Summary

Before installing Organizr you need to have a couple of pieces of software installed.

If you are running Docker Containers, you can skip to Installing Organizr via Docker.

Webserver

Do you have a Web Server installed?

If you do not please proceed to the following page:

PHP

Do you have PHP installed?

If you do not please proceed to the following page:

Prerequisites Completed

If you have both a Web Server and PHP installed, head over to this page:

Allow me to re-introduce myself My name is...

An example Caddy V2 Caddyfile with reverse proxy

mydomain.com {
    root * C:\Caddy\www\organizr\html
    php_fastcgi localhost:9000
    rewrite /api/v2/* /api/v2/index.php?{query}
    file_server

    # Subdirectory
    route /calibre/* {
        uri strip_prefix /calibre
        reverse_proxy localhost:9900
    }
}

# Subdomain
tautulli.mydomain.com {
    route {
        reverse_proxy localhost:8181
    } 
}

Summary

We are always looking for someone who would like to join us and help. No matter how small or big... We will take all the help we can get.

Help with Docs

Join us and help contribute to Organizr's Documentation. The link to join is here:

Once you have joined, hop onto our Discord server and let us know which username you signed up with on Gitbook and we can apply the correct permissions for you or add your name to this list after you use the invite link:

Support in Discord

Join us and help other members out that configuring and tinkering with Organizr over in our Discord server. Join the server here:

Code Contribution

Coming soon...

Summary

The first component needed for Organizr to run is a webserver.

location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        #CHANGE THESE LINES##########
        server_name  localhost;
        root   html/Organizr;
        #############################
        index  index.php index.html index.htm;
        error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;
        location / { }
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
        location /api/v2 {
	        try_files $uri /api/v2/index.php$is_args$args;
        }
    }
}

Summary

Here are the many ways you can install Organizr.

Auto Installer

Organizr has an Auto Installer that works on Windows and some flavors of Linux.

Docker

Installing via CLI

docker create \
  --name=organizr \
  -v <path to data>:/config \
  -e PGID=<gid> -e PUID=<uid>  \
  -p 80:80 \
  -e fpm="false" \ # optional
  -e branch="v2-master" \ # optional
  organizr/organizr

Installing via Compose File

version: "3.6"
services:
    organizr:
        container_name: organizr
        hostname: organizr
        image: organizr/organizr:latest
        restart: unless-stopped
        ports:
            - 80:80
        volumes:
            - <path to data>:/config
        environment:
            - PUID=<uid>
            - PGID=<gid>
            - TZ=<timezone>

More Information

Head over to https://github.com/Organizr/docker-organizr to see more information.

Windows

Pre-Check

Download Organizr

1. Download the latest release of Organizr.

2. Open the downloaded organizr zip file and copy all files and paste them in the web root folder c:\nginx\html\

   1. OR If you prefer you can create sub-directory called organizr under c:\nginx\html and paste the copied organizr files in that folder.

3. Go to http(s)://localhost/index.php

#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        #CHANGE THESE LINES##########
        server_name  localhost;
        root   html/Organizr;
        #############################
        index  index.php index.html index.htm;
        error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;
        location / { }
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
        location /api/v2 {
	        try_files $uri /api/v2/index.php$is_args$args;
        }
    }
}

Ubuntu & Debian

Navigate to Webserver Directory

1. Navigate to your website path with cd /var/www/websites/roxinsocks.com

   1. Replace the domain path in the webserver path with the correct path

2. Using one of the following two methods, grab the most recent Organizr build from github:

git clone https://github.com/causefx/Organizr /var/www/websites/roxinsocks.com

wget https://github.com/causefx/Organizr/archive/v2-master.zip

unzip v2-master.zip -d /var/www/websites/roxinsocks.com

All your Organizr files are now installed at /var/www/websites/roxinsocks.com/

Permissions & Access

1. Set the permission to your path, so that Organizr can write to it by running chown -R www-data:www-data /var/www/websites/roxinsocks.com/

2. For external access and functionality, edit your nginx sites-enabled config file for your domain (nano /etc/nginx/sites-enabled/roxinsocks.com), and be sure the root is set correctly in the server block. This will tell nginx where to look for organizr, when you navigate to your domain:

server{
    root /var/www/websites/roxinsocks.com;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name roxinsocks.com;
    location / { try_files $uri $uri/ =404; }
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7-fpm.sock;
    }
    location /api/v2 {
	    try_files $uri /api/v2/index.php$is_args$args;
    }
}

3. Navigate to that path locally using your web browser and the host's local ip address. http://localhost or http://192.168.1.### You should be able to login and establish your admin account.

