Docker MediaStack¶
Welcome to the MediaStack project! MediaStack is your ultimate solution for managing and streaming media collections with applications like Jellyfin and Plex. Using Docker, MediaStack containerises these media servers alongside *ARR applications (Radarr, Sonarr, Lidarr, etc.) for seamless media automation and management.
You will be able to connect to the Docker MediaStack from the Internet using SWAG, which handles reverse proxy and web server tasks, ensuring secure and efficient traffic management. Authelia provides robust authentication to protect your remote access, and Heimdall serves as a convenient portal for accessing all your Docker applications in one place. Additionally, MediaStack leverages Cloudflare's Zero Trust and proxy services, ensuring that remote access to your media is both secure and reliable. This setup provides two-factor authentication (2FA) and single sign-on (SSO) capabilities, ensuring that users must verify their identities before gaining access, so you know you can remotely share your Docker applications, with the confidence that your collections are protected.
MediaStack combines security, flexibility, and ease of use, making it the perfect choice for users who want comprehensive control over their media libraries. Whether you're streaming the latest movie, automating TV show downloads, or organising your music collection, MediaStack has you covered. Join the MediaStack community and elevate your media management experience.
Full deployment and configuration guide is located at: MediaStack.Guide
Discusson and assistance can be sort at: MediaStack on Reddit
NOTE: Docker, and your MediaStack, can be installed on Windows, Linux, MacOS, and even NAS appliances such as Synology. All of the steps to configure Docker for your Operating System environment, are located on the main MediaStack.Guide website.
TL;DR¶
-
Head to "mediastack" repository at https://github.com/geekau/mediastack
-
Download the full "mediastack" repository to your computer by selecting "Code" → "Download Zip"
-
Extract the downloaded zip file on your computer, then go to the directory which suits your deployment method
-
Update settings in
docker-compose.envto suit your VPN account, local networking, and location of Docker Configuration Files / Media Storage -
Deploy all Docker containers - If deploying containers individually, the Gluetun VPN container must be deployed first
-
Update and import the "MediaStack.Guide Applications" bookmarks file into your web browser to easily access each application's WebUI portal
What Applications Are Provided In MediaStack¶
The Docker applications located in the different directories are all extactly the same, however they differ on which Docker containers are secured via VPN for Internet traffic, and whether the MediaStack applications are deployed individually (Multiple YAML files), or collectively as a group (Single YAML file).
List of Docker applications used in MediaStack:
Which Docker Configurations Should I Use¶
The Docker applications located in the different directories are all extactly the same, however they differ on which Docker containers are secured via VPN for Internet traffic, and whether the MediaStack applications are deployed individually (Multiple YAML files), or collectively as a group (Single YAML file).
If you are deploying the YAML files one at a time (multiple deployment), you MUST deploy the Gluetun Docker container first, as it sets up the "mediastack" network service for all other Docker containers to join.
You can swap between the different YAML deployment types as / whenever you need, however you will need to ensure any configuration settings made in the docker-compose.env file, are copied into the new deployment folder.
Full VPN Network Security¶
This configuration set builds a fully encrypted VPN network architecture, and routes all network traffic from the Docker containers through the Gluetun container, where it is encrypted into a VPN, before it passes securely across the internet. This setup ensures that all data packets are encrypted, providing robust privacy and security. The primary benefit of this approach is the comprehensive protection of data, safeguarding against eavesdropping, and maintaining user privacy.
