Jellyfin and Jellyscrub in Docker with unprivileged jellyfin user (fixes player not showing thumbnails)
Jellyscrub needs to be able to write to Jellyfin's index.html. If you're running Jellyfin as an unprivileged user it won't be able to, since the official container jellyfin files are owned by root.
This is a docker-compose example of how to work around this problem. The docker-compose service definition for jellyfin also passes through an intel igpu. Leaving here as this might be useful to someone.
Once adding the below, make sure you build the container, delete the old one and bring up a new one with docker-compose down jellyfin && docker-compose up -d
. Any changes to the dockerfile or build params also mandate this.
# .env
CONTAINER_USER_ID=XXX
CONTAINER_GROUP_ID=YYY
# Get the number from "getent group render"
RENDER_GROUP_ID=ZZZ
# docker-compose.yaml
version: "3.8"
services:
# Env vars defined at .env
jellyfin:
build:
dockerfile: Dockerfile
args:
container_tag: "10.8.9"
user_id: "${CONTAINER_USER_ID}"
group_id: "${CONTAINER_GROUP_ID}"
user: "${CONTAINER_USER_ID}:${CONTAINER_GROUP_ID}"
# Required for auto discovery and DLNA. See https://jellyfin.org/docs/general/networking/
network_mode: "host"
# Ensures it starts when docker starts (eg on boot)
restart: unless-stopped
volumes:
- ./data/jellyfin:/config
- /path/to/your/libraries/movies:/movies
- /path/to/your/libraries/series:/series
# intel iGPU passthrough from here on
group_add:
- "${RENDER_GROUP_ID}"
devices:
- ${DRI_RENDER_DEVICE}:/dev/dri/renderD128
- ${DRI_CARD_DEVICE}:/dev/dri/card0
# Dockerfile
ARG container_tag=latest
ARG user_id=foo
ARG group_id=bar
FROM jellyfin/jellyfin:${container_tag}
ARG user_id
ARG group_id
RUN chown ${user_id}:${group_id} /jellyfin/jellyfin-web/index.html