Skip to content

Jellyfin in Container Manager on a Synology NAS (No Hardware Transcoding)

Last updated on 28 January 2024

Important or Recent Updates
Historic UpdatesDate
New DSM7.2 Container Manager Update (Beta/RC)30/04/2023
Fixed a typo in the ports section for 735904/07/2023
Guide rewritten moving to a Project rather than the slower method via the UI giving you more flexibility. Also includes updates to improve security which is only possible via projects. 25/10/2023
Historic Updates

In this guide I am going to take you through the setup of Jellyfin in Container Manager. Please note this guide is for anyone that does not have Hardware Transcode abilities on their NAS. You can see the other guide for those that do.

Let’s Begin

As usual, it’s important you complete the three preceding guides which will get your folder structure, docker user and bridge network setup.

Folder Setup

Let’s start by getting some folders set up for the container to use. Open up File Station create the following.

Folders
/docker/projects/jellyfin-compose
/docker/jellyfin

Container Manager

Next we are going to set up a ‘Project’ in Container Manager. Open up Container Manager and click on Project then on the right-hand side click ‘Create’.

In the next screen we will set up our General Settings, enter the following:

SectionSetting
Project Name:jellyfin
Path:/docker/projects/jellyfin-compose
Source:Create docker-compose.yml

Next we are going to drop in our docker compose configuration copy all the code in the box below and paste it into line ‘1’ just like the screenshot.

What on earth is a Docker Compose?
Docker Compose allows us to define how Docker should set up one or more containers within a single configuration file. This file is yaml formatted and Container Manager uses the Projects feature to manage them.

YAML
services:
  jellyfin:
    image: linuxserver/jellyfin:latest
    container_name: jellyfin
    environment:
      - PUID=1234 #CHANGE_TO_YOUR_UID
      - PGID=65432 #CHANGE_TO_YOUR_GID
      - TZ=Europe/London #CHANGE_TO_YOUR_TZ
      - JELLYFIN_PublishedServerUrl=SEE_TABLE_BELOW
      - UMASK=022
    volumes:
      - /volume1/docker/jellyfin:/config
      - /volume1/data/media:/data/media
    ports:
      - 8096:8096/tcp #web port
      - 8920:8920/tcp #optional
      - 7359:7359/udp #optional
    network_mode: synobridge
    security_opt:
      - no-new-privileges:true
    restart: always

The two optional ports in the above can be removed if you will not use them. 7359 is for automated discovery of Jellyfin by the apps, and 8920 is the HTTPS port which is useful if not using the reverse proxy later in the guide.

Environment Variables

We need to make some changes in order for the container to have the correct permissions to save its configuration files and to have access to your media.

VariableValue
PUID(required) The UID you obtained in the user setup guide
PGID(required) The GID you obtained in the user setup guide
TZ(required) Your timezone wikipedia.org/wiki/List_of_tz_database_time_zones
JELLYFIN_PublishedServerUrlThis will be your NAS IP or if you are going to be accessing via your DDNS address use this. (You can change this later if you wish)

Volumes

We can now pass through our file paths into the container they are mounted using the volume’s section of the compose file.

I have pre-filled this section to pass the correct paths, the only thing that you may need to change is the /volume1/ if your file paths are on a different volume.

Click ‘Next’

You do not need to enable anything on the ‘Web portal settings’ screen click ‘Next’ again.

On the final screen click ‘Done’ which will begin the download of the container images and once downloaded they will be launched!

The image will now be downloaded and extracted. You should see ‘Code 0’ when it has finished.

You will now see your Jellyfin running and should have a green status on the left-hand side.

Firewall Exceptions

(Skip if you don’t have the Firewall configured)

If you have enabled and configured the Synology Firewall you will need to create exceptions for any containers that have a Web UI or have any incoming or outgoing connections. This section covers the basics of how to add these. (Please note this is a generic section and will not show the specific ports used in this guide however it applies in the same way)

Also, I would like to refer people to the great guide on getting the Firewall correctly configured over on WunderTechs site.

Head into the Control Panel> Security > Firewall, from here click Edit Rules for the profile you set up when you enabled the Firewall.

Next click on Create and you will see the screen below. Source IP and Action will be automatically selected to All and Allow, I will leave it up to you as to your own preference on whether you want to lock down specific Source IPs from having access. In this example we will leave as All.

You will now choose ‘Custom‘ and then the Custom button

Now select Destination from the drop-down menu, most web based containers require TCP access but check the guide as it will show the port and protocol. Then add comma separated ports. Then press OK.

Click OK a couple of times to get back to the main screen. You will see by default the new rule is added to the bottom of the list. You must always have your Block All rule last in the list as the rules are applied top down so move your container up.

You have now completed the Firewall changes and can continue with the guide.

Jellyfin Initial Setup

After a few minutes you should be able to access the server and go through the initial Jellyfin setup by going to the IP of your NAS in your browser followed by port 8096.

e.g. 192.168.0.30:8096

When adding movies or shows they will be located in the /data/media folder.

