User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:navidrome [2024/04/17 10:43] willyservices:navidrome [2024/09/02 12:30] (current) – [Reverse Proxy] willy
Line 2: Line 2:
  
 [[https://www.navidrome.org/|Navidrome]] is a streaming server that let's you stream your own music to your devices. It's pretty solid and compatible with [[https://github.com/opensubsonic|OpenSubsonic]] API. You can browse and listen to your collection on the WEB GUI or with your favorite client app. [[https://www.navidrome.org/|Navidrome]] is a streaming server that let's you stream your own music to your devices. It's pretty solid and compatible with [[https://github.com/opensubsonic|OpenSubsonic]] API. You can browse and listen to your collection on the WEB GUI or with your favorite client app.
 +
 +This will be integrated with SSO using Authelia.
  
 ===== Installation ===== ===== Installation =====
Line 26: Line 28:
       ND_LOGLEVEL: info         ND_LOGLEVEL: info  
       ND_SESSIONTIMEOUT: 24h       ND_SESSIONTIMEOUT: 24h
-      ND_BASEURL: "/navidrome"+      ND_BASEURL: "" 
 +      ND_REVERSEPROXYWHITELIST: 10.89.0.0/24
     volumes:     volumes:
       - "/data/daemons/navidrome/data:/data"       - "/data/daemons/navidrome/data:/data"
Line 32: Line 35:
 </file> </file>
  
-You need to adapt UID/GID, paths to music collection and port. Also, check the BASEURL.+You need to adapt UID/GID, paths to music collection and port. 
 +ND_REVERSEPROXYWHITELIST must list the subnet associated to your NGINX reverse proxy as seen from the Navidrome container. The provided IP range should be enough for a default Podman installation. 
  
 ===== Reverse Proxy ===== ===== Reverse Proxy =====
  
-The following NGINX configuration will proxy your navidrome to **https://mydomain.com/navidrome**. For more details see [[selfhost:nginx|The Reverse Proxy concept]].+I choose to install Navidrome on it's own subdomain **https://navidrome.mydomain.com** to make it easier for Subsonic integration. For more details see [[selfhost:nginx|The Reverse Proxy concept]]
 + 
 +This example also include the Authelia integration.
  
 <file - navidrome.conf> <file - navidrome.conf>
-location ^~ /navidrome +server 
-        proxy_pass http://127.0.0.1:4533/navidrome; +        server_name navidrome.mydomain.com
-        proxy_set_header Host $host; +        listen 443 ssl
-        proxy_set_header X-Real-IP $remote_addr; +        listen 8443 ssl
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +        http2 on;
-        proxy_set_header X-Forwarded-Proto $scheme; +
-        proxy_set_header X-Forwarded-Protocol $scheme+
-        proxy_set_header X-Forwarded-Host $http_host+
-        proxy_set_header Remote-User $remote_user+
-        proxy_buffering off;+
  
-        location /navidrome/rest { +        access_log /var/log/nginx/navidrome.mydomain.com_access_log main
-                auth_pam off+        error_log /var/log/nginx/navidrome.mydomain.com_error_log info;
-        proxy_pass http://127.0.0.1:4533/navidrome/rest; +
-        proxy_set_header Host $host; +
-        proxy_set_header X-Real-IP $remote_addr; +
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +
-        proxy_set_header X-Forwarded-Proto $scheme; +
-        proxy_set_header X-Forwarded-Protocol $scheme; +
-        proxy_set_header X-Forwarded-Host $http_host; +
-        proxy_set_header Remote-User $remote_user; +
-        proxy_buffering off;+
  
 +        include "com.mydomain/authelia_location.conf";
 +
 +        location ^~ / {
 +
 +                include "com.mydomain/authelia_proxy.conf";
 +                include "com.mydomain/authelia_authrequest.conf";
 +
 +                proxy_pass http://127.0.0.1:4533;
 +                proxy_set_header X-Forwarded-Protocol $scheme;
 +                proxy_set_header Remote-User $remote_user;
 +                proxy_buffering off;
         }         }
  
 +                location /rest {
 +                        proxy_pass http://127.0.0.1:4533/rest;
 +                       proxy_set_header Host $host;
 +                       proxy_set_header X-Real-IP $remote_addr;
 +                       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +                       proxy_set_header X-Forwarded-Proto $scheme;
 +                        proxy_set_header X-Forwarded-Protocol $scheme;
 +                       proxy_set_header X-Forwarded-Host $http_host;
 +                        proxy_set_header Remote-User $remote_user;
 +                        proxy_buffering off;
 +                }
 +
 +        client_max_body_size 100M;
 } }
 </file> </file>
 +
 +This will automatically login your users using the SSO provided by [[services:authelia|Authelia]].
 +
 +Please note that the **/rest** location is __not__ protected by Authelia, as this would __not__ work with Subsonic apps. Authentication, in this case, is performed by Navidrome itself: users will need to setup a password within Navidrome! (this might be fixed using Authelia basic auth, but i have not tried.)
 +
 +
 +
  
 ===== Autostart ===== ===== Autostart =====
  
-If you are following my [[gentoo:locald|Custom User Services]], create the following links+To start it, and set it up on boot, as usual follow my indications [[gentoo:containers|Using Containers on Gentoo]], so link the **user-containers** init script
-<code bash+<code> 
-ln -s _servicer.sh 32-navidrome--podman.start +ln -s /etc/init.d/user-containers /etc/init.d/user-containers.navidrome
-ln -s _servicer.sh 32-navidrome--podman.stop+
 </code> </code>
  
 +and create the following config file:
 +<file - /etc/conf.d/user-containers.navidrome>
 +USER=navidrome
 +DESCRIPTION="The music server"
 +</file>
 +
 +Add the service to the default runlevel and start it now:
 +<code bash>
 +rc-update add user-containers.navidrome default
 +rc-service user-containers.navidrome start
 +</code>
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information