Jellyseerr on Ubuntu 24.04 on Azure User Guide
Overview
Jellyseerr is a popular open source, self hosted media request management application for Jellyfin, Plex and Emby. Users browse and discover movies and TV shows through TheMovieDB, submit requests in a clean modern interface, and administrators review, approve and automate them with Sonarr and Radarr integration.
The cloudimg image builds Jellyseerr 3.3.0 from source under /opt/jellyseerr, runs it as the dedicated jellyseerr system user bound to loopback 127.0.0.1:5055, and fronts it with nginx on port 80. nginx is configured for the WebSocket traffic the live request and status updates rely on and is ready for your TLS certificate.
Secure by default: the image ships uninitialised, with no administrator. Your first visit lands on the setup wizard where you bind your own admin by signing in with your own Jellyfin, Plex or Emby account, and a fresh per instance client id and API key are generated on first boot. A jellyseerr-firstboot.service oneshot ensures the config directory exists, resolves the instance URL and starts the stack on first boot, then disables itself.
What is included:
- Jellyseerr 3.3.0 (MIT) under
/opt/jellyseerr - Embedded SQLite database at
/var/lib/jellyseerr/config/db/db.sqlite3(no separate database to run) jellyseerr.servicerunning asjellyseerr, bound to127.0.0.1:5055- nginx reverse proxy on port 80, WebSocket aware, ready for TLS
jellyseerr-firstboot.servicefor first boot config directory + stack start- Node.js 22 LTS runtime
- Ubuntu 24.04 LTS base, fully patched
- 24/7 cloudimg support, 24h response SLA
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet with a subnet. Recommended VM size: Standard_B2s (Jellyseerr is lightweight; 4 GB RAM is comfortable). You will also need a reachable Jellyfin, Plex or Emby server to bind your administrator during setup.
Step 1: Deploy from the Azure Portal
Search the Marketplace for Jellyseerr on Ubuntu 24.04, choose your VM size, and attach an NSG that allows TCP 22 (SSH) from your management network and TCP 80 / 443 (the web app) from the networks that need it. Front port 80 with TLS in production (see the HTTPS section below).
Step 2: Deploy from the Azure CLI
RG="jellyseerr-prod"; LOCATION="eastus"; VM_NAME="jellyseerr-01"
GALLERY_IMAGE_ID="/subscriptions/<sub-id>/resourceGroups/azure-cloudimg/providers/Microsoft.Compute/galleries/cloudimgGallery/images/jellyseerr-ubuntu-24-04/versions/<version>"
SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
az group create --name "$RG" --location "$LOCATION"
az network vnet create -g "$RG" --name js-vnet --address-prefix 10.90.0.0/16 --subnet-name js-subnet --subnet-prefix 10.90.1.0/24
az network nsg create -g "$RG" --name js-nsg
az network nsg rule create -g "$RG" --nsg-name js-nsg --name allow-ssh --priority 100 \
--source-address-prefixes "<your-mgmt-cidr>" --destination-port-ranges 22 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name js-nsg --name allow-web --priority 110 \
--source-address-prefixes "<your-mgmt-cidr>" --destination-port-ranges 80 443 --access Allow --protocol Tcp
az vm create -g "$RG" --name "$VM_NAME" --image "$GALLERY_IMAGE_ID" \
--size Standard_B2s --storage-sku StandardSSD_LRS \
--admin-username azureuser --ssh-key-values "$SSH_KEY" \
--vnet-name js-vnet --subnet js-subnet --nsg js-nsg --public-ip-sku Standard
Step 3: Connect via SSH
ssh azureuser@<vm-ip>
Step 4: Verify the services are running
Jellyseerr listens on loopback 127.0.0.1:5055; nginx fronts the web app on port 80 and proxies its WebSocket traffic.
sudo systemctl is-active jellyseerr nginx
ss -tln | grep -E ':80 |127.0.0.1:5055'
curl -s -o /dev/null -w 'GET /api/v1/status -> HTTP %{http_code}\n' http://127.0.0.1/api/v1/status
Both services report active, the Node server is bound to 127.0.0.1:5055, nginx is bound to :80, and the status API returns HTTP 200 through nginx.

Step 5: Secure by default, no admin ships
Nothing sensitive ships in the image. The application reports initialized:false, so every instance starts at the setup wizard, and the per VM instance info note in /root is root only and contains no credential, only the resolved URL.
curl -s http://127.0.0.1/api/v1/settings/public | grep -o '"initialized":[a-z]*'
sudo stat -c '%n perms=%a owner=%U:%G' /root/jellyseerr-info.txt
sudo grep -E '^JELLYSEERR_URL|^NOTE' /root/jellyseerr-info.txt
The app reports initialized:false, the note is 600 root:root, and it tells you to bind your admin at the setup wizard on first visit.

Step 6: Complete the first run setup wizard
Open http://<vm-ip>/ in your browser. Because no administrator ships, Jellyseerr shows its setup wizard. Choose Configure Jellyfin, Configure Plex or Configure Emby depending on your media server.

For Jellyfin or Emby, enter your server URL, port and the account you want to become the administrator, then click Sign In. The account you sign in with becomes the Jellyseerr owner. For Plex you sign in with your Plex account instead.

Step 7: Discover and request media
After setup you land on Discover, where trending and popular movies and TV from TheMovieDB are shown. Search for a title, open it and click Request to submit it; administrators can approve requests and let Sonarr or Radarr fulfil them automatically.

The Requests view lists every request with its media type, requester and status, so administrators can approve, decline and track fulfilment from one screen.

Step 8: The runtime stack
node -v
nginx -v
jq -r .version /opt/jellyseerr/package.json
Node.js 22 LTS runs the server, nginx 1.24 fronts it, and the pinned Jellyseerr release is 3.3.0.

Step 9: Data and persistence
All configuration and request data lives in the embedded SQLite database under /var/lib/jellyseerr/config, captured into the image and carried onto every instance.
sudo ls -lh /var/lib/jellyseerr/config/db/db.sqlite3
systemctl is-enabled jellyseerr-firstboot.service
apt-mark showhold
The database file is present, the first boot service is enabled for the next fresh instance, and there are no held packages, so the OS security baseline is intact.

Step 10: Enable HTTPS
nginx already fronts Jellyseerr on port 80 and is ready for TLS. Point a DNS record at your VM, then obtain a certificate with certbot:
sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d <your-domain> --agree-tos -m <your-email> --redirect
certbot installs the certificate, rewrites the nginx server block for TLS, and sets up automatic renewal. Your request portal is then served over HTTPS.
Managing the service
sudo systemctl status jellyseerr
sudo systemctl restart jellyseerr
sudo journalctl -u jellyseerr -f
The Node server logs to the journal. nginx logs are under /var/log/nginx/. Back up the instance by snapshotting the OS disk or copying /var/lib/jellyseerr/config while the service is stopped.
Support
cloudimg provides 24/7 support for this image via email and live chat: deployment, nginx TLS termination, upgrades, media server and Sonarr/Radarr integration, and performance tuning. Email support@cloudimg.co.uk.
This is a repackaged open source software product with additional charges for cloudimg support services. Jellyseerr is a trademark of its respective owner. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.