Seerr Setup Guide: Media Requests for Plex, Jellyfin, Emby, Sonarr, and Radarr

Seerr is the front desk for a media homelab. It gives family or approved users a clean place to discover what is already available, request a movie or show, and receive a notification when the request is available. Radarr and Sonarr still remain the systems of record for movies and TV. Seerr captures intent and approval; Radarr and Sonarr decide quality, root folders, import behavior, upgrades, and library state.

This guide focuses on a native Ubuntu source install with systemd because that is useful for operators who want to understand what is running on the host. Docker is the upstream recommended path for most users, and there is a compact Docker option later, but the main runbook here is source-based and rebuild-friendly.

Rights, lawful use, and scope: This guide is for private administration of media requests for media you own or are authorized to use. It is not legal advice and it is not a guide to acquiring, sharing, or processing copyrighted works without permission. A request in Seerr is only user intent; it is not proof that the media may be obtained or stored.

Safe default: Keep Seerr LAN-only, VPN-only, or behind a trusted HTTPS reverse proxy with authentication while you build it. Do not expose Seerr publicly before admin roles, user permissions, rate limits, request approval rules, and backups are proven.

Where Seerr Fits

Seerr belongs before Sonarr and Radarr in the workflow. A user searches or browses Seerr, places a request, and Seerr applies permission and approval rules. Only after approval should Seerr route the item to the correct Radarr or Sonarr instance with the correct root folder, quality profile, tags, and search behavior.

1. 1. Discover User Browse

   An approved user finds a movie, show, or season in Seerr. This is a request surface, not a source of rights.

2. 2. Request Movie or Seasons

   The user requests a movie, a whole show, or selected seasons. The request should carry intent, not automatic approval.

3. 3. Gate Permissions

   Roles, quotas, watchlists, blocklists, request rules, and content boundaries decide what needs review.

4. 4. Approve Admin Review

   The operator approves, declines, or adjusts the destination, quality profile, root folder, tags, or search behavior.

5. 5. Route Radarr or Sonarr

   Approved movies go to Radarr; approved shows go to Sonarr. Those apps remain responsible for quality and imports.

6. 6. Track Library Sync

   Seerr syncs against Plex, Jellyfin, or Emby so it can show whether requested media is already available.

7. 7. Notify User Update

   When the media server sees the item, Seerr can notify the requester through the configured notification agents.

Requests are intent

A request means someone wants something. It does not grant copyright rights or override your sourcing policy.

Search after approval

For a new setup, approve manually and verify routing before broad auto-search behavior.

Public edge needs protection

If household users reach Seerr remotely, put it behind HTTPS, strong authentication, and least-privilege roles.

The App Ownership Model

Layer	Owner	Beginner Explanation	Operator Check
Request intake	Seerr	Users request movies or shows and see availability.	Roles, request limits, approval rules, and notification settings are deliberate.
Movie decisions	Radarr	Radarr decides movie quality, root folder, upgrades, and imports.	The Seerr movie service points to the right Radarr URL, API key, profile, tags, and root folder.
TV decisions	Sonarr	Sonarr decides show monitoring, seasons, episodes, quality, and imports.	The Seerr TV service points to the right Sonarr URL, API key, profile, language, tags, and root folder.
Source management	Prowlarr	Prowlarr manages lawful indexer definitions for the Arr apps.	Seerr should not bypass your Arr rules by becoming a second decision engine.
Playback availability	Plex, Jellyfin, or Emby	The media server shows whether a title is available.	Seerr library sync sees the same final libraries users see.
File optimization	Tdarr	Tdarr may optimize after import.	Radarr/Sonarr and Plex rescans stay current after file replacement.

Who This Is For

• A homelab operator who already has Plex, Jellyfin, or Emby running.
• Someone with working Radarr and Sonarr root folders, quality profiles, imports, and API keys.
• A household or small group that needs a controlled request portal instead of text messages or manual spreadsheets.
• An operator who wants a source install with systemd, logs, backups, and explicit upgrade steps.
• A beginner who wants enough detail to understand the order of operations before enabling automation.

