Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Allow me to re-introduce myself My name is...
Would you like to help contribute to Organizr?
We are always looking for someone who would like to join us and help. No matter how small or big... We will take all the help we can get.
Join us and help contribute to Organizr's Documentation. The link to join is here:
Once you have joined, hop onto our Discord server and let us know which username you signed up with on Gitbook and we can apply the correct permissions for you or add your name to this list after you use the invite link:
Join us and help other members out that configuring and tinkering with Organizr over in our Discord server. Join the server here:
Coming soon...
Frequently Asked Questions
Organizr allows custom changes to certain things in the core framework
An example Caddy V2 Caddyfile with reverse proxy
mydomain.com {
root * C:\Caddy\www\organizr\html
php_fastcgi localhost:9000
rewrite /api/v2/* /api/v2/index.php?{query}
file_server
# Subdirectory
route /calibre/* {
uri strip_prefix /calibre
reverse_proxy localhost:9900
}
}
# Subdomain
tautulli.mydomain.com {
route {
reverse_proxy localhost:8181
}
}NZBHydra2 Single Sign On with Proxy Auth
NZBHydra has as of version 2.13.13 the ability to authorize using a similar method as Grafana.
In NZBHydra's settings we need to set a few values. The Auth header has to have the same as the one in the NGINX reverse proxy (example to follow), while the Secure ip ranges should be set to the nginx ip.
Plex Authentication Backend
Using Plex as your Organizr backend allows you to authenticate using both your Local Plex Server as well as the servers at Plex.tv
Change the Authentication type to Organizr DB + Backend. Choose Plex as the Authentication Backend. Use the Retrieve button to fill in the Plex Token and Plex Machine.
PDO
PDO7-SQLITE
PHP7-ZIP
PHP7-SESSION
SimpleXML
OPENSSL
SQLITE3
CURL [For Plex & Emby Logins]
PHP7-LDAP [For LDAP Logins]
PHP7-XMLRPC [For rTorrent Homepage Item
auth_request /organizr-auth/X; #Change the X to whatever group you want to allow access
auth_request_set $auth_user $upstream_http_x_organizr_user;
proxy_set_header X-WEBAUTH-USER $auth_user;organizr.example.com {
proxy / http://organizr.internal {
transparent
}
}The default backend is Organizr's built in user management. It allows all user functions such as:
Add Users
Delete Users
Edit Users
While using the default backend from Organizr, you may also add a secondary backend server to utilize as another option to authenticate. Using this option still allows you the same user functions from Organizr's backend listed above.
To get to the other backends head to the above path and change the Authentication Type option to Organizr DB + Backend and change the Authentication Backendoption.
Type
Purpose
Host Address
URL for the LDAP Server
Host Base DN
Hose base distinguished name
Account Prefix
The prefix for the account to build the distinguished name for the login
Account Suffix
The suffix for the account to build the distinguished name for the login
Bind Username
Username to bind the authentication to LDAP Server
Coming soon...
Type
Purpose
Plex Token
Token to authenticate with Plex Servers
Plex Machine
Plex Machine ID for your specific server
Admin Username
Username or Email for Organizr and Plex Admin account
Enable Plex oAuth
This will bring up a Plex login screen that will flow credentials through plex.tv
Strict Plex Friends
Enabling this option will only allow people from your friends list that have access to the server that you selected for Plex Machine
Type
Purpose
URL
URL for your Server's Komga Instance
Minimum Authentication
Group Needed to use SSO
Enable
Enable Komga SSO
Komga needs a specific Tab URL in order to function
Tab URL
http://komga-domain/?xAuthToken={komga}
Replace komga-domain with the actual domain of your Komga instance.
Organizr Tabs is the main focus of Organizr. You can have as many tabs as you like and even put them into Categories. Each tab can be configured to be opened in an iframe or in a new window. In your Settings in Tab Editor, it will list all your current tabs. From this screen you can add, delete, disable, etc
Organizr does not do any type of proxying. The URL you are putting in the Tab URL must be accessible from your browser. This means if you want external access to the items you are putting in Organizr, they too must be externally accessible via a reverse proxy (recommended) or opened port.
Rearranging Tabs: Hover over the three dots on the left side of the tabs, click and drag to where you want it.
Home Symbol (See image below): This will take you to the Homepage setting based on a best guess of your tab name.
Category: Group tabs together so you can collapse them (set up your categories in the Categories tab below Tab Editor)
Group: Minimum Group that the tab should be shown to. Usually should match ServerAuth if you are using it.
Type:
Internal - only for Organizr things (Homepage and Settings)
iFrame - your standard tab
New Window - Opens a new window/tab
Default: Choose which tab loads when you first login.
Active: Enable or Disable the tab
Splash: Adds a link to the splash screen that shows when you log in/time out.
Ping: Enables the ping functionality (must have Ping URL filled in)
Preload: Loads the tab when you first load/login to Organizr
Tab Name: What you want the tab to show
Tab URL: URL you want to load. Examples: /appname, https://app.domain.com Note: must have scheme if you are using a full URL.
Tab Local URL: URL you want to load when you are local to Organizr (RFC1918 space by default: 192.168.x.x, 10.x.x.x, or 172.16-31.x.x, You can add more address space in System Settings -> Main -> Login) This is optional and can be left blank.
If you are using HTTPS and have this filled in, you will a Mixed Content Error when you are local unless you are also switching to an HTTP page for Organizr when local
Ping URL: URL and port to check if a service is up. Examples: 192.168.1.4:8181, tautulli:8181 These should not have scheme. This is optional and can be left blank.
Tab Auto Action: Auto Close/Reload after a specified amount of minutes. Note: this is timed of when the tab is opened, not when last interacted with.
Tab Image: Will fill in if you choose from the Image/Icon drop downs
Test Tab: Will test to see if the tab can be loaded in an iFrame or not.
Tab URL: api/v2/page/homepage
Original Icon: fontawesome::home
Type (after saving): Organizr
Tautulli Single Sign On
The Tautulli SSO module works best if you are using Plex as your Organizr Backend.
You first need to make sure that Allow Plex Admin & Allow Guest Access to Tautulli are enabled in the Web Interface portion of the Settings page.
To enable Tautulli SSO for your users, head to Tautulli Users page and click Edit mode and click the Lock Icon for each user you want to enable SSO for.
Login Error - API Connection Failed
This seems to be coming up more frequently lately. The Organizr logs will look like there was a successful login. If you are reverse proxying Organizr, you may see the following error in your NGINX logs:
2020/05/12 15:52:05 [error] 439#439: *1502 upstream sent too big header while reading response header from upstream, client: 10.0.10.50, server: org.*, request: "POST /api/v2/login HTTP/2.0", upstream: "http://172.18.0.5:80/api/v2/login", host: "domain.com", referrer: "https://domain.com/"With a reverse proxy, this seems to be a two step process to fix. If you're not using a reverse proxy skip to the next one. First adding (or increasing the limits if you have this set already, check your proxy.conf) like the following:
The second part and the part if you're not reverse proxying and just running it native, you may see this in the logs:
And this needs to go in the NGINX config where your Organizr is in the PHP block (if you are on the new organizr/organizr container, we have added this now):
The homepage houses all of your media items formatted in a very nice UI for you and your users.
By default, Organizr automatically sets up the Tab for the homepage but it will not be active. To activate it just toggle the Active switch. Once it is active, you can now configure Category and Group which you can get to by clicking the📝 button.
The URL will never change as that points to the Organizr API. You may change the Tab Name and Tab Image to anything you like. As for the other options, those are covered in Adding a New Tab
To setup a Homepage item, all you need to do is click on any of the homepage items to edit those settings. You may head to each Homepage item information page next.
Grafana Single Sign On with Proxy Auth
SSO with Grafana is a combination of reverse proxy configuration and some settings in grafana.ini or with environment variables.
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 172.27.1.131
;headers = Email:X-User-Email, Name:X-User-NameYou need to flip the enabled to true (it's disabled by default) and you should set the whitelist to the IP of your Organizr install so the header can only come from it. To read more about this, see .
Are you getting stuck in a redirect loop? Are you seeing some console errors in your browser about SameSite Cookies?
Browsers are starting to enforce strict rules on Cookies set by web apps. The issue here is when an application is not hosted on the same host as Organizr. You have three options...
Open Command Prompt as an Administrator
Type the following command set php and you should see 2 variables
PHP_FCGI_CHILDREN=3
PHP_FCGI_MAX_REQUESTS=128
Run the following command to increase the value of PHP_FCGI_CHILDREN
SETX /m PHP_FCGI_CHILDREN 1000
Close Command Prompt.
Open Command Prompt as Administrator and run set php and check that PHP_FCGI_CHILDREN value changed from 3 to 1000.
