't break the site even if js is doesn't load).

http://next.jellyfin.org/docs/general/clients/codec-support

From the comments on #85:

Add the current version to the page, maybe even to the header so it's immediately clear what the latest (stable) version is when visiting the site

We can fetch information about the latest release using the GitHub API (https://api.github.com/repos/jellyfin/jellyfin/releases/latest), but it would probably be best to have an action or build step that downloads that information so it is always current and not being requested by everyone who visits the site.

I way overthought this one... we should just add the release badge we use in READMEs.

Hi!

I am currently unable to download any metadata from TMDB as the website banned all users from my country.

Is there a way to route metadata downloads through proxy to bypass this problem? If not, it would be great to see this feature in the future

http://next.jellyfin.org/docs/general/server/storage/

• search in page for "animosity22's rclone config."
• rclone config link is 404

http://next.jellyfin.org/docs/general/server/storage/

• search in page for "animosity22's mergerfs config."
• mergerfs config link is 404

http://next.jellyfin.org/docs/general/clients/#videotape

• Get it from Microsoft image link is 404

http://next.jellyfin.org/posts/client-videotape/

• Get it from Microsoft image link is 404

Hi,
first of I just wanted to say that I am not an expert in Nginx.

I (re-)installed Nginx in a docker container (the official image) and wanted to make it accessible with my domain (via a subdomain). But when I tried to apply the provided Nginx configuration in the docs it did not work, the server was not reachable. Luckily I had an old and working Nginx configuration lying around and could apply it/ search for the difference. The only difference I could make out, except that I am not using X-Frame-Options and Content-Security-Policy because one of my devices is running WebOS, was me using the rule:

add_header Access-Control-Allow-Origin "*" always;

I propose adding the rule to the documentation in the example code snipped or at least adding a hint, if someone with experience in Nginx can confirm that the provided rule doesn't break anything for other users, or is in some way harmful (again, I am not an expert in Nginx).

Scrolling through the Jellyfin Next site, the matrix channel list seems not to properly load:

That seems to be an issue on the main site as well.

Tested with Firefox 104 without being logged in to any matrix client.

I have a samsung smart TV (2014) with media station X installed. Is it possible to use media station X with Jellyfin to be an easier alternative then putting my tv in development mode? The documentation is here: http://msx.benzac.de/info/?tab=Home

The following references to the jellyfin-docs repository should be updated to point here instead.

src/components/ContributorGuide.tsx
460:              <a href='https://github.com/jellyfin/jellyfin-docs'>our Documentation Repository</a>, visible{' '}

docs/general/contributing/index.md
26:Documentation is incredibly helpful! All these docs are written using [DocFX](https://dotnet.github.io/docfx/). You can find the raw markdown in the [documentation repository](https://github.com/jellyfin/jellyfin-docs). Pull requests are welcome!

docs/general/clients/index.md
18:Do you have a client that interfaces with Jellyfin and want to see it listed here? Please [submit a pull request](https://github.com/jellyfin/jellyfin-docs)!

docs/general/administration/hardware-acceleration.md
189:- [Collection of useful links and information](https://github.com/Artiume/jellyfin-docs/blob/master/general/wiki/main.md)

I have all the file permissions properly set and when I search for my movies they show up but jellyfin only says I have 476 when I have closer to 600. The movies above the 476 number do not show up when I browse through my library but when I search for them I find them. I cant remember all of the movies I have in my library otherwise it wouldnt be a problem

Hi,

currently, install-debuntu.sh fails for our TUXEDO OS (based on Ubuntu) because /etc/os-release does not include ubuntu.
Still, we're using Ubuntu's package base quite similar to other like Mint which are included in install-debuntu.sh.

As install-debuntu.sh is not version controlled, here's a patch to use:

--- install-debuntu.sh  2023-01-24 11:23:00.885401165 +0100
+++ install-debuntu-neu.sh      2023-01-24 11:25:02.806744425 +0100
@@ -96,6 +96,10 @@
             REPO_OS="ubuntu"
         fi
     ;;
+    tuxedo)
+        REPO_OS="ubuntu"
+        VERSION="$( awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release )"
+    ;;
     *)
         REPO_OS="${BASE_OS}"
         VERSION="$( awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release )"

Could you please add tuxedo to the valid strings?

