added everything

_share/data/docker/jellyfin-compose.yml

@@ -0,0 +1,23 @@
+version: "3.8"
+
+services:
+  jellyfin:
+    image: jellyfin/jellyfin:latest
+    container_name: jellyfin
+
+    user: "1004:1004"  # Adjust to match your user/group ID (or use the media group ID)
+
+    ports:
+      - "127.0.0.1:8096:8096"
+
+    volumes:
+      - /srv/jellyfin/config:/config
+      - /srv/jellyfin/cache:/cache
+      - /home/ftpuser/ftp/media/video:/media/video
+      - /home/ftpuser/ftp/media/audio:/media/audio
+      - /home/ftpuser/ftp/media/books:/media/books
+
+    environment:
+      - TZ=Asia/Jerusalem
+
+    restart: unless-stopped

_share/data/nginx/jellyfin-ssl.conf

@@ -0,0 +1,37 @@
+server {
+    server_name jellyfin.ronnyabraham.com;
+
+    location / {
+        proxy_pass http://localhost:8096;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket support
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/jellyfin.ronnyabraham.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/jellyfin.ronnyabraham.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+
+server {
+    if ($host = jellyfin.ronnyabraham.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name jellyfin.ronnyabraham.com;
+    return 404; # managed by Certbot
+
+
+}

_share/data/nginx/jellyfin.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+    server_name jellyfin.ronnyabraham.com;
+
+    location / {
+        proxy_pass http://localhost:8096;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket support
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+    }
+}
+

docker.org

@@ -26,6 +26,7 @@
 │   │   └── data/
 │   ├── forgejo/
 │   └── n8n/
+│   └── jellyfin/
 #+end_example
 
 **** storage layout table
@@ -38,6 +39,7 @@
 | /mnt/storage/docker/compose/calibre/data | Calibre persistent volume               |
 | /mnt/storage/docker/compose/forgejo      | Forgejo compose setup                   |
 | /mnt/storage/docker/compose/n8n          | N8N compose setup                       |
+| /mnt/storage/docker/compose/jellyfin     | Jellyfin compose setup                  |
 
 
 *** commands
@@ -70,3 +72,9 @@ nvim  daemon.json
 :CUSTOM_ID: docker-n8n
 :END:
 #+include: "_share/data/docker/n8n-compose.yml" src yaml
+
+** Jellyfin
+:PROPERTIES:
+:CUSTOM_ID: docker-jellyfin
+:END:
+#+include: "_share/data/docker/jellyfin-compose.yml" src yaml

forgejo.org

@@ -19,10 +19,12 @@
 | Docker User          | git                              |
 
 *** Users
-| Role       | Username   | Password     | Email                   |
+| Role         | Username      | Password     | Email                    |
-|------------+------------+--------------+-------------------------|
+|--------------+---------------+--------------+--------------------------|
-| Admin      | git-admin  | 2reishit2ara | ronny.abraham@ymail.com |
+| Admin        | git-admin     | 2reishit2ara | ronny.abraham@ymail.com  |
-| Developer  | ronnygit   | 2reishit2ara | ronny.coder@gmail.com   |
+| Developer    | ronnygit      | 2reishit2ara | ronny.coder@gmail.com    |
+| notes admin  | scribe        | 2reishit2ara | scribe@ronnyabraham.com  |
+| website user | website-ronny | 2reishit2ara | website@ronnyabraham.com |
 
 *** token access
 #+INCLUDE: "./_share/data/forgejo/tokens.org::#token-api-debug" :only-contents t

jellyfin.org

@@ -0,0 +1,71 @@
+#+title: Jellyfin
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="_share/media/css/computer.css" />
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="_share/media/css/org-media-sass/content-overview.css" />
+#+OPTIONS: H:6
+
+* links
+- [[./toc.org][TOC - Home System]]
+
+
+* Jellyfin Basic Info
+
+url: video.ronnyabraham.com
+
+nginx conf: /etc/nginx/sites-available/video.ronnyabraham.com
+
+username: jellyfin-admin
+password: 2reishit2ara
+
+* setup Jellyfin
+
+** install Jellyfin
+#+begin_src
+curl -fsSL https://repo.jellyfin.org/debian/jellyfin_team.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/jellyfin.gpg
+
+echo "deb [signed-by=/usr/share/keyrings/jellyfin.gpg] https://repo.jellyfin.org/debian bookworm main" | sudo tee /etc/apt/sources.list.d/jellyfin.list
+
+sudo apt update
+sudo apt install jellyfin -y
+#+end_src
+
+** start and enable Jellyfin
+#+begin_src
+sudo systemctl enable jellyfin
+sudo systemctl start jellyfin
+#+end_src
+
+** access Jellyfin
+
+access the setup wizard
+
+*** Open:
+#+begin_src
+http://<raspberrypi-ip>:8096
+#+end_src
+
+*** If you're on the Pi itself:
+#+begin_src
+http://localhost:8096
+#+end_src
+
+* nginx setup
+
+** Site Configuration
+
+
+#+INCLUDE: "nginx.org::#jellyfin-conf" :only-contents t
+
+** Enable Site & Restart
+#+begin_src bash
+sudo ln -s /etc/nginx/sites-available/forgejo /etc/nginx/sites-enabled/
+sudo nginx -t && sudo systemctl reload nginx
+#+end_src
+
+** Enable HTTPS with Certbot
+#+begin_src bash
+sudo certbot --nginx -d git.ronnyabraham.com
+#+end_src
+
+** First-Time Setup
+- Visit: https://forgejo.ronnyabraham.com
+- Create the `git-admin` user and initialize your first repository.

