Just run it in an lxc? I've installed it using: https://tteck.github.io/Proxmox/
Thank you for your answer. I maybe want to add some features in the future, like all those *arr- programs. Wouldn't it be easier to have everything in one VM instead of many LXC?
Use LXC unless that's for some reason not possible. It has less overhead than VMs. How many services you put into one container is for you to decide. I have one for jellyfin and one for the arrs and download client. Splitting everything into more containers might be beneficial, if something stops working. You can then fix or use a backup for the one thing without inhibiting the other services.
Unless you want to use docker. Then, as others have mentioned, make one VM and put all your dockers there.
I have arr in lxc also, I just map a folder from the host into the lxc containers. It's working flawless, plus it's quite flexible.
I also have a few things running in docker, but if I can get it in lxc I do that.
And it's so easy doing with the scripts from the page I linked to you:)
Thank you, that sounds like my favorite option so far!
Another benefit to LXC is you can map devices, including GPU, to multiple LXC while keeping them accessible to the host. For my home setup I currently have 3 LXC with access to the iGPU, 1 for jellyfin+caddy via podman nested, 1 for moonfire-nvr via podman nested, and been trying to use 1 to figure out hardware transcoding with owncast through multiple install methods but no luck so far. I've also been playing with mapping rtl-sdr v3 devices, zigbee stick, zwave stick, and coral usb for a variety of projects lately.
edit: I forgot to answer the question and went straight to ranting, lol. LXC is like a bare-metal VM. You can install & run multiple things on them like a normal VM including podman or docker.
you can map devices, including GPU, to multiple LXC while keeping them accessible to the host
You can do this with the iGPU for VMs too, using either GVT-g for older Intel iGPUs or SR-IOV for newer ones. I'm using my iGPU in a Windows VM as well as in Docker containers on the host.
I'd highly recommend to take a deeper look into Docker. While it might look complicated at first, it really isn't. Once you get the gist of it, you'r setup life will me much simpler in the future.
In a nutshell: Say you need to run jellyfin (or whatever)
Generally, you'd need to install jellyfin from the repos or download it's binary, etc... Then you'd have to dig through the configuration process, where files are scattered all across the system. Probably, in some cases, you'd have to copy/move/symlink media files around, etc.
With Docker however, you just spin up the jellyfin as a container, and bind the necessery configuration and media files to that container, which is usually a one-liner.
So instead of having scattered config files all around the place, you can have something like ~/Docker/configs/jellyfinn and bind that folder (or file) to the containers /etc/jellyfin. And you can use the same approach to have your media files in ~/Movies and bind thst to jellyfin /data folder. These are just examples, you'll just have to look where the docker containers expect the files to be, which is usually well documented.
And the final step is to bind the ports of the container to the host, so you can interact with the service as if it was running on the host.
So I run Jellyfin on a Ubuntu container, just wanting to note that while the config files live somewhere on the system, you don't actually need to touch them. All configuration can be performed via the web interface so it's all abstracted out. It's not any easier to use Docker in that respect at all. What you're describing as bind ports mean that your Docker host also needs access to the files/folders, then you map it via bind folders.
Same thing in my case, I make sure that Proxmox has access to the files, then map the folder into the container and then Jellyfin can access it directly. No fiddling around with Jellyfin configs.
If you're using NFS, I'd argue it's easier not to use Docker. Just install Jellyfin, setup NFS client to mount the folder and then configure Jellyfin to find the folder. Job done.
+1 for using Docker.
I run an AdGuard Home, Plex, Unifi Controller and Wireguard on a Raspberry Pi. When I upgraded to the Pi4 from a Pi3 I just had to plug my portable HDD into the new Pi. Copy over the docker-compose.yml and configure the disk to mount on boot. No messing around having to install and reconfigure each of the apps. No need for Plex to redownload all its metadata as it used to when I migrated in the past.
Docker containerizes jellyfin. If you use proxmox you don't need to containerize in a "container".
That makes sense, docker is off the table.
Edit: or is it? Not decided yet.
Hardware wise, docker on debian is much efficient (and easier to pass through your gpu for hardware decoding) than docker on a vm or lxc on proxmox.
My setup: jellyfin in a debian12 LXC installed normally with the official documentation for Debian (no docker) My medias are on a different drive than the OS, i just add a mount point to the container, although, this needs to be done via the CLI (you can avoid the CLI if it's in the same drive I think, not sure)
Exactly this myself. Debian lxc with jellyfin repo added, media on ZFS with passthrough mountpoints, very performant and easy to maintain.
Docker just adds layers of complexity for no benefit here
Jellyfin is very conveniently packaged in docker, so while it may seem daunting, I highly recommend at least trying that route.