Adapted from: https://technicalramblings.com/blog/optimizing-php-fpm-to-get-faster-load-times-of-tabs-in-organizr/
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;2020/05/20 11:58:31 [error] 130009#130009: *87200 upstream sent too big header while reading response header from upstream, client: 172.xx.xx.xx, server: Domain.org, request: "POST /api/v2/login HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "www.domain.org", referrer: "https://domain.org/"fastcgi_buffers 32 32k;
fastcgi_buffer_size 32k;-e GF_AUTH_PROXY_ENABLED=true \
-e GF_AUTH_PROXY_HEADER_NAME="X-WEBAUTH-USER" \
-e GF_AUTH_PROXY_HEADER_PROPERTY="username" \
-e GF_AUTH_PROXY_AUTO_SIGN_UP=true \
-e GF_AUTH_PROXY_LDAP_SYNC_TTL=60 \
-e GF_AUTH_PROXY_WHITELIST="172.27.1.131" \
-e GF_AUTH_PROXY_HEADERS="Email:X-User-Email, Name:X-User-Name"Download PHP for Windows from here: http://windows.php.net/download (Non Thread Safe version used in this guide)
Create a folder called PHP under your Nginx directory e.g. C:\nginx\php and copy the downloaded files to this folder
Install NSSM - Skip to Step 2 if already installed
Download NSSM from: https://nssm.cc/download
Copy the nssm.exe from the win32 or win64 folder depending on your system to C:\Windows\System32
If you’ve got nssm already setup, open command prompt as admin.
Type in the following cmd nssm install php
Path = C:\nginx\php\php-cgi.exe
Startup directory = C:\nginx\php
Install Service
On the opened cmd prompt type in nssm start php to start the PHP service.
If the installed PHP service doesn’t start, then try manually running the php-cgi.exe file in C:\nginx\php\
If you get a missing ‘VCRUNTIME’ related error then follow the solution on this link:
Make a copy of one of the php.ini-development or php.ini-production files and rename it to php.ini
Open the php.ini file and search for the following and uncomment each:
extension_dir = "ext"
extension=php_openssl.dll
extension=php_pdo_sqlite.dll
Please note that if you are running PHP 7.2 or higher, look for the below lines and uncomment them instead:
extension_dir = "ext"
extension=openssl
extension=pdo_sqlite
Also, uncomment the following line and add ext to the end of it:
sqlite3.extension_dir =
So that is becomes: sqlite3.extension_dir = ext
On the opened cmdprompt type in nssm restart php to restart the PHP service to apply the changes in php.ini.
Then, to be sure all of the PHP packages are installed, run the following command with your package manager. Some of these may also require other dependencies, so select "Yes" to install those as well.
We will use windows as an example.
The Hosts file in Windows is located at the following location:
C:\Windows\System32\drivers\etcHere you will see the Hosts file. Right-click on it and select Notepad. Make the changes and Save.
But sometimes, even when you are logged on with administrative credentials, you may receive one of the following error message:
Access to C:\Windows\System32\drivers\etc\ hosts was denied
Cannot create the C:\Windows\System32\drivers\etc\hosts file. Make sure that the path and file name are correct.
In this case, type Notepad in Start search and right-click on the Notepad result. Select Run as administrator. Open the Hosts file, make the necessary changes, and then click Save.
The changes you need to make are like below:
The left value is the IP address and the right value is the hostname or text you want to tie to that IP address. For this fix everything needs to be on the same domain (basically like how subdomains work when reverse proxying).
Note: They must be on the same subdomain for this to work. You can't just do:
<service>.tld, they have to be <service>.something.tld
Router/DNS
Depending on your Router you will need to lookup how to achieve this. Routers usually utilize using Dnsmasq.
Use specific webserver to achieve this. Tutorials soon!
You will need to update your calibre.conf file as documented on the Proxy Auth SSO page.
Here is an example calibre.conf file for a subdomain of https://domain.com/calibre
location /calibre {
proxy_bind $server_addr;
proxy_pass http://127.0.0.1:8083;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre; # IMPORTANT: path has NO trailing slash
auth_request /organizr-auth/4; #Change the X to whatever group you want to allow access
auth_request_set $auth_user $upstream_http_x_organizr_user;
proxy_set_header X-WEBAUTH-USER $auth_user;
}Open the Tab Editor and go to Homepage Items then finally select Custom HTML
Next you will Click which Custom HTML segment you want to use and Enableit then change the Minimum Authentication to the group you want to allow to see it. Next you will copy the code from above and paste it into the box at the bottom. Finally hit the 💾 button.
All that you need to do is click the Create Backup Button
Once the backup process completes, the new back up will be listed at the bottom of the back up listing. There are 2 buttons that are accessible for each backup.
The left button is the download button which will download the zip file that includes all the backed up files. The right button will delete that specific backup zip file.
As of Version 2.1.500 the restore process has not been written for Organizr.
Install Organizr as you would normally
Unzip the backup zip file somewhere
Inside the zip file you will find the folder structure of where the files need to be placed.
If you placed the database-folder elsewhere, you need to update the 'dbLocation' => 'dbPath' value in config.php
Restart the docker (or process if not in docker) and refresh the web page for Organizr
Petio Fallback User & Petio Password not used yet.
Type
Purpose
Petio URL
URL for your Server's Petio Instance
Token
API Key for Petio
Petio Fallback User
If your user doesn't have an Petio account, Organizr will use this account
Petio Password
Password for the above account
Enable
Enable Petio SSO
Bind Password
Password to bind the authentication to LDAP Server
LDAP Backend Type
Type of LDAP Server
Account DN
Preview of the distinguished name for the login
Enable LDAP SSL
Option to enable the use of SSL for LDAP connections
Enable LDAP TLS
Option to enable the use of TLS for LDAP connections
Type
Purpose
Multiple URL's
Tautulli URL's for multiple instances
Enable
Enable Tautulli SSO
Type
Purpose
Overseerr URL
URL for your Server's Overseerr Instance
Token
API Key for Overseerr
Overseerr Fallback User
If your user doesn't have an Overseerr account, Organizr will use this account
Overseerr Password
Password for the above account
Enable
Enable Overseerr SSO
Plex Single Sign On
If you are using Plex as the main driving factor for your Organizr instance, you will want to enable Plex as backend choice to login via Plex credentials.
Change the Authentication type to Organizr DB + Backend. Choose Plex as the Authentication Backend. Use the Retrieve button to fill in the Plex Token and Plex Machine.
The other two toggles are optional:
Now that Plex is setup to be the backend for Organizr, you can head over to the SSO section for Plex
If Plex account was made using Facebook/Google - YOU HAVE TO USE OAUTH to sign in
Plex SSO will only work with Plex reverse proxied as a subdirectory and not as a subdomain. Fill out the Plex Token and Plex Machine (They should already be filled in if you did the above step). You can use the retrieve buttons to fill these out. Toggle the enabled switch to turn it on.
If not using Plex OAuth - For Admin Account - Make sure passwords match in Organizr and Plex
Plex SSO doesn't work if Plex Reverse Proxy is a subdomain - It must be on the same domain as Organizr
The first component needed for Organizr to run is a webserver.
Download Nginx from:
Install Nginx to your preferred location
Copy the Nginx folder to your preferred location e.g. c:\
Download NSSM from:
Copy the nssm.exe from the win32 or win64 folder depending on your system to C:\Windows\System32
Open cmd as admin, navigate to C:\Windows\System32
You can copy the following if you wish and replace the content in your nginx.conf file
Utilizing Traefik's auth-forward
You can use Traefik's auth-forward feature to do the same.
Example docker-compose.yml block for Organizr:
Example service that depends on user being authenticated to Organizr:
Træfik changed how the tags work in v2.
Example docker-compose.yml block for Organizr:
Example service that depends on user being authenticated to Organizr:
Before installing Organizr you need to have a couple of pieces of software installed.
If you are running Docker Containers, you can skip to Installing Organizr via Docker.
Do you have a Web Server installed?
If you do not please proceed to the following page:
Do you have PHP installed?
If you do not please proceed to the following page:
If you have both a Web Server and PHP installed, head over to this page:
If you find yourself in the situation where you've forgotten the password to your Organizr account (ONLY if you have auth set to Org Database ONLY and NOT using Plex or Emby backend), and did not yet setup the PHPMailer Plugin to be able to reset your password, you can use the following instructions to configure the PHPMailer Plugin and regain the ability to reset your forgotten password.
Fail2ban scans log files (e.g. /var/log/nginx/error.log) and bans IPs that show malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email/notification) could also be configured.
apt-get install software-properties-common
add-apt-repository ppa:ondrej/php
apt-get updateapt-get install php7.1-fpmapt-get install php7.1-mysql php7.1-sqlite3 sqlite3 php7.1-xml php7.1-zip openssl php7.1-curl<script>
if(activeInfo.user.groupID !== 999){
var cssSettings = `
.hidden-for-non-guest {
display: none;
}
`;
$('#guest-css').html(cssSettings);
}
</script>
<style id="guest-css"></style>
<div class="hidden-for-non-guest">
<h1>You're a guest. Please log in!</h1>
</div>
This is text everyone sees.services:
organizr:
image: organizr/organizr
environment:
- fpm=true
- branch=master
- TZ
- PUID=${USER_UID}
- PGID=${USER_GID}
labels:
- "traefik.enable=true"
- "traefik.organizr.frontend.rule=Host: www.your_domain.com"
- "traefik.organizr.port=80"
depends_on:
- traefikC:\nginx, If you are not using the default path, adjust what this says to the path you used. Inside that folder, in the conf folder, there are two files: rp-subfolder.conf and rp-subdomain.conf. These are the files we are going to be working with. We're also going to use the example configs that can be found here (this link is also found in those files) For configs that are just a location block, you are going to put them inside the rp-subfolder.conf file. We're going to use Sonarr as an example. Using these will create a reverse proxy that looks like http://domain.com/app
Things that may need changed in this:
If your Sonarr isn't running on the same machine, you will need to change out the 127.0.0.1 to the IP of the machine where it is running. If you are running it on a non-standard port this is also where to change it. Make sure to change it in both places.