However, this heightened security method comes with trade-offs. Encrypting and decrypting all traffic can lead to increased latency and reduced network speeds. This can particularly impact applications requiring high bandwidth or low latency, such as media streaming or real-time communication tools. Nonetheless, for users prioritising privacy and security over speed, this setup is ideal.
graph TD
subgraph DockerNet[<center>Docker Networking - 172.28.10.0/24</center>]
Jellyfin ---- Gluetun
Plex --- Gluetun
Jellyseerr ---- Gluetun
Prowlarr --- Gluetun
Radarr ---- Gluetun
Readarr --- Gluetun
Sonarr ---- Gluetun
Mylar3 --- Gluetun
Whisparr ---- Gluetun
Bazarr --- Gluetun
Lidarr ---- Gluetun
Tdarr --- Gluetun
SABnzbd ---- Gluetun
NIC[Host Network Interface]
qBittorrent ---- Gluetun
end
Gluetun ==>| Secure VPN | NIC
NIC ==>| Secure VPN | Gateway[<center>Home</p>Gateway</center>]
Gateway ==>|Secure VPN |VPN{<center>VPN Server</p>Anchor Point</center>}
style Bazarr stroke:green,stroke-width:2px
style Lidarr stroke:green,stroke-width:2px
style Mylar3 stroke:green,stroke-width:2px
style Prowlarr stroke:green,stroke-width:2px
style Radarr stroke:green,stroke-width:2px
style Readarr stroke:green,stroke-width:2px
style Sonarr stroke:green,stroke-width:2px
style Tdarr stroke:green,stroke-width:2px
style Whisparr stroke:green,stroke-width:2px
style Jellyfin stroke:green,stroke-width:2px
style Plex stroke:green,stroke-width:2px
style qBittorrent stroke:green,stroke-width:2px
style Jellyseerr stroke:green,stroke-width:2px
style SABnzbd stroke:green,stroke-width:2px
style Gluetun stroke:green,stroke-width:2px
style NIC stroke:green,stroke-width:2px
style Gateway stroke:green,stroke-width:2px
style VPN stroke:green,stroke-width:2px
NOTE: Many of the Docker applications are passing traffic through the Gluetun VPN container. When the Gluetun container stops, or if the VPN network connection is interrupted, then all network traffic for the other Docker applications, will also stop until the secure VPN connection is re-established.
Minimal VPN Network Security¶
This configuration set builds a minimal encrypted VPN network, soley for the BitTorrent network traffic coming from qBittorrent, which routes network traffic through the Gluetun Docker container, where it is encrypted into a VPN before routing out to the Internet. All other Docker containers connect to the Docker bridge network (not Gluetun), and pass their network traffic directly out to the Internet though your Internet Service Provider. This approach ensures that only the BitTorrent data is encrypted, while other containers operate with unencrypted traffic flows. The advantage here is that it maintains higher network performance for most applications, avoiding the latency and bandwidth reductions associated with full encryption.
However, this comes at the cost of leaving some network traffic potentially exposed to interception or monitoring. This setup is suitable for users who require high performance for certain applications but still want to protect specific, sensitive activities.
graph TD
subgraph DockerNet[<center>Docker Networking - 172.28.10.0/24</center>]
Jellyfin -..-> NIC
Plex -.-> NIC
Jellyseerr -..-> NIC
Prowlarr -.-> NIC
Radarr -..-> NIC
Readarr -.-> NIC
Sonarr -..-> NIC
Mylar3 -.-> NIC
Whisparr -..-> NIC
Bazarr -.-> NIC
Lidarr -..-> NIC
Tdarr -.-> NIC
SABnzbd -..-> NIC
NIC[Host Network Interface]
qBittorrent --- Gluetun
end
Gluetun ==>| Secure VPN | NIC
NIC -.->| Insecure Data | Gateway[<center>Home</p>Gateway</center>]
NIC ==>| Secure VPN | Gateway[<center>Home</p>Gateway</center>]
Gateway -.->| Insecure Data |Internet{<center>General</p>Internet</center>}
Gateway ==>|Secure VPN |VPN{<center>VPN Server</p>Anchor Point</center>}
style Bazarr stroke:orange,stroke-width:2px
style Lidarr stroke:orange,stroke-width:2px
style Mylar3 stroke:orange,stroke-width:2px
style Prowlarr stroke:orange,stroke-width:2px
style Radarr stroke:orange,stroke-width:2px
style Readarr stroke:orange,stroke-width:2px
style Sonarr stroke:orange,stroke-width:2px
style Tdarr stroke:orange,stroke-width:2px
style Whisparr stroke:orange,stroke-width:2px
style Jellyfin stroke:orange,stroke-width:2px
style Plex stroke:orange,stroke-width:2px
style qBittorrent stroke:green,stroke-width:2px
style Jellyseerr stroke:orange,stroke-width:2px
style SABnzbd stroke:orange,stroke-width:2px
style Gluetun stroke:green,stroke-width:2px
style VPN stroke:green,stroke-width:2px
style Internet stroke:orange,stroke-width:2px
Secure Remote Network Access¶
All of the Docker configurations are set up to allow you to remotely access your Docker applications while you're away from home. The network diagram illustrates a secure remote access architecture utilising a combination of Docker applications, SWAG (Secure Web Application Gateway), Authelia, Heimdal, and Cloudflare Zero Trust. This setup ensures that only authenticated and trusted users that you grant permissions to, can access the internal Docker-based services over the Internet.
