################################################################################# ################################################################################# ################################################################################# ## ## Docker Compose Environment Variable file for Jellyfin / *ARR Media Stack ## ## Update any of the environment variables below as required. ## ## It is highly recommended Linux users set up a "docker" user, so the ## applications can access the local filesystem with this user's access ## privileges. Use PUID / PGID to map user access between the Docker apps ## and local filesystem. ## ## The MediaStack Guide is located at https://MediaStack.Guide ## ################################################################################# ################################################################################# ################################################################################# # Name of the project in Docker COMPOSE_PROJECT_NAME=mediastack COMPOSE_BAKE=true # This is the network subnet which will be used inside the docker "media_network", change as required. # LOCAL_SUBNET is your home network and is needed so the VPN client allows access to your home computers. DOCKER_SUBNET=172.28.10.0/24 DOCKER_GATEWAY=172.28.10.1 LOCAL_SUBNET=192.168.1.0/24 # This is the IP Subnet used on your home network LOCAL_DOCKER_IP=192.168.1.10 # This is the IP Address of your Docker computer # Each of the "*ARR" applications have been configured so the theme can be changed to your needs. # Refer to Theme Park for more info / options: https://docs.theme-park.dev/theme-options/aquamarine/ TP_THEME=nord # If you intend to use Plex as your Media Server, then enter your Plex Claim # information below, to link this Plex Media Server to your Plex account # Access Plex claim at: https://account.plex.tv/en/claim PLEX_CLAIM=claim-1234567890abcdef # These are the folders on your local host computer / NAS running docker, they MUST exist # and have correct permissions for PUID and PGUI prior to running the docker compose. # # Use the commands in the Guide to create all the sub-folders in each of these folders. # Host Data Folders - Will accept Linux, Windows, NAS folders. # Make sure these folders exists before running the "docker compose" command. FOLDER_FOR_MEDIA=/your-media-folder # <-- Update for your folders - Synology Example: /volume1/media FOLDER_FOR_DATA=/your-app-configs # <-- Update for your folders - Synology Example: /volume1/docker/appdata # File access, date and time details for the containers / applications to use. # Run "sudo id docker" on host computer to find PUID / PGID and update these to suit. PUID=1000 PGID=1000 UMASK=0002 TIMEZONE=Europe/Zurich # Update your own Internet VPN provide details below # Online documentation: https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers VPN_TYPE=openvpn VPN_SERVICE_PROVIDER=VPN provider name VPN_USERNAME= VPN_PASSWORD= # You MUST provide at least one entry to the SERVER variables below, that supports your VPN provider's settings. # If you want to add more than one entry per line, use comma separated values: "one,two,three" etc... SERVER_COUNTRIES= SERVER_REGIONS=Europe SERVER_CITIES= SERVER_HOSTNAMES= SERVER_CATEGORIES= # Fill in this item ONLY if you're using a custom OpenVPN configuration # Should be inside gluetun data folder - Example: /gluetun/custom-openvpn.conf # You can then edit it inside the FOLDER_FOR_DATA location for gluetun. OPENVPN_CUSTOM_CONFIG= GLUETUN_CONTROL_PORT=8320 # Fill in these items ONLY if you change VPN_TYPE to "wireguard" VPN_ENDPOINT_IP= VPN_ENDPOINT_PORT= WIREGUARD_PUBLIC_KEY= WIREGUARD_PRIVATE_KEY= WIREGUARD_PRESHARED_KEY= WIREGUARD_ADDRESSES= # These are the ports used to access each of the applications in your web browser. # You can safely change these if you need, but they can't conflict with other active ports. QBIT_PORT=6881 FLARESOLVERR_PORT=8191 TDARR_SERVER_PORT=8266 # WebUI ports for internal access to applications WEBUI_PORT_AUTHENTIK=6080 WEBUI_PORT_BAZARR=6767 WEBUI_PORT_CHROMIUM=3650 WEBUI_PORT_DDNS_UPDATER=8310 WEBUI_PORT_FILEBOT=5454 WEBUI_PORT_GUACAMOLE=9200 WEBUI_PORT_GRAFANA=3800 WEBUI_PORT_HEADPLANE=3500 WEBUI_PORT_HEIMDALL=2080 WEBUI_PORT_HOMARR=3200 WEBUI_PORT_HOMEPAGE=3000 WEBUI_PORT_HUNTARR=9705 WEBUI_PORT_JELLYFIN=8096 WEBUI_PORT_JELLYSEERR=5055 WEBUI_PORT_LIDARR=8686 WEBUI_PORT_MYLAR=8090 WEBUI_PORT_PLEX=32400 WEBUI_PORT_PORTAINER=9000 WEBUI_PORT_PROMETHEUS=9090 WEBUI_PORT_PROWLARR=9696 WEBUI_PORT_QBITTORRENT=8200 WEBUI_PORT_RADARR=7878 WEBUI_PORT_READARR=8787 WEBUI_PORT_SABNZBD=8100 WEBUI_PORT_SONARR=8989 WEBUI_PORT_TDARR=8265 WEBUI_PORT_TRAEFIK=8080 WEBUI_PORT_WHISPARR=6969 CHROMIUM_START_PAGE="https://github.com/geekau/mediastack/" # Traefik is configured for Reverse Proxy. Set your Internet gateway to redirect incoming ports 80 and 443 # to the ports used below (using Docker IP Address), and they will be translated back to 80 and 443 by Traefik. # Change these port numbers if you have conflicting services running on the Docker host computer. # If ports 80 and 443 are already used, then adjust and redirect incoming ports to 5080 and 5443, or similar. REVERSE_PROXY_PORT_HTTP=80 REVERSE_PROXY_PORT_HTTPS=443 # Traefik Configuration CLOUDFLARE_EMAIL=email@example.com # Your CloudFlare Account Email Address CLOUDFLARE_DNS_ZONE=example.com # Your CloudFlare Registered Domain Name CLOUDFLARE_DNS_API_TOKEN=1234567890abcdef1234567890... # Your CloudFlare Read / Write API Token # Headscale / Headplane / Tailscale VPN Wireguard Mesh Networking # These port settings are only to change the internal port due to conflicts, Headscale, Tailscale and Headplane will # all function normally using the default ports as they are routed through Traefik reverse proxy. CONNECT_PORT_HEADSCALE=4080 METRICS_PORT_HEADSCALE=4090 CROWDSEC_PORT=9080 METRICS_PORT_TRAEFIK=8082 METRICS_PORT_UNPACKERR=5656 # The Tailscale Docker container is configured as an exit node inside your home network, so traffic can route securely # across the Internet, and break out behind your home gateway / router. # sudo docker exec -it headscale headscale users create exit-node # sudo docker exec -it headscale headscale --user exit-node preauthkeys create # NOTE: Headscale must be running before the commands can be executed, then update authkey below and restart Tailscale. TAILSCALE_AUTHKEY=1234567890abcdef1234567890abcdef1234567890abcdef # Connect to the following address to complete the initial setup of Authentik after first deployment: # http://:6080/if/flow/initial-setup/ # echo AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n') AUTHENTIK_SECRET_KEY=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef AUTHENTIK_VERSION=2025.4.1 AUTHENTIK_ERROR_REPORTING__ENABLED=true POSTGRESQL_PORT=5432 VALKEY_PORT=6379 # echo POSTGRESQL_PASSWORD=$(openssl rand -base64 60 | tr -d '\n') POSTGRESQL_PASSWORD=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef POSTGRESQL_USERNAME=mediastack-postgresql AUTHENTIK_DATABASE=mediastack-authentik GUACAMOLE_DATABASE=mediastack-guacamole GUACD_PORT=4822 # SMTP Host Emails are sent to EMAIL_SERVER_HOST=mail.example.com EMAIL_SERVER_PORT=25 # Optionally authenticate (don't add quotation marks to your password) EMAIL_ADDRESS=email.address@example.com EMAIL_PASSWORD=email-password-here # Use StartTLS EMAIL_TLS=true # Use SSL - StartTLS and SSL can't both be true EMAIL_SSL=false # Email address authentik will send from, should have a correct @domain.name EMAIL_SENDER=authentik@example.com