Scribd
Upload
98 views4 pages

INSTALL UBUNTU 20.04.sh

This document provides instructions for installing Ubuntu Server 20.04, disabling cloud init, installing NVIDIA drivers, installing Jellyfin media server, configuring Nginx as a reverse proxy, obtaining SSL certificates from Let's Encrypt, configuring firewall rules with UFW, installing Fail2ban for additional security, and configuring themes and custom CSS for Jellyfin. Key steps include disabling cloud init, installing NVIDIA drivers from Nvidia's website, installing Jellyfin via apt, obtaining SSL certificates for the domain, allowing traffic on specific ports through UFW, and installing Fail2ban to block repeated failed login attempts.

Uploaded by

Donatien LEBON
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
98 views4 pages

INSTALL UBUNTU 20.04.sh

This document provides instructions for installing Ubuntu Server 20.04, disabling cloud init, installing NVIDIA drivers, installing Jellyfin media server, configuring Nginx as a reverse proxy, obtaining SSL certificates from Let's Encrypt, configuring firewall rules with UFW, installing Fail2ban for additional security, and configuring themes and custom CSS for Jellyfin. Key steps include disabling cloud init, installing NVIDIA drivers from Nvidia's website, installing Jellyfin via apt, obtaining SSL certificates for the domain, allowing traffic on specific ports through UFW, and installing Fail2ban to block repeated failed login attempts.

Uploaded by

Donatien LEBON
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

### INSTALL UBUNTU SERVER 20.

04 and disable cloud init


### CN = jellyfin ( jellyfin.home )
### Account to use : morepixel

sudo touch /etc/cloud/cloud-init.disabled && sudo shutdown -r now

sudo apt remove cloud-init -y && sudo apt purge cloud-init -y && sudo apt
autoremove
sudo rm -rf /etc/cloud && sudo rm -rf /var/lib/cloud/ && sudo shutdown -r now

sudo find / -name '*cloud-init*'

### NVIDIA Install

echo 'blacklist nouveau' | sudo tee -a /etc/modprobe.d/blacklist.conf

sudo mkdir /home/morepixel/NVIDIA && cd /home/morepixel/NVIDIA/

wget https://international.download.nvidia.com/XFree86/Linux-x86_64/465.31/NVIDIA-
Linux-x86_64-465.31.run
wget
https://github.com/keylase/nvidia-patch/blob/2a1a85483fc0713c219d4b85f33f106991b05b
6b/patch.sh
wget
https://github.com/keylase/nvidia-patch/blob/2a1a85483fc0713c219d4b85f33f106991b05b
6b/patch-fbc.sh

sudo chmod +X *

sudo ./NVIDIA-Linux-x86_64-465.31.run
sudo bash ./patch.sh
sudo bash ./patch-fbc.sh

### INSTALL JELLYFIN

sudo apt install apt-transport-https


sudo add-apt-repository universe
wget -O - https://repo.jellyfin.org/ubuntu/jellyfin_team.gpg.key | sudo apt-key add
-
sudo apt update

sudo setfacl -R -m u:morepixel:rx /mnt/jellyfin/


sudo chown -R morepixel:morepixel /mnt/jellyfin/

wget -O - https://repo.jellyfin.org/ubuntu/jellyfin_team.gpg.key | sudo apt-key add


-
echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/ubuntu $(
lsb_release -c -s ) main" | sudo tee /etc/apt/sources.list.d/jellyfin.list
sudo apt install jellyfin

sudo systemctl restart jellyfin

> /usr/bin/jellyfin --webdir=/usr/share/jellyfin/web


--restartpath=/usr/lib/jellyfin/restart.sh --ffmpeg=/usr/lib/jellyfin-ffmpeg/ffmpeg

