User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:navidrome [2024/04/16 12:20] willyservices:navidrome [2024/09/02 12:30] (current) – [Reverse Proxy] willy
Line 1: Line 1:
 ====== Navidrome ====== ====== Navidrome ======
  
 +[[https://www.navidrome.org/|Navidrome]] is a streaming server that let's you stream your own music to your devices. It's pretty solid and compatible with [[https://github.com/opensubsonic|OpenSubsonic]] API. You can browse and listen to your collection on the WEB GUI or with your favorite client app.
  
-<code bash> +This will be integrated with SSO using Authelia.
-useradd -d /data/daemons/navidrome -m -g media navidrome+
  
 +===== Installation =====
  
 +Navidrome is provided via docker and natively support rootless configuration. As usual, you need to create a dedicated user for the service:
 +
 +<code bash>
 +useradd -d /data/daemons/navidrome -m -g media navidrome
 </code> </code>
  
-docker-compose.yml:+Then put the following **docker-compose.yml** to **/data/daemons/navidrome**:
 <file - docker-compose.yml> <file - docker-compose.yml>
 version: "3" version: "3"
Line 24: Line 29:
       ND_SESSIONTIMEOUT: 24h       ND_SESSIONTIMEOUT: 24h
       ND_BASEURL: ""       ND_BASEURL: ""
 +      ND_REVERSEPROXYWHITELIST: 10.89.0.0/24
     volumes:     volumes:
       - "/data/daemons/navidrome/data:/data"       - "/data/daemons/navidrome/data:/data"
       - "/data/Music/folder:/music:ro"       - "/data/Music/folder:/music:ro"
 </file> </file>
 +
 +You need to adapt UID/GID, paths to music collection and port.
 +ND_REVERSEPROXYWHITELIST must list the subnet associated to your NGINX reverse proxy as seen from the Navidrome container. The provided IP range should be enough for a default Podman installation.
 +
 +
 +===== Reverse Proxy =====
 +
 +I choose to install Navidrome on it's own subdomain **https://navidrome.mydomain.com** to make it easier for Subsonic integration. For more details see [[selfhost:nginx|The Reverse Proxy concept]].
 +
 +This example also include the Authelia integration.
  
 <file - navidrome.conf> <file - navidrome.conf>
-location ^~ /navidrome +server 
-        proxy_pass http://127.0.0.1:4533/navidrome; +        server_name navidrome.mydomain.com
-        proxy_set_header Host $host; +        listen 443 ssl
-        proxy_set_header X-Real-IP $remote_addr; +        listen 8443 ssl
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +        http2 on;
-        proxy_set_header X-Forwarded-Proto $scheme; +
-        proxy_set_header X-Forwarded-Protocol $scheme+
-        proxy_set_header X-Forwarded-Host $http_host+
-        proxy_set_header Remote-User $remote_user+
-        proxy_buffering off;+
  
 +        access_log /var/log/nginx/navidrome.mydomain.com_access_log main;
 +        error_log /var/log/nginx/navidrome.mydomain.com_error_log info;
  
-        location /navidrome/rest { +        include "com.mydomain/authelia_location.conf";
-                auth_pam off; +
-        proxy_pass http://127.0.0.1:4533/navidrome/rest; +
-        proxy_set_header Host $host; +
-        proxy_set_header X-Real-IP $remote_addr; +
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +
-        proxy_set_header X-Forwarded-Proto $scheme; +
-        proxy_set_header X-Forwarded-Protocol $scheme; +
-        proxy_set_header X-Forwarded-Host $http_host; +
-        proxy_set_header Remote-User $remote_user; +
-        proxy_buffering off;+
  
 +        location ^~ / {
 +
 +                include "com.mydomain/authelia_proxy.conf";
 +                include "com.mydomain/authelia_authrequest.conf";
 +
 +                proxy_pass http://127.0.0.1:4533;
 +                proxy_set_header X-Forwarded-Protocol $scheme;
 +                proxy_set_header Remote-User $remote_user;
 +                proxy_buffering off;
         }         }
  
 +                location /rest {
 +                        proxy_pass http://127.0.0.1:4533/rest;
 +                       proxy_set_header Host $host;
 +                       proxy_set_header X-Real-IP $remote_addr;
 +                       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +                       proxy_set_header X-Forwarded-Proto $scheme;
 +                        proxy_set_header X-Forwarded-Protocol $scheme;
 +                       proxy_set_header X-Forwarded-Host $http_host;
 +                        proxy_set_header Remote-User $remote_user;
 +                        proxy_buffering off;
 +                }
 +
 +        client_max_body_size 100M;
 } }
 </file> </file>
 +
 +This will automatically login your users using the SSO provided by [[services:authelia|Authelia]].
 +
 +Please note that the **/rest** location is __not__ protected by Authelia, as this would __not__ work with Subsonic apps. Authentication, in this case, is performed by Navidrome itself: users will need to setup a password within Navidrome! (this might be fixed using Authelia basic auth, but i have not tried.)
 +
 +
 +
 +
 +===== Autostart =====
 +
 +To start it, and set it up on boot, as usual follow my indications [[gentoo:containers|Using Containers on Gentoo]], so link the **user-containers** init script:
 +<code>
 +ln -s /etc/init.d/user-containers /etc/init.d/user-containers.navidrome
 +</code>
 +
 +and create the following config file:
 +<file - /etc/conf.d/user-containers.navidrome>
 +USER=navidrome
 +DESCRIPTION="The music server"
 +</file>
 +
 +Add the service to the default runlevel and start it now:
 +<code bash>
 +rc-update add user-containers.navidrome default
 +rc-service user-containers.navidrome start
 +</code>
 +
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information