Navidrome is a streaming server that let's you stream your own music to your devices. It's pretty solid and compatible with OpenSubsonic API. You can browse and listen to your collection on the WEB GUI or with your favorite client app.
This will be integrated with SSO using Authelia.
Navidrome is provided via docker and natively support rootless configuration. As usual, you need to create a dedicated user for the service:
useradd -d /data/daemons/navidrome -m -g media navidrome
Then put the following docker-compose.yml to /data/daemons/navidrome:
version: "3"
services:
navidrome:
image: deluan/navidrome:latest
user: 1046:1014 # should be owner of volumes
ports:
- "4533:4533"
restart: unless-stopped
environment:
# Optional: put your config options customization here. Examples:
ND_SCANSCHEDULE: 1h
ND_LOGLEVEL: info
ND_SESSIONTIMEOUT: 24h
ND_BASEURL: ""
ND_REVERSEPROXYWHITELIST: 10.89.0.0/24
volumes:
- "/data/daemons/navidrome/data:/data"
- "/data/Music/folder:/music:ro"
You need to adapt UID/GID, paths to music collection and port. ND_REVERSEPROXYWHITELIST must list the subnet associated to your NGINX reverse proxy as seen from the Navidrome container. The provided IP range should be enough for a default Podman installation.
I choose to install Navidrome on it's own subdomain https://navidrome.mydomain.com to make it easier for Subsonic integration. For more details see The Reverse Proxy concept.
This example also include the Authelia integration.
server {
server_name navidrome.mydomain.com;
listen 443 ssl;
listen 8443 ssl;
http2 on;
access_log /var/log/nginx/navidrome.mydomain.com_access_log main;
error_log /var/log/nginx/navidrome.mydomain.com_error_log info;
include "com.mydomain/authelia_location.conf";
location ^~ / {
include "com.mydomain/authelia_proxy.conf";
include "com.mydomain/authelia_authrequest.conf";
proxy_pass http://127.0.0.1:4533;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header Remote-User $remote_user;
proxy_buffering off;
}
location /rest {
proxy_pass http://127.0.0.1:4533/rest;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Remote-User $remote_user;
proxy_buffering off;
}
client_max_body_size 100M;
}
This will automatically login your users using the SSO provided by Authelia.
Please note that the /rest location is not protected by Authelia, as this would not work with Subsonic apps. Authentication, in this case, is performed by Navidrome itself: users will need to setup a password within Navidrome! (this might be fixed using Authelia basic auth, but i have not tried.)
To start it, and set it up on boot, as usual follow my indications Using Containers on Gentoo, so link the user-containers init script:
ln -s /etc/init.d/user-containers /etc/init.d/user-containers.navidrome
and create the following config file:
USER=navidrome DESCRIPTION="The music server"
Add the service to the default runlevel and start it now:
rc-update add user-containers.navidrome default rc-service user-containers.navidrome start