jellyfin-accounts

Table of Contents

First run
New account defaults
Manual configuration

First run

On your first run, accessing <your ip>:8056 will bring you to the setup wizard.

Before you start configuring, you should make sure that timezones are correct everywhere. If you're running bare metal, this shouldn't be an issue, but docker containers are another story. For linuxserver.io Jellyfin containers, you should be able to use -e TZ=Europe/London but if not, -v /etc/localtime:/etc/localtime:ro usually works. Once you've added this run docker exec -it <your container> bash to enter its shell, then date. From there you can see if the time is correct.

New account defaults

jf-accounts can store a users policy (library access, perms, etc.) and homescreen layout, and write them to all new users.

Note: You can now do this in the web ui.

If you're running on bare metal, run
root@lab ~# jf-accounts --get_defaults

If you're using docker, make sure the container if already running and then run

root@lab ~# docker exec -it <your container name> bash root@ed2244cc8ab4:/# jf-accounts -d /data --get_defaults
After that, follow through the prompts to store your defaults.

Manual configuration

If you want to manually configure, or change anything after the first run, below are descriptions of each setting in config.ini.

jellyfin

Best practice is to create a separate admin account (I named mine 'accounts') without normal privileges (accessing media, etc.). Its credentials can then be entered.

server is the address at which the program will access Jellyfin. If you're running on the same network, you should set this to the local address.

public_server is the address at which a user can access Jellyfin. It's used on the invite form to direct the user to login once they've made an account. If this isn't set, it will default to the same value as server.

The rest of the fields under this section can be whatever you want, so you may as well leave them as they are.

ui

The host and port are where the web interface will be hosted. The server runs insecurely, so you should put it behind a reverse proxy with HTTPS.

jellyfin_login lets you log in to the admin page using your username and password from jellyfin. By default this allows any user to access the page. You can restrict this to admins only by enabling admins_only.

The username and password here are for the admin page. They're not used if you've enabled jellyfin_login.

password validation

Enabling this will display a list of criteria when a user tries to create an account, and validate it against these when they try to submit.

The rest of the settings are self explanatory.

email

You should set this up if you wish to use password resets and/or invite emails.

use_24h is pretty self-explanatory. It specifies whether to use '5:00 PM' or '17:00' in the emails sent out.

date_format Allows you to choose how dates are displayed in emails. The default, for example, would print out the 1st of February 2020 as '01/02/20' To change this, make sure to use the datetime.strftime style. A cheatsheet for this can be found here.

message specifies a small message to show at the bottom of each email.

Currently, jellyfin-accounts support SMTP and mailgun for sending emails. The former will work with almost any email provider. Search up how to connect to your providers SMTP server if you don't know how to already.

address is the address emails will be sent from. If using SMTP, make sure this matches up with the password later on.

from is the name of who you want the email sent from.

smtp

Currently, jellyfin-accounts support fully secured SSL/TLS SMTP, and the less secure yet more common STARTTLS. Specify which to use through setting encryption to ssl_tls or starttls.

Fill in your providers web address as server.

For port, your provider will likely have many choices. Make sure this matches the encryption type above. Usually 465 for SSL/TLS, and 587 for STARTTLS.

Enter the password corresponding to the address you entered in the [email] section.

mailgun

This section only needs to be modified if you've chosen it as the method up above.

It works with their REST API. Upon creating an account and setting up your domain, you should be displayed the API url and key. put these respectively as api_url and api_key.

password_resets

Enabling this will take the emails that new users enter in the creation form and store them. When the user triggers a 'reset password' on the Jellyfin login page, the PIN required will be sent to the email address corresponding to the user. For pre-existing users, simply add them to the emails.json file.

watch_directory is the folder to watch for password reset files. To figure out where this should be, load up Jellyfin and press the 'Forgot password' button. Enter your username, and a popup will appear telling you the path of the created password reset file. e.g for the below image, you would put /config as your watch_directory. However, if you're running jf-accounts and jellyfin on different systems, or using docker, you'd have to put wherever /config is mounted to as watch_directory.

Unless you want to use a custom format for your emails, leave email_html and email_text blank. If you want to customize them, look here.

subject is the subject of the email.

invite_emails

Enabling this will allow you to optionally send an invite directly to the user's email.

email_html and email_text work in the same way as above.

subject again is the subject of the email.

Because one will most likely use jellyfin-accounts behind a reverse proxy, it has no way of knowing the URL it will be accessed from. The email sent out includes a link to the invite page, so url_base stores the location of the invite path, e.g https://jellyf.in:8056/invite.

files

custom_css allows you to specify the path to custom CSS for bootstrap. For more info, see Appearance.

The rest can be left blank, unless you want anything stored outside of the default directory (~/.jf-accounts/ or /config on docker).