Running an nfs mount, docker or not, should be perfectly fine. Jellyfin just uses normal storage so won't care if it's nfs. No real special considerations with proxmox either, especially without worrying about a dedicated GPU. Just spin up a Debian guest and go.
The other comment made sense to me, why contain a container. But you are right, I will learn more about docker, it seems like a great tool.
Thank you for your confirmation with NFS. Just read about it yesterday, in search of an alternative to samba, what all the windows user seem to use.
You "contain the container" because the VM provides storage and compute for docker (the docker container needs to run "somewhere").
I use a VM on proxmox to run a jellyfin container. VM mounts needed NFS dirs for config and media. Then create a systemd service to start/stop the container.
I understand that I can use a VM to run docker, but:
Wouldn't make a LXC more sense than a VM with docker inside? And what are the advantages of running jellyfin in a container instead of a normal installation? The VM is already kind of a container, what benefits do I get from yet another container inside? I am curious to learn more!
Your head might be spinning from all the different advice you're getting - don't worry, there are a lot of options and lots of folk are jumping in with genuinely good (and well meaning) advice. I guess I'll add my two cents, but try and explain the 'why' of my thinking.
I'm assuming from your questions you know your way around a computer, can figure things out, but haven't done much self-hosting. If I'm wrong about that, go ahead and skip this suggestion.
- Jellyfin good - a common gateway drug to homelabbing, and the only thing you'll do that non-tech friends will appreciate
- Proxmox good - it makes the backups simple and provides a path forward for all sorts of things
- Docker good - you've said it increases complexity; this is correct in that you're adding more layers of stuff, but it reduces your complexity of management by removing a heap of dependency issues. There is a compute and memory overhead involved, but it's small and the tradeoff is worth it.
- VM good - yes an LXC is more efficient, but it's harder to run docker in. Save that for a future project
- Media data somewhere else good - I run a separate NAS with an SMB share. A NAS in a VM is a compromise, but like all things self hosting, you start out with what you've got. I let Jellyfin keep the metadata in the VM that's hosting my Jellyfin though since the NAS is over the network. That's less of a consideration if you are visualizing your NAS on the same machine, but I'd still do it my way for future proofing.
- Passthrough magic not yet - this can also be a future project. If your metal has quicksync that can be utilized to reduce the CPU load, but that can also be a future project.
That summarized my situation pretty good. Since a year now I switched everything to Linux, selfhosting seems to be a natural extension of that.
May I ask, since you have a very beginner-friendly way of writing:
I run a separate NAS with an SMB share.
Why did you choose SMB instead of NFS? I read here that NFS is very efficient and fast.
Docker good
Many people here have very convincing arguments for docker. While checking it out I saw that it uses partly proprietary licenses. Why are so many people so sure that docker won't pull a 'Unity-stunt' and make their knowledge about docker obsolete?
LXC is more efficient, but it's harder to run docker in.
I meant to install a Jellyfin LXC, if there is such a thing, without docker involved. Is that possible?
The Docker engine itself, meaning the dockerd
daemon, its APIs and the docker
CLI, are all under Apache 2.0. The non-free parts are mostly in their Docker Desktop offering, which is mostly a convenience GUI and not absolutely necessary (the easiest, on Windows and macOS, probably, but not the only one) to run Docker on most platforms.
My experience with LXC hasn't been ideal, but for reasons that are by design. The permissions make it complicated for the way I use it. Proxmox has all of the storage, which is shared with the LXC as a Mount Point. The LXC has unique user PIDs and GIDs, so if the LXC modifies a file, now none of my other stuff has permission to access it.
I had to add some config stuff to get around this problem, but in the end I just switched to VMs. I don't care about overhead that much.
Edit to add more info: I think the permissions problem is only if you make the container "unprivileged". The relevant config to add to /etc/pve/lxc/***.conf is as follows:
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535
I have no clue why this works. I think I copied it from Proxmox documentation. It worked and I left it at that.
The user and group mapping for lxc is easy(ish) once you understand it.
The above breaks out as follows: lxc.idmap: [user/group] [beginning host UID/GID] [number of sequential IDs to map]
lxc.idmap: u 0 100000 1000 [maps LXC UIDs 0-999 to host UIDs 100000-100999]
lxc.idmap: g 0 100000 1000 [maps LXC GIDs 0-999 to host GIDs 100000-100999]
lxc.idmap: u 1000 1000 1 [maps LXC UID 1000 to host UID 1000]
lxc.idmap: g 1000 1000 1 [maps LXC GID 1000 to host GID 1000]
lxc.idmap: u 1001 101001 64535 [maps LXC UIDs 1001-65535 to host UIDs 101001-165535]
lxc.idmap: g 1001 101001 64535 [maps LXC GIDs 1001-65535 to host GIDs 101001-165535]
The last two lines are needed because a running Linux system needs access to a minimum of 65336 UIDs/GIDs (zero-indexed).