At the core of the network is the Docker infrastructure, operating on the subnet 172.28.10.0/24 (adjustable). Within this network, multiple applications are hosted in Docker containers. Once a remote user is successfully authenticated, they are granted access to Heimdall, which serves as a landing page portal provding users with easy access to the other Docker applications. To securely manage and route incoming connections, SWAG functions as both a reverse proxy and web server, and uses a valid SSL Digital Certificate to encrypt the remote HTTPS session. It intercepts requests from remote users and forwards them to the appropriate internal services.
Cloudflare plays a crucial role in enhancing security. It acts as the initial point of contact for remote Internet users, offering a robust proxy service that filters and manages traffic before it reaches SWAG. Cloudflare Zero Trust provides an additional layer of security by enforcing authentication and access policies. This means that any request must pass through Cloudflare's security checks, ensuring only authorised traffic reaches the internal Docker network.
Authelia, integrated with both SWAG and Cloudflare Zero Trust, handles user authentication. It provides two-factor authentication (2FA) and single sign-on (SSO) capabilities, ensuring that users must verify their identities before gaining access. This integration ensures that even if an attacker bypasses the Cloudflare security checks, they still face robust authentication challenges from Authelia.
By combining these technologies, the setup ensures a secure, scalable, and manageable remote access solution. The network protects against unauthorized access while providing legitimate users with seamless access to the necessary applications, thus balancing security with user convenience.
graph LR
subgraph DockerNet[<center>Docker Networking - 172.28.10.0/24</center>]
Authelia
SWAG
Heimdall -->| Remote Access | Docker{Docker</p>Applications}
Heimdall -->| Remote Access | Apps{Internal Network</p>Access}
NIC[Host Network Interface]
end
subgraph Internet[<center>Internet Zone</center>]
Remote[ Remote</p>Internet Users ] -->| Remote Access</p>HTTPS to SWAG | Proxy{<center>Cloudflare</p>Proxy</center>}
Cloudflare{<center>Cloudflare</p>Zero Trust</center>}
end
Proxy --> | Remote Access</p>HTTPS to SWAG | Gateway[Home Gateway]
Gateway --> | Remote Access | NIC
NIC --> | Remote Access | SWAG
Authelia <-.-> | Auth | NIC
Authelia <-.-> | Auth | SWAG
NIC <-.-> | Auth | Gateway
Gateway <-.-> | Auth | Cloudflare
SWAG -->| Authenticated Users | Heimdall
style Authelia stroke:green,stroke-width:2px
style SWAG stroke:green,stroke-width:2px
style Heimdall stroke:green,stroke-width:2px
style Remote stroke:green,stroke-width:2px
style Gateway stroke:green,stroke-width:2px
style Cloudflare stroke:green,stroke-width:2px
style Proxy stroke:green,stroke-width:2px
style Apps stroke:green,stroke-width:2px
style Docker stroke:green,stroke-width:2px
style NIC stroke:green,stroke-width:2px
What If I Don't Want Remote Access¶
All of the MediaStack Docker configurations deploy the Docker applications necessary to set up remote access into your home network, however, the remote access will only work if you configure the Docker environment with a valid domain name (DNS or DDNS), your Home Gateway is configured to port-forward network traffic into your home network, and you set up authentication with Authelia and Cloudflare Zero Trust.
