DasPoschi/jd-jellyfin-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
codex/uberprufe-internen-fehler-bei-eingabe
jd-jellyfin-stack/README.md
Claude a879543a1c Security audit: fix XSS, missing function, improve SSH & URL handling 
- Fix XSS: HTML-escape all user input (URLs, package names, errors, proxy data)
- Fix NameError: add missing is_demo_link() function (called but undefined)
- Fix: remove unused http_in fetch in proxies_get()
- Security: mask API keys in log output (TMDB key no longer visible in logs)
- Security: use known_hosts for SSH host key verification when available
- Security: remove .env from git tracking, add .env.example template
- Usability: add URL reachability check before submitting to JDownloader
- Usability: add "Erledigte Jobs entfernen" button to clear finished/failed jobs
- Usability: color-code job status (red for failed, green for finished)
- Docs: add security section to README (known_hosts, HTTPS, .env)

https://claude.ai/code/session_01S774Pqazr2U8vkSyhUBgDs
2026-04-06 07:46:53 +00:00

2.1 KiB
Raw Permalink Blame History

JD → Jellyfin WebGUI (Docker)

Web GUI to:

  • paste a URL (e.g. YouTube)
  • download via MyJDownloader
  • validate video with ffprobe
  • compute MD5 locally, upload via SFTP
  • verify MD5 on the Jellyfin VM
  • cleanup local file + remove JD package/links (best effort)
  • optional: TMDB naming, movie/series folders, Jellyfin library refresh

Files

  • docker-compose.yml stack
  • .env.example copy to .env and fill in your values (never commit .env!)
  • jd-webgui/app.py FastAPI web app
  • jd-webgui/Dockerfile includes ffprobe

Setup

  1. Copy env file:
cp .env.example .env
  1. Edit .env:
  • MYJD_EMAIL, MYJD_PASSWORD
  • JELLYFIN_HOST, JELLYFIN_USER, target dirs
  • SSH_KEY_PATH (absolute path on Docker host)
  • Optional: JELLYFIN_API_KEY, TMDB_API_KEY
  1. Start:
docker compose up -d --build
  1. Open WebGUI:
  • http://<docker-host>:${WEBGUI_PORT}

Notes

  • JDownloader must be logged into MyJDownloader and appear as an online device.
  • If MYJD_DEVICE is empty, the WebGUI will automatically pick the first available device.
  • Ensure the SSH user can write to /jellyfin/Filme (and series dir if used).

Security

  • Never commit .env it contains passwords and API keys. Only .env.example is tracked.
  • SSH host key verification: For secure SFTP transfers, provide a known_hosts file: 
    ssh-keyscan -p 22 192.168.1.1 > known_hosts
    Mount it in docker-compose.yml and set SSH_KNOWN_HOSTS=/ssh/known_hosts. Without it, any host key is accepted (MITM risk on untrusted networks).
  • Basic Auth protects the WebGUI but transmits credentials in cleartext over HTTP. Use a reverse proxy with HTTPS (e.g. Traefik, Caddy) in production.

Troubleshooting

  • Device not found: list devices
docker exec -it jd-webgui python -c "from myjdapi import Myjdapi; import os; jd=Myjdapi(); jd.connect(os.environ['MYJD_EMAIL'], os.environ['MYJD_PASSWORD']); jd.update_devices(); print([d.get('name') for d in jd.devices])"
  • Check container can see downloads:
docker exec -it jd-webgui ls -la /output | head
Reference in New Issue View Git Blame Copy Permalink