Helm

Our helm chart is maintained by the guys over at k8s@home. This uses the official docker container.

Links

TL;DR

helm repo add k8s-at-home https://k8s-at-home.com/charts
helm install organizr k8s-at-home/organizr --values values.yaml # User supplied

Installing

1. Add the helm repository for k8s-at-home

2. Read through the values.yaml file either in the github repository or via helm commands

3. Deploy a named release with your override values.yaml file

Example Commands

helm repo add k8s-at-home https://k8s-at-home.com/charts
# these next 2 lines are convenience lines to build a full values file for modification. 
# You can construct your own overrides as you see fit.
helm show values k8s-at-home/organizr | \
    sed '1,2d;/service/,+1d' > values.yaml
helm show values k8s-at-home/media-common | \
    sed '1d;/image:/,+5d;s/port: ""/port: 80/;s/^/  /' >> values.yaml
vi values.yaml # modify as needed
helm install organizr k8s-at-home/organizr --values values.yaml

Example values.yaml override

organizr:
  imagePullSecrets: []
  fullnameOverride: organizr
  
  env:
    TZ: UTC
  
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: traefik
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.priority: "10"
      cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
      - host: organizr.domain.tld
        paths:
          - /
    tls:
      - secretName: organizr-domain-tld
        hosts:
          - organizr.domain.tld
  
  persistence:
    # type: options are statefulset or deployment
    type: statefulset
    config:
      enabled: true
  
  resources:
    requests:
      cpu: 100m
      memory: 128Mi

Summary

The second component needed for Organizr to run is PHP.

Windows

Download and Install

1. Download PHP for Windows from here: http://windows.php.net/download (Non Thread Safe version used in this guide)

2. Create a folder called PHP under your Nginx directory e.g. C:\nginx\php and copy the downloaded files to this folder

Running PHP as a service

1. Install NSSM - Skip to Step 2 if already installed

   1. Download NSSM from: https://nssm.cc/download

   2. Copy the nssm.exe from the win32 or win64 folder depending on your system to C:\Windows\System32

2. If you’ve got nssm already setup, open command prompt as admin.

3. Type in the following cmd nssm install php

   1. Path = C:\nginx\php\php-cgi.exe

   2. Startup directory = C:\nginx\php

   3. Arguments = -b 127.0.0.1:9000

   4. See image below for Example

4. Install Service

5. On the opened cmd prompt type in nssm start php to start the PHP service.

6. If the installed PHP service doesn’t start, then try manually running the php-cgi.exe file in C:\nginx\php\

   1. If you get a missing ‘VCRUNTIME’ related error then follow the solution on this link: http://stackoverflow.com/questions/30811668/php-7-missing-vcruntime140-dll

7. Make a copy of one of the php.ini-development or php.ini-production files and rename it to php.ini

8. Open the php.ini file and search for the following and uncomment each:

   1. extension_dir = "ext"

   2. extension=php_openssl.dll

   3. extension=php_pdo_sqlite.dll

   4. extension=php_curl.dll

   5. extension=php_sqlite3.dll

9. Please note that if you are running PHP 7.2 or higher, look for the below lines and uncomment them instead:

   1. extension_dir = "ext"

   2. extension=openssl

   3. extension=pdo_sqlite

   4. extension=curl

   5. extension=sqlite3

10. Also, uncomment the following line and add ext to the end of it:

    1. sqlite3.extension_dir =

       1. So that is becomes: sqlite3.extension_dir = ext

11. On the opened cmdprompt type in nssm restart php to restart the PHP service to apply the changes in php.ini.

Ubuntu & Debian

Download and Install

Add the repository

apt-get install software-properties-common
add-apt-repository ppa:ondrej/php
apt-get update

Install

apt-get install php7.1-fpm

Then, to be sure all of the PHP packages are installed, run the following command with your package manager. Some of these may also require other dependencies, so select "Yes" to install those as well.

apt-get install php7.1-mysql php7.1-sqlite3 sqlite3 php7.1-xml php7.1-zip openssl php7.1-curl

Summary

Once you have installed Organizr, the first page that you are presented with is the Wizard page. Here you will enter which License type you want to use along with creating the Admin's credentials.

