Media Server stack containing the popular *arr applications with support for Let's Encrypt.
Includes:
- Authentik is an open-source Identity Provider for SSO and much more
- Deluge a lightweight BitTorrent client with web based management interface
- Gluetun VPN client to anonymize IP
- Kavita free and open source web based ebook, manga and comic reader
- Lidarr looks and smells like Sonarr but made for music
- Mylar is an automated Comic Book (cbr/cbz) downloader
- NZBGet an efficient Usenet Downloader
- Overseerr request management and media discovery tool
- Plex organize all of your personal media so you can enjoy it no matter where you are
- Portainer simple management UI for Docker
- Prowlarr indexer manager/proxy for nzb and torrent
- Radarr a fork of Sonarr to work with movies à la Couchpotato
- Readarr ebook and audiobook collection manager for Usenet and BitTorrent users
- Sonarr smart PVR for newsgroup and bittorrent users
- Tautulli monitoring and tracking tool for Plex Media Server
- 🐧 Linux distribution capable of running Docker
- 🐳 Docker and Docker Compose
- 🕵🏼 Private Internet Access VPN (required for secure torrent support)
The compose file is configured to make all services available via *.sslip.io,
e.g. portainer.192-168-100-99.sslip.io
. The default port for the reverse proxy
is 8080
and can be configured by editing .env
. An additional domain may be
specified by setting HTTP_HOST
in .env
.
The default SSL port is 8443
and can be changed by setting HTTPS_PORT
in
.env
. By default, Traefik will use a self-signed certificate. To use a trusted
certificate generated by Let's Encrypt, follow the below instructions.
Automatic certificate generation uses a DNS-01
ACME challenge. This challenge supports generation of wildcard certificates and
does not require the server to be accessible via the internet. Presently, only
CloudFlare is supported as for the DNS-01
challenge, however, support for
other providers can be added by editing docker-compose.yml
directly. See the
Traefik documentation
for more details.
Assuming your domain is using CloudFlare for DNS and you have obtained the
Global API Key for your
account, set the below .env
variables to enable SSL:
# cloudflare email address
CF_API_EMAIL=account@yourdomain.com
# cloudflare api token
CF_API_KEY=ec059099c531fdabbd06ca8cd5f7a8bccd190
# the top-level domain used for letsencrypt certificates
HTTP_HOST=yourdomain.com
Set the required AUTHENTIK_*
environment variables in .env
. These values
should not be changed after setting them once. Replace changeme
in the below
example with something secure:
# secret key used for cookie signing and unique user ids, don't change this after the first install
AUTHENTIK_SECRET_KEY=changeme
# postgresql password, don't change this after the first install
AUTHENTIK_POSTGRESQL_PASSWORD=changeme
Ensure the NVIDIA Container Runtime
is installed and functioning correctly and set PLEX_RUNTIME
in .env
:
PLEX_RUNTIME=nvidia