# Config files in > /etc/jellyfin

#
# Install and configure NGINX / Let's Encrypt
sudo apt install -y nginx certbot python3-certbot-nginx

> vi /etc/nginx/conf.d/jellyfin.http.conf

sudo systemctl start nginx

# Create certs for *.donaflix.com & www.donaflix.com

sudo certbot --rsa-key-size 4096 --nginx --agree-tos --redirect --hsts --staple-


ocsp --email [email protected] -d donaflix.com -d www.donaflix.com

#certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email


[email protected] -d donaflix.com -d www.donaflix.com -d ombi.donaflix.com --
expand

sudo systemctl status certbot.timer

sudo openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out cert.pem -days 365
-nodes
sudo openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in cert.pem -
passout pass:zCJZVhf2grWs

zCJZVhf2grWs

# Firewall

sudo apt install ufw

sudo ufw allow 'Nginx Full'

sudo ufw allow from 192.168.1.0/24 to any port 22


sudo ufw allow from 192.168.1.0/24 to any port 8096
sudo ufw allow from 192.168.1.0/24 to any port 8920
sudo ufw allow from 192.168.1.0/24 to any port 1900
sudo ufw allow from 192.168.1.0/24 to any port 7359

sudo ufw enable


sudo ufw status

# NFS ports ( after RCPBINDMOUNTS Modification )


#ufw allow 13025
#ufw allow 2049
#ufw allow 111

##################################################################

#
# Install fail2ban

apt install fail2ban


cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
> vi /etc/fail2ban/jail.local
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5

# THEMES :

#NGINX custom

add_header Content-Security-Policy "default-src https: data: blob:; style-src


'self' 'unsafe-inline' https://ctalvio.github.io/Monochromic/default_style.css
https://ctalvio.github.io/Monochromic/jfblue_style.css
https://ctalvio.github.io/Monochromic/jfpurple_style.css
https://ctalvio.github.io/Monochromic/bottom-progress_style.css.css
https://ctalvio.github.io/Monochromic/customcolor-advanced_style.css
https://ctalvio.github.io/Monochromic/improve-performance_style.css
https://ctalvio.github.io/Novachromic/default_style.css
https://fonts.googleapis.com/css2; script-src 'self' 'unsafe-inline'
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
https://www.youtube.com/iframe_api https://s.ytimg.com worker-src 'self' blob:;
connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

add_header Content-Security-Policy "default-src https: data: blob:; style-src


'self' 'unsafe-inline' https://github.com/danieladov/
https://ctalvio.github.io/Monochromic/default_style.css
https://ctalvio.github.io/Monochromic/jfblue_style.css
https://ctalvio.github.io/Monochromic/jfpurple_style.css
https://ctalvio.github.io/Monochromic/bottom-progress_style.css.css
https://ctalvio.github.io/Monochromic/customcolor-advanced_style.css
https://ctalvio.github.io/Monochromic/improve-performance_style.css
https://ctalvio.github.io/Novachromic/default_style.css
https://fonts.googleapis.com/css2; script-src 'self' 'unsafe-inline'
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
https://www.youtube.com/iframe_api https://s.ytimg.com worker-src 'self' blob:;
connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

# LINKS

https://github.com/danieladov/

@import url('https://ctalvio.github.io/Kaleidochromic/default_style.css');
@import url('https://ctalvio.github.io/Kaleidochromic/alternate-
itempage_style.css');
@import url('https://ctalvio.github.io/Monochromic/improve-performance_style.css');
@import url('https://ctalvio.github.io/Kaleidochromic/backdrop-hack_style.css');
@import url('https://prayag17.github.io/JellySkin/default.css');
@import url('https://prayag17.github.io/JellySkin/addons/Logo.css');

sudo apt-get -o DPkg::options::=--force-confmiss --reinstall install nginx-common

openssl pkcs12 -export -out certificate.p12 -inkey


/home/morepixel/CERTS/privkey.pem -in /home/morepixel/CERTS/cert.pem -certfile
/home/morepixel/CERTS/chain.pem

###########

sudo apt remove -y nginx-full nginx certbot python3-certbot-nginx nginx-core nginx-


common && sudo apt purge -y nginx-full nginx certbot python3-certbot-nginx nginx-
core nginx-common

sudo rm -rf /etc/nginx/ && sudo rm -rf /etc/letsencrypt

sudo apt install nginx nginx-full certbot python3-certbot-nginx nginx-common

sudo apt-get -o DPkg::options::=--force-confmiss --reinstall install nginx-common

You might also like