VeilNet
DownloadLogin

Media server with VeilNet

Learn how to deploy Jellyfin media server with VeilNet for remote access.

Prerequisites

  • Docker and Docker Compose installed
  • VeilNet registration token
  • Access to VeilNet Guardian service
  • Sufficient disk space for media files

Overview

This guide shows you how to deploy Jellyfin, a free and open-source media server, with VeilNet for secure remote access. Jellyfin allows you to organize and stream your media collection (movies, TV shows, music, photos) to any device.

With VeilNet, you can securely access your media server from anywhere without exposing it to the public internet.

Step 1: Create Docker Compose Configuration

Create a docker-compose.yml file with the following configuration:

services:
  veilnet-conflux:
    container_name: veilnet-conflux
    restart: unless-stopped
    env_file:
      - .env
    image: veilnet/conflux:beta
    pull_policy: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    network_mode: host

  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: jellyfin
    restart: unless-stopped
    volumes:
      - jellyfin-config:/config
      - jellyfin-cache:/cache
      - media:/media
    environment:
      - JELLYFIN_PublishedServerUrl=<YOUR_VEILNET_IP>
    devices:
      - /dev/dri:/dev/dri
    network_mode: "container:veilnet-conflux"
    depends_on:
      - veilnet-conflux

volumes:
  jellyfin-config:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./jellyfin-config
  jellyfin-cache:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./jellyfin-cache
  media:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./media

Step 2: Create Environment File

Create a .env file in the same directory as your docker-compose.yml with the following variables:

VEILNET_REGISTRATION_TOKEN=<YOUR_REGISTRATION_TOKEN>
VEILNET_GUARDIAN=<YOUR_GUARDIAN_URL>
VEILNET_PORTAL=true
VEILNET_CONFLUX_TAG=<YOUR_CONFLUX_TAG>
VEILNET_CONFLUX_CIDR=<VEILNET_CIDR>

Replace the placeholders:

  • <YOUR_REGISTRATION_TOKEN>: Your VeilNet registration token (obtained from the VeilNet portal)
  • <YOUR_GUARDIAN_URL>: The URL of your VeilNet Guardian service (e.g., https://guardian.veilnet.app)
  • <YOUR_CONFLUX_TAG>: A tag to identify this Conflux instance (e.g., media-server)
  • <VEILNET_CIDR>: Any IP address (e.g., 10.128.0.5/16) in CIDR format that belongs to the realm subnet (e.g., 10.128.0.0/16)

Step 3: Create Data Directories

Create the directories for persistent data storage:

mkdir -p jellyfin-config jellyfin-cache media

These directories will store:

  • jellyfin-config: Jellyfin configuration, database, and metadata
  • jellyfin-cache: Transcoding cache and temporary files
  • media: Your media files (movies, TV shows, music, photos)

Step 4: Deploy the Stack

Start all services:

docker-compose up -d

This will:

  • Pull the Jellyfin and VeilNet Conflux images
  • Start both containers
  • Create persistent volumes for data storage
  • Automatically restart containers if they stop

Step 5: Verify Deployment

Check that all containers are running:

docker-compose ps

View the VeilNet Conflux logs to verify it's connecting:

docker logs veilnet-conflux -f

You should see logs indicating successful registration and connection to the VeilNet network.

Step 6: Initial Configuration

Local Access

  1. Open http://localhost:8096 in your browser
  2. Complete the Jellyfin setup wizard:
    • Choose your language
    • Create an administrator account
    • Add media libraries (you can add them later)
  3. Configure your media libraries by going to Dashboard → Libraries

Remote Access via VeilNet

  1. Find your host's VeilNet IP address:
ip addr show veilnet

Or check the VeilNet portal to see your assigned IP address.

  1. Update the JELLYFIN_PublishedServerUrl in your docker-compose.yml with your VeilNet IP (e.g., 10.128.0.5), then restart:
docker-compose up -d
  1. Access Jellyfin from anywhere using http://<veilnet-ip>:8096 (e.g., http://10.128.0.5:8096)

Step 7: Access Your Media Server

Local Access

Once the service is running, you can access it locally:

  • Web UI: http://localhost:8096
  • HTTPS: https://localhost:8920 (if configured)

Remote Access via VeilNet

With VeilNet configured, you can access your media server remotely from anywhere in the world using the host's VeilNet IP address, as long as your device is also connected to the same VeilNet realm.

Access the web interface using:

  • Web UI: http://<veilnet-ip>:8096 (e.g., http://10.128.0.5:8096)

Step 8: Add Media Libraries

  1. Log in to Jellyfin (locally or via VeilNet IP)
  2. Go to Dashboard → Libraries → Add Media Library
  3. Select the content type (Movies, TV Shows, Music, etc.)
  4. Add the folder path (e.g., /media/movies or /media/tv-shows)
  5. Configure metadata settings and click OK

Jellyfin will scan your media files and download metadata automatically.

Updating Services

To update to newer versions:

docker-compose pull
docker-compose up -d

This will pull the latest images and restart the containers with updated versions.

Stopping and Removing

To stop all services:

docker-compose down

To remove containers and volumes (this will delete all data):

docker-compose down -v

Warning: Removing volumes will delete all Jellyfin configuration and metadata. Your media files in the media directory will remain, but you'll need to reconfigure libraries after reinstalling.

FAQ

Can I use hardware acceleration for transcoding?

Yes! If your server has a GPU (Intel Quick Sync, NVIDIA, or AMD), you can enable hardware acceleration. The docker-compose.yml includes /dev/dri device mapping for Intel GPUs. For NVIDIA GPUs, you'll need to install nvidia-docker and add runtime configuration.

How do I add media files?

Place your media files in the media directory (or subdirectories like media/movies, media/tv-shows), then add them as libraries in Jellyfin's web interface.

Can I access Jellyfin from my phone or tablet?

Yes! Once your device is connected to the same VeilNet realm, you can access Jellyfin using the host's VeilNet IP address from anywhere. You can use the Jellyfin mobile app or access the web interface in your browser. Since Jellyfin shares the network namespace with veilnet-conflux, it can also use the VeilNet TUN device for optimal network performance.

How do I share access with family members?

Add family members to the same VeilNet realm through the VeilNet portal. Once they're connected, they can access Jellyfin using the host's VeilNet IP address from anywhere in the world. Then create user accounts for them in Jellyfin's user management settings.

What about remote playback on smart TVs?

Many smart TVs support Jellyfin apps. As long as the TV can connect to VeilNet (or you set up a device that can), you can access your media server remotely. Alternatively, you can use casting from a mobile device connected to VeilNet.

Why use NET_ADMIN capability instead of privileged mode?

The NET_ADMIN capability provides only the necessary permissions for VeilNet to create and manage network interfaces, without granting full privileged access. This is more secure while still allowing VeilNet to function properly.

Private AI agent with VeilNet

Learn how to deploy a private AI agent with VeilNet.

Home Assistant with VeilNet

Learn how to deploy Home Assistant with VeilNet for remote home automation access.