Remote Access

If you are going to be using your set-up outside your LAN you will also need to enable the following options to allow access and also to restrict bandwidth

Allow remote connections to this server

Streaming

In order to limit upload bandwidth you can also set an overall limit for streams, this is useful if you or other users will be trying to play back files larger than your upload bandwidth can handle

Part 2 – DDNS, SSL and Reverse Proxy

Before we start, make sure you have registered for a Synology Account as we are going to be using their DDNS service. https://account.synology.com/en-uk/register/

In order to successfully use the reverse proxy you will also need to forward port 443 to you NAS IP. (You will need to check how to do this on your own router) This port is used for secure web traffic.

DDNS (Dynamic Domain Name System)

A DDNS address allows you to get external access to Jellyfin via a subdomain provided by Synology, this is useful on home internet connections where your ISP will change your IP address on a regular basis. (If you already have this set up via another guide you can skip to the Reverse Proxy section)

Note: If you want to access DSM via this new address you will either need to create an additional Reverse Proxy for it or open port 5001 on your router.

In the DSM Control panel go to ‘External Access’ and then to the ‘DDNS’ tab

Click on ‘Add’, then fill out the following sections.

SectionValue
Service ProviderSynology
HostnameThis can be anything it will be used to access your NAS externally
Email:Log into your Synology account
External Address (IPv4)This should be filled in automatically
External Address (IPv6)This should be filled in automatically if your ISP is using IPv6
Get a Cert from Let’s EncryptTick this box
Enable HeartbeatTick this box

Now press OK, DSM will apply your settings. It can take a few moments to set up and the DSM interface will refresh. You will likely receive a certificate error which you will need to accept to get back into DSM.

You should now test that you can access your Diskstation via the hostname you requested and not receive any SSL errors.

Reverse Proxy

So you don’t have to open up additional ports on your router for Jellyfin we are going to set up a reverse proxy subdomain. This means you and your users can access Jellyfin without using a port number as it will route all traffic through the secure 443 port.

Go back into the Control Panel and access the ‘Login Portal’ then in the ‘Advanced’ tab click ‘Reverse Proxy’ and then click on ‘Create’.

We are now going to enter some rules, so when you or your users access the URL specified the request will automatically be sent to the Jellyfin web UI.

Use the settings below, you will need to amend the Hostname sections in line with the hostname you registered earlier, and the IP of your NAS.

SettingValue
Reverse Proxy Name:jellyfin
Protocol:HTTPS
Hostname:jellyfin.xxx.synology.me (change the part after ‘jellyfin.’ to your own hostname you registered earlier.
Port:443
Protocol:HTTP
Hostname:Your NAS IP
Port:8096
example settings

On the second tab ‘Custom Header’ click on Create then WebSocket, this will add two entries which will force a https connection if you ever try to connect over http, you can now press save.

You should now be able to access the Jellyfin login screen to https://jellyfin.yourhostname it will be a secure connection, and you should have no SSL errors.

You can now log in with the username and password you created earlier, the same address is used in the Android and iPhone apps.


Buy Me a Coffee or a Beer

If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me get the odd beverage. Plus 10% goes to the devs of the apps I do guides for every year.

Published inJellyfin 7.2

8 Comments

  1. beebee beebee

    Thank you for the great tutorials!

    I am using a 224+ and had to combine both your guides, the one with and the one without hardware transcoding to get everything working.

    For instance in the yaml file I had to change network_mode to host.

    My current yaml files is missing the devices section. Does that interfere with the hardware transcoding? I was able to select in the ui. But am unsure if it is actually doing hardware transcoding.

    • Dr_Frankenstein Dr_Frankenstein

      Odd you would have to combine both, I can understand host mode as that is up to you as to how you want the container to run network wise, without the device section you wont get hardware transcoding as the intel graphics are not being passed into the container without it.

      • beebee beebee

        Thank you for your quick reply and for confirming my suspicions.

        I will add the devices section to my yaml file and try to get it all working.

        Sidenote about using both guides:
        Yeah, I mixed and matched both guides because sometimes I got stuck on certain things. But also mostly I was just finding my way around my recently acquired first Synology nas and all things docker. I will try to tweak my setup a bit more.

        • Dr_Frankenstein Dr_Frankenstein

          No worries can certainly be a steep learning curve initially, buy once things start to click it will start becoming second nature.

  2. Marco Marco

    Thanks a lot for the tutorial. Everything working like a charm.

    I just want to add one thing that other ppl might be struggling. Well, I did.
    The reverse proxy worked after I created a specific certificate (a second one after my main cert): “jelly.XXX.synology…”. After setting the reverse proxy, go to the certificate tab > settings and then select the specific certificate “jelly…” to the service “jelly… ” created in the reverse proxy setting.

    I think that I struggled because has been using DDNS already and did not change that setting. The tutorial is not explicit about that situation, and I took some time to connect the dots.

    • Dr_Frankenstein Dr_Frankenstein

      Hey, let me try this out. The Proxy address was it a subdomain of your original main certificate? e.g. main cert is for ‘marco.synology.me, and you were using ‘jelly.marco.synology.me’ for the proxy address.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

drfrankenstein.co.uk – writing Synology Docker Guides since 2016 – Join My Discord!