Install Type

This is where you would choose if this is for Personal Use of Business use,

Admin Info

Here you will need to fill out the Admin's info. If you choose the personal License and you are using Plex or Emby as a backend you should fill out the username/email/password all the same as that admin's information so you can use SSO.

Security

This is where locking down the system comes into play. There are 3 fields that are needed, 1 of them is auto-generated, which is the API field.

Database

Organizr uses SQLITE for its Database. All that is needed is what you want to name the Database - for security reasons... and The location of where to store it - also for security reasons. Once you have filled out the information, it's best to click the Test/Create Path button to see if everything is good to go.

Verify

Once you have completed all the steps, you will be taken to an overview page so you may see everything that was entered. You may hover over the items that are sensitive so you may see that information. Once you have verified all information, you may click Finish. This will create the Database and import you as the Admin user. Once completed it will refresh to the login screen.

Login Screen

Now that the Database is created, you will now be automatically logged in. If that doesn't happen, login with the credentials that you just finished creating.

Summary

Organizr Tabs is the main focus of Organizr. You can have as many tabs as you like and even put them into Categories. Each tab can be configured to be opened in an iframe or in a new window. In your Settings in Tab Editor, it will list all your current tabs. From this screen you can add, delete, disable, etc

Tab Editor Settings

Rearranging Tabs: Hover over the three dots on the left side of the tabs, click and drag to where you want it.

Home Symbol (See image below): This will take you to the Homepage setting based on a best guess of your tab name.

Category: Group tabs together so you can collapse them (set up your categories in the Categories tab below Tab Editor)

Group: Minimum Group that the tab should be shown to. Usually should match ServerAuth if you are using it.

Type:

• • Internal - only for Organizr things (Homepage and Settings)

  • iFrame - your standard tab

  • New Window - Opens a new window/tab

Default: Choose which tab loads when you first login.

Active: Enable or Disable the tab

Splash: Adds a link to the splash screen that shows when you log in/time out.

Ping: Enables the ping functionality (must have Ping URL filled in)

Preload: Loads the tab when you first load/login to Organizr

Add/Edit Tabs

Tab Name: What you want the tab to show

Tab URL: URL you want to load. Examples: /appname, https://app.domain.com Note: must have scheme if you are using a full URL.

Tab Local URL: URL you want to load when you are local to Organizr (RFC1918 space by default: 192.168.x.x, 10.x.x.x, or 172.16-31.x.x, You can add more address space in System Settings -> Main -> Login) This is optional and can be left blank.

Ping URL: URL and port to check if a service is up. Examples: 192.168.1.4:8181, tautulli:8181 These should not have scheme. This is optional and can be left blank.

Tab Auto Action: Auto Close/Reload after a specified amount of minutes. Note: this is timed of when the tab is opened, not when last interacted with.

Tab Image: Will fill in if you choose from the Image/Icon drop downs

Test Tab: Will test to see if the tab can be loaded in an iFrame or not.

I deleted my Homepage Tab, how do I get it back?

Tab URL: api/v2/page/homepage

Original Icon: fontawesome::home

Type (after saving): Organizr

Summary

Using Plex as your Organizr backend allows you to authenticate using both your Local Plex Server as well as the servers at Plex.tv

Change the Authentication type to Organizr DB + Backend. Choose Plex as the Authentication Backend. Use the Retrieve button to fill in the Plex Token and Plex Machine.‌

After reading about how Server Authentication works, next we will need to set up the rewriting directive.

Configure the Nginx location block

You will need to modify your location block. Associated with your site. In Linux, this is typically located at /etc/nginx/sites-available/domain.com.conf

Native Nginx Rewrite

location ~ /organizr-auth/(.*) {
	internal;
	rewrite ^/organizr-auth/(.*) /api/v2/auth/$1;
}

Native Nginx Proxy Pass

location ~ /organizr-auth/(.*) {
        internal;
        proxy_pass https://127.0.0.1/api/v2/auth/$1;
        proxy_set_header Content-Length "";
}

Docker Container

location ~ /organizr-auth/(.*) {
        internal;
        proxy_pass http://[docker/hostIP]:[port]/api/v2/auth/$1;
        proxy_set_header Content-Length "";
}

SWAG/Letsencrypt Docker

There is already a preconfigured file for this. Find the organizr-auth.subfolder.conf.sample and edit it the same way you did for your main Organizr file and remove the .sample.

For subfolders, just add one of the auth_request lines into the subfolder config with the groups as explained above.

For subdomains, add the auth_request same as you would for a subfolder and add an include for the file such as:

include /config/nginx/proxy-confs/organizr-auth.subfolder.conf;
auth_request /organizr-auth/0;

Subdomains

A subdomain allows you to have a custom application name for each app on your domain. For example, https://sonarr.domain.com for Sonarr and https://radarr.domain.com for Radar. For subdomains, you need to call back to the domain organizr is on, this can be done differently depending on your installation method.

Native, with local DNS setup (This can also apply for containers): http://app.domain.com/api/v2/auth/$1

Docker, using ip and port (This is assuming the container is running in bridge): http://[docker/hostIP]:[port]/api/v2/auth/$1

location ~ ^/organizr-auth/(.*) {
    ## Has to be local ip or local DNS name
    proxy_pass https://web.home.lab/api/v2/auth/$1;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    
}

Reverse Proxy (subdirectory)

All you need to do is include one line per reverse proxy block as the very first line:

auth_request /organizr-auth/0;

If you are using something other than the default 0, change it out here. Other options are located on the Server Authentication page.

Here is a sample of a reverse proxy with admin access:

location /[SERVICE] {
    auth_request /organizr-auth/0;
    proxy_pass http://[IP]:[PORT]/[SERVICE];
    add_header X-Frame-Options "SAMEORIGIN";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Excluding a location from authentication

Most of our examples already has this, but here is an explanation, using one of our examples(with headers removed)

location /sonarr {
    auth_request /organizr-auth/0;
    proxy_pass http://127.0.0.1:8989/sonarr;
    location /sonarr/api { # We know that sonarr's api-endpoint is /api, so we are gonna open that up.
        auth_request off; # The line that actually opens it up
        proxy_pass http://127.0.0.1:8989/sonarr/api; # We need to tell nginx where to send the request
    }
}

NPM

Nginx Proxy Manager is a web application that helps you manage your Nginx configuration.

Please read the red bubbles in the screenshots carefully. Modify your Organizr proxy host configuration to include a custom location. Example where ip-address is local IP and 8000 is the port where Organizr is hosted:

location: ~ /organizr-auth/(.*)
Forward Hostname/IP: ip-address/api/v2/auth/$1

Modify the proxy host configuration for the service you want ServerAuth for. Modifications are needed in the Advanced section AND the Custom locations section. Example is a ServerAuth setup for Sonarr (as a subdomain):

Advanced Custom Nginx Configuration section:

auth_request /organizr-auth/4;

Custom Locations Section:

Location:

~ /organizr-auth/(.*)

Forward Hostname / IP

organizr-ip-address/api/v2/auth/$1

Summary

If you are using Plex as the main driving factor for your Organizr instance, you will want to enable Plex as backend choice to login via Plex credentials.

Change the Authentication type to Organizr DB + Backend. Choose Plex as the Authentication Backend. Use the Retrieve button to fill in the Plex Token and Plex Machine.

The other two toggles are optional:

Now that Plex is setup to be the backend for Organizr, you can head over to the SSO section for Plex

Plex SSO will only work with Plex reverse proxied as a subdirectory and not as a subdomain. Fill out the Plex Token and Plex Machine (They should already be filled in if you did the above step). You can use the retrieve buttons to fill these out. Toggle the enabled switch to turn it on.

Plex Reverse Proxy (Sub-Directory)

Contents of Proxy.conf

Summary

Using SSO with Petio allows you to access the Petio UI using only one sign in.

Summary

Server Authentication will allow you to secure any/all location blocks at your web server/proxy level, only allowing authenticated Organizr users or administrators access. The result of enabling this feature will disallow users from going to https://domain.com/sonarr directly without authenticating with Organizr first.