If you are changing the location to something else, make sure it too is changed in both places.
For configs that are a server block, you are going to put them inside the rp-subdomain.conf file. We're going to use Sonarr as an example as well. Using these will create a reverse proxy that looks like http://app.domain.com
Things that may need changed in this:
Same as the subfolder, proxy_pass http://127.0.0.1:8989; will need to be if your Sonarr isn't running on the same machine, you will need to change out the 127.0.0.1 to the IP of the machine where it is running. If you are running it on a non-standard port this is also where to change it.
This example is an SSL server block, if you are just running on HTTP, the listen 443 ssl; will need to be changed and the lines that begin with ssl will need to be removed.
The ssl_certificate and ssl_certificate_key need to be changed to where your certs are. I recommend copying them out of the nginx.conf file.
If you get:[emerg] 17144#3272: the size 10485760 of shared memory zone "SSL" conflicts with already declared size 52428800 remove or comment out the ssl_session_cache builtin:1000 shared:SSL:10m; line
If you are adding a new subdomain and are using SSL certificates, and didn't already plan ahead when running the installer or use a wildcard certificate, you will need to update the certificate to have the new subdomains. To make this easier, in C:\nginx\winacme there is a batch script called owi_sslupdater.bat, like the installer, that just does the certificates and won't make you reinstall the whole thing. Run through the prompts to update your certificates. You shouldn't need to do the next step if you're doing this because it already reloads NGINX.
Once you've made all your changes, you need to tell NGINX to reload the config. You can also test the config before reloading it. Open up a command prompt window as admin and do the following:
The first command after changing into the nginx directory tests the config. This should come back with syntax is ok. If it doesn't, don't run the next command. After running those commands, the reverse proxies should be accessible.
If you do run into an error when testing the config, it will usually tell you the line on which the syntax error is. If it is related to a curly brace, that line is not always accurate because it is giving the line where it found something it shouldn't and not necessarily where your mistake actually was if you missed a closing curly brace.
The other most common error that we see is nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32 If you see this error, add server_names_hash_bucket_size 64; to the top of your rp-subdomain.conf file. Depending on how long your domain/subdomains are, the 64 may need to be increased.
With Organizr Version 2.1.165 and newer, there was a new API Endpoint added. With this endpoint, you may now use Organizr's SMTP servers to reset your password if you have not setup PHPMailer yet.
In order to enable PHP Mailer you will need to know your Organizr API Key. This is inside your /data/config/config.php file under the variable:
Once you have the API Key you can navigate to this Organizr API Endpoint:
GET http://organizr-instance/api/v2/help/smtp?apikey=12345678901234567890
Sets the smtp server account and credentials to Organizr's own smtp server account
apikey
string
Organizr's API Key
{
"response": {
"result": "success",
"message": "SMTP activated with Organizr SMTP account",
"data": true
}
}{
"response": {
"result": "error",
"message": "Not Authorized",
"data": null
}
}Now you can go to Organizr and use the Forgot Password link.... That is it!
For versions below 2.1.165, If you do not have your own mail server to use, You can use Organizr's server... Click Me!
Open up the Organizr config file, /config/www/Dashboard/api/config/config.php, in a text editor and setup the PHPMailer settings like so, with your own SMTP Server information:
You will need to check with your e-mail provider for all of the correct settings for this to work with your e-mail account.
Make sure that, if the last line of the above code is the last line in the file, that there is NO comma at the end and that the new code is inside the PHP block, before the ending );.
For example, if you're appending the code to the end of your config file, it would end up looking like this:
You will need the hashed value of the password, so, to get hashed value for PHPMAILER-smtpHostPassword
Before you do that, you will need your Organizr hash key. This is inside your /data/config/config.php file under the variable:
Once you have the organizrHash you can head over to: Organizr's password hashing tool here
Put the hashed password into the config.php file and then you SHOULD be able to recover/reset your Organizr account password.
Fail2ban installed and configured
Go to your filter.d folder in your Fail2Ban install location /etc/fail2ban/filter.d and create a file called organizr-auth.conf and add the following:
Edit the jail.local file in the Fail2Ban directory and add the following:
The ignore IP is so that fail2ban won’t ban your local IP. Check out https://www.aelius.com/njh/subnet_sheet.html if you are wondering what your CIDR notation is. Most often it will be /24 (netmask 255.255.255.0)
To find your netmask run ipconfig /all on windows or ifconfig | grep netmask on linux.
Restart Fail2Ban with sudo service fail2ban restart
Normal Install
Docker Install
Because the Organizr container only logs the docker IP addresses e.g 172.17.0.2 you need to add this in the Organizr default nginx site file. Go to \organizr\nginx\site-confs\default and add the following inside the server block:
If you're using organizr/organizr it's already added and you only need to uncomment the set_real_ip_from line.
Then restart the container: docker restart organizr
For this to work you need the SWAG container to be able to read the organizr-<date>.log file in the Organizr container.
Mount the Organizr log like this:
And set the log path in the Fail2Ban jail.local file to /organizrlog/organizr*.log
The fail2ban.log file should output something like this:
If you managed to ban yourself or a friend banned themself you can run one of these commands:
Thanks to rix1337 for the fail2ban config:
services:
nzbget:
image: linuxserver/nzbget
environment:
- TZ
- PUID=${USER_UID}
- PGID=${USER_GID}
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host: nzbget.your_domain.com"
- "traefik.frontend.auth.forward.address=http://organizr/api/v2/auth/1"
- "traefik.port=6789"
depends_on:
- traefik
- organizrservices:
organizr:
image: organizr/organizr
environment:
- TZ
- PUID=${USER_UID}
- PGID=${USER_GID}
labels:
- "traefik.http.routers.organizr.rule=Host(`www.your_domain.com`)"
- "traefik.http.services.organizr.loadbalancer.server.port=80"
- "traefik.http.services.organizr.loadbalancer.server.scheme=http"
depends_on:
- traefikservices:
nzbget:
image: linuxserver/nzbget
environment:
- TZ
- PUID=${USER_UID}
- PGID=${USER_GID}
labels:
- "traefik.http.routers.nzbget.service"
- "traefik.http.routers.nzbget.rule=Host(`nzbget.your_domain.com`)'
- "traefik.http.services.nzbget.loadbalancer.server.port=6789"
- "traefik.http.routers.nzbget.middlewares=auth"
- "traefik.http.middlewares.auth.forwardauth.address=http://organizr/api/v2/auth/1"
depends_on:
- traefik
- organizrlocation /sonarr {
proxy_pass http://127.0.0.1:8989/sonarr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_no_cache $cookie_session;
# Allow the Sonarr API through if you enable Auth on the block above
location /sonarr/api {
auth_request off;
proxy_pass http://127.0.0.1:8989/sonarr/api;
}
}proxy_pass http://127.0.0.1:8989/sonarr/api;server {
listen 443 ssl;
server_name sonarr.DOMAIN.TLD;
ssl_certificate /etc/letsencrypt/live/DOMAIN.TLD/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN.TLD/privkey.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/sonarr.access.log;
location / {
proxy_pass http://127.0.0.1:8989;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}cd c:\nginx
nginx -t
nginx -s reload'organizrAPI' => 'qefeh7de0poey7c87w0a','PHPMAILER-enabled' => true,
'PHPMAILER-logo' => 'https://raw.githubusercontent.com/causefx/Organizr/v2-develop/plugins/images/organizr/logo-wide.png',
'PHPMAILER-smtpHost' => 'smtp.domain.com',
'PHPMAILER-smtpHostAuth' => true,
'PHPMAILER-smtpHostPassword' => 'NEEDSHASHEDPASSWORD',
'PHPMAILER-smtpHostPort' => '587',
'PHPMAILER-smtpHostSenderEmail' => '[email protected]',
'PHPMAILER-smtpHostSenderName' => 'Organizr',
'PHPMAILER-smtpHostType' => 'tls',
'PHPMAILER-smtpHostUsername' => '[email protected]',
'PHPMAILER-template' => 'light',
'PHPMAILER-verifyCert' => true'PHPMAILER-enabled' => true,
'PHPMAILER-logo' => 'https://raw.githubusercontent.com/causefx/Organizr/v2-develop/plugins/images/organizr/logo-wide.png',
'PHPMAILER-smtpHost' => 'smtp.domain.com',
'PHPMAILER-smtpHostAuth' => true,
'PHPMAILER-smtpHostPassword' => 'NEEDSHASHEDPASSWORD',
'PHPMAILER-smtpHostPort' => '587',
'PHPMAILER-smtpHostSenderEmail' => '[email protected]',
'PHPMAILER-smtpHostSenderName' => 'Organizr',
'PHPMAILER-smtpHostType' => 'tls',
'PHPMAILER-smtpHostUsername' => '[email protected]',
'PHPMAILER-template' => 'light',
'PHPMAILER-verifyCert' => true
);'organizrHash' => 'xxxxxxxxxx',[Definition]
failregex = {"log_level":"WARNING","message":"Wrong Password".*,"remote_ip_address":"<HOST>"
ignoreregex =[organizr-auth]
enabled = true
port = http,https
logtimezone = UTC
filter = organizr-auth
logpath = /var/www/html/db/logs/organizr*.log
ignoreip = 192.168.1.0/24/var/www/html/db/logs/organizr*.log/config/db/logs/organizr*.log# get real IP
real_ip_header X-Forwarded-For;
set_real_ip_from 172.17.0.0/16;
real_ip_recursive on;-v <path/to/organizr/config/db/logs:/organizrlog:ro2017-08-08 21:51:13,777 fail2ban.filter [262]: INFO [organizr-auth] Found 5.153.234.107 - 2017-08-08 21:51:12
2017-08-08 21:51:18,811 fail2ban.filter [262]: INFO [organizr-auth] Found 5.153.234.107 - 2017-08-08 21:51:18
2017-08-08 21:51:43,965 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:51:51,008 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:51:57,045 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:52:03,080 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:53:25,578 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:24
2017-08-08 21:53:31,617 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:30
2017-08-08 21:53:36,650 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:36
2017-08-08 21:53:42,688 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:41
2017-08-08 21:53:48,726 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:47
2017-08-08 21:53:48,733 fail2ban.actions [262]: NOTICE [organizr-auth] Ban 104.160.20.131fail2ban-client unban <ip>
#OR
docker exec letsencrypt fail2ban-client unban <ip>Arguments = -b 127.0.0.1:9000
See image below for Example
extension=php_curl.dll
extension=php_sqlite3.dll
extension=curl
extension=sqlite3
Note: This was only supposed to be a temporary setting and it seems like Chrome is starting to ignore what this is set to so you'll have to use one of the other options if you try and it doesn't work.
Access this page from your browser edge://flags/
Search for SameSite and disable it.
Access this page from your browser about:config
Search for SameSite and disable it.
Jackett and Tautulli seem to hardcode the SameSite cookie as Lax
Sonarr/Radarr/Lidarr are starting to hardcode the SameSite cookie as Strict
The only way to bypass that is to use Option #1 or Option #2
127.0.0.1 hostnameRunning Nginx as a serviceGo to the location you copied the Nginx folder e.g. c:\nginx
Double click on nginx.exe in c:\nginx , nginx should now be running on your system
To verify, open a browser and type localhost and press enter. If you get "Welcome to nginx!” message then Nginx has been installed successfully
Note: you would need to open 'nginx.exe' every time you reboot your system, to avoid this, install Nginx as a service.
Type in this command nssm install nginx
Path = C:\nginx\nginx.exe
Startup directory = C:\nginx
See image below for Example
Install service
Make sure you run the service as the admin account
Open run and type in services.msc
Search for the nginx service we just installed
Double-click and go to the Log On tab
Select ‘This account:’ and fill in your account details and then press ok.
Right click on the nginx service and restart
Making your Nginx install PHP ready, uncomment the following code from your nginx.conf file c:\nginx\conf\nginx.conf
This is where you would choose if this is for Personal Use of Business use,
License Type
Information
Personal
Everything is unlocked - nothing is hidden
Business
All Media related items are hidden
Here you will need to fill out the Admin's info. If you choose the personal License and you are using Plex or Emby as a backend you should fill out the username/email/password all the same as that admin's information so you can use SSO.
This is where locking down the system comes into play. There are 3 fields that are needed, 1 of them is auto-generated, which is the API field.
Field
Information
Hash Key
This is the salt used to hash all passwords that will be in the config file
Registration Password
This is the field that is needed for anyone to sign up for you Organizr
API Key
This is auto-generated. Used to access Organizr's data
Organizr uses SQLITE for its Database. All that is needed is what you want to name the Database - for security reasons... and The location of where to store it - also for security reasons. Once you have filled out the information, it's best to click the Test/Create Path button to see if everything is good to go.
Path
Information
Suggested Directory
This is a new directory named db inside the parent directory of where Organizr located
Current Directory
This where Organizr is located
Parent Directory
This is the parent directory of where Organizr located
Once you have completed all the steps, you will be taken to an overview page so you may see everything that was entered. You may hover over the items that are sensitive so you may see that information. Once you have verified all information, you may click Finish. This will create the Database and import you as the Admin user. Once completed it will refresh to the login screen.
Now that the Database is created, you will now be automatically logged in. If that doesn't happen, login with the credentials that you just finished creating.
Here is a sample Caddy directive using caddy-jwt to protect a path using the Organizr token:
The secret to use to validate the token needs to be passed to Caddy either as an environment variable named JWT_SECRET or in a file, specified with the secret configuration option.
reauth {
path /sonarr # location that requires reauth
# path /glances # other directories can be listed
#
# if someone is not authorized for a page, send them here instead
failure redirect target=https://<your_domain>/
upstream url=https://<your_domain>/api/v2/auth/<group_id>,cookies=true
}jwt {
# Name of the path to protect
path /protected
# Allow / deny based on JWT claims
allow group Admin
allow group User
# Where to redirect in case the token is invalid or the claims are denied
redirect /
# Where to read the token from
token_source cookie organizr_token_62d9e46e-cdad-4726-9db7-e25b85397f57
# Path the the secret to validate the token
secret /etc/myprecious.txt
}SSO Values
misc.oAuthLogin = Current Login used oAuth
misc.rememberMe = Remember me button was toggle on login
misc.rememberMeDays = Cookie Length in days
%SSO_TYPE%.enabled: false = SSO module enable status
%SSO_TYPE%.cookie: false = Cookie status
%SSO_TYPE%.url: false = URL of SSO module
%SSO_TYPE%.api: false = The API key status if set
%SSO_TYPE%.backend: false = Plex Backend is not enabled
%SSO_TYPE%.machineID = Used for Plex - machineID status
Type
Purpose
Jellyfin API URL
URL for your Server's Jellyfin API Instance
Jellyfin SSO URL
URL for to pass to Jellyfin for SSO
Enable
Enable Jellyfin SSO
SSO doesn't work if Reverse Proxy is a subdomain - It must be on the same domain as Organizr
Type
Purpose
Enable Plex oAuth
This will bring up a Plex login screen that will flow credentials through plex.tv
Strict Plex Friends
Enabling this option will only allow people from your friends list that have access to the server that you selected for Plex Machine
Type
Purpose
Plex Token
Token to authenticate with Plex Servers
Plex Machine
Plex Machine ID for your specific server
Admin Username
Username or Email for Organizr and Plex Admin account
Enable
Enable Plex SSO
Organizr comes with integrated error pages, they have to be configured in the webserver.
It accepts most error codes, and can do a redirect when the user has acknowledged the error.
The full Syntax for the error page is:
To get error pages to work with a reverse proxies, you may need to tell the webserver to intercept the errors from the service.
In NGINX the way to do this is with proxy_intercept_errors on;
This can break some services (like plex), add proxy_intercept_errors off; to the location if that is the case.
For Subdomain's, we replaced $server_name with the domain organizr is on.
If you have Organizr Reversed Proxied, which we are sure you do. You need to add an additional block for the API so it doesn't overwrite the errors for it.
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
#CHANGE THESE LINES##########
server_name localhost;
root html/Organizr;
#############################
index index.php index.html index.htm;
error_page 400 401 403 404 405 408 500 502 503 504 /?error=$status;
location / { }
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /api/v2 {
try_files $uri /api/v2/index.php$is_args$args;
}
}
}misc:
oAuthLogin: true
rememberMe: true
rememberMeDays: 7
plex:
enabled: true
cookie: true
machineID: true
token: true
plexAdmin: email
strict: true
oAuthEnabled: true
backend: true
ombi:
enabled: true
cookie: true
url: http://docker.home.lab:3579/
api: true
tautulli:
enabled: true
cookie: false
url: http://docker.home.lab:8181location /plex/ {
proxy_pass http://ip-of-plex:32400/;
include /path/to/proxy.conf;
}
if ($http_referer ~ /plex/) {
rewrite ^/web/(.*) /plex/web/$1? redirect;
}client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_bind $server_addr;
proxy_buffers 32 4k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_hide_header X-Frame-Options;
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_no_cache $cookie_session;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; When setting up the homepage item, the first option is to enable it, do that by toggling the Enable Switch. After that you need to set the Minimum Authentication group that will be able to use this item.
Field
Value
Enable
Enable the Plex Module
Main Module Minimum Authentication
Minimum Group needed to see Entire Module
If you already went through the Plex SSO or Plex Authentication setup you will have these next fields already saved, if not, you can hit set those values using the provided buttons.
Field
Value
URL
URL to the HealthCheck API (Local or Main API Site)
Disable Certificate Check
Disables the Certificate of the URL provided if https
Use Custom Certificate
Uses a Custom Certificate for the verification of the URL provided if https
Field
Value
Tags
Pull only checks with this tag
Refresh Seconds
How many seconds to update the healthchecks on the homepage
Show Description
Show description on the healthchecks item
Show Tags
Show tags on the healthchecks item
Head over to https://healthchecks.io and create an account. Once created head over to User Menu and select Project Settings to copy your API Key.
Enable the API and once enabled click on Show API Keys
Copy the API key (Top one) and paste into Organizr
You can setup logo/images for the checks if you add an images URL to the tags section for that check
%SSO_TYPE%.token = The API key status if set
%SSO_TYPE%.plexAdmin = Either username or email
%SSO_TYPE%.strict = Status of Plex Friends status
%SSO_TYPE%.oAuthEnabled = oAuth enable status
Type
Breakdown
$scheme://$server_name
This will translate to the URL to the domain that the servers gets the request from. i.e.
https://organizr.app
/api/v2/organizr/error/
Path to the error page
$status
This will set the correct Status code for the error page
?return=$request_uri
OPTIONAL: This will let Organizr know to redirect the user once they have logged in
You are able to create your own PHP and/or HTML/JS Pages to be loaded in the tab's module.
