Mediastack
The ultimate Docker Compose files and configs to build your desired media stack, quickly and easily, with secure outbound network traffic and secure remote access using multifactor authentication.
Install / Use
/learn @geekau/MediastackREADME
MediaStack Project (Docker)
See you on Reddit for MediaStack
What Applications Are Provided In MediaStack
Welcome to the MediaStack project! MediaStack is your ultimate solution for managing and streaming media collections with applications like Jellyfin and Plex. Using Docker, MediaStack containerises these media servers alongside *ARR applications (Radarr, Sonarr, Lidarr, etc.) for seamless media automation and management.
List of Docker applications configured in the MediaStack docker-compose.yaml file:
| <center> Docker Application </center> | <center> Application Role </center> |
|--------------------|------------------|
| Authentik | Authentik is an open-source identity provider for SSO, MFA, and access control |
| Bazarr | Bazarr automates the downloading of subtitles for Movies and TV Shows |
| Chromium | Chromium is an an open-source web browser, allowing secure remote Internet browsing through your MediaStack |
| CrowdSec | CrowdSec is an open-source, collaborative intrusion prevention system that detects and blocks malicious IPs |
| DDNS-Updater | DDNS-Updater automatically updates dynamic DNS records when your home Internet changes IP address |
| Filebot | FileBot is a tool for renaming and organising media files using online metadata sources |
| Flaresolverr | Flaresolverr bypasses Cloudflare protection, allowing automated access to websites for scripts and bots |
| Gluetun | Gluetun routes network traffic through a VPN, ensuring privacy and security for Docker containers |
| Grafana | Grafana is an open-source analytics platform for visualising metrics, logs, and time-series data |
| Guacamole | Guacamole is a clientless remote desktop gateway supporting RDP, VNC, and SSH through a web browser |
| Headplane | Headplane is a web-based user interface for managing Headscale, the self-hosted alternative to Tailscale |
| Headscale | Headscale is an open-source, self-hosted alternative to Tailscale's control server for managing WireGuard-based VPNs |
| Heimdall | Heimdall provides a dashboard to easily access and organise web applications and services |
| Homarr | Homarr is a self-hosted, customisable dashboard for managing and monitoring your server applications |
| Homepage | Homepage is an alternate to Heimdall, providing a similar dashboard to easily access and organise web applications and services |
| Huntarr | [DEPRECATED] Huntarr is an open-source tool that automates finding missing and upgrading media in *ARR libraries |
| Jellyfin | Jellyfin is a media server that organises, streams, and manages multimedia content for users |
| Lidarr | Lidarr is a Library Manager, automating the management and meta data for your music media files |
| Mylar | Mylar3 is a Library Manager, automating the management and meta data for your comic media files |
| Plex | Plex is a media server that organises, streams, and manages multimedia content across devices |
| Portainer | Portainer provides a graphical interface for managing Docker environments, simplifying container deployment and monitoring |
| Postgresql | PostgreSQL is a powerful, open-source relational database system known for reliability and advanced features |
| Prometheus | Prometheus is an open-source monitoring system that collects and queries metrics using a time-series database |
| Prowlarr | Prowlarr manages and integrates indexers for various media download applications, automating search and download processes |
| qBittorrent | qBittorrent is a peer-to-peer file sharing application that facilitates downloading and uploading torrents |
| Radarr | Radarr is a Library Manager, automating the management and meta data for your Movie media files |
| Readarr | Readarr is a Library Manager, automating the management and meta data for your eBooks and Comic media files |
| SABnzbd | SABnzbd is a Usenet newsreader that automates the downloading of binary files from Usenet |
| Seerr | Seerr is a request management tool for Jellyfin, enabling users to request and manage media content |
| Sonarr | Sonarr is a Library Manager, automating the management and meta data for your TV Shows (series) media files |
| Tailscale | Tailscale is a secure, peer-to-peer VPN that simplifies network access using WireGuard technology |
| Tdarr | Tdarr automates the transcoding and management of media files to optimise storage and playback compatibility |
| Traefik | Traefik is a modern reverse proxy and load balancer for microservices and containerised applications with full TLS v1.2 & v1.3 support |
| Traefik-Certs-Dumper | Traefik Certs Dumper extracts TLS certificates and private keys from Traefik and converts for use by other services |
| Unpackerr | Unpackerr extracts and moves downloaded media files to their appropriate directories for organisation and access |
| Valkey | Valkey is an open-source, high-performance, in-memory key-value datastore, serving as a drop-in replacement for Redis |
| Whisparr | Whisparr is a Library Manager, automating the management and meta data for your Adult media files |
</br></br>
| <center>Ubuntu Linux Install - Docker Compose Build</center> | <center>Windows 11 Install - Docker with WSL and Ubuntu</center> |
|----------------------------------------|----------------------------------------|
| 
| 
|
</br></br>
MediaStack is your ultimate solution for managing and streaming media collections with applications like Jellyfin and Plex. Using Docker, MediaStack containerises these media servers alongside *ARR applications (Radarr, Sonarr, Lidarr, etc.) for seamless media automation and management.
You will also be able to connect to your MediaStack instance security from the Internet using the following two methods:
-
Secure Reverse Proxy: Traefik, Authentik, and CrowdSec provides a full reverse proxy solution with free Let's Encrypt digital certificates, including SSO / OAuth2 / OpenID / SAML / Radius / LDAP identity providers and MFA. Traefik Certs Dumper extracts the Let's Encrypt cetificates so you can install them on other systems.
-
Secure Tailscale VPN: Headscale is an open source Tailscale Coordination Server, allowing remote Tailscale clients to connect to the Headscale and Tailscale applications, and accessing all of the containers over the VPN connection. Include Headplane to provide a WebUI portal to manage Headscale settings.
</br>NOTE: The Traefik reverse proxy configuration for incoming connections, has been configured with the strongest of the modern cipher suites, using only TLSv1.2 and TSLv1.3 as minimum protocols, and enforces strong security headers to provide your MediaStack with the strongest security / privacy when you connect from the Internet.
Internal Container Access (From Home)
Edit the "Import Bookmarks - MediaStackGuide Applications (Internal URLs).html" file, and find / replace all of the localhost entries with the IP address running Docker in your home network.
Then import the Bookmarks into your web browser.
External Container Access (From Internet)
Edit the "Import Bookmarks - MediaStackGuide Applications (External URLs).html" file, and find / replace all of the YOUR_DOMAIN_NAME entries with your Internet domain name.
All of the Docker images / containers in the Docker Compose file, have already been labelled for Traefik, and they will be automatically detected and assigned the correct routing based on the incoming Internet URL, using your domain name.
Port forward your incoming connections on your home Internet gateway / router, to the IP Address of your computer running Do