Methodology

There are two methods you may use to enable authorization, via the Organizr authorization API or using OAuth / JWT tokens.

The Organizr authorization API method has the drawback of making calls to Organizr's authorization API for each and every HTTP request made against your protected location blocks, therefore impacting performance.

The Oauth / JWT Token method allows you to securely trust the Organizr authentication simply based on the JWT token passed in your authenticated requests cookies. It does not require any extra roundtrip to the Organizr API, nor the rewrite directives.

Using the Organizr authorization API method

To utilize the block add auth_request /organizr-auth/$; See table below:

Using the OAuth / JWT token method

The first method has the drawback of making calls to Organizr's authorization API for each and every HTTP request made against your protected location blocks, therefore impacting performance.

This method allows you to securely trust the Organizr authentication simply based on the JWT token passed in your authenticated requests cookies. It does not require any extra roundtrip to the Organizr API, nor the rewrite directives.

The flow is as follows:

1. An unauthenticated user accesses Organizr UI and logs in, using any of the supported login methods.

3. This cookie is then passed to any subsequent visit to your Organizr domain and subdomains.

4. Capable web servers can easily read the JWT token from this cookie and validate it to trust the user's identity and make an allow/deny decision based on the claims mentioned in the token.

Organizr JWT token structure

Once decoded, an Organizr token includes a JWT payload similar to this:

It includes various claims such as your user name, group name, user id, group id, which can all be used by your JWT-aware web server to make an authorization decision.

Validating the token

Of course, your web server should not blindly trust the content of the JWT token since it cold have been forged. In order to trust the token content, your web server will need to validate its signature. This requires the server to know a secret specific to your Organizr instance.

This requires the following 2 pieces of information:

• The name of the cookie to use to extract the token from. This value is dynamic, of the form organizr_token_<uuid> where <uuid> is your Organizr instance's $this->config['uuid'] value.

• The secret to use to validate the token signature, which is your Organizr instance's $this->config['organizrHash'] value.

Both these values can be taken from your Organizr server's www/Dashboard/api/config/config.php after initial setup.

On Linux, you may use the following commands to parse them:

Providers that block wildcard cookies

Using the Organizr authorization API

Træfik v1

You can use Traefik's auth-forward feature to do the same.

Example docker-compose.yml block for Organizr:

Example service that depends on user being authenticated to Organizr:

Træfik v2

Træfik changed how the tags work in v2.

Example docker-compose.yml block for Organizr:

Example service that depends on user being authenticated to Organizr:

Summary

Using SSO with Overseerr allows you to access the Overseerr UI using only one sign in.

Summary

Using SSO with Ombi allows you to access the Ombi UI using only one sign in.

Fill out the URL for your Ombi install (it can be the local IP or local DNS and port) and copy your API key from Ombi's settings to the Token box. Toggle the enabled switch to turn it on.

If you are doing a subdomain for Ombi, go to your tabs and set the Tab URL to:

Tips

Please make sure that you have the following options enabled in Ombi.

By enabling those options, your users under User Management should have the User Type as Plex User now.

Summary

Single Sign on is used to log into other services when you log into Organizr. You must be using the same username and password to log into Organizr as you would use to log into Plex, Ombi, Tautulli, etc...

Summary

SSO with Grafana is a combination of reverse proxy configuration and some settings in grafana.ini or with environment variables.

Grafana.ini

[auth.proxy]
enabled = true             
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 172.27.1.131
;headers = Email:X-User-Email, Name:X-User-Name

Environment variables

-e GF_AUTH_PROXY_ENABLED=true \             
-e GF_AUTH_PROXY_HEADER_NAME="X-WEBAUTH-USER" \
-e GF_AUTH_PROXY_HEADER_PROPERTY="username" \
-e GF_AUTH_PROXY_AUTO_SIGN_UP=true \
-e GF_AUTH_PROXY_LDAP_SYNC_TTL=60 \
-e GF_AUTH_PROXY_WHITELIST="172.27.1.131" \
-e GF_AUTH_PROXY_HEADERS="Email:X-User-Email, Name:X-User-Name"

Notes

You need to flip the enabled to true (it's disabled by default) and you should set the whitelist to the IP of your Organizr install so the header can only come from it. To read more about this, see Grafana's docs.

