Repository files navigation

• Automated Media Server 👻
  • About
  • ⚠️ A Note About Torrent Clients
  • Network
  • Installation
    • Install Docker
    • Install Docker Compose
    • Clone this repo
    • Build your.env file
      • Directories
      • PUID and PGID
    • Deploy the mediaserver
  • Configuration
    • Configure Jackett
    • Configure Sonarr
    • Configure Radarr
    • Configure Bazarr
    • Configure filebot
    • Configure transmission
    • Configure nzbget
    • Configure Plex
    • Reverse proxy / letsencrypt
    • VPN networks for transmission, nzbget, and others
      • Why do you need to mountdocker.sock for the wireguard container
        • Update: mountingdocker.sock is no longer necessary
  • Thank You
    • Linuxserver
    • Filebot
    • ASCII word generation
    • combustion UI for transmission
    • Donate
  • Future Plans

         _               _    __ _| |__   ___  ___| |_   / _` | '_ \ / _ \/ __| __/  | (_| | | | | (_) \__ \ |_   \__, |_| |_|\___/|___/\__|   |___/      /   _ \          (¯\| o (@) |/¯)           \_  .___.  _/            /   !_!   \           /_.--._.--._\

This is an automated media server set up in docker containers via docker-compose. The goal of this project is to automate as much of the installation and configuration as possible while maintaining simplicity of the setup (no ansible playbooks or fancy bash scripts) to avoid making it a complete black box.

The end result of this setup is a media server with the following components

• plex
• filebot
  • with a web interface for triggeringamc script
• transmission
  • configured to callfilebot container on torrent completion
  • withcombustion web UI
• nzbget
  • configured to callfilebot container on nzb completion
• sonarr
• radarr
• jackett
• bazarr
• tautulli
  • configured to look at plex server logs
• portainer
• watchtower
• nginx + letsencrypt
  • for reverse proxying to reach your services at *.domain.tld
• heimdall

The high-level steps for setup are as follows

1. Install docker and docker-compose
2. docker-compose up
3. add an indexer tojackett
4. configuresonarr /radarr to use thejackett indexer
5. configuresonarr /radarr to use annzb indexer
6. configuresonarr /radarr to usetransmission as their download client
7. configuresonarr /radarr to usenzbget as their nzb client
8. configurenzbget with your newsgroup provider
9. add libraries toplex

Once these steps have been completed, it is possible to add a TV Show or Movie tosonarr /radarr, have it automatically download them when available, and then it will be automatically copied into yourplex libraries. Post-installation, this should be a fully-automated media server. Thetransmission container will automatically clean any files older than 30 days (configurable).

📓 This has only been tested on Ubuntu 18.04 LTS but it should work just fine on other linux distros. MacOS and Windows are unsupported. If you test it on MacOS or Windows and it works, let me know!

I've removed the cofiguration forqbittorrent. If you want to keep using it, feel free to search through git history to recover the configuration, but it's no longer supported and has not been updated to use the newfilebot container.

Each service is available on its own ports:

📓To reachplex, append/web to the address e.g.192.168.1.11:32400/web

All of the services are running in the default docker-compose network. From within services, they can access each other via their<service_name>:<port> as defined indocker-compose.yml. These areNOT the ports you've configured in your.env file. Those ports are mapped to the host device's network, but the services are operating within the network that docker-compose sets up, so they will not respect the rules forwarding ports to the host network.

• https://docs.docker.com/install/#supported-platforms

• https://docs.docker.com/compose/install/#install-compose

git clone https://github.com/ghostserverd/mediaserver-docker.gitcd mediaserver-docker

cp .env_sample .envid$USER# save the result of this for building your .env file below

Modify the.env file to specify the directory configurations. Note that these directories are for the host machine. They are mapped to various locations inside of their container by thedocker-compose file.

The.env_sample file has some notes about the various configuration options. There are additional descriptions of each service's configuration below.