So, while all Docker configurations deploy the Remote Access applications, the Remote Access will not work unless you follow the additional instructions to set up the authentication and access requirements. Therefore, if you don't want remote access, you can still safely install all of the Docker YAML configurations currently how they are now, without automatically granting Remote Access to your home network.
How To Access The Applications In Home Network¶
Understanding how to access the Docker applications within your own home network can be a confusing concept for those new to Docker, more so when some of the Docker applications are hidden behind other Docker applications, such as Gluetun.
Imagine the following deployment scenario:
-
User 1 has deployed their Docker applications using the "Minimum VPN" YAML files, so only the qBittorrent container is using the Gluetun VPN to encrypt network traffic to the Internet. Therefore, User 1 accesses the Jellyfin application directly, with the URL of: https://jellyfin:8096.
-
User 2 has deployed their Docker applications using the "Full VPN" YAML files, which has all of the "Media Player" and "Downloading" Docker containers connecting to the Internet through the Gluetun VPN, encrypting all network traffic. Therefore, User 2 accesses the Jellyfin application by using the Gluetun container, which then uses port-redirection to forward the network traffic into Jellyfin. This URL will be: https://gluetun:8096.
The YAML configuration files are already set up to do all the network firewalling, port forwarding, and VPN connections as standard, all that most people will need to do, it just update the docker-compose.env file and update all the IP Addresses for VPN login details for your own environment.
graph TB
subgraph HomeNet[<center>Home Network - 192.168.1.0/24</center>]
1[<center>User 1</center>]-.->NIC
2[<center>User 2</center>]-->NIC
NIC -.-> Jellyfin
NIC[<center>Docker Host</p>192.168.1.10</center>] --> Gluetun
subgraph DockerNet[<center>Docker Network - 172.28.10.0/24</center>]
Gluetun
Jellyfin[<center>Jellyfin</p>HTTPS:8096</center>]
end
Gluetun --> Jellyfin
end
style 1 stroke:green,stroke-width:2px
style 2 stroke:green,stroke-width:2px
style NIC stroke:green,stroke-width:2px
style Gluetun stroke:green,stroke-width:2px
style Jellyfin stroke:green,stroke-width:2px
The network settings for your home network, and the Docker network, can be adjusted in the docker-compose.env file. Likewise, if the Gluetun container is routing outbound VPN traffic for any of the Docker applications, it can also accept inbound network traffic and re-route the traffic to any of the Docker containers connected to the Gluetun VPN, based on the port redirect rules in the Gluetun YAML file.
The different network VPN security, and inbound redirection to the Gluetun attached Docker applications has already been configured in the YAML files, most users should just need to adjust the docker-compose.env file to suit your network IP addressing, then deploy the applications using the docker compose commands.
How Are The Filesystems Mapped Between The Docker Application And The Host Computer ?¶
All of the filesystems are automatically mapped between your host computers hard drives, and the virtual drives within the Docker containers. The filesystem mapping is configured in all of the YAML configuration files, so the Docker applications use the same folder structure.
You will need to set up the following variables in the docker-compose.env environment configuration file, do Docker know this folders on the Docker host computer to use for the local data storage.
The FOLDER_FOR_MEDIA variable can be either Linux, Windows, MacOS, Synology, or NFS filesystems, and is the location for all of the media storage, and transient download files being used by the Bittorrent and Usenet applications. The filesystem mapping and directory structure between the Docker host computer, and the Docker applications, is shown in the folder structure below.
