Important
This uses Cloudflare for incoming connections, NordVPN for outgoing, and Google Auth for logging in. If you cannot figure those out with help from google then this might not be the setup for you!
Note
This is the barebones setup for a media server, it does not include any config (although over time I may add more document and templates explaining what to do).
This is a partial list, the individual folders have every service, and I'll maybe add information for each over time.
- AudioBookShelf: Audiobook media server.
- Kapowarr: Comic Books.
- Manyfold: 3d model server.
- Overseerr: Requests for Sonarr / Radarr.
- Plex Media Server: Main media server.
- Bazarr: Subtitle Management (for Movies and TV Shows).
- Kometa: Add overlays to posters for tv and movies in Plex.
- Imagemaid: Delete unused posters in Plex.
- Lidarr: Music Management.
- Plex-Find-Mismatch: Find incorrect matches in Plex.
- Prowlarr: Usenet and Torrent Search.
- qBittorrent: Torrent downloads.
- Radarr: Movie Management.
- SABnzbd: Usenet downloads.
- Sonarr: TV Show Management.
- Tdarr: Transcode media for cnosistency and size.
- Titlecardmaker: Add consistent posters to episodes in Plex.
- Cloudflared: Cloudflare Tunnel (incoming web requests).
- DeUnhealth: Restart unhealthy services.
- Error-Pages: Better looking error pages.
- NordLynx + Socks5-Proxy: VPN (outgoing connections).
- OpenSpeedTest: Speed test app to server.
- Scrutiny: S.M.A.R.T. information.
- SyncThing: Synchronise libraries between multiple computers.
- TinyAuth: Google OAuth login security.
- Traefik: Webapp Routing.
- Watchtower: Automatic updating of services.
- Glances: (Hardware) Server Status.
- Homer: Dashboard
- Tautulli: Plex Server Status.
Every service uses a similar folder layout, this includes having a config folder inside the service folder for easier backup and configuration.
When one service depends on another it should only be started first (with a couple of exceptions that require them to be healthy first).
Important
The install.sh script is not usable yet, these other steps are always going to be manual!
It is advised to use VSCode or similar that does syntax highlighting (ie, colors) for the files you edit!
Duplicate the .env.example file as .env, all configuration needs to go in here.
The easiest way to disable services is to edit the root compose.yaml file and comment out the services you don't want by placing a # at the beginning of the line.
- Add your email address as the
EMAILandWHITELISTin.env - Follow these instructions: https://developers.google.com/identity/protocols/oauth2
- Add the
GOOGLE_CLIENT_IDandGOOGLE_CLIENT_SECRETin.env - Place a long random hexadecimal value in
OAUTH_SECRETin .env`- The best way is to use the output of
openssl rand -hex 16
- The best way is to use the output of
- Make an account if you haven't already.
- Buy a domain, or if you already have one you can transfer the domain servers accross.
- Set this as the
DOMAINin.env - Replace the
$DOMAINinPLEX_URLwith this.
- Set this as the
- Sign up for Zero Trust - you can choose the personal 0-cost.
- Go to Networks -> Tunnels
- Create a Tunnel, name it for your domain
- Copy the "Run the following command" suggestion, paste it as
CLOUDFLARED_TOKENin.envthen remove thecloudflared.exe service installprefix (including space). - Create 2 public hostnames, one to your domain, and one to
*at your domain- Both have a service of
https://traefik - Both have Advanced -> TLS -> Origin Server Name as your domain
- Both have Advanced -> TLS -> HTTP2 connection turned on
- Both have a service of
- Go back to Account Home, then click on your domain name.
- Under the Domain (Zone) settings go to SSL/TLS -> Overview, and enable Full encryption.
- Under DNS -> Records, create a CNAME entry for
*pointing at your domain. - Under DNS -> Settings, enable DNSSEC.
- Click on your Profile in the top right, go to your profile, then click on API Tokens on the left.
- Create a Token using the Edit zone DNS template
- Allow it access to your domain under Zone Resources
- Copy the token to
CLOUDFLARE_APIin.env
- Make an account, click on NordVPN on the left, scroll down to API Key, create one and copy to
VPN_PRIVATE_KEYin.env
- Make sure you set
PATH_DOWNLOADSto a good download folder, this will be used by multiple services as a consistent location. - Place all of your media paths in the
PATH_XYZvariables in.env- add more as needed.
- Use these instructions to get
PLEX_TOKENin.env- https://support.plex.tv/articles/204059436-finding-an-authentication-token-x-plex-token/ - Ensure you have all the correct paths for Plex from the Media Paths section above. Internally we're going to map them all under the
/data/folder. - In your current Plex server go to Settings -> Library, and disable (and save) the "Empty trash automatically after every scan" option!
- Stop Plex Media Server!
- Copy (move is risky, but it's your library) the Plex Config folder starting at
Libraryintoplex/config/- so there is a folder in there calledLibrary.
Important
The Plex library must have finished copying before you do this, and you must not run the old one again (unless you decide not to go ahead with this).
- Run
docker compose pull- disable any services that you don't have permission for. - Just before running go to https://account.plex.tv/claim and copy the token to
PLEX_CLAIMin.env - Run
docker compose up -dand wait for everything to come up. - Go to
https://dozzle.<domain>and wait for all the red dots to turn green. - Optional: Run
docker compose downfollowed bydocker compose up -d dozzle plex- this reduces load and lets you setup things one at a time. - Go to Plex and tell it to rescan everything - every entry should get re-found as Plex uses file hashes for identification.