A good directory setup looks something like this

CONFIG_DIR=/some/directory/media_server/configDOWNLOAD_DIR=/some/directory/media_server/downloadsMEDIA_DIR=/some/directory/media_server/mediaTV_DIR=/some/directory/media_server/media/TV ShowsMOVIES_DIR=/some/directory/media_server/media/MoviesBASE_DIR=/some/directory/media_server

Note that there is a base volume mount that holds bothmedia anddownloads

/some/directory/media_server

Configuring a single mount that contains bothdownloads andmedia allowsfilebot to take advantage ofhardlinks when renaming and moving files. Hardlinks are much quicker than actually copying the file, but they require that the source and destination be on the same volume in order to work.

Fill out the rest of the configuration options before deploying. See each individual service's section for configuration details.

docker-compose up

Append-d to run in detached mode. The first time you run a service, it is probably a good idea to not run in dettached mode (i.e. DON'T append-d) so you can watch all of the logs for issues.

<server-ip>:9117

jackett should be configurable the same as any other installation of it. Feel free to skip these steps if you know how to configurejackett already.

• Add an Indexer
  • Click+ Add Indexer
  • Search for your desired tracker
  • Click on the 🔧icon next to your desired tracker
  • Sign in with your account information
  • ClickOkay
• You should seeSuccessfully configured <tracker> and a new entry for your tracker
• Copy theAPI Key from the top right corner and save it somewhere
• Click theCopy Torznab Feed on the tracker you just added and paste it somewhere to save it

<server-ip>:8989

sonarr should be configurable the same as any other installation of it. Feel free to skip these steps if you know how to configuresonarr already.

⚠️ It is critical that you usetransmission instead of the IP address when configuring the download client, as well asjackett instead of the IP when setting up your indexer. This is because this uses docker-compose networking which means each service is accessible at the name of the service, rather than the host or even local IP address.

Step-by-step for those who need it

• Add an Indexer

  • Click on theSettings button at the top
  • Click on theIndexers tab
  • Click the big+ symbol
  • Click theCustom button in theTorznab section
  • Configure yourTorznab feed
    • Name : the name of this indexer (doesn't matter, just name it the name of your tracker)
    • URL : theCopy Torznab Feed url fromjackett that you saved earlier
      • ⚠️ It is necessary to replace the IP withjackett
        • http://jackett:9117/api/v2.0/indexers/<indexer>/results/torznab/ instead of
        • http://192.168.1.11:9117/api/v2.0/indexers/<indexer>/results/torznab/
    • API Key : theAPI Key fromjackett that you saved earlier
  • ClickTest to verify that it is configured properly
  • ClickSave

• Add a Download Client

  • Click on theSettings button at the top
  • Click on theDownload Client tab
  • UnderCompleted Download Handling toggleEnable from Yes to No
    • We'll be usingfilebot to handle our completed downloads
  • Click theSave button at the top right
  • Click the large+ button
  • Click ontransmission
  • Configure your Download Client
    • Name : whatever you want; probablytransmission
    • Host :transmission
    • Port :5656 or whatever you have set forTRANS_WEBUI_PORT in your.env file
    • Username :admin or whatever you have set forTRANS_WEBUI_USER in your.env file
    • Password :adminadmin or whatever you have set forTRANS_WEBUI_PASS in your.env file
    • Category:sonarr - this allows transmission GC to properly remove torrents after seed limits exceeds
  • ClickTest to verify that it is configured properly
  • ClickSave

• Add Some TV Shows

  • Click on theSeries button at the top
  • Click+ Add Series
  • Start typing in the search bar. It will search automatically when you stop typing
  • Configure the download path (you should only have to do this on the first show you add)
    • Click the dropdown that saysSelect Path
    • ClickAdd a different path
    • Click the 📁button on the right of the modal
    • Clicktv # final path should be/tv/
    • ClickOk
    • Click the green ✔️that is now visible
    • Click the+ sign

• There are many other configuration options forsonarr that are not covered here.sonarr's webpage ishere

<server-ip>:7878

radarr should be configurable the same as any other installation of it. Feel free to skip these steps if you know how to configureradarr already.

⚠️ It is critical that you usetransmission instead of the IP address when configuring the download client, as well asjackett instead of the IP when setting up your indexer. This is because this uses docker-compose networking which means each service is accessible at the name of the service, rather than the host or even local IP address.