You can basically think of LXC as running everything on the host system itself, but running it all as UID/GID 100000-65535 by default. In an unprivileged container, you have to remap these to give access to resources not owned by that range.
I wonder, after making these changes is it the same security wise as making the container unprivileged=0?
Nope. It just maps a single user and group from the container to a regular user on the host. With the above config, root in the container has the "real" UID of 100000. It can't make changes to anything any other unprivileged user can. A privileged container otoh runs root as root. It can do a lot of damage. By running privileged containers you're kind of throwing out a good portion of LXC's benefits.
That makes sense. Thanks.
Docker lets the maintainers configure all of the dependencies for you. You then don't need to worry about whether you're using debian, ubuntu or even fedora. When you upgrade jellyfin you just pick the new tag to pull without worrying about whether it needs a new version of ffmpeg or if it works with avconv.
It gets you out of the business of trying to maintain compatibility and just keeping your os up to date.
Feel free to use lxc though. I had issues with using lxc that I couldn't work around so I use cloudinit ubuntu/debian images instead. I think the issue I had was actually using NFS but I don't remember...
Jellyfin is also conveniently packaged as a .deb and provide a repo for Ubuntu/Debian. It's pretty easy to spin up a Debian container, add the repo, and apt install jellyfin, IMHO easier than doing the same thing with a VM, then docker...
Yes, but less portable. Harder to work with if you have to move stuff around, like migrate to a new VM.
Silly question but what is your question? Yes you can run jellyfin in docker in a VM on Proxmox. Personally have a similar setup and I don't use GPU encoding or decoding.
Also GPU passthough to a VM with vfio is generally pretty good and stable so if you want GPU acceleration it shouldn't be to hard. I personally run a virtual machine for gaming that has a GPU and USB controller passed though to it. I can't even tell the difference in terms of hardware performance
There seem to be many ways to reach the same goal:
- run Jellyfin in Docker in a VM in Proxmox
- install Jellyfin Server in Debian in a VM in Proxmox
- install a Jellyfin LXC container on proxmox
- ... Probably more
I try to find the best way for me.
Docker is the easiest to maintain.
I used to use Proxmox but switched to Unraid which has a nice UI to manage Docker containers. That's one thing I wish Proxmox would add.
So since the LXC route is promoted here take a look into these Helper Scripts they make the use of LXC very easy.
That said you could still adjust parameters afterwards and when you feel comfortable with.
I run a Debian server on proxmox with a nfs share to an openmediavault VM, just like you intend to. Works like a charm. When you search for Media Server on smarthomebeginner.com you can find a setup with Docker. I really recommend it, Docker makes it so much easier.
I used to use Plex running in an LXC in Proxmox but when I switched to Jellyfin I did it through docker and I haven't looked back. The setup was easier, maintenance is easier (updates can be scripted to be automatic really easily) and it works in a reliable predictable way like the rest of my docker containers.
I just have a VM in Proxmox that has docker installed and that contains all of my containers.
A lot of services that I run on my Proxmox host are far easier to set up and maintain as a docker container because that's just how the developer packages them. Proxmox says that Docker in an LXC is no-no, so to reduce the maintenance overhead and to stick to supported builds, I use a bunch of VMs with many running Docker. Jellyfin has install instructions to run directly on Debian, and that works for me, but don't be afraid to run Docker on a Proxmox VM if it will make your life easier.
Proxmox could be the perfect learning environment for docker, just make a new VM if I borg something. I will look into it, thanks. Just not for this specific project, Jellyfin on Debian sounds good for me.
I'm currently running Jellyfin on a VM in Proxmox and have been for a long time, it works great. My storage solution isn't glorious, but it is simple. I just have a Debian LXC container in proxmox that bind mounts a large disk and exposes that through an NFS share. Then I've installed jellyfin with Podman/Docker on a VM that has that NFS share mounted.
Also, a lot of people have already said this, but Podman/Docker only looks intimidating before you use it. It's A LOT easier to get applications running then using the "traditional way". The only thing that could potentially increase complexity for you is to expose a GPU to the docker container. But since you said you don't have a dedicated GPU I'd strongly recommend using a docker container for the job. Once you've used it, you'll never look back.
Hey, since I'll be going down that same road soon, any tips on GPU passthrough? Can I simply follow the proxmox wiki?
The only thing that could potentially increase complexity for you is to expose a GPU to the docker container.
This isn't that difficult either. Most of it is ensuring the host system sees the GPU, and configuring the Docker container to pass through the correct device.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
LXC | Linux Containers |
NAS | Network-Attached Storage |
Plex | Brand of media server package |
Unifi | Ubiquiti WiFi hardware brand |
4 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #244 for this sub, first seen 26th Oct 2023, 11:55] [FAQ] [Full list] [Contact] [Source code]
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!