Before You Start: Safe Defaults

Decision	Recommended Starting Point	Why It Matters
Access	LAN, VPN, or trusted reverse proxy only	Seerr exposes request history, user identities, app integrations, and admin controls.
Auto-approval	Off for the first test	Manual approval proves routing before users fill queues.
Search on approval	Off until root/profile rules are proven	A bad root folder or wrong profile can create noisy queues quickly.
Movie routing	One main Radarr root first	Add animated, comedy, 4K, or special roots only after the basic path works.
TV routing	One main Sonarr root first	Whole-show requests can become large; prove one season first.
Admin accounts	Separate admin from requester users	Least privilege keeps a request portal from becoming an Arr admin surface.
Backups	Back up Ombi, existing request tools, Seerr config, and service files	Request data and integration settings are small but rebuild-critical.

Terms You Need Before Clicking Around

Term	Plain-English Meaning	Where It Matters
Request	A user asks for a movie, show, or season.	Seerr approvals and notifications.
Approval	An admin decision to accept, decline, or modify a request.	Prevents uncontrolled adds.
Availability	The media server already has the item and can show it to users.	Seerr library sync.
Root folder	The final library destination used by Radarr or Sonarr.	Wrong roots create messy libraries.
Quality profile	The allowed quality lane and cutoff rules.	Seerr must pick the right Radarr/Sonarr default.
Tags	Labels used to mark or route items.	Useful for list-vs-request audits and custom rules.
API key	A secret that lets Seerr talk to Radarr or Sonarr.	Never paste real keys into public posts or screenshots.
Watchlist	A user list that may create high-intent requests.	Useful only after approval and routing rules are proven.
Blocklist	Media intentionally excluded from request workflows.	Prevents recurring requests for unwanted items.

Ubuntu Source Install Overview

A clean source install has five jobs: install Node.js and pnpm, create a service user, clone Seerr into a predictable path, store config outside the source tree, and run it with systemd. The official Seerr source guide lists Node.js 22.x, pnpm 10.x, and Git as prerequisites, and shows the source build flow of clone, install dependencies, build, and start. This runbook turns that into a service-oriented Ubuntu install.

Host binding warning: The example below binds Seerr to 127.0.0.1 for safety. If you change HOST to 0.0.0.0, Seerr listens on all interfaces. Only do that when host firewall, VPN, or reverse-proxy controls are already in place.

Preflight the Ubuntu Host

lsb_release -a
uname -a
df -h /
ss -ltnp | grep -E ':5055|:7878|:8989' || true
systemctl is-active postgresql redis-server || true

Record the results in private notes. You want to know the Ubuntu release, available disk space, and whether anything is already listening on port 5055 before creating the service. If Ombi is still installed, back it up and leave it restorable until Seerr is fully tested.

Install Node.js 22, pnpm, and Build Tools

sudo install -d -m 0755 /etc/apt/keyrings

curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key 
  | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

NODE_REPO="deb [signed-by=/etc/apt/keyrings/nodesource.gpg]"
NODE_REPO="$NODE_REPO https://deb.nodesource.com/node_22.x nodistro main"

printf '%sn' "$NODE_REPO" 
  | sudo tee /etc/apt/sources.list.d/nodesource.list >/dev/null

sudo apt-get update

sudo apt-get install -y 
  ca-certificates 
  curl 
  git 
  build-essential 
  python3 
  pkg-config 
  nodejs

corepack enable
corepack prepare pnpm@10 --activate

node -v
pnpm -v

Create the Seerr User and Paths

sudo useradd --system 
  --home-dir /opt/seerr 
  --shell /usr/sbin/nologin 
  seerr 2>/dev/null || true

sudo install -d -m 0755 /opt
sudo install -d -m 0750 -o seerr -g seerr /etc/seerr
sudo install -d -m 0750 -o seerr -g seerr /etc/seerr/config

The source tree lives in /opt/seerr. Runtime configuration lives in /etc/seerr. That separation matters because source updates should not erase config, and backups should clearly include the secret-bearing config path.

Clone, Install, and Build Seerr

sudo rm -rf /opt/seerr
sudo git clone https://github.com/seerr-team/seerr.git /opt/seerr
sudo chown -R seerr:seerr /opt/seerr

cd /opt/seerr
sudo -u seerr git checkout main
sudo -u seerr HUSKY=0 CYPRESS_INSTALL_BINARY=0 pnpm install --frozen-lockfile
sudo -u seerr pnpm build

sudo -u seerr git rev-parse --short=12 HEAD

For production, record the branch and commit you built. Tracking main is convenient, but a pinned commit is easier to roll back. If you are writing restore notes, capture the commit, Node version, pnpm version, and build date.

Create the Seerr Environment File

sudo tee /etc/seerr/seerr.conf >/dev/null <<'EOF'
PORT=5055
HOST=127.0.0.1
NODE_ENV=production
DB_TYPE=sqlite
CONFIG_DIRECTORY=/etc/seerr/config
LOG_LEVEL=info
EOF

sudo chown root:seerr /etc/seerr/seerr.conf
sudo chmod 0640 /etc/seerr/seerr.conf

SQLite is fine for many homelabs and is the simplest first install. Seerr also supports PostgreSQL. If you expect a busier request portal or want database consistency with the rest of your stack, plan PostgreSQL deliberately and back it up with dumps, not raw file copies.

Create the systemd Service

sudo tee /etc/systemd/system/seerr.service >/dev/null <<'EOF'
[Unit]
Description=Seerr Service
Wants=network-online.target
After=network-online.target

[Service]
User=seerr
Group=seerr
EnvironmentFile=/etc/seerr/seerr.conf
Environment=NODE_ENV=production
Type=exec
Restart=on-failure
RestartSec=10
WorkingDirectory=/opt/seerr
ExecStart=/usr/bin/node /opt/seerr/dist/index.js
UMask=0027

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable --now seerr

Verify Seerr Starts Cleanly

systemctl status seerr --no-pager
journalctl -u seerr -n 100 --no-pager
curl -fsS http://127.0.0.1:5055/api/v1/settings/public

Success means the service is active, logs do not show database or permission errors, and the public settings endpoint responds locally. Do not move on to user onboarding until this basic health check works after a reboot.

First-Run Setup

1. Open Seerr through the path you intend to use: local tunnel, VPN, LAN hostname, or reverse proxy.
2. Create the first owner/admin account.
3. Connect Plex, Jellyfin, or Emby and run a library sync.
4. Confirm Seerr shows titles that already exist in the library.
5. Add Radarr using an internal URL, not a public hostname if the services are on the same network.
6. Add Sonarr using an internal URL, not a public hostname if the services are on the same network.
7. Choose conservative defaults for root folder, profile, tags, and language.
8. Turn off broad auto-approval and automatic search until a controlled test works.

Connect Radarr and Sonarr Carefully

Setting	Radarr Guidance	Sonarr Guidance
URL	http://127.0.0.1:7878 or internal Docker/LAN URL	http://127.0.0.1:8989 or internal Docker/LAN URL
API key	Copy from Radarr settings and store only in Seerr.	Copy from Sonarr settings and store only in Seerr.
Root folder	Start with the main movies root.	Start with the main TV root.
Quality profile	Use your default balanced movie profile.	Use your default balanced TV profile.
Tags	Add a seerr-request tag if you audit intake sources.	Add a seerr-request tag if you audit intake sources.
Search on add	Start disabled or manual.	Start disabled or manual.
4K/special roots	Add later after basic routing works.	Add later only if you intentionally run separate libraries/profiles.

Request Policy That Does Not Create Chaos

1. 1. Role Who Can Request?

   Separate admin, trusted requester, and limited requester roles. A user should not get admin power just to request media.

2. 2. Scope What Can Be Requested?

   Use permissions, quotas, and blocklists to keep requests aligned with your library purpose and rights scope.

3. 3. Destination Where Does It Go?

   Match movie, animated, comedy, TV, or 4K destinations before enabling automatic adds.

4. 4. Profile Which Quality Rules?

   Choose Radarr/Sonarr profiles that match your storage, audio, subtitle, and codec strategy.

5. 5. Search When Does It Search?

   Start with manual search or approval search. Turn on broad search only after several correct requests.

6. 6. Notify Who Gets Updates?

   Send notifications to requesters without exposing admin logs, private URLs, or API errors.

Approval is a control point

Approval is where you can prevent wrong roots, wrong profiles, and unsupported requests.

Do not publish secrets

Screenshots should hide Plex tokens, Arr API keys, request history, usernames, and private hostnames.

One Safe End-to-End Test

1. Choose one movie or show you own or are authorized to use as a legal test workload.
2. Request it in Seerr using a non-admin requester account.
3. Approve it manually as the admin.
4. Confirm the item appears in Radarr or Sonarr with the expected root folder and quality profile.
5. If search is enabled, confirm the queue behavior is exactly what you intended.
6. Wait for import or manually complete your controlled test workflow.
7. Confirm the title appears in Plex, Jellyfin, or Emby.
8. Confirm Seerr changes the request state to available and sends the expected notification.

Migrate from Ombi Without Losing Your Exit

Treat Seerr as a replacement only after it works. Back up Ombi configuration and database first, document the existing service, and keep the old install stopped-but-restorable until users, request rules, notifications, and integrations are proven. Migration is not just app startup. It is policy parity.

sudo systemctl status ombi --no-pager || true
sudo systemctl cat ombi.service || true

sudo install -d -m 0750 /opt/app-backups/ombi-pre-seerr

sudo tar -C / -czf 
  /opt/app-backups/ombi-pre-seerr/etc-Ombi.tgz 
  etc/Ombi 2>/dev/null || true

sudo tar -C / -czf 
  /opt/app-backups/ombi-pre-seerr/opt-Ombi.tgz 
  opt/Ombi 2>/dev/null || true

Backup privacy: Request databases may contain usernames, request titles, private URLs, notification targets, API keys, and household behavior. Store them on restricted or encrypted storage and sanitize anything used in screenshots or public examples.

Reverse Proxy and Access Design

Seerr can be household-facing, but it is still an app connected to your media server and Arr APIs. Use HTTPS, strong app authentication, reverse-proxy access lists where practical, and a firewall stance that does not publish every media admin app. App-to-app communication should usually use internal URLs. Users can reach Seerr through a friendly hostname, while Seerr reaches Radarr and Sonarr through private addresses.

1. 1. User Approved Requester

   A household user reaches only the Seerr request portal through HTTPS, VPN, or LAN.

2. 2. Proxy HTTPS Boundary

   The reverse proxy handles certificates, trusted headers, access lists, and logging.

3. 3. Seerr Request Portal

   Seerr authenticates users, enforces roles, and stores request state.

4. 4. Internal APIs Arr Services

   Radarr and Sonarr API calls use internal URLs and private API keys.

5. 5. Media Server Library Sync

   Plex, Jellyfin, or Emby availability is synced without exposing admin APIs broadly.

Seerr is not harmless

It can create requests, reveal private media interests, and hold integration secrets.

Keep admin apps private

Radarr, Sonarr, Prowlarr, SABnzbd, Tdarr, NAS, and proxy admin pages should stay LAN/VPN by default.

Backups

Backups should include enough detail to rebuild, not terabytes of replaceable cache. For Seerr, the important pieces are config, database, service file, source commit notes, and integration notes. If you use SQLite, stop Seerr or use a consistent backup method before copying the database. If you use PostgreSQL, use a database dump.

sudo systemctl stop seerr

sudo tar -C / -czf /var/backups/seerr-config.tgz 
  etc/seerr 
  etc/systemd/system/seerr.service

cd /opt/seerr
sudo -u seerr git rev-parse HEAD 
  | sudo tee /var/backups/seerr-source-commit.txt >/dev/null

sudo systemctl start seerr

Store the resulting backups on your NAS or another protected target with restricted permissions. Do not post live backup archives or real env files in public articles, GitHub issues, Discord, or screenshots.

Upgrade Routine

1. Announce or schedule a maintenance window if users actively rely on requests.
2. Back up /etc/seerr, the database, and the current source commit.
3. Stop Seerr.
4. Fetch the target commit or release branch.
5. Run pnpm install --frozen-lockfile and pnpm build.
6. Start Seerr and watch logs.
7. Run the local health endpoint check.
8. Open the UI and confirm Plex, Radarr, Sonarr, request history, and notifications still work.

sudo systemctl stop seerr

cd /opt/seerr
sudo -u seerr git fetch --all --prune
sudo -u seerr git checkout main
sudo -u seerr git pull --ff-only
sudo -u seerr HUSKY=0 CYPRESS_INSTALL_BINARY=0 pnpm install --frozen-lockfile
sudo -u seerr pnpm build

sudo systemctl start seerr
curl -fsS http://127.0.0.1:5055/api/v1/settings/public

Rollback Routine

Rollback is easy only if you recorded the previous commit and took a database backup before the upgrade. If an upgrade only broke code startup, check out the previous commit and rebuild. If the upgrade changed the database, restore the pre-upgrade database before running older code.

sudo systemctl stop seerr

cd /opt/seerr
sudo -u seerr git checkout PREVIOUS_KNOWN_GOOD_COMMIT
sudo -u seerr pnpm install --frozen-lockfile
sudo -u seerr pnpm build

# Restore the pre-upgrade database backup here if needed.

sudo systemctl start seerr
journalctl -u seerr -n 100 --no-pager

Docker Option for Readers Who Want the Recommended Path

The public guide should still acknowledge the upstream default: Docker is the recommended install method for most Seerr users. If you use Docker, keep the config path persistent and do not map it to an unreliable network share. Bind the published port to localhost if a reverse proxy is on the same host.

services:
  seerr:
    image: ghcr.io/seerr-team/seerr:latest
    container_name: seerr
    init: true
    environment:
      - TZ=America/Chicago
      - PORT=5055
      - LOG_LEVEL=info
    ports:
      - "127.0.0.1:5055:5055"
    volumes:
      - /opt/seerr/config:/app/config
    restart: unless-stopped
    healthcheck:
      test: >
        wget --no-verbose --tries=1 --spider
        http://localhost:5055/api/v1/settings/public || exit 1
      start_period: 20s
      timeout: 3s
      interval: 15s
      retries: 3

Troubleshooting

Symptom	Likely Cause	What to Check
Seerr page will not load	Service down, wrong bind address, reverse proxy issue, or port conflict.	systemctl status seerr, ss -ltnp, proxy target, and firewall rules.
Plex/Jellyfin/Emby sync fails	Wrong URL, token/API problem, TLS/proxy mismatch, or server unreachable.	Use an internal URL first and test from the Seerr host.
Request does not appear in Radarr	Wrong Radarr API key, wrong URL, disabled service, or missing default settings.	Test the Radarr connection and confirm profile/root folder choices.
Request does not appear in Sonarr	Wrong Sonarr API key, wrong URL, disabled service, or missing language/profile settings.	Test the Sonarr connection and confirm show/season behavior.
Everything goes to the wrong folder	Seerr default root folder is wrong.	Fix Seerr defaults before approving more requests.
Users can approve too much	Roles are too broad.	Create separate admin and requester permissions.
Settings disappear after update	Config directory was not persistent or permissions are wrong.	Verify /etc/seerr/config or Docker /app/config persistence.
Notifications reveal private details	Notification templates or channels are too broad.	Send only what the requester needs and keep admin errors private.

FAQ

Does Seerr replace Sonarr or Radarr?

No. Seerr is the request and approval layer. Sonarr and Radarr remain the systems that track library state, quality rules, root folders, custom formats, imports, and upgrades.

Should Seerr be exposed to the internet?

Only after you intentionally design the access boundary. A safer pattern is VPN or reverse proxy with HTTPS, app authentication, strong admin passwords, least-privilege requester roles, and logging.

Should search on add be enabled?

Not on day one. First prove that requests route to the correct app, root folder, quality profile, and tags. Then enable search for request types you trust.

What should I back up?

Back up Seerr config, database, service file, source commit notes, reverse-proxy notes, and integration settings. Keep those backups private because they may include tokens, user data, and request history.

Series Navigation

Seerr is part of the TechGeeks Plex, Arr, and Tdarr homelab series. These companion articles fill in the surrounding architecture, security, storage, monitoring, and automation decisions.

• Complete beginner setup
• Plex architecture
• Sonarr setup
• Radarr setup
• Prowlarr setup
• Radarr import lists
• Custom formats
• GPU strategy
• Reverse proxy security
• Backups and disaster recovery
• Monitoring and health checks
• Series hub

References

• Seerr introduction and feature overview
• Seerr build from source guide
• Seerr Docker guide
• Seerr database configuration
• TechGeeks Sonarr setup guide
• TechGeeks Radarr setup guide
• TechGeeks reverse proxy guide
• TechGeeks backup guide