Step-by-step for those who need it

• Add an Indexer

  • Click on theSettings button at the top
  • Click on theIndexers tab
  • Click the big+ symbol
  • Click theCustom button in theTorznab section
  • Configure yourTorznab feed
    • Name : the name of this indexer (doesn't matter, just name it the name of your tracker)
    • URL : theCopy Torznab Feed url fromjackett that you saved earlier
      • ⚠️ It is necessary to replace the IP withjackett
        • http://jackett:9117/api/v2.0/indexers/<indexer>/results/torznab/ instead of
        • http://192.168.1.11:9117/api/v2.0/indexers/<indexer>/results/torznab/
    • API Key : theAPI Key fromJackett that you saved earlier
  • ClickTest to verify that it is configured properly
  • ClickSave

• Add a Download Client

  • Click on theSettings button at the top
  • Click on theDownload Client tab
  • UnderCompleted Download Handling toggleEnable from Yes to No
    • We'll be usingfilebot to handle our completed downloads
  • Click theSave button at the top right
  • Click the large+ button
  • Click ontransmission
  • Configure your Download Client
    • Name : whatever you want; probablytransmission
    • Host :transmission
    • Port :5656 or whatever you have set forTRANS_WEBUI_PORT in your.env file
    • Username :admin or whatever you have set forTRANS_WEBUI_USER in your.env file
    • Password :adminadmin or whatever you have set forTRANS_WEBUI_PASS in your.env file
    • Category:radarr - this allows transmission GC to properly remove torrents after seed limits exceeds
  • ClickTest to verify that it is configured properly
  • ClickSave

• Add Some Movies

  • Click on theAdd Movies button at the top
  • Start typing in the search bar. It will search automatically when you stop typing
  • Configure the download path (you should only have to do this on the first movie you add)
    • Click the dropdown that saysSelect Path
    • ClickAdd a different path
    • Click the 📁button on the right of the modal
    • Clickmovies # final path should be/movies/
    • ClickOk
    • Click the green ✔️that is now visible
    • Click the+ sign

• There are many other configuration options forradarr that are not covered here.radarr's webpage ishere

<server-ip>:6767

bazarr should be configurable the same as any other installation of it. Feel free to skip these steps if you know how to configurebazarr already.

Step-by-step for those who need it

• Configure connection settings for Sonarr:

  • Hostname or IP Address:sonarr
  • Listening Port:8989 or whatever you have set forSONARR_PORT in your.env file
  • API Key: theAPI Key fromSonarr

• Configure connection settings for Radarr:

  • Hostname or IP Address:radarr
  • Listening Port:7878 or whatever you have set forRADARR_PORT in your.env file
  • API Key: theAPI Key fromRadarr

<server-ip>:7676

The opensubtitles configuration is called by the container startup script, but opensubtitles still fails when filebot is actually run. Until I figure out how to make this work, stick tobazarr.

You can navigate to<server-ip>:7676 to see the filebot command that will be run when a download is completed. Do NOT expose this port to the internet as it is not password protected.

These are thefilebot CLI options:https://www.filebot.net/cli.html. If there are additional options you want to be able to configure, open an issue.

⚠️ This has been updated to use the4.9.x version offilebot by default. In order to properly register after you have purchased a license, copy yourlicense.psm file to the filebot config directory on your host machine. The container will automatically registerfilebot with that license.

<server-ip>:5656

It should not be necessary to configure transmission beyond the default configuration. The container writes a config with reasonable defaults. If you need access to additional transmission settings, feel free to open an issue.

The container is already automatically configured to callfilebot to post-process a download.

<server-ip:7890

The container is already automatically configured to callfilebot to post-process a download.

These are the automatic configurations innzbget now:

• TheMainDir will automatically be set to/downloads/nzb
• TheScriptDir will automatically be set to/usr/local/bin
• TheExtensions will automatically be set tonzbget-postprocess.sh
• TheControlUsername will automatically be set to whatever is configured inNZBGET_WEB_USERiff it is set
• TheControlPassword will automatically be set to whatever is configured inNZBGET_WEB_PASSiff it is set

The paths are configured that way to support callingfilebot with the post-process script.

