DasPoschi/jd-jellyfin-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d103d42c51472e4b4f0a98696676af3ceb28870
jd-jellyfin-stack/README.md
Claude a879543a1c Security audit: fix XSS, missing function, improve SSH & URL handling 
- Fix XSS: HTML-escape all user input (URLs, package names, errors, proxy data)
- Fix NameError: add missing is_demo_link() function (called but undefined)
- Fix: remove unused http_in fetch in proxies_get()
- Security: mask API keys in log output (TMDB key no longer visible in logs)
- Security: use known_hosts for SSH host key verification when available
- Security: remove .env from git tracking, add .env.example template
- Usability: add URL reachability check before submitting to JDownloader
- Usability: add "Erledigte Jobs entfernen" button to clear finished/failed jobs
- Usability: color-code job status (red for failed, green for finished)
- Docs: add security section to README (known_hosts, HTTPS, .env)

https://claude.ai/code/session_01S774Pqazr2U8vkSyhUBgDs
2026-04-06 07:46:53 +00:00

62 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# JD → Jellyfin WebGUI (Docker)
Web GUI to:
- paste a URL (e.g. YouTube)
- download via **MyJDownloader**
- validate video with **ffprobe**
- compute **MD5** locally, upload via **SFTP**
- verify **MD5** on the Jellyfin VM
- cleanup local file + remove JD package/links (best effort)
- optional: **TMDB naming**, **movie/series folders**, **Jellyfin library refresh**
## Files
- `docker-compose.yml` stack
- `.env.example` copy to `.env` and fill in your values (**never commit `.env`!**)
- `jd-webgui/app.py` FastAPI web app
- `jd-webgui/Dockerfile` includes ffprobe
## Setup
1. Copy env file:
```bash
cp .env.example .env
```
2. Edit `.env`:
- `MYJD_EMAIL`, `MYJD_PASSWORD`
- `JELLYFIN_HOST`, `JELLYFIN_USER`, target dirs
- `SSH_KEY_PATH` (absolute path on Docker host)
- Optional: `JELLYFIN_API_KEY`, `TMDB_API_KEY`
3. Start:
```bash
docker compose up -d --build
```
4. Open WebGUI:
- `http://<docker-host>:${WEBGUI_PORT}`
## Notes
- JDownloader must be logged into MyJDownloader and appear as an online device.
- If `MYJD_DEVICE` is empty, the WebGUI will automatically pick the first available device.
- Ensure the SSH user can write to `/jellyfin/Filme` (and series dir if used).
## Security
- **Never commit `.env`** it contains passwords and API keys. Only `.env.example` is tracked.
- **SSH host key verification**: For secure SFTP transfers, provide a `known_hosts` file:
```bash
ssh-keyscan -p 22 192.168.1.1 > known_hosts
```
Mount it in `docker-compose.yml` and set `SSH_KNOWN_HOSTS=/ssh/known_hosts`.
Without it, any host key is accepted (MITM risk on untrusted networks).
- **Basic Auth** protects the WebGUI but transmits credentials in cleartext over HTTP. Use a reverse proxy with HTTPS (e.g. Traefik, Caddy) in production.
## Troubleshooting
- Device not found: list devices
```bash
docker exec -it jd-webgui python -c "from myjdapi import Myjdapi; import os; jd=Myjdapi(); jd.connect(os.environ['MYJD_EMAIL'], os.environ['MYJD_PASSWORD']); jd.update_devices(); print([d.get('name') for d in jd.devices])"
```
- Check container can see downloads:
```bash
docker exec -it jd-webgui ls -la /output | head
```
Reference in New Issue View Git Blame Copy Permalink