To achieve this, you need to create a page file named anything you want inside the pages folder in the data folder. The data folder is located in the root folder of Organizr.
Once you have created a blank page, you may paste this skeleton code to get you started:
You need to change the first instance of name_here on the GLOBALS variable.
Also make the change on the function name.
They need to be the exact same words.
Once you have the code setup, you may access it via API or via Tab Editor.
GET https://organizr-url/api/v2/page
GET https://organizr-url/api/v2/page/name_here
Create a new tab just like this
The Tab URL will be as follows: api/v2/page/name_here where name_here is the name of your new custom page.
After you have saved the tab, change the Tab Type to Organizr and enable the tab.
That's it! Enjoy your new Custom Tab...
Utilizing Nginx's server_auth
After reading about how Server Authentication works, next we will need to set up the rewriting directive.
You will need to modify your location block. Associated with your site. In Linux, this is typically located at /etc/nginx/sites-available/domain.com.conf
The Native Nginx rewrite block has been reported as not working for all setups. Use the Native Nginx Proxy Pass method if it fails.
There is already a preconfigured file for this. Find the organizr-auth.subfolder.conf.sample and edit it the same way you did for your main Organizr file and remove the .sample.
For subfolders, just add one of the auth_request lines into the subfolder config with the groups as explained above.
For subdomains, add the auth_request same as you would for a subfolder and add an include for the file such as:
A subdomain allows you to have a custom application name for each app on your domain. For example, https://sonarr.domain.com for Sonarr and https://radarr.domain.com for Radar. For subdomains, you need to call back to the domain organizr is on, this can be done differently depending on your installation method.
Native, with local DNS setup (This can also apply for containers): http://app.domain.com/api/v2/auth/$1
Docker, using ip and port (This is assuming the container is running in bridge): http://[docker/hostIP]:[port]/api/v2/auth/$1
All you need to do is include one line per reverse proxy block as the very first line:
auth_request /organizr-auth/0;
If you are using something other than the default 0, change it out here. Other options are located on the page.
Here is a sample of a reverse proxy with admin access:
Most of our already has this, but here is an explanation, using one of our examples(with headers removed)
is a web application that helps you manage your Nginx configuration.
Please read the red bubbles in the screenshots carefully. Modify your Organizr proxy host configuration to include a custom location. Example where ip-address is local IP and 8000 is the port where Organizr is hosted:
Modify the proxy host configuration for the service you want ServerAuth for. Modifications are needed in the Advanced section AND the Custom locations section. Example is a ServerAuth setup for Sonarr (as a subdomain):
Advanced Custom Nginx Configuration section:
Custom Locations Section:
Only change the IP Address in this URL & Don't forget to change the PORT to match yours
Proxy Authentication via Server Auth
Server Authentication will allow you to secure any/all location blocks at your web server/proxy level, only allowing authenticated Organizr users or administrators access. The result of enabling this feature will disallow users from going to https://domain.com/sonarr directly without authenticating with Organizr first.
API Connections without needing to Reverse Proxy Services
security {
authorization policy admin {
set auth url https://mydomain.com/auth
crypto key token name organizr_token_uuid
crypto key verify organizrHash
set token sources cookie
validate bearer header
# Log any admin
acl rule {
match iss Organizr
match role Admin
allow stop log info
}
# Log any denied
acl rule {
match iss any
deny log warn
}
}
authorization policy user {
set auth url https://mydomain.com/auth
crypto key token name organizr_token_uuid
crypto key verify organizrHash
set token sources cookie
validate bearer header
# Log any admin/user
acl rule {
match iss Organizr
match role Admin User
allow stop log info
}
# Log any denied
acl rule {
match iss any
deny log warn
}
}
}
mydomain.com {
root * C:\Caddy\www\organizr\html
php_fastcgi localhost:9000
rewrite /api/v2/* /api/v2/index.php?{query}
file_server
# Subdirectory authentication
route /calibre/* {
uri strip_prefix /calibre
authorize with user
reverse_proxy localhost:9900
}
}
# Subdomain authentication
tautulli.mydomain.com {
route {
authorize with admin
reverse_proxy localhost:8181
}
}$scheme://$server_name/api/v2/organizr/error/$status?return=$request_uri;https://organizr.app/api/v2/organizr/error/401?return=https://demo.organizr.app# This is using nginx's built-in variables, should be copy-paste for most setups.
error_page 401 $scheme://$server_name/api/v2/organizr/error/$status?return=$request_uri; # We only want the Unauthorized code to redirect back to the loginpage
error_page 400 402 403 404 405 408 500 502 503 504 $scheme://$server_name/api/v2/organizr/error/$status; # Responds with the errorpage for the errorcodes listederror_page 401 $scheme://organizr.app/api/v2/organizr/error/$status?return=$scheme://$host$request_uri; # We only want the Unauthorized code to redirect back to the loginpage
error_page 400 402 403 404 405 408 500 502 503 504 $scheme://organizr.app/api/v2/organizr/error/$status; # Responds with the errorpage for the errorcodes listedlocation /api {
include /config/nginx/proxy.conf; # Replace with any proxy config options
proxy_pass http://organizr-ip:organizr-port;
proxy_intercept_errors off; # This is the important part
}<?php
/*
* Make sure to edit "name_here" with your page name - i.e. custom_code_presentation
* You will edit on both "$GLOBALS['organizrPages'][] = 'name_here';" and "function get_page_name_here($Organizr)"
*/
$GLOBALS['organizrPages'][] = 'name_here';
function get_page_name_here($Organizr)
{
if (!$Organizr) {
$Organizr = new Organizr();
}
/*
* Take this out if you dont care if DB has been created
*/
if ((!$Organizr->hasDB())) {
return false;
}
/*
* Take this out if you dont want to be for admin only
*/
if (!$Organizr->qualifyRequest(1, true)) {
return false;
}
return '
<script>
// Custom JS here
</script>
<div class="">
<div class="col-lg-12">
<div class="panel bg-org panel-info">
<div class="panel-heading">
<span lang="en">Template</span>
</div>
<div class="panel-wrapper collapse in" aria-expanded="true">
<div class="panel-body bg-org">Ayyy.... yooo...!
</div>
</div>
</div>
</div>
</div>
';
}
If you need DB Access, keep the if statement that has the hasDB method.
If you need to check access by group, leave or change the first parameter in the qualifyRequest method to the cooresponding group ID
Make the changes to the return with your code.
{
"response": {
"result": "success",
"message": null,
"data": [
"dependencies",
"error",
"homepage",
"lockscreen",
"login",
"settings_customize_appearance",
"settings_customize_settings",
"settings_image_manager",
"settings_plugins_disabled",
"settings_plugins_enabled",
"settings_plugins_settings",
"settings_plugins",
"settings_settings_backup",
"settings_settings_logs",
"settings_settings_main",
"settings_settings_sso",
"settings_tab_editor_categories",
"settings_tab_editor_homepage_order",
"settings_tab_editor_homepage",
"settings_tab_editor_tabs",
"settings_template",
"settings_user_manage_groups",
"settings_user_manage_users",
"settings",
"tabs",
"settings_wizard",
"name_here"
]
}
}{
"response": {
"result": "success",
"message": null,
"data": "\r\n\t\t\t<script>\r\n\t\t\t\t// Custom JS here\r\n\t\t\t</script>\r\n\t\t\t<div class=\u0022\u0022>\r\n\t\t\t\t<div class=\u0022col-lg-12\u0022>\r\n\t\t\t\t\t<div class=\u0022panel bg-org panel-info\u0022>\r\n\t\t\t\t\t\t<div class=\u0022panel-heading\u0022>\r\n\t\t\t\t\t\t\t<span lang=\u0022en\u0022>Template</span>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\u0022panel-wrapper collapse in\u0022 aria-expanded=\u0022true\u0022>\r\n\t\t\t\t\t\t\t<div class=\u0022panel-body bg-org\u0022>Ayyy.... yooo...!\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t"
}
}
Latest version of PowerShell, if you're on Windows 7/Win Server 2008 download
Windows 10 recommended but it should work on Windows 7 if you have the latest version of PowerShell
The user account running the installer should have admin privileges and a password set.
Windows 10 Pro (Fall creators update)
Windows Server 2012 R2
Downloads Nginx, PHP, NSSM and Visual C++ Redistributable
Creates services for Nginx and PHP
Downloads Organizr
Configures PHP as per Org requirements
Adds in a working Nginx conf file with PHP block enabled
Clone\Download the OWI folder from: https://github.com/elmerfdz/OrganizrInstaller
Extract the zip file to your desktop
Navigate to \OrganizrInstaller\windows\owi
Right-click on owi_installer.bat and click on Run as administrator
Installer will ask you for the nginx install location, type in the full path as per the e.g. c:\nginx
The installer will ask you to provide the password of the current user during installation, the nginx service requires that you run it under a user account instead of the 'Local System' account, if you don't then you won't be able to save and reload your nginx config
Git (sudo apt-get install git)
Ubuntu 16.04
Debian 9.5+
Installs Unzip, NGINX, and PHP
Installs the required PHP modules
Adds in a working NGINX conf with PHP block and sample app configs
Clone/Download the OUI folder from - git clone https://github.com/elmerfdz/OrganizrInstaller /opt/OrganizrInstaller
Navigate to the OUI folder - cd /opt/OrganizrInstaller/ubuntu/oui
Run the installer script - sudo bash ou_installer.sh
Organizr is a php based web front-end to help organize your services. Organizr itself is not a service, so do not think of this as another usenet application. It's a collection of files that live on your webserver to serve up existing content/services in a streamlined, organized way.