The FOLDER_FOR_DATA variable can also be either Linux, Windows, MacOS, Synology, or NFS filesystems, and is the configuration storage for all of the Docker applications. Docker will store the running configuration of each of the Docker applications, into their own directory, inside the FOLDER_FOR_DATA directory.
$ tree $FOLDER_FOR_MEDIA
⠀⠀⠀⠀⠀Docker Host Computer:⠀⠀⠀⠀⠀⠀⠀⠀⠀Inside Docker Containers:
├── /FOLDER_FOR_MEDIA ⠀ ├── /data
⠀⠀⠀⠀⠀├── media ⠀⠀⠀⠀├── media <-- Media is stored / managed under this folder
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── anime │⠀⠀⠀⠀├── anime <-- Sonarr Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── audio │⠀⠀⠀⠀├── audio <-- Lidarr Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── books │⠀⠀⠀⠀├── books <-- Readarr Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── comics │⠀⠀⠀⠀├── comics <-- Mylar3 Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── movies │⠀⠀⠀⠀├── movies <-- Radarr Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── music │⠀⠀⠀⠀├── music <-- Lidarr Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── photos │⠀⠀⠀⠀├── photos <-- N/A - Add Personal Photos
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── series │⠀⠀⠀⠀├── series <-- Sonarr Media Library Manager
⠀⠀⠀⠀⠀│⠀⠀⠀⠀└── xxx │⠀⠀⠀⠀└── xxx <-- Whisparr Media Library Manager
⠀⠀⠀⠀⠀├── torrents ⠀⠀⠀⠀├── torrents <-- Folder for Torrent Downloads Data
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── anime │⠀⠀⠀⠀├── anime <-- Anime Category (Sonarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── audio │⠀⠀⠀⠀├── audio <-- Audio Category (Lidarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── books │⠀⠀⠀⠀├── books <-- Book Category (Readarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── comics │⠀⠀⠀⠀├── comics <-- Comic Category (Mylar3)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── complete │⠀⠀⠀⠀├── complete <-- Completed / General Downloads
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── console │⠀⠀⠀⠀├── console <-- Comic Category (Manual DL)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── incomplete │⠀⠀⠀⠀├── incomplete <-- Incomplete / Working Downloads
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── movies │⠀⠀⠀⠀├── movies <-- Movie Category (Radarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── music │⠀⠀⠀⠀├── music <-- Music Category (Lidarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── prowlarr │⠀⠀⠀⠀├── prowlarr <-- Uncategorised Downloads from Prowlarr
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── series │⠀⠀⠀⠀├── series <-- TV Series (Sonarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── software │⠀⠀⠀⠀├── software <-- Software Category (Manual DL)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀└── xxx │⠀⠀⠀⠀└── xxx <-- Adult / XXX Category (Whisparr)
⠀⠀⠀⠀⠀├── usenet ⠀⠀⠀⠀├── usenet <-- Folder for Usenet Downloads Data
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── anime │⠀⠀⠀⠀├── anime <-- Anime Category (Sonarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── audio │⠀⠀⠀⠀├── audio <-- Audio Category (Lidarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── books │⠀⠀⠀⠀├── books <-- Book Category (Readarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── comics │⠀⠀⠀⠀├── comics <-- Comic Category (Mylar3)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── complete │⠀⠀⠀⠀├── complete <-- Completed / General Downloads
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── console │⠀⠀⠀⠀├── console <-- Comic Category (Manual DL)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── incomplete │⠀⠀⠀⠀├── incomplete <-- Incomplete / Working Downloads
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── movies │⠀⠀⠀⠀├── movies <-- Movie Category (Radarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── music │⠀⠀⠀⠀├── music <-- Music Category (Lidarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── prowlarr │⠀⠀⠀⠀├── prowlarr <-- Uncategorised Downloads from Prowlarr
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── series │⠀⠀⠀⠀├── series <-- TV Series (Sonarr)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀├── software │⠀⠀⠀⠀├── software <-- Software Category (Manual DL)
⠀⠀⠀⠀⠀│⠀⠀⠀⠀└── xxx │⠀⠀⠀⠀└── xxx <-- Adult / XXX Category (Whisparr)
⠀⠀⠀⠀⠀└── watch ⠀⠀⠀⠀└── watch <-- Add .nzb and .torrent files for manual download
Use the following script to automatically create all of the subdirectories for the FOLDER_FOR_MEDIA and FOLDER_FOR_DATA folders.