network-info.org

@@ -34,6 +34,83 @@
 | DHCP Server     | Enabled                     |
 | IP Address Pool | 192.168.0.2 - 192.168.0.253 |
 
+** Open Ports
+These are the active port forwarding rules configured on the router for local devices. All are currently marked as open and mapped directly from external to internal ports on the same device.
+
+*** Current Port Forwards
+| Service Name                |    Device IP | External Port | Internal Port | Protocol | Status |
+|-----------------------------+--------------+---------------+---------------+----------+--------|
+| GIT                         | 192.168.0.63 |           222 |           222 | TCP      | Open   |
+| SSH                         | 192.168.0.63 |            22 |            22 | TCP      | Open   |
+| HTTPS                       | 192.168.0.63 |           443 |           443 | TCP      | Open   |
+| FTP                         | 192.168.0.63 |            21 |            21 | TCP      | Open   |
+| HTTP                        | 192.168.0.63 |            80 |            80 | TCP      | Open   |
+| Postgres - stg.ronnyabraham | 192.168.0.63 |          5433 |          5433 | TCP      | Open   |
+
+* FTP
+** FTP Server Configuration Overview
+
+| Setting                  | Value                         | Notes                                                    |
+|--------------------------+-------------------------------+----------------------------------------------------------|
+| Server IP (LAN)          | 192.168.0.63                  | Your Raspberry Pi's local IP                             |
+| Domain (optional)        | ftp.ronnyabraham.com          | Public address (requires DNS pointing to your home IP)   |
+| FTP Username             | ftpuser                       | Restricted to chroot jail: /home/ftpuser/ftp             |
+| FTP Password             | [your-password]               | Chosen during user setup                                 |
+| Login Port               | 21 (TCP)                      | Already forwarded                                        |
+| Passive Port Range       | 30000–31000 (TCP)             | Must be forwarded in router for PASV mode                |
+| FTP Root Dir             | /mnt/storage/srv/ftp          | Physical storage location                                |
+| FTP Mount (seen by user) | /home/ftpuser/ftp             | Bind-mounted for vsftpd                                  |
+| Passive Mode Enabled     | YES                           | Required for most clients like FileZilla, ncftp          |
+| Encrypted FTP (FTPS)     | NO                            | Not yet set up — optional for secure external access     |
+| Firewall                 | None or default iptables      | UFW not installed                                        |
+| External Access Ready?   | YES, if passive ports forwarded| Port forwarding must include 21 + 30000–31000            |
+
+** vsftpd.conf Configuration
+
+Location: `/etc/vsftpd.conf`
+
+Add or ensure the following lines are present to enable passive mode:
+#+begin_src conf
+pasv_enable=YES
+pasv_min_port=30000
+pasv_max_port=31000
+pasv_address=ftp.ronnyabraham.com
+#+end_src
+
+After changes, restart the service:
+#+begin_src bash
+sudo systemctl restart vsftpd
+#+end_src
+
+** Optional To-Do
+*** DONE Forward passive ports in router (30000–31000)
+*** TODO Enable TLS (FTPS) for secure login & transfer
+Enabling TLS (also known as FTPS) encrypts both the FTP login credentials and file transfers, protecting them from interception over the internet.
+
+This is especially important if you plan to access your FTP server remotely from public networks.
+
+Steps to enable:
+1. Generate or obtain an SSL certificate and key (self-signed or from a trusted CA)
+2. Edit `/etc/vsftpd.conf` to enable SSL:
+#+begin_src conf
+      ssl_enable=YES
+      rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+      rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+      force_local_data_ssl=YES
+      force_local_logins_ssl=YES
+      ssl_tlsv1=YES
+      ssl_sslv2=NO
+      ssl_sslv3=NO
+      require_ssl_reuse=NO
+      ssl_ciphers=HIGH
+      #+end_src
+3. Restart vsftpd:
+      #+begin_src bash
+      sudo systemctl restart vsftpd
+      #+end_src
+4. Configure your FTP client (e.g., FileZilla or ncftp) to use "FTP over TLS"
+
+
 
 * Raspberry Pi Information
 #+INCLUDE: "pi-storage.org::*Raspberry Pi Information" :only-contents t

nginx.org

@@ -48,3 +48,13 @@
 :CUSTOM_ID: n8n-conf
 :END:
 #+INCLUDE: "./_share/data/nginx/n8n-ssl.conf" src nginx
+
+** jellyfin
+*** initial
+#+INCLUDE: "./_share/data/nginx/jellyfin.conf" src nginx
+
+*** with ssl
+:PROPERTIES:
+:CUSTOM_ID: jellyfin-conf
+:END:
+#+INCLUDE: "./_share/data/nginx/jellyfin-ssl.conf" src nginx

pi-storage.org

@@ -27,6 +27,7 @@ ping ronberrypi.local
 | website   | 2reishit2ara | www-data, sudo | /var/www, /home/website |
 | ftpuser   | 2reishit2ara | www-data, sudo | /home/ftpuser           |
 | librarian | 2reishit2ara |                | librarian               |
+| scribe    | 2reishit2ara |                | /home/scribe            |
 
 * connect with a vnc
 - [[https://www.youtube.com/watch?v=9fEnvDgxwbI][Raspberry Pi Headless Setup]]

toc.org

@@ -18,3 +18,4 @@
 - [[./forgejo.org][forgejo]]
 - [[./n8n-setup.org][n8n setup]]
 - [[./calibre.org][calibre]]
+- [[./jellyfin.org][jellyfin]]