Seethe documentation for instructions on setting up the rest ofnzbget.

The first time that you set up your plex server, you will need to claim the server to associate it with your plex account. You need to access the server vialocalhost or127.0.0.1 in order to claim it. The easiest way to accomplish this is to create an SSH tunnel to your server so you can access plex on port 32400 on localhost.

ssh <server-ip> -L 32400:localhost:32400

Once you do this, you can now log into plex vialocalhost:32400/web or127.0.0.1:32400/web and claim the server. Once the server has been claimed, you can log into it directly via the server's IP address.

<server-ip>:32400/web

• Add some libraries
  • TV Shows will be at/data/TV Shows assuming you followed the/media/TV Shows convention forTV_DIR
  • Movies will be at/data/Movies assuming you followed the/media/Movies convention forMOVIES_DIR
• ⚠️ If you don't useBazarr set up your media agents to not use local files (hopefully this will be fixed in the future)
  • There is a problem that I have not been able to fix yet where local TV Series art is not available. It appears the artwork downloaded byfilebot is not readable byplex for an unkown reason (I don't believe it's permissions related, but if you have ideas, please open an issue).
  • To get around this, uncheckLocal Media Assets for all Agents underSettings >Server >Agents. Artwork will be downloaded by plex and accessible.
• Kill and restart the containers after logging in to Plex if you have Plexpass

docker stop plexdocker-compose up -d plex

The compose file includes a letsencrypt container which you can use to set up a reverse proxy to various services which will automatically provision an SSL certificate for you to use. If you do not want to use a reverse proxy, simply delete that entry from the compose file.

I recommend that you launch the full mediaserver once without the reverse proxy enabled so you can set up authentication forsonarr,radarr,bazarr,nzbget,tautulli,netdata, andheimdall

The reverse proxy is configured to use subdomain routing by default. It copies in appropriate configurations for each service with these names

Config files for each subdomain will be present in theconfig directory on your host machine if you wish to change the configurations. The directory isconfig/letsencrypt/nginx/proxy-confs. If you wish to use different subdomains (e.g.plex.domain.tld instead ofp.domain.tld) you need to change the configuration for the subdomain in that directory, and update theLE_SUBDOMAINS to include the new subdomain.

Note that the first time you run the letsencrypt container, it can take some time for it to register an SSL cert.

I have built a wireguard container following the principles describedhere and have successfully tested using docker-compose to force all traffic fornzbget through the wireguard VPN using a config fromhttp://mullvad.net/.

Download or build a wireguard config file from your VPN provider. For example, mullvad has a wireguard config generator athttps://mullvad.net/en/download/wireguard-config/. Once you have the config file (e.g. mine is calledwgnet0.conf, copy that file into your config/wireguard directory. The container will automatically find the config file and build the VPN network for you.

⚠️ Do NOT use your VPN's killswitch in thewireguard config file. This will disallow traffic from the docker network which will make it inaccessible from the reverse proxy container. There is a rudimentary killswitch implemented in thewireguard container already. I may improve this over time.

docker-compose.yml has been updated with a commented out wireguard service. There is also a commented outnzbget service configured to use the wireguard container's network as an example. This will forcenzbget to proxy all traffic through thewireguard container, and thus through the VPN. You can follow the same pattern with thetransmission container, or evensonarr andradarr if you want all queries to torrent trackers to go through the VPN.

To proxy an additional container through thewireguard container's network, add the service name (e.g.transmission) to the list of network aliases defined in thewireguard service.

networks:default:aliases:      -nzbget      -transmission

Then update the new service's definition (e.g.transmission) to remove the port mapping list, and add

network_mode:"service:wireguard"depends_on:  -wireguard

Because thewireguard has an alias totransmission, it is now accessible ontransmission:5656 just like it was before. You will also want to add the port mapping that were originally in thetransmission service definition to thewireguard service definition.

Thewireguard container now has a proper route back to the local network overeth0 so services that are using thewireguard network should now be accessible via your local subnet. You need to specify this subnet in theLOCAL_NETWORK environment variable. Thanks tohtilly andcmulk who's containers I shamelessly copied and modified. Once you have set up the route back to the local subnet, you can properly port foward through the VPN. Seehttps://mullvad.net/en/help/port-forwarding-and-mullvad/ for details on port forwarding withmullvad.