Update the following variables for your own needs: FOLDER_FOR_MEDIA, FOLDER_FOR_DATA, PUID, and PGID.
If using Linux, use the sudo id username to get the PUID and PGID values for your Docker user.
export FOLDER_FOR_MEDIA=/mediastack
export FOLDER_FOR_DATA=/mediastackdata
export PUID=1000
export PGID=1000
sudo -E mkdir -p $FOLDER_FOR_DATA/{authelia,bazarr,ddns-updater,gluetun,heimdall,jellyfin,jellyseerr,lidarr,mylar3,plex,portainer,prowlarr,qbittorrent,radarr,readarr,sabnzbd,sonarr,swag,tdarr/{server,configs,logs},tdarr_transcode_cache,unpackerr,whisparr}
sudo -E mkdir -p $FOLDER_FOR_MEDIA/media/{anime,audio,books,comics,movies,music,photos,series,xxx}
sudo -E mkdir -p $FOLDER_FOR_MEDIA/usenet/{anime,audio,books,comics,complete,console,incomplete,movies,music,prowlarr,series,software,xxx}
sudo -E mkdir -p $FOLDER_FOR_MEDIA/torrents/{anime,audio,books,comics,complete,console,incomplete,movies,music,prowlarr,series,software,xxx}
sudo -E mkdir -p $FOLDER_FOR_MEDIA/watch
sudo -E chmod -R 775 $FOLDER_FOR_MEDIA $FOLDER_FOR_DATA
sudo -E chown -R $PUID:$PGID $FOLDER_FOR_MEDIA $FOLDER_FOR_DATA
You can deploy the MediaStack Docker on other operating systems, such as Windows / Synology. Visit the MediaStack.Guide website to get the scripts to create the directory structure on Windows, MacOS, and Synology operating systems.
What Is The Difference Between The Single and Multiple YAML Configurations¶
All of the Docker configurations are the same, however, they can be deployed using a "Single" YAML file, or "Multiple" YAML files, depending on your needs and experience with Docker applications.
Single YAML File Deployment:¶
Advanced users often prefer a single YAML file as it encapsulates the entire network and application configurations in one place. This method simplifies management and ensures all services are deployed together, maintaining consistency and reducing the risk of configuration mismatches. However, this approach requires a deep understanding of Docker and YAML syntax, as a single error can disrupt the deployment of all services.
Example:
vi docker-compose.env
sudo docker compose --file docker-compose-mediastack.yaml --env-file docker-compose.env up -d
NOTE: You must update the
docker-compose.envfile for your needs, prior to runningdocker compose.
Multiple YAML Files Deployment:¶
New users benefit from using multiple YAML files, each dedicated to an individual Docker application. This modular approach simplifies troubleshooting and allows users to manage each service independently. If an issue arises, it’s easier to pinpoint and resolve. Additionally, it provides flexibility to update or redeploy specific applications without affecting the entire stack.
If you choose to deploy the Docker containers individually, you MUST deploy the Gluetun container first. The Gluetun Docker container sets up the essential network configurations that establish the foundational network infrastructure for all other Docker containers. Without it, subsequent deployments will fail, as they rely on the network settings defined within the Gluetun YAML file. This prerequisite ensures that all containers can communicate correctly and securely within the Docker network.
NOTE: You must update the
docker-compose.envfile for your needs, prior to runningdocker compose.
Example:
vi docker-compose.env
sudo docker compose --file docker-compose-gluetun.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-jellyfin.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-jellyseerr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-plex.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-prowlarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-lidarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-mylar3.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-radarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-readarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-sonarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-whisparr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-bazarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-qbittorrent.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-sabnzbd.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-unpackerr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-tdarr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-swag.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-authelia.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-heimdall.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-ddns-updater.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-flaresolverr.yaml --env-file docker-compose.env up -d
sudo docker compose --file docker-compose-portainer.yaml --env-file docker-compose.env up -d
Additionally, if there are some Docker applications you do not want to run in your MediaStack, then you just don't run the docker compose command for these applications.
Check Status of VPN Connection¶
The MediaStack project focuses on Security and Privacy as some of the basic networking concepts, and uses the Gluetun Docker application to encrypt your network traffic as it passes across the Internet.
If you are having network connectivity issues, or would like to check the network status of your Docker applications, there are several commands / checks that you can perform to check on connection status.
-
Check running Docker processes:
-
Check IP Addresses of containers in the "mediastack" network:
-
Connect to Gluetun Docker container and check the IP Address:
-
Use the following command to connect to the Docker application and start a shell CLI:
-
Use the following web links to check your own IP Address, and the location of the VPN IP Address:
-
https://ifconfig.me
- https://iplocation.net
REMEMBER: If the Gluetun container is not running, or the VPN connection is down, then all Docker containers behind the Gluetun VPN container will stop passing network traffic.
How To Debug My Docker Deployment¶
Occasstionally your Docker applications won't deploy properly on different systems, as we all have different configurations, such as networking, drive mappings, and even VPN credentials. When configurations are not correct, the Docker containers will fail to start, and we need to undertake some debugging to see the errors in the logs.
Using the "Individual Deployment" method described above is the best way to debug, as we deploy only one Docker application at a time, allowing us to resolve the configuration issues in one application, before moving on to the next Docker application to deploy.
Debug the Docker deployment by running the docker compose command on the CLI, without the -d switch, this will display all of the logs directly in the command prompt window.
Example:
Press CTRL + C once you have read the Docker application logs, and need to exit back to the CLI.
You can also read the Docker logs for the application, by using the following command.
If you want to continuously view the logs in real-time, you can use the -f (follow) option:
This command will display the logs and continue to update as new log entries are generated; press CTRL + C to quit stream the logs from Docker.
Once you have identified and resolved any issues which prevented your Docker applications starting, then you can use the original -d command syntax to execute the Docker application in "Detacted Mode" (headless), so they continue to run in the background.
WebUI Management For Docker - Portainer¶
Managing Docker via the CLI can be complex and challenging, especially for users who are not familiar with command-line syntax and operations. The CLI requires precise commands and a good understanding of Docker’s functionalities, which can be time-consuming and prone to errors.
MediaStack includes the "Community Edition" of Portainer, which offers a user-friendly alternative to CLI, by providing a graphical web application to manage Docker environments. With Portainer, users can easily deploy, configure, and monitor Docker containers through an intuitive interface. This reduces the complexity and learning curve associated with the CLI, making Docker management accessible and efficient for both beginners and experienced users. Portainer simplifies Docker operations, enhances productivity, and improves overall user experience.
You can access your Portainer instance at: https://localhost:9443
Piracy Notice¶
Using Docker to deploy the applications in the MediaStack is a great way to store, manage, and access your digital media that you own, or have legally acquired, and particularly when dealing with the digital media your children are exposed to. Docker allows easy deployment, updates, and maintenance, ensuring optimal performance without system interference.
We strongly emphasise the ethical and legal use of technology, advocating for managing media that users have rights to, such as purchased copies. Our community does not condone or tolerate piracy or related discussions. Piracy violates intellectual property laws and undermines content creators. Our forums focus on supporting users in managing their media content legally and responsibly.
By respecting legal guidelines and content creators' rights, we ensure a supportive, ethical community dedicated to lawful media management.