Summary

Using SSO with Jellyfin allows you to access the Jellyfin UI using only one sign in.

Tips

Summary

Using LDAP as your backend allows you to authenticate using your own LDAP server. With that being said there are currently some limitation in Organizr. These will be covered at the bottom of this page.

Limitation

Coming soon...

Summary

NZBHydra has as of version 2.13.13 the ability to authorize using a similar method as Grafana.

In NZBHydra's settings we need to set a few values. The Auth header has to have the same as the one in the NGINX reverse proxy (example to follow), while the Secure ip ranges should be set to the nginx ip.

Summary

Using SSO with Proxy Auth allows you to access an apps UI using only one sign in.

All of these type of apps work the same way. For the reverse proxy you need to add the following:

Summary

The homepage houses all of your media items formatted in a very nice UI for you and your users.

Homepage Output

Setting up the Homepage Tab

The URL will never change as that points to the Organizr API. You may change the Tab Name and Tab Image to anything you like. As for the other options, those are covered in Adding a New Tab

Editing Homepage Items

To setup a Homepage item, all you need to do is click on any of the homepage items to edit those settings. You may head to each Homepage item information page next.

Summary

The Tautulli SSO module works best if you are using Plex as your Organizr Backend.

Tips

You first need to make sure that Allow Plex Admin & Allow Guest Access to Tautulli are enabled in the Web Interface portion of the Settings page.

To enable Tautulli SSO for your users, head to Tautulli Users page and click Edit mode and click the Lock Icon for each user you want to enable SSO for.

Summary

Calibre added support to Auth via header in v0.6.5. You need to set the Calibre settings in the Admin Configuration.

The Reverse Proxy Header Name should be the header you set in your reverse proxy config.

Here is an example calibre.conf file for a subdomain of https://domain.com/calibre

location /calibre {
        proxy_bind              $server_addr;
        proxy_pass              http://127.0.0.1:8083;
        proxy_set_header        Host            $http_host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Scheme        $scheme;
        proxy_set_header        X-Script-Name   /calibre;  # IMPORTANT: path has NO trailing slash
        auth_request /organizr-auth/4; #Change the X to whatever group you want to allow access
        auth_request_set $auth_user $upstream_http_x_organizr_user;
        proxy_set_header X-WEBAUTH-USER $auth_user;
}

Summary

In the event that something isn't working as expected, here we will short where to start looking to troubleshoot.

Debug Area

In the drop down under your username in the top right there is an option for the Debug Area. From here use the drop down at the top and choose the SSO option you are trying to troubleshoot.

Summary

Do you need access to a services API through WAN but don't want to reverse proxy it? Organizr can help with that... All you need to do is, enable that option under that Services homepage item. After that, you are off to the races.

Supported Apps

URL Endpoints

Example API Call

API Socks

GET https://demo.organizr.app/api/v2/socks/sonarr/api/system/status?apikey=sonarrAPIkey

Calls Sonarr's API

Path Parameters

Headers

Summary

This homepage item allows you to have the following items displayed on the homepage:

• Calendar (Upcoming and Past TV Shows)

• Queue (Current Downloading Items)

• API Socks (Access to API without needing to Reverse Proxy Sonarr)

Setting up

Enable Tab

When setting up the homepage item, the first option is to enable it, do that by toggling the Enable Switch. After that you need to set the Minimum Authentication group that will be able to use this item.

Connection

Enter the connection details of your Sonarr server. This homepage item allows multiple Sonarr server connections.

API Socks

Organizr's API Socks allows you to access Sonarr's API without needing to Reverse Proxy it.

API Socks URL

Depending on if you entered either one Sonarr Connection or multiple will determine which URL you will use.

Queue

Enabling this module will output Sonarr's Download Queue on the homepage.

Calendar

This module adds past and future TV Shows on the homepage Calendar

Test Connection

Summary

The HealthChecks Homepage item allows you to see all your health checks on your page at a quick glance.

Setting up

Enable

When setting up the homepage item, the first option is to enable it, do that by toggling the Enable Switch. After that you need to set the Minimum Authentication group that will be able to use this item.

Connection

If you already went through the Plex SSO or Plex Authentication setup you will have these next fields already saved, if not, you can hit set those values using the provided buttons.

