====== Navidrome ======
[[https://www.navidrome.org/|Navidrome]] is a streaming server that let's you stream your own music to your devices. It's pretty solid and compatible with [[https://github.com/opensubsonic|OpenSubsonic]] API. You can browse and listen to your collection on the WEB GUI or with your favorite client app.
This will be integrated with SSO using Authelia.
===== Installation =====
Navidrome is provided via docker and natively support rootless configuration. As usual, you need to create a dedicated user for the service:
useradd -d /data/daemons/navidrome -m -g media navidrome
Then put the following **docker-compose.yml** to **/data/daemons/navidrome**:
version: "3"
services:
navidrome:
image: deluan/navidrome:latest
user: 1046:1014 # should be owner of volumes
ports:
- "4533:4533"
restart: unless-stopped
environment:
# Optional: put your config options customization here. Examples:
ND_SCANSCHEDULE: 1h
ND_LOGLEVEL: info
ND_SESSIONTIMEOUT: 24h
ND_BASEURL: ""
ND_REVERSEPROXYWHITELIST: 10.89.0.0/24
volumes:
- "/data/daemons/navidrome/data:/data"
- "/data/Music/folder:/music:ro"
You need to adapt UID/GID, paths to music collection and port.
ND_REVERSEPROXYWHITELIST must list the subnet associated to your NGINX reverse proxy as seen from the Navidrome container. The provided IP range should be enough for a default Podman installation.
===== Reverse Proxy =====
I choose to install Navidrome on it's own subdomain **https://navidrome.mydomain.com** to make it easier for Subsonic integration. For more details see [[selfhost:nginx|The Reverse Proxy concept]].
This example also include the Authelia integration.
server {
server_name navidrome.mydomain.com;
listen 443 ssl;
listen 8443 ssl;
http2 on;
access_log /var/log/nginx/navidrome.mydomain.com_access_log main;
error_log /var/log/nginx/navidrome.mydomain.com_error_log info;
include "com.mydomain/authelia_location.conf";
location ^~ / {
include "com.mydomain/authelia_proxy.conf";
include "com.mydomain/authelia_authrequest.conf";
proxy_pass http://127.0.0.1:4533;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header Remote-User $remote_user;
proxy_buffering off;
}
location /rest {
proxy_pass http://127.0.0.1:4533/rest;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Remote-User $remote_user;
proxy_buffering off;
}
client_max_body_size 100M;
}
This will automatically login your users using the SSO provided by [[services:authelia|Authelia]].
Please note that the **/rest** location is __not__ protected by Authelia, as this would __not__ work with Subsonic apps. Authentication, in this case, is performed by Navidrome itself: users will need to setup a password within Navidrome! (this might be fixed using Authelia basic auth, but i have not tried.)
===== Autostart =====
To start it, and set it up on boot, as usual follow my indications [[gentoo:containers|Using Containers on Gentoo]], so link the **user-containers** init script:
ln -s /etc/init.d/user-containers /etc/init.d/user-containers.navidrome
and create the following config file:
USER=navidrome
DESCRIPTION="The music server"
Add the service to the default runlevel and start it now:
rc-update add user-containers.navidrome default
rc-service user-containers.navidrome start