You are installing Organizr on the same host machine as your webserver
You are using a debian or ubuntu based linux distro for an OS, and nginx as a webserver
You are installing as the root user, or a user with `sudo` privelages (use `sudo` where appropriate if you're not root)
If you don't already have nginx installed as a webserver, run apt-get install nginx or for detailed setup.
There are a few packages that Organizr depends on to function. Some of them may already be installed with your OS, some may be missing, or some may require an upgraded version. This guide shows you how to use and install php7.1 and its packages, but Organizr also lets you use php7.0 or php7.2, if you prefer.
Then, to be sure all of the Organizr's prerequisites are installed, run the following command with your package manager. Some of these may also require other dependencies, so select "Yes" to install those as well.
You now have the necessary prerequisites to install and use Organizr. Next you need to decide where you're going to install Organizr within your web directory. Most default nginx installations give you a path at /var/www/html to insert your website files. You can install Organizr there, but to keep things organized (in the event that you want more than one website), we recommend /var/www/websites/website_name.com/. You can also install Organizr as a subdirectory, if you do not want Orgniazr being the default root of your domain. In that case, you would install it to /var/www/websites/website_name.com/organizr. For this guide, we'll assume your domain is named roxinsocks.com and that Organizr is running at the root level of the site.
Navigate to your website path with cd /var/www/websites/roxinsocks.com
Using one of these two methods, grab the most recent Organizr build from github:
git clone https://github.com/causefx/Organizr /var/www/websites/roxinsocks.com
You may need to install git if you don't have it installed: apt-get install git
wget You may need to install wget if you don't have it installed: apt-get install wget
Unzip the file with unzip v2-master.zip -d /var/www/websites/roxinsocks.com
All your Organizr files are now installed at /var/www/websites/roxinsocks.com/
Set the permission to your path, so that Organizr can write to it by running chown -R www-data:www-data /var/www/websites/roxinsocks.com/
For external access and functionality, edit your nginx sites-enabled config file for your domain (nano /etc/nginx/sites-enabled/roxinsocks.com), and be sure the root is set correctly in the server block. This will tell nginx where to look for organizr, when you navigate to your domain:
You may need to change the path to the socket depending on what version of PHP you installed
3. Navigate to that path locally using your web browser and the host's local ip address. http://localhost or http://192.168.1.### You should be able to login and establish your admin account.
For more information regarding the differences between Authorization vs Authentication, check out this website: https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Certain providers block wildcard cookies from being set which prevents this from working with subdomains. The most common of these is DuckDNS. For a full list see the bottom of this page.
There are two methods you may use to enable authorization, via the Organizr authorization API or using OAuth / JWT tokens.
The Organizr authorization API method has the drawback of making calls to Organizr's authorization API for each and every HTTP request made against your protected location blocks, therefore impacting performance.
The Oauth / JWT Token method allows you to securely trust the Organizr authentication simply based on the JWT token passed in your authenticated requests cookies. It does not require any extra roundtrip to the Organizr API, nor the rewrite directives.
To utilize the block add auth_request /organizr-auth/$; See table below:
$
Organizr group_id
0
Admin
1
Co-Admin
2
Super User
3
Power User
4
User
For this to work, a URL rewrite directive needs to be added so that the static /organizr-auth/$ locations can be understood by Organizr's authentication API, i.e. use the /api/v2/auth/$1 format. You may find instructions and examples for Nginx, Caddy, and Traefik on subpages in this documentation.
The first method has the drawback of making calls to Organizr's authorization API for each and every HTTP request made against your protected location blocks, therefore impacting performance.
This method allows you to securely trust the Organizr authentication simply based on the JWT token passed in your authenticated requests cookies. It does not require any extra roundtrip to the Organizr API, nor the rewrite directives.
The flow is as follows:
An unauthenticated user accesses Organizr UI and logs in, using any of the supported login methods.
After successful login, the browser will keep an authentication cookie generated by Organizr using the standard JSON Web Token (JWT) format. This signed token includes a number of claims (such as user id, group memberships etc) that the user has. For more info on this standard, visit https://jwt.io/
This cookie is then passed to any subsequent visit to your Organizr domain and subdomains.
Capable web servers can easily read the JWT token from this cookie and validate it to trust the user's identity and make an allow/deny decision based on the claims mentioned in the token.
You can easily check the contents of Organizr-generated JWT tokens by inspecting your browser cookies and pasting the contents of the cookie named organizr_token_<uuid> to a JWT inspector such as https://jwt.io/
Once decoded, an Organizr token includes a JWT payload similar to this:
It includes various claims such as your user name, group name, user id, group id, which can all be used by your JWT-aware web server to make an authorization decision.
Of course, your web server should not blindly trust the content of the JWT token since it cold have been forged. In order to trust the token content, your web server will need to validate its signature. This requires the server to know a secret specific to your Organizr instance.
This requires the following 2 pieces of information:
The name of the cookie to use to extract the token from. This value is dynamic, of the form organizr_token_<uuid> where <uuid> is your Organizr instance's $this->config['uuid'] value.
The secret to use to validate the token signature, which is your Organizr instance's $this->config['organizrHash'] value.
Both these values can be taken from your Organizr server's www/Dashboard/api/config/config.php after initial setup.
On Linux, you may use the following commands to parse them:
Application
Supports Multiple Servers
Sonarr
Yes
Radarr
Yes
Lidarr
Yes
Tautulli
Yes
SabNZBd
No
Field
Value
{ORGANIZR_DOMAIN}
Domain of your Organizr instance
{SERVICE}
Supported Application
http://{ORGANIZR_DOMAIN}/api/v2/socks/{SERVICE}/I.E.
GET https://demo.organizr.app/api/v2/socks/sonarr/api/system/status?apikey=sonarrAPIkey
Calls Sonarr's API
apikey
string
Sonarr's API Key
Token
string
Organizr's API Key
Type
Purpose
Ombi URL
URL for your Server's Ombi Instance
Token
API Key for Ombi
Ombi Fallback User
If your user doesn't have an Ombi account, Organizr will use this account
Ombi Fallback Password
Password for the above account
Enable
Enable Ombi SSO
Fill out the URL for your Ombi install (it can be the local IP or local DNS and port) and copy your API key from Ombi's settings to the Token box. Toggle the enabled switch to turn it on.
If you are doing a subdomain for Ombi, go to your tabs and set the Tab URL to:
Proxy Type
URL
Subdomain (ombi.domain.com)
Directory (domain.com/ombi)
https://domain.com/ombi
Please make sure that you have the following options enabled in Ombi.
By enabling those options, your users under User Management should have the User Type as Plex User now.
Homepage Item Information
Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
{
"iss": "Organizr",
"aud": "Organizr",
"jti": "4f1g23a12aa",
"iat": 1555553579,
"exp": 1556158379,
"username": "myusername",
"group": "Admin",
"groupID": 0,
"email": "[email protected]",
"image": "https://www.gravatar.com/avatar/901d703edb7a7f21a92ae87f29484d01?s=100&d=mm",
"userID": 1
}cat /config/www/Dashboard/api/config/config.php | grep organizrHash | sed -r 's/.*=>[^[:alnum:]]*([[:alnum:]]*).*/\1/'
cat /config/www/Dashboard/api/config/config.php | grep uuid | sed -r 's/.*=>[^[:alnum:]]*([[:alnum:]-]*).*/\1/'ddns.net
ddnsking.com
3utilities.com
bounceme.net
duckdns.org
freedynamicdns.net
freedynamicdns.org
gotdns.ch
hopto.org
myddns.me
myds.me
myftp.biz
myftp.org
myvnc.com
noip.com
onthewifi.com
redirectme.net
serveblog.net
servecounterstrike.com
serveftp.com
servegame.com
servehalflife.com
servehttp.com
serveirc.com
serveminecraft.net
servemp3.com
servepics.com
servequake.com
sytes.net
viewdns.net
webhop.me
zapto.org{
"version": "3.0.6.1265",
"buildTime": "2021-06-17T12:24:54Z",
"isDebug": false,
"isProduction": true,
"isAdmin": false,
"isUserInteractive": false,
"startupPath": "/app/sonarr/bin",
"appData": "/config",
"osName": "ubuntu",
"osVersion": "18.04",
"isMonoRuntime": true,
"isMono": true,
"isLinux": true,
"isOsx": false,
"isWindows": false,
"branch": "main",
"authentication": "none",
"sqliteVersion": "3.22.0",
"urlBase": "",
"runtimeVersion": "5.20.1.34",
"runtimeName": "mono"
}{
"response": {
"result": "error",
"message": "Not Authorized",
"data": null
}
}location ~ /organizr-auth/(.*) {
internal;
rewrite ^/organizr-auth/(.*) /api/v2/auth/$1;
}location ~ /organizr-auth/(.*) {
internal;
proxy_pass https://127.0.0.1/api/v2/auth/$1;
proxy_set_header Content-Length "";
}location ~ /organizr-auth/(.*) {
internal;
proxy_pass http://[docker/hostIP]:[port]/api/v2/auth/$1;
proxy_set_header Content-Length "";
}include /config/nginx/proxy-confs/organizr-auth.subfolder.conf;
auth_request /organizr-auth/0;location ~ ^/organizr-auth/(.*) {
## Has to be local ip or local DNS name
proxy_pass https://web.home.lab/api/v2/auth/$1;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}location /[SERVICE] {
auth_request /organizr-auth/0;
proxy_pass http://[IP]:[PORT]/[SERVICE];
add_header X-Frame-Options "SAMEORIGIN";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}location /sonarr {
auth_request /organizr-auth/0;
proxy_pass http://127.0.0.1:8989/sonarr;
location /sonarr/api { # We know that sonarr's api-endpoint is /api, so we are gonna open that up.
auth_request off; # The line that actually opens it up
proxy_pass http://127.0.0.1:8989/sonarr/api; # We need to tell nginx where to send the request
}
}location: ~ /organizr-auth/(.*)
Forward Hostname/IP: ip-address/api/v2/auth/$1auth_request /organizr-auth/4;~ /organizr-auth/(.*)organizr-ip-address/api/v2/auth/$15-997
Custom Groups
998
Any logged in user
999
Guest
{#}
Id of Supported Application (Order in Organizr)
I.E.
