Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sintonia/docs/admin-manual/install/reverse-proxy.md

4.7 KiB
Raw Blame History

title sidebar_position
Reverse proxy 30

This guide walk you though the steps required to setup a reverse proxy in front of LibreTime.

Setting a reverse proxy in front of LibreTime is recommended, it prevents LibreTime to be open to the Internet, adds security by enabling https and let's you manage your certificates in a single place.

:::warning

The current input and output streams are Icecast based protocols and doesn't support being behind a reverse proxy. Don't attempt to reverse proxy Icecast or the Liquidsoap harbor inputs.

Modern protocols such as HLS and SRT will be implement in the future to fix those limitations.

:::

Below is a schema that illustrate the goals when setting up a reverse proxy in front of LibreTime:

Prerequisites

You need a domain name (radio.example.com) and a tls certificate for that domain. You can get certificates from Let's Encrypt by using Certbot.

You need to identify the location of the services that should be exposed to the public:

  • the LibreTime web server (usually localhost:8080, for documentation clarity we use libretime:8080).

:::info

If LibreTime is running on the same host as the reverse proxy, you need to change the LibreTime web server default listening port because the reverse proxy needs to listen on the 80and 443 ports.

:::

:::caution

Be sure that your firewall and network allows communications from the reverse proxy to the services. You can use ping, telnet and curl to check that communication is working.

:::

Install a reverse proxy

Apache

:::info

You follow one of these guides to configure Apache with a Let's Encrypt certificate.

:::

🚧

Nginx

:::info

You follow one of these guides to configure Nginx with a Let's Encrypt certificate.

:::

Once you installed nginx and retrieved the required certificates, you can configure the reverse proxy to work with LibreTime.

Paste the following configuration in /etc/nginx/sites-available/libretime.conf and be sure to replace:

  • radio.example.com with your own station url,
  • libretime:8080 with the location of your LibreTime web server;
server {
    listen 80;
    server_name radio.example.com;
    location / {
        rewrite ^ https://$server_name$request_uri? permanent;
    }
}

server {
    listen 443 ssl;
    server_name radio.example.com;

    ssl_certificate /etc/letsencrypt/live/radio.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/radio.example.com/privkey.pem;

    location / {
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;

        proxy_pass http://libretime:8080/;
    }
}

Enable the nginx configuration and restart nginx using the commands below:

ln -s /etc/nginx/sites-available/libretime.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx

Icecast

:::warning

If you attempt to listen an insecure Icecast stream on a secure website, a mixed content error will be raised by your browser and should prevent your player from listening to the stream.

You follow one of these guides to configure a secure Icecast server with a Let's Encrypt certificate.

:::