How to deploy a self-hold music stream server(navidrome)

Posted on Edited on In Views: Word count in article: 5.2k Reading time ≈ 5 mins.

If you are a music lover and have tons of music file like me, it is highly recommended to deploy a self-hold music stream server, with which you can get rid of paying to music provider. Now, I will teach you how to deploy Navidrome as your music stream server. In order to get a better performance, I am not going to install it with docker, I will install it manually.

How to install

First of all, use ssh to log in your server as root.

1
2
3
4
5
apt update
apt upgrade
apt install apache2 vim ffmpeg certbot python3-certbot-apache
adduser navidrome # add a user for navidrome, as the official does not recommend us to install it as root
vim /etc/sudoers
1
navidrome	ALL=(ALL:ALL) ALL # add this line for temporary sudo permission, after installation, you can delete this line
1
2
3
4
5
6
7
su - navidrome
sudo install -d -o navidrome -g navidrome /opt/navidrome
sudo install -d -o navidrome -g navidrome /var/lib/navidrome
wget https://github.com/navidrome/navidrome/releases/download/v0.50.2/navidrome_0.50.2_linux_amd64.tar.gz # get the latest release in official github release page: https://github.com/navidrome/navidrome/releases
sudo tar -xvzf navidrome_0.50.2_linux_amd64.tar.gz -C /opt/navidrome/
sudo chown -R navidrome:navidrome /opt/navidrome
vim /var/lib/navidrome/navidrome.toml
1
2
MusicFolder = "/var/www/music"
ND_ENABLETRANSCODINGCONFIG = true
1
2
exit
vim /etc/systemd/system/navidrome.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
[Unit]
Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
After=remote-fs.target network.target
AssertPathExists=/var/lib/navidrome

[Install]
WantedBy=multi-user.target

[Service]
User=navidrome
Group=navidrome
Type=simple
ExecStart=/opt/navidrome/navidrome --configfile "/var/lib/navidrome/navidrome.toml"
WorkingDirectory=/var/lib/navidrome
TimeoutStopSec=20
KillMode=process
Restart=on-failure

# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
DevicePolicy=closed
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
ReadWritePaths=/var/lib/navidrome

# You can uncomment the following line if you're not using the jukebox This
# will prevent navidrome from accessing any real (physical) devices
#PrivateDevices=yes

# You can change the following line to `strict` instead of `full` if you don't
# want navidrome to be able to write anything on your filesystem outside of
# /var/lib/navidrome.
ProtectSystem=full

# You can uncomment the following line if you don't have any media in /home/*.
# This will prevent navidrome from ever reading/writing anything there.
#ProtectHome=true

# You can customize some Navidrome config options by setting environment variables here. Ex:
#Environment=ND_BASEURL="/navidrome"
1
2
3
4
5
sudo systemctl daemon-reload
sudo systemctl start navidrome.service
sudo systemctl status navidrome.service
sudo systemctl enable navidrome.service
vim /etc/apache2/sites-available/your.domain.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<VirtualHost *:80>
    ServerName your.domain
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:443>
    ServerName your.domain

    ErrorLog ${APACHE_LOG_DIR}/music_error.log
    CustomLog ${APACHE_LOG_DIR}/music_access.log combined

    # comment these lines related to ssl until you get your ssl certificate
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/your.domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your.domain/privkey.pem

    Alias /webdav /var/www/music

    <Location /webdav>
        DAV On
        AuthType Basic
        AuthName "WebDAV Restricted"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Location>

    ProxyPreserveHost On
    ProxyRequests Off

    # WebSocket support
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://127.0.0.1:4533/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteCond %{REQUEST_URI} !^/webdav
    RewriteRule /(.*) http://127.0.0.1:4533/$1 [P,L]

    # Proxy 
    ProxyPass /webdav !

    ProxyPass / http://127.0.0.1:4533/
    ProxyPassReverse / http://127.0.0.1:4533/

    ProxyTimeout 600

    TraceEnable off
</VirtualHost>
1
2
3
4
5
6
7
8
9
a2enmod rewrite ssl dav dav_fs proxy proxy_http
systemctl restart apache2
mkdir /var/www/music
chown -R www-data:www-data /var/www/music/
a2ensite your.domain.conf
systemctl reload apache2
certbot certonly --apache -d your.domain
htpasswd -c /etc/apache2/.htpasswd your_webdav_username # this command is to creat a user and password for your webdav
service apache2 restart

Then, go to your.domain with browser, and set a admin account for your Navidrome.

How to use

You can upload and manage your music file via webdav

All of recommended client can synchronize playlist created on Navidrome webpage.

Reference

  1. https://www.navidrome.org/docs/installation/linux/
  2. https://www.navidrome.org/docs/usage/configuration-options/
  3. https://www.navidrome.org/docs/usage/security/
  4. https://www.reddit.com/r/navidrome/comments/qyxcj8/navidrome_reverse_proxy_setup_with_apache/
  5. https://www.rman.top/2022/01/20/webdav/
  6. https://blog.csdn.net/qq_34093082/article/details/134880677