Mountingdocker.sock is normally an anti-pattern for containers. However, when thewireguard container is started,wg-quick rewrites/etc/resolv.conf with the DNS address specified in the interface's.conf file. This breaks DNS resolution for docker services from within any container that is using thewireguard container as its network. In practice, this means that from within e.g. thetransmission ornzbget containers,curl filebot:7676 will fail DNS resolution. This breaks the auto-config between downlaoders andfilebot.

To work around this issue, thewireguard container now inspects the network (docker network inspect mediaserver-docker_default) and writes/etc/hosts entries for each service it finds in the network. This means that if one of your service IPs changes for any reason, you'll need to restart thewireguard container in order to be able to properly resolve DNS for docker services again.

I believe it is possible to fix this issue usingdnsmasq instead of writing/etc/hosts which would remove the requirement to read fromdocker.sock, but I have not been able to get it to work, so I'm leaving this hack in place for now.

If you do not mountdocker.sock, thewireguard container will still run, but any containers in thewireguard network will be unable to resolve DNS for other docker services. If that's fine with you, you don't need to mountdocker.sock.

Thewireguard container has been updated to usednsmasq to conditionally route DNS requests.

The container also now scrapes the wireguard interface file for its DNS server and write /etc/dnsmasq.conf with that as the final fallback DNS address.

There are now three options for enabling docker DNS resolution from within the wireguard container:

1. Ifdocker.sock is mounted, write/etc/hosts with any service in the network (this is really just for backwards comptability and is the same behavior as described above.)

2. IfLOCAL_TLD is set (e.g. to local) write/etc/dnsmasq.conf to use127.0.0.11 for that TLD. Also, write/etc/resolv.conf to searchLOCAL_TLD so that containers can access the addresses of the services without having to know to append.local to match the rule in/etc/dnsmasq.conf. This will require aliases with the TLD in each of the containers that need to be accessible from within the wireguard network. An alias should look something like this (e.g. forLOCAL_TLD=ghost).

   filebot:image:ghostserverd/filebot:4.9.xcontainer_name:filebotrestart:alwaysnetworks:default:aliases:          -filebot.ghost

   which will result infilebot being accessible from containers within thewireguard network.

3. IfSERVICE_NAMES is set (a list of services to make available from within the wireguard network), write each service name individually to/etc/dnsmasq.conf to force127.0.0.11 as the DNS server for each service address. This is nice because you don't have to write an alias for each service to make available, but you do need to list out all of the services. A sampleSERVICE_NAMES variable is set in thedocker-compose.yml file. It shouldn't need to be modified, but if there is a reason to, open an issue and I can make it pull from the.env file.

The last three settings are mutually exclusive. Only one of the mechanisms should be used. Of the last two, I'm not really sure which one I prefer, but they're both better than mounting docker.sock in my opinion.

Most of these containers are config wrappers aroundLinuxServer.io containers. Without their amazing linuxserver containers, none of this would have been possible. If you find this automated media server useful, go donate to them! They probably deserve it more than I do.

• forum.linuxserver.io
• IRC on freenode at#linuxserver.io
• Podcast covers everything to do with getting the most from your Linux Server plus a focus on all things Docker and containerisation!
• Donate

This would also not be possible without filebot. This has been updated to use the latest4.9.x version of filebot. It supports automatic registration as long as you provide a license file.

• Filebot
• Forum
• Purchase

Thanks to patorjk for hisascii text generator

Thanks tosecretmapper for thecombustion UI fortransmission

• Combustion

If you really want to donate to me, you can do that here

• Consider switching fromnginx totraefik
• Auto-configuration for linkingradarr andsonarr totransmission
• Auto-configuration for linkingradarr andsonarr tonzbget
• Auto-configuration forplex libraries
• Improve documentation (maybe blog post with pictures)
• Better configuration options fornzbget
• Wireguard as a network container for downloaders
• Additional containers (tautulli,muximux,portainer)
• Add reverse proxy support (traefik?)
• Upgradefilebot to4.8.2 and make it easy to license