Misc Options

Signing up at HealthChecks.io

Head over to https://healthchecks.io and create an account. Once created head over to User Menu and select Project Settings to copy your API Key.

Enable the API and once enabled click on Show API Keys

Copy the API key (Top one) and paste into Organizr

Tips

You can setup logo/images for the checks if you add an images URL to the tags section for that check

Summary

Using SSO with Komga allows you to access the Komga UI using only one sign in.

Tab Setup

Replace komga-domain with the actual domain of your Komga instance.

Summary

Organizr comes with integrated error pages, they have to be configured in the webserver.

It accepts most error codes, and can do a redirect when the user has acknowledged the error.

Breakdown

The full Syntax for the error page is:

$scheme://$server_name/api/v2/organizr/error/$status?return=$request_uri;

URL Breakdown

https://organizr.app/api/v2/organizr/error/401?return=https://demo.organizr.app

To get error pages to work with a reverse proxies, you may need to tell the webserver to intercept the errors from the service.

In NGINX the way to do this is with proxy_intercept_errors on;

This can break some services (like plex), add proxy_intercept_errors off; to the location if that is the case.

NGINX Example for Proxies

# This is using nginx's built-in variables, should be copy-paste for most setups.
error_page 401 $scheme://$server_name/api/v2/organizr/error/$status?return=$request_uri; # We only want the Unauthorized code to redirect back to the loginpage

error_page 400 402 403 404 405 408 500 502 503 504  $scheme://$server_name/api/v2/organizr/error/$status; # Responds with the errorpage for the errorcodes listed

error_page 401 $scheme://organizr.app/api/v2/organizr/error/$status?return=$scheme://$host$request_uri; # We only want the Unauthorized code to redirect back to the loginpage

error_page 400 402 403 404 405 408 500 502 503 504  $scheme://organizr.app/api/v2/organizr/error/$status; # Responds with the errorpage for the errorcodes listed

Organizr Reverse Proxy

If you have Organizr Reversed Proxied, which we are sure you do. You need to add an additional block for the API so it doesn't overwrite the errors for it.

location /api {
    include /config/nginx/proxy.conf; # Replace with any proxy config options
    proxy_pass http://organizr-ip:organizr-port;
    proxy_intercept_errors off; # This is the important part
}

Summary

Sometime you need to backup and/or restore your instance of Organizr.

Backing Up Organizr

Head on over to the Backup module of Organizr

All that you need to do is click the Create Backup Button

Once the backup process completes, the new back up will be listed at the bottom of the back up listing. There are 2 buttons that are accessible for each backup.

The left button is the download button which will download the zip file that includes all the backed up files. The right button will delete that specific backup zip file.

Restoring Organizr

Manual Restore Process

1. Install Organizr as you would normally

2. Unzip the backup zip file somewhere

   1. Inside the zip file you will find the folder structure of where the files need to be placed.

      1. If you placed the database-folder elsewhere, you need to update the 'dbLocation' => 'dbPath' value in config.php

3. Restart the docker (or process if not in docker) and refresh the web page for Organizr

Summary

Fail2ban scans log files (e.g. /var/log/nginx/error.log) and bans IPs that show malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email/notification) could also be configured.

Prerequisites

• Fail2ban installed and configured

Fail2Ban filter

Go to your filter.d folder in your Fail2Ban install location /etc/fail2ban/filter.d and create a file called organizr-auth.conf and add the following:

Organizr Jail

Edit the jail.local file in the Fail2Ban directory and add the following:

Restart Fail2Ban with sudo service fail2ban restart

Organizr logs

Normal Install

Docker Install

Docker

Because the Organizr container only logs the docker IP addresses e.g 172.17.0.2 you need to add this in the Organizr default nginx site file. Go to \organizr\nginx\site-confs\default and add the following inside the server block:

If you're using organizr/organizr it's already added and you only need to uncomment the set_real_ip_from line.

Then restart the container: docker restart organizr

Using the linuxserver/swag container

For this to work you need the SWAG container to be able to read the organizr-<date>.log file in the Organizr container.