The docs site content needs ported over again since it is ~1 year out of date. There are also some pages that were in docs that were moved to the site root that should probably be moved back for now.

The docs here were updated as of jellyfin-archive/jellyfin-docs@612a092.

The following changes need ported here to be current:

• jellyfin-archive/jellyfin-docs#698
  • Blocked by #150
  • #217
• jellyfin-archive/jellyfin-docs#705
  • #182
• jellyfin-archive/jellyfin-docs#700
  • #182
• jellyfin-archive/jellyfin-docs#708
  • #166
• jellyfin-archive/jellyfin-docs#710
  • #217
• jellyfin-archive/jellyfin-docs#712
  • #217
• jellyfin-archive/jellyfin-docs#714
  • #217

Hello,

after i deployed jellyfin on some k8s.
I think in the documentation it would be nice to have an k8s-kustomize example.
On the base of the Kubernetes deployment i did an kustomize deployment.

I will try to document as well as possible.

https://github.com/chriaack/jellyfin-kustomize

Docusaurus can be configured to support sass which would be a nice development feature.

Refs: https://docusaurus.io/docs/styling-layout/#sassscss

The following security features aren't implemented for the website and should be:
HTTP strict transport security (HSTS) with preloading
Strong CSP
Security headers: x-content-type-options x-frame-options
Explicitly disable xss auditor

I exactly followed as documented the example jellyfin nginx config for jellyfin with subpath but I couldn't load the nginx proxied jellyfin page in chrome, getting the error ERR_TOO_MANY_REDIRECTS.

There's an error in the current https://jellyfin.org/docs/general/networking/nginx/ as documented in issue #6610 in jellyfin repo, fixed by comment from CaptainXLAB. I'll provide more info if needed.

Jellyfin uses a weak SPF policy. The current policy pulled from DNS is:

v=spf1 a mx a:apps1.jellyfin.org ip4:217.70.178.231 include:_mailcust.gandi.net ~all

This can be replaced with a much stronger one without SOFTFAIL as follows:

v=spf1 a mx a:apps1.jellyfin.org ip4:217.70.178.231 include:_mailcust.gandi.net -all

No DKIM record was found while querying DNS. Jellyfin should add a DKIM record to properly authenticate outbound mail. The email provider supports this feature already

A strict dmarc policy should be implemented to prevent email spoofing. The recommended value is:

v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:<some-email>; ruf=mailto:<some-email>

DMARC must only be deployed after testing both SPF and DKIM records are being validated correctly otherwise things will break. See dmarc implementation details here:
https://dmarcly.com/blog/how-to-implement-dmarc-dkim-spf-to-stop-email-spoofing-phishing-the-definitive-guide

Please note that online guides often suggest weaker policies. The policy in the code block above is what jellyfin should eventually deploy

Implement MTA-STS and TLS-RPT to make sure inbound email is always received over secure connections, at least for servers that support it:

https://support.google.com/a/answer/9261504?hl=en

Implement a CAA record for the jellyfin.org domain to restrict which CAs are allowed to issue certificates for jellyfin.org

SPF records must be served as TXT records. The SPF DNS records are deprecated and should be removed

The logo section on the branding page doesn't work with the dark theme enabled. The logo uses dark text. Fix would be to add a white background for the images or change the logo depending on the theme.

http://next.jellyfin.org/docs/general/contributing/branding#logo

unix socket binding was added in jellyfin/jellyfin#3532 (and extended in further commits(?)) by @daullmer, but requires setting specific Kestrel environment variables which are not immediately obvious. Document this properly.

The installation instructions provided here, are not correct, as the official docker Jellyfin repo is not listed in the Community Apps (CA) plugin.

I believe that the template which is supposed to be available in the CA, is this, however it is also incorrect, as 'Template Repositories' have been removed from Unraid.

I see two ways to remediate this problem.

1. Adding Jellyfin to CA following this guide
2. Adding detailed instructions for how to manually add the Jellyfin container in Unraid

Personally, I believe that it would be easiest for the end user if Jellyfin was listed in the CA.
Do note that there are multiple docker images containing Jellyfin in the CA (binhex, linuxserver and hotio), but none use the official image.

Same as jellyfin/jellyfin-web#4449.
I'm not sure if the bug belongs with jellyfin.org or jellyfin-web

Describe The Bug

Unstable versions of jellyfin-web are not being updated on Jellyfin.org.

Current unstable: 20230315.12
On Jellyfin.org: 20220906.1

Steps To Reproduce

https://repo.jellyfin.org/releases/server/debian/versions/unstable/web/
https://repo.jellyfin.org/releases/server/debian/unstable/
https://repo.jellyfin.org/releases/server/linux/unstable/web/

Expected Behavior

The website will update to the current version of unstable

Hello,

I was trying to make a bash script to reinitialize failed login attempt counter and unlock a user from jellyfin but I realized that the given queries in documentation do not work :

https://jellyfin.org/docs/general/administration/troubleshooting/#linux-cli

Can you fix that in the documentation ?

Thank in advance,

M.A

The X-XSS-PROTECTION header is deprecated and dangerous. It can cause perfectly secure websites to be vulnerable to XSS attacks. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

It is also not standards compliant and doesn't have uniform behaviour across browsers. The only safe value as of today is to explicitly disable it by setting it to 0, not 1

See hardenize recommendation

https://www.hardenize.com/report/jellyfin.org/1675457811#www_xxssp

Also see: https://news.ycombinator.com/item?id=20472947
https://thexssrat.medium.com/x-xss-protection-headers-protection-or-vulnerability-bc7213951320

https://github.com/jellyfin/jellyfin.org/blob/master/docs/general/administration/hardware-acceleration/amd.md#official-docker

Add options to filter clients by device type or platform

Arch Linux moved jellyfin-(server,web) from AUR to Extra package repo. 🎉

https://archlinux.org/packages/extra/x86_64/jellyfin-server/
https://archlinux.org/packages/extra/x86_64/jellyfin-web/

pacman -S jellyfin-server jellyfin-web

It looks like this is partially handled in individual RP documentation, but it seems to vary, and is changing fairly often. Is it better for the server to provide the CSP rather than the RP?

Latest updated seems to be here, but that is only for nginx:
jellyfin-archive/jellyfin-docs#588

Good (old) analysis here:
jellyfin-archive/jellyfin-docs#148 (comment)
jellyfin/jellyfin#1885 (comment)

The "LAN Networks" Jellyfin feature does not work properly when using the current rootless podman installation instructions. The default network port_handler (rootlesskit) masks source addresses. For this feature to work, port_handler needs to be set to slirp4netns. This can be accomplised by:

• adding --net=slirp4netns:port_handler=slirp4netns to the podman run command line, or
• adding Network=slirp4netns:port_handler=slirp4netns to the systemd [Container]

I've started work on a developer site in the "developers" branch some time ago. This list collects all tasks that need to happen before & after launch of the site. We'll launch the site with minimal content and we can add more over time. The main tasks left are UX related. If you want to work on one of these things please comment/notify in Matrix to avoid several people working on the same thing.

Before launch

Note: this list is outdated and needs updating. I will do this as soon as I have some extra time.

• Somehow merge the developer docs and developer blog, some ideas:
  • Add recent blog posts to sidebar for docs, use that sidebar for blog posts
  • Add a second header menu beneath the existing one to easily switch between blog/docs, this menu could also contain the current Jellyfin version or something
• Show announcement banner indicating the developer site is still a work in progress
  This should ONLY show on the pages for the development site, not on the end-user docs/blog
• Add an developer index page (#466)

After launch

• Add page for Authentication (how to get an access token with QuickConnect/AuthenticateByName/etc)
• Add page for getting started with plugin dev
  • Add page describing the plugin repository format (maybe add a JSON schema?)
  • Add page describing the plugin meta format (maybe add a JSON schema?)
• Add page listing our SDK's
• Add page with API changelog (based on the kotlin-sdk openapi-generator compare tool)
• Add page listing contact persons for various roles (app publishing, security issues) and maintainers (SDKs & clients)
• Add page for the playback APIs

The README should follow the same general structure as other Jellyfin projects and include accurate instructions for installing and running the project (npm is used not yarn).