NZBGet
No
qBittorrent
No
Field
Value
{ORGANIZR_DOMAIN}
Domain of your Organizr instance
{SERVICE}
http://demo.organizr.app/api/v2/socks/sonarr/Supported Application
http://{ORGANIZR_DOMAIN}/api/v2/multiple/socks/{SERVICE}/{#}http://demo.organizr.app/api/v2/multiple/socks/sonarr/1
http://demo.organizr.app/api/v2/multiple/socks/sonarr/2
http://demo.organizr.app/api/v2/multiple/socks/sonarr/3
sudo bash oc_installer.sh
Calendar (Upcoming and Past TV Shows)
Queue (Current Downloading Items)
API Socks (Access to API without needing to Reverse Proxy Sonarr)
When setting up the homepage item, the first option is to enable it, do that by toggling the Enable Switch. After that you need to set the Minimum Authentication group that will be able to use this item.
Field
Value
Enable
Enable the Module
Main Module Minimum Authentication
Minimum Group needed to see Entire Module
Enter the connection details of your Sonarr server. This homepage item allows multiple Sonarr server connections.
Field
Value
Multiple URL's
URL to your Sonarr Servers - LAN preferred
Multiple API Key/Token's
API Keys to your Sonarr Servers
Disable Certificate Check
Disables the Certificate of the URL provided if https
Use Custom Certificate
Uses a Custom Certificate for the verification of the URL provided if https
Organizr's API Socks allows you to access Sonarr's API without needing to Reverse Proxy it.
Field
Value
Enable
Enable the Module
Module Minimum Authentication
Minimum Group needed to use Module
Disable Certificate Check
Disables the Certificate of the URL provided if https
Depending on if you entered either one Sonarr Connection or multiple will determine which URL you will use.
URL for Socks Connection:
I.E.
Depending on how many connections you setup, replace {#} with which server you are connecting to.
URL for Socks Connection:
I.E.
Enabling this module will output Sonarr's Download Queue on the homepage.
Field
Value
Enable
Enable the Module
Module Minimum Authentication
Minimum Group needed to use Module
Add to Combined Downloader
Adds this downloader to a combined downloader module
Refresh Seconds
Sets the time in between data being refreshed
Better preview coming soon...
This module adds past and future TV Shows on the homepage Calendar
Field
Value
Days Before
Amount of days to grab before todays date
Days After
Amount of days to grab after todays date
Start Day
First Day of Calendar for Week View
Default View
Which view to display on page load
First of all, if you are using an Organizr docker container, please make sure you are using the new Organizr Image:
If you are using or you have now switched over to this container, you will not need to add the new api location block as that has been added for you in the container image. If you are using Nginx's Auth_Request module, you will need to update that address by following these instructions: HERE
Note: the branch variable will take short hand such as master instead of v2-master and dev or develop instead of v2-develop as may be seen in the tag migration examples.
We will need to update your webserver to include the new API location block.
If you reverse proxy Organizr to another Webserver - do not add to that server. Only add to the webserver that hosts Organizr.
Please include this location block within the server block that houses Organizr.
If you are using Nginx's Auth_Request module, you will need to update that address by following these instructions:
Head to IIS webpage Settings
Import Rules
Paste code below and Apply
Also make sure you allow the following HTTP Methods:
Put
Delete
Options
You will need to update your url for the auth_request module.
Notice the position of the ? and & signs
The complete config block will look like this:
Do not just copy/paste this. This is just an example of how it should look. organizr-upstream is probably not the same as your setup.
The complete config block will look like this:
We have separated Jellyfin from Emby. Please head to the homepage item section and fix accordingly. If you are using Jellyfin for authentication, please edit the Authentication settings and input your URL and Token respectively.
If your Organizr is totally blank or you see 404's in the Browser Console (F12) then more than likely you did not perform the API location block addition at all or correctly. Please refer to the changes above for the appropriate webserver.
If you cannot access the settings/homepage page in Organizr - more than likely the tab url updater didn't run successfully.
Head over to your browser and type in the following:
GET http://organizr-location/api/v2/update/migrate/2.1.0
Migrates some settings from 2.0 to 2.1
Now you can go back to Organizr and reload if you haven't and check the settings/homepage page.
There was a type on the there config item keys. There are a total of 4 of them. Go to the file /api/config/config.php and change these four keys from the left side of the image to the right side of the image. All that was missing was the letter e
This page will go through how to create a Plugin for Organizr
This only pertains to Organizr instances on version 2.1.1140 or higher
Each plugin consists of the following files:
The first thing you will notice is that there is a Global variable set with a plugins array. For this example, our Plugin name is Test.
Also notice on the array we again specify the name of the plugin. Here is a breakdown of the rest of the array keys:
Now that we have finished setting up your Plugin's Global variable array, we can now continue to creating your Plugin's PHP Class.
If you plan on using some of Organizr built in functions and User information, you will need to extend the Organizr Class. Otherwise, you can just create a new class and that is it.
If you want a settings modal, you will need to create a function to supply which config items you will want to set up for your settings modal. Let's start with creating a function to pass an array with our config items.
First, you need to name your function something, let's call this one _pluginGetSettings, we can also set this function as public if you choose to share those variables with other classes etc...
Next, we will return an array with our Setting's groups. In this example our first Group is called Sample Settings. Inside this Settings group, we will have 3 config items that we want to setup. Each item is setup via the settingsOption function. This function takes 3 parameters.
public function OptionsFunction::settingsOption($type, $name = null, $extras = null) array|string[]
The first option is the type of config item that we are setting up. The second, is the name of the config item. Lastly, we can provide the sometimes-optional extra options needed to set the item up.
Let's take a look at each one.
You can find out all the type of config item options under the options-functions.php file located under Organizr Location/api/functions/ folder.
apt-get install software-properties-common
add-apt-repository ppa:ondrej/php
apt-get update
apt-get install php7.1-fpmapt-get install php7.1-mysql php7.1-sqlite3 sqlite3 php7.1-xml php7.1-zip openssl php7.1-curlserver{
root /var/www/websites/roxinsocks.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name roxinsocks.com;
location / { try_files $uri $uri/ =404; }
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7-fpm.sock;
}
location /api/v2 {
try_files $uri /api/v2/index.php$is_args$args;
}
}http://docker:8000/api/v2/socks/sonarr/http://demo.organizr.app/api/v2/socks/sonarr/{
"response": {
"result": "success",
"message": "Ran update function for version: 2.1.0",
"data": null
}
}organizr:
container_name: organizr
hostname: organizr
image: organizr/organizr
restart: unless-stopped
ports:
- 80:80
volumes:
- /home/organizr:/config
environment:
- fpm=true #true or false | using true will provide better performance
- branch=v2-master #v2-master or #v2-develop
- PUID=1000
- PGID=1000
- TZ=${TZ}location /api/v2 {
try_files $uri /api/v2/index.php$is_args$args;
}RewriteEngine On
RewriteBase /api/v2
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /api/v2/index.php [QSA,L]rewrite /api/v2/* /api/v2/index.php?{query}rewrite / {
regexp ^/api/v2/*
to /api/v2/index.php?{query}
}RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /api/v2/index.php [QSA,L]Change from this line:
rewrite ^/auth-(.*) /api/?v1/auth&group=$1;
Change to this line:
rewrite ^/auth-(.*) /api/v2/auth/$1;location ~ /auth-(.*) {
rewrite ^/auth-(.*) /api/v2/auth/$1;
}Change from this line:
proxy_pass http://organizr-upstream/api/?v1/auth&group=$1;
Change to this line:
proxy_pass http://organizr-upstream/api/v2/auth/$1;location ~ ^/auth-(.*) {
## Has to be local ip or local DNS name or if Proxied use proxy address
proxy_pass http://organizr-upstream/api/v2/auth/$1;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
logo.png
The logo file for your plugin
String
Can be either personal or business. Can also be both just use csv.
I.E. personal,business
idPrefix
String
This is used for HTML elements, please use all Uppercase and one word only
configPrefix
String
This is used for config items so they don't clash with other items. Please use all Uppercase and no spaces
version
String
SemVer of your plugin
image
String
Path to your logo
settings
Boolean
Does your plugin need a settings modal
bind
Boolean
Use the default bind to make settings modal
api
String
API Route to settings values
homepage
Boolean
NOT IN USE YET
html
html
plugin.php
The file is the PHP Class file that will have all your plugins functions and everything
api.php
This file will contain all the API routes for your plugin
config.php
This file will contain all of your plugins default config values
page.php [OPTIONAL]
This file can hold some html that Organizr can display if you set a Tab in Organizr as Organizr type
main.js
This Javascript file will be included when Organizr loads if your plugin is enabled
settings.js [OPTIONAL]
author
String
Your name or pseudonym
category
String
Overall type of Plugin
link
String
Link to additional info for plugin, can be blank
TEST-pass-alt
password-alt
label
TEST-password
password
label
TEST-text
text
label
This Javascript file will be included when Organizr loads the settings page if your plugin is enabled
license
N/A
<?php
// PLUGIN INFORMATION
$GLOBALS['plugins']['Test'] = [ // Plugin Name
'name' => 'Test', // Plugin Name
'author' => 'CauseFX', // Who wrote the plugin
'category' => 'Testing', // One to Two Word Description
'link' => '', // Link to plugin info
'license' => 'personal', // License Type use , for multiple
'idPrefix' => 'TEST', // html element id prefix (All Uppercase)
'configPrefix' => 'TEST', // config file prefix for array items without the hypen (All Uppercase)
'version' => '1.0.1', // SemVer of plugin
'image' => 'api/plugins/test/logo.png', // 1:1 non transparent image for plugin
'settings' => true, // does plugin need a settings modal?
'bind' => true, // use default bind to make settings page - true or false
'api' => 'api/v2/plugins/test/settings', // api route for settings page (All Lowercase)
'homepage' => false // Is plugin for use on homepage? true or false
];
class TestPlugin extends Organizr
{
public function _pluginGetSettings()
{
return [
'Sample Settings' => [
$this->settingsOption('password-alt', 'TEST-pass-alt',['label' => 'Test Plugin Pass Alt']),
$this->settingsOption('password', 'TEST-password',['label' => 'Test Plugin Password']),
$this->settingsOption('text', 'TEST-text',['label' => 'Test Plugin Text'])
],
'FYI' => [
$this->settingsOption('html', 'HTML Note', ['html' => '<span lang="en">This is just a note</span>']),
]
];
}
}<?php
/*
* Always include PLUGINNAME-enabled
* Along with all your other settings from plugin.php
*/
return [
'TEST-enabled' => false,
'TEST-pass-alt' => '',
'TEST-password' => '',
'TEST-text' => ''
];Head over to https://github.com/Organizr/docker-organizr to see more information.
Make sure you have enabled php_pdo_sqlite.dll & php_openssl.dll PHP extensions.
Download the latest release of Organizr.
Open the downloaded organizr zip file and copy all files and paste them in the web root folder c:\nginx\html\
OR If you prefer you can create sub-directory called organizr under c:\nginx\html and paste the copied organizr files in that folder.
Go to http(s)://localhost/index.php
Navigate to your website path with cd /var/www/websites/roxinsocks.com
Replace the domain path in the webserver path with the correct path
Using one of the following two methods, grab the most recent Organizr build from github:
Copy this command and paste into your terminal
Copy this command and paste into your terminal
Unzip the file with the following command while replacing the file path with the location to your servers domain files
All your Organizr files are now installed at /var/www/websites/roxinsocks.com/
Set the permission to your path, so that Organizr can write to it by running chown -R www-data:www-data /var/www/websites/roxinsocks.com/
For external access and functionality, edit your nginx sites-enabled config file for your domain (nano /etc/nginx/sites-enabled/roxinsocks.com), and be sure the root is set correctly in the server block. This will tell nginx where to look for organizr, when you navigate to your domain:
You may need to change the path to the socket depending on what version of PHP you installed
3. Navigate to that path locally using your web browser and the host's local ip address. http://localhost or http://192.168.1.### You should be able to login and establish your admin account.
Our helm chart is maintained by the guys over at k8s@home. This uses the official docker container.
Repo
Link
Chart Github Repository
Chart Helm Repository
Artifacthub
Add the helm repository for k8s-at-home
Read through the values.yaml file either in the github repository or via helm commands
Deploy a named release with your override values.yaml file
Time Format
Format for the time of TV Showing
Locale
Region format for date
Items Per Day
Amount of items to show pre day before cut-off
Refresh Seconds
Sets the time in between data being refreshed
Show Unmonitored
Display shows that are unmonitored
git clone https://github.com/causefx/Organizr /var/www/websites/roxinsocks.comwget https://github.com/causefx/Organizr/archive/v2-master.zipdocker create \
--name=organizr \
-v <path to data>:/config \
-e PGID=<gid> -e PUID=<uid> \
-p 80:80 \
-e fpm="false" \ # optional
-e branch="v2-master" \ # optional
organizr/organizrversion: "3.6"
services:
organizr:
container_name: organizr
hostname: organizr
image: organizr/organizr:latest
restart: unless-stopped
ports:
- 80:80
volumes:
- <path to data>:/config
environment:
- PUID=<uid>
- PGID=<gid>
- TZ=<timezone>#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
#CHANGE THESE LINES##########
server_name localhost;
root html/Organizr;
#############################
index index.php index.html index.htm;
error_page 400 401 403 404 405 408 500 502 503 504 /?error=$status;
location / { }
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /api/v2 {
try_files $uri /api/v2/index.php$is_args$args;
}
}
}server{
root /var/www/websites/roxinsocks.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name roxinsocks.com;
location / { try_files $uri $uri/ =404; }
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7-fpm.sock;
}
location /api/v2 {
try_files $uri /api/v2/index.php$is_args$args;
}
}helm repo add k8s-at-home https://k8s-at-home.com/charts
helm install organizr k8s-at-home/organizr --values values.yaml # User suppliedhelm repo add k8s-at-home https://k8s-at-home.com/charts
# these next 2 lines are convenience lines to build a full values file for modification.
# You can construct your own overrides as you see fit.
helm show values k8s-at-home/organizr | \
sed '1,2d;/service/,+1d' > values.yaml
helm show values k8s-at-home/media-common | \
sed '1d;/image:/,+5d;s/port: ""/port: 80/;s/^/ /' >> values.yaml
vi values.yaml # modify as needed
helm install organizr k8s-at-home/organizr --values values.yamlorganizr:
imagePullSecrets: []
fullnameOverride: organizr
env:
TZ: UTC
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.priority: "10"
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: organizr.domain.tld
paths:
- /
tls:
- secretName: organizr-domain-tld
hosts:
- organizr.domain.tld
persistence:
# type: options are statefulset or deployment
type: statefulset
config:
enabled: true
resources:
requests:
cpu: 100m
memory: 128Mihttp://docker:8000/api/v2/multiple/socks/sonarr/{#}http://demo.organizr.app/api/v2/multiple/socks/sonarr/1
http://demo.organizr.app/api/v2/multiple/socks/sonarr/2
http://demo.organizr.app/api/v2/multiple/socks/sonarr/3
unzip v2-master.zip -d /var/www/websites/roxinsocks.com
Homepage Item Information
The Plex homepage item allows you to have the following Plex items displayed on the homepage:
Current playing streams (Active Streams)
Recently Added items
Media search functionality
Playlists
When setting up the Plex homepage item, the first option is to enable it, do that by toggling the Enable Switch. After that you need to set the Minimum Authentication group that will be able to use this item.
If you already went through the or setup you will have these next fields already saved, if not, you can hit set those values using the provided buttons.
With this module, you will be able to show the current streams that are active on your Plex server live.
With this module, you will be able to display all recent items that were added to your Plex server.
With this module, you will be able to show a search button on your Organizr so users may search your library.
With this module, you will be able to show your curated playlists from your Plex server.
Drop down of libraries to exclude from this Module
Field
Value
Enable
Enable the Plex Module
Main Module Minimum Authentication
Minimum Group needed to see Entire Module
Field
Value
URL
URL to your Plex Server - LAN preferred
Disable Certificate Check
Disables the Certificate of the URL provided if https
Use Custom Certificate
Uses a Custom Certificate for the verification of the URL provided if https
Token
Plex Token (Use button to retrieve)
Plex Machine
Plex Machine ID (Use button to retrieve)
Field
Value
Enable
Enable the Plex Active Stream Module
Module Minimum Authentication
Minimum Group needed to see Module
User Information
Show Plex User name
User Information Minimum Authentication
Minimum Group needed to see Plex User name
Refresh Seconds
How many seconds to refresh the Module
Field
Value
Enable
Enable the Plex Recent Items Module
Module Minimum Authentication
Minimum Group needed to see Module
Libraries to Exclude
Drop down of libraries to exclude from this Module
Item Limit
Limit the total # of items to display
Refresh Seconds
How many seconds to refresh the Module
Field
Value
Enable
Enable the Plex Media Search Module
Module Minimum Authentication
Minimum Group needed to see Module
Libraries to Exclude
Drop down of libraries to exclude from this Module
Media Server
Choose Plex
Field
Value
Enable
Enable the Plex Playlist Module
Module Minimum Authentication
Minimum Group needed to see Module
Field
Value
Plex Tab Name
The Plex Tab name if you have one configured
Plex Tab WAN URL
The WAN facing URL i.e. https://domains.com/plex
Image Cache Size
Cache Image quality
Use Tautulli custom names for users
Grab custom names from Tautulli
Libraries to Exclude