Mount the Organizr log like this:

And set the log path in the Fail2Ban jail.local file to /organizrlog/organizr*.log

Banned

The fail2ban.log file should output something like this:

If you managed to ban yourself or a friend banned themself you can run one of these commands:

Thanks to rix1337 for the fail2ban config:

Summary

To display text only for specific user groups.

In this example, we are using groupID 999 which is the Guest Group.

Steps

Open the Tab Editor and go to Homepage Items then finally select Custom HTML

Outcome

A User who is logged in

A User who is not logged in

Summary

The Plex homepage item allows you to have the following Plex items displayed on the homepage:

• Current playing streams (Active Streams)

• Recently Added items

• Media search functionality

• Playlists

Setting up

Enable Tab

When setting up the Plex homepage item, the first option is to enable it, do that by toggling the Enable Switch. After that you need to set the Minimum Authentication group that will be able to use this item.

Connection

Active Streams

With this module, you will be able to show the current streams that are active on your Plex server live.

Recent Items

With this module, you will be able to display all recent items that were added to your Plex server.

Media Search

With this module, you will be able to show a search button on your Organizr so users may search your library.

Playlists

With this module, you will be able to show your curated playlists from your Plex server.

Misc Options

Test Connection

Summary

Get faster load times of tabs in Organizr.

Windows

1. Open Command Prompt as an Administrator

2. Type the following command set php and you should see 2 variables

   1. PHP_FCGI_CHILDREN=3

   2. PHP_FCGI_MAX_REQUESTS=128

3. Run the following command to increase the value of PHP_FCGI_CHILDREN

   1. SETX /m PHP_FCGI_CHILDREN 1000

4. Close Command Prompt.

5. Open Command Prompt as Administrator and run set php and check that PHP_FCGI_CHILDREN value changed from 3 to 1000.

Adapted from: https://technicalramblings.com/blog/optimizing-php-fpm-to-get-faster-load-times-of-tabs-in-organizr/

What are Organizr's Requirements?

1. Webserver - Nginx (or any other webserver that works with php)

2. PHP 7.1.3 or later

   1. PDO

   2. PDO7-SQLITE

   3. PHP7-ZIP

   4. PHP7-SESSION

   5. SimpleXML

   6. OPENSSL

   7. SQLITE3

   8. CURL [For Plex & Emby Logins]

   9. PHP7-LDAP [For LDAP Logins]

   10. PHP7-XMLRPC [For rTorrent Homepage Item

Summary

A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability.

OWI

The NGINX configs that come with the automated Organizr installer for Windows are set up with a couple files to make settings up your reverse proxies easier. This guide assumes you used the default C:\nginx, If you are not using the default path, adjust what this says to the path you used. Inside that folder, in the conf folder, there are two files: rp-subfolder.conf and rp-subdomain.conf. These are the files we are going to be working with. We're also going to use the example configs that can be found here (this link is also found in those files)

Subfolders

For configs that are just a location block, you are going to put them inside the rp-subfolder.conf file. We're going to use Sonarr as an example. Using these will create a reverse proxy that looks like http://domain.com/app

location /sonarr {
        proxy_pass http://127.0.0.1:8989/sonarr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_no_cache $cookie_session;
        # Allow the Sonarr API through if you enable Auth on the block above
        location /sonarr/api { 
                auth_request off;
                proxy_pass http://127.0.0.1:8989/sonarr/api;
        }
}

Things that may need changed in this:

proxy_pass http://127.0.0.1:8989/sonarr/api;

If your Sonarr isn't running on the same machine, you will need to change out the 127.0.0.1 to the IP of the machine where it is running. If you are running it on a non-standard port this is also where to change it. Make sure to change it in both places.

• If you are changing the location to something else, make sure it too is changed in both places.

Subdomains

For configs that are a server block, you are going to put them inside the rp-subdomain.conf file. We're going to use Sonarr as an example as well. Using these will create a reverse proxy that looks like http://app.domain.com

server {
        listen 443 ssl;
        server_name sonarr.DOMAIN.TLD;

        ssl_certificate /etc/letsencrypt/live/DOMAIN.TLD/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/DOMAIN.TLD/privkey.pem;

        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/sonarr.access.log;

        location / {
                proxy_pass http://127.0.0.1:8989;
                proxy_set_header X-Forwarded-Host $server_name;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}

Things that may need changed in this: