Revamp initial setup dialog to be more useful

[joshuaboniface]

The current initial setup screen is a great idea, however the execution falls flat. There's a lot of things that can be improved on it, in almost every screen. This issue will track the required changes.

Sub-issues: https://github.com/jellyfin/jellyfin/issues/192

My thoughts, per-page (numbered):

1. Display language page is perfect, no need to clutter this one up. Maybe add a "Is your language not here? See <page> to help translate Jellyfin" at the bottom.
2. "About yourself" page, I really hate this wording. Should be "initial user setup". Should change the field from "your first name" to "administrator username" - why yes, my first name is indeed "admin" thank you. Add a field to set an initial password as well, but allow this to be blank to have no password (as is currently the default). I think just a second dialog that allows a null value is better than a checkbox or anything, since it gently implies that there should be a PW -> encouraging sane defaults.
3. Media library setup page is fine, though maybe move this to the very end of the welcome screen rather than right in the middle.
4. Metadata language page seems fine, though since you configured your libraries in the last page, the ordering of this makes zero sense. Should ask for defaults first (related to the reordering mentioned above).
5. Configure Remote Access page has so many improvements that it got its own issue https://github.com/jellyfin/jellyfin/issues/192
6. "You're done" page, is basically just a "use our apps" add. If library scan (number 3) is last, then this can just say "finish and go to dashboard" rather than have a separate page.

Feedback welcome.

[sparky8251]

I agree with these changes. Maybe just make it so whatever page is last has the "finish and go to dashboard" rather than a unique page, but thats something requiring testing.

[ploughpuff]

It would be nice if the "Preferred Metadata Language" (page 4) could somehow inherit the "Preferred display language" (page 1) as its default...

[sparky8251]

I've tagged this issue "discussion needed"

I think it deserves to be done, but we could use some feedback on it. If we are aiming to fix it up, its also not impossible to consider redoing the entire system.

Feedback will let us know if a redo can turn out better than a tune up.

[LeoVerto]

I don't know why UPnP port forwarding is enabled by default and IMHO it shouldn't as that can present quite the security risks to users who don't know what they're doing and routers who are maliciously compliant in this.

[joshuaboniface]

I understand why they did it: its another "easy" solution for the non-technical. Which really does, again, raise the bigger question: how much do we sacrifice sane defaults and security to support non-technical users. Emby clearly sat on the "users" side of that fence, but moving to the other side will alienate a lot of users. It's a hard problem.

[sparky8251]

Well... I'm still of the mind its off by default and you can turn it on.

Maybe we describe more of what it does in the text underneath so its more apparent that it can be a security risk?

[LeoVerto]

IMHO remote access should be explained in the documentation with all the risks and options for handling it well described. It should not be something that may or may not be (depending on the router) be enabled by default.

[JustAMan]

I don't know why UPnP port forwarding is enabled by default and IMHO it shouldn't as that can present quite the security risks to users who don't know what they're doing and routers who are maliciously compliant in this.

I would say it should be off by default and enabled in settings (with a question about that in "Setup new instance" wizard this issue discusses).

[heyhippari]

UPnP should probably be set in the "Remote Access" setup page as part of the initial setup.

It would be disabled by default, for security, and the could be a checkbox along the lines of "Enable remote access to this server" with an info text below it that reads "Make Jellyfin server accessible from outside your network by enabling UPnP".

[Xalaxis]

I think that when you tick that toggle, a dialog should appear noting the potential security risks (a popup stands a better chance of being read by the user than the flavor text of the toggle).

[stale[bot]]

Issues go stale after 90d of inactivity. Mark the issue as fresh by adding a comment or commit. Stale issues close after an additional 14d of inactivity. If this issue is safe to close now please do so. If you have any questions you can reach us on Matrix or Social Media.

[joshuaboniface]

Commenting to state that I will be re-reviewing the setup wizard and adding thoughts that are more relevant after the 4.5 years since the project started. There's a few other things worth adding, for instance:

• disallowing an empty admin password (don't allow users to shoot themselves in the foot this badly)
• adding additional users at setup (might not be worthwhile, but considering)
• HTTP/S and listening - would be a "set once from wizard, only editable from configs after" option
• internal/external networks + network trust - would be a "set once from wizard, only editable from configs after" option
• setting ffmpeg path at setup - would be a "set once from wizard, only editable from configs after" option

More ideas are welcome and I will update the original message to include them.