• Announcement blog post — #226
• Remove site banner — #227
• Update README — #231
• Check that docs content is up to date with jellyfin-docs
  • jellyfin-archive/jellyfin-docs#715 — #234
• Update URL in docusaurus config and CNAME file — #228
• Update DNS
• Update GH repository description

Post Launch Tasks

• Migrate plugin API docs and add sidebar link
• Publish current site to old.jellyfin.org

I've noticed the test/demo site on the website's main page (https://demo.jellyfin.org/stable), that you get to by clicking on the "See it in Action" button, doesn't make it clear that the user is supposed to log-in with "demo" as user, and no password.

There should be a clear indication of what a new user is supposed to do to log-in to the demo site somewhere near each button that takes the user to the demo site, or on the demo site's log-in page itself.

After updating Jellyfin on my Synology NAS (installed following the instructions at https://jellyfin.org/docs/general/installation/synology), all my libraries and view history were nuked.

This happens because /config lives inside the container unless that path is mapped from the container to the host, and the container contents were removed on update, before being replaced by the newer image.

The manual mentions that "config" should be mapped:

Use Advanced Settings to add mount points to your media and config.

but doesn't explain how, and the screenshot doesn't show it either.

I used /volume1/docker/jellyfin/ mapped to /config for my own use. It would be useful if another screenshot was added that showed a good default value for /config so folks don't miss it when installing.

Add missing clients in Container Compatibility table like Desktop, iOS...

https://jellyfin.org/docs/general/clients/codec-support/#container-compatibility

Right now, Jellyfin wants music in a structure like artist/album/songs.ext. While this may be fine for some users, I do not feel like it is effective enough. I like to have music in a playlist rather than a bunch of albums. Jellyfin does have a playlist feature but if your songs are sorted like said above, it can be really time consuming to make a playlist, especially if you have hundreds of albums. The built in music metadata providers often miss cover art for the albums as well so they are just default icons and do not look very good. I have devised a solution: A simple toggle.

Right now if you just put all of your songs in a "playlist" like, Superplaylist/songs.mp3 it will look very ugly in the client. See below:

Whats happening is that Jellyfin thinks this is an album with every single song inside so it shows every single artist and contributing artist in the "artist" section of the album. There is another downside to this. Songs will never show their individual cover arts. This doesn't affect that actual functionality of a makeshift playlist from what I've encountered but it just isn't pretty.

With this toggle, you can set an album as a playlist instead. It could just be an option in the context menu when right clicking a playlist. What could happen is that it will show like how an actual playlist does and possibly even be moved into the playlist section. With this, individual song cover arts can be seen and not have a list of artists covering half the screen.

docs/general/networking/index.md
we have this warning:

In order for Chromecast to work on a non-public routable connection, 8.8.8.8 must be blocked on the Chromecast's Gateway. Blocking 8.8.8.8 on your router is the easiest solution to this problem.

I would argue that blocking alone is not sufficient.
You could block Google DNS and add an unbound override rule, so your local DNS points to your internal Jellyfin LAN IPv4.
You could also use NAT Reflection instead.
I would replace the warning with this:

In order for Chromecast to work on your local LAN, the easiest solution is to use IPv6 instead of IPv4. For IPv6 there is no differentiation between public and local IP. An IPv6 address can simultaneously be publicly routable and accessible from the local LAN.
For non-public routable IPv4 connections, you need to use NAT reflection to redirect to your local LAN IPv4. Another option would be to block Chromecast from reaching the Google DNS servers and add some unbound override rules to point to your local LAN IPv4

Just a rough draft to start a discussion. Would like to hear your thoughts.

https://gitlab.com/bscubed/gelata