Differences

This shows you the differences between two versions of the page.

--- computing:navidrome [2025/10/29 02:40] – created oemb1905
+++ computing:navidrome [2025/10/29 02:57] (current) – oemb1905
@@ Line 11: / Line 11: @@
 -------------------------------------------
-This tutorial is for Debian Trixie users seeking to set up a production-ready Navidrome server. I used virsh+qemu to make a VM with 8TB of storage, and the VM is set up with a LAMP stack, a reverse proxy with Let's Encrypt, automated syncing, scanning, and some hardening measures. Im using fpm with the mpm_event handler for concurrency. My standard fail2ban setup is in place for protection. This instance is designed for public listening. The library is imaged off my master library via a remote source and includes aggressive cover art fetching.
+This tutorial is for Debian Trixie users seeking to set up a production-ready Navidrome server. I used virsh+qemu to make a VM with 8TB of storage, and the VM is set up with a LAMP stack, a reverse proxy with Let's Encrypt, automated syncing, scanning, and some hardening measures. Im using fpm with the mpm_event handler for concurrency. My standard fail2ban setup is in place for protection. This instance is designed for public listening. The library is imaged off my master library via a remote source and includes aggressive cover art fetching. Let's setup our lamp stack and add the basic packages required. If you don't know how to setup TLS / LAMP properly, please see [[https://wiki.haacksnetworking.org/doku.php?id=computing:apachesurvival|my tutorial]].
-Initial VM Prep and Navidrome Installation
   sudo apt update && sudo apt upgrade -y
   sudo apt install ffmpeg wget nano curl snapd ufw fail2ban postfix apache2 php8.4-fpm php8.4-mysql php8.4-curl php8.4-gd php8.4-mbstring php8.4-xml php8.4-zip
-Download and install Navidrome:
+Next, we download and install Navidrome:
   wget https://github.com/navidrome/navidrome/releases/download/v0.54.1/navidrome_0.54.1_linux_amd64.deb
   sudo apt install ./navidrome_0.54.1_linux_amd64.deb
-Set up music dir:
+Let's set up a music directory:
   sudo mkdir -p /opt/navidrome/music
@@ Line 30: / Line 28: @@
   sudo find /opt/navidrome/music -type f -exec chmod 644 {} +
-Apache Reverse Proxy and Let's Encrypt and associated modules:
+Make sure you enable proper modules and conf files:
   sudo a2enmod proxy proxy_http ssl headers rewrite proxy_fcgi setenvif
@@ Line 36: / Line 34: @@
   sudo a2dismod mpm_prefork php8.4
   sudo a2enmod mpm_event
+Setup regular Let's Encrypt with the default vhost and and then replace the vhost with the reverse proxy once everything is setup. Let's setup Let's Encrypt and TLS:
+  sudo a2ensite gnulinux.studio.conf
+  sudo apache2ctl configtest
+  sudo apt install certbot letsencrypt python3-certbot-apache
+  sudo certbot --authenticator standalone --installer apache -d gnulinux.studio --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
-Create vhost ''nano /etc/apache2/sites-available/gnulinux.studio.conf'':
+Once the default configuration is working for both http and https, disable the let's encrypt configuration with ''a2dissite gnulinux.studio-le.conf'' and then edit the primary configuration ''nano /etc/apache2/sites-enabled/gnulinux.studio.conf'' with the following:
   <VirtualHost *:80>
@@ Line 64: / Line 69: @@
   </VirtualHost>
-Enable site and Certbot:
+Since TLS was already setup under the regular vhost, and the reverse proxy configuration simply uses the same cert, you can just drop this in and restart apache ''systemctl restart apache2''. This is a good time to visit your site's domain and make sure everything is working. If it won't serve navidrome, check syntax, check logs, and make sure modules/configurations in apache are functioning properly and configured with proper syntax. Next, let's tune the php handler, ''mpm_event'', over in ''nano /etc/apache2/mods-available/mpm_event.conf'', assuming 8 cores and an upper limit of 400 workers:
-  sudo a2ensite gnulinux.studio.conf
-  sudo apache2ctl configtest
-  sudo apt install certbot letsencrypt python3-certbot-apache
-  sudo certbot --authenticator standalone --installer apache -d gnulinux.studio --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
-Tune mpm_event in ''nano /etc/apache2/mods-available/mpm_event.conf'', assuming 8 cores and an upper limit of 400 workers:
   StartServers 4
@@ Line 82: / Line 80: @@
   ServerLimit 16
-Once you've adjusted this, restart apache with ''sudo systemctl restart apache2''. Make sure fpm is tweaked by heading to ''nano /etc/php/8.4/fpm/pool.d/www.conf'' and adjust servers as follows:
+Once you've adjusted this, restart apache with ''sudo systemctl restart apache2''. Let's also adjust how php spins up servers for simultaneous requests by adjusting ''nano /etc/php/8.4/fpm/pool.d/www.conf'' as follows:
   pm = dynamic
@@ Line 130: / Line 128: @@
   touch /tmp/sync-music.lock
   echo "$(date): Starting music sync..." >> "$LOG"
-  sudo rsync -ai --log-file=/root/logs/rsync-music.log --delete --chown=navidrome:navidrome root@mail.outsidebox.club:/mnt/Storage/obdata/oemb1905/files/Masters/* /opt/navidrome/music/
+  sudo rsync -ai --log-file=/root/logs/rsync-music.log --delete --chown=navidrome:navidrome root@mail.outsidebox.club:/mnt/location/of/your/masters/* /opt/navidrome/music/
   echo "$(date): Music sync completed." >> "$LOG"
   rm /tmp/sync-music.lock

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools