Sebastians IT-Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: Sebastians IT-Wiki » Ubuntu Linux » Navidrome Musik-Streaming auf Ubuntu Server
Zuletzt angesehen: Navidrome Musik-Streaming auf Ubuntu Server
ubuntu:navidrome

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
ubuntu:navidrome [2026/04/24 11:39] – [6. Apache VirtualHost (Reverse Proxy)] Sebastian Hetzelubuntu:navidrome [2026/04/30 20:56] (aktuell) – [Anwendung installieren] Sebastian Hetzel
Zeile 52: Zeile 52:
 </code> </code>
  
 +==== Logrotate ====
 +
 +<file bash /etc/logrotate.d/navidrome>
 +/var/log/navidrome.log
 +{
 +        rotate 14
 +        daily
 +        missingok
 +        notifempty
 +        delaycompress
 +        compress
 +        create 640 navidrome navidrome
 +        postrotate
 +                if service navidrome status > /dev/null 2>&1; then \
 +                    touch /var/log/navidrome.log; \
 +                    chown navidrome:navidrome /var/log/navidrome.log; \
 +                    service navidrome restart > /dev/null 2>&1; \
 +                fi;
 +        endscript
 +        sharedscripts
 +}
 +</file>
 ==== Daten wiederherstellen (bei Migration) ==== ==== Daten wiederherstellen (bei Migration) ====
  
Zeile 253: Zeile 275:
 a2enmod proxy proxy_http proxy_wstunnel headers rewrite ssl a2enmod proxy proxy_http proxy_wstunnel headers rewrite ssl
 </code> </code>
 +
 +Dual Stack aktivieren --> ''/etc/apache2/ports.conf''.
  
 <code apache> <code apache>
-<IfModule mod_ssl.c> +Listen 80 
-<VirtualHost *:443> +Listen [::]:80 
-    ServerName music.example.com +Listen 443 
-    DocumentRoot /var/www/navidrome/html+Listen [::]:443 
 +</code>
  
-    # Logs +Apache-Version nicht bekannt geben --> ''/etc/apache2/conf-enabled/security.conf''
-    ErrorLog /var/www/navidrome/logs/error.log +
-    CustomLog /var/www/navidrome/logs/access.log combined+
  
-    # Proxy Settings +<code apache> 
-    ProxyPreserveHost On +ServerTokens 
-    Protocols http/1.1   HTTP/1.1 erzwingen für stabile Streaming-Verbindungen +This directive configures what you return as the Server HTTP response 
- +HeaderThe default is 'Full' which sends information about the OS-Type 
-    WebSocket Support (Rewrites nur für Upgrade) +and compiled in modules. 
-    RewriteEngine On +Set to one of:  Full | OS | Minimal | Minor | Major | Prod 
-    RewriteCond %{HTTP:Upgrade} =websocket [NC] +where Full conveys the most informationand Prod the least. 
-    RewriteRule /(.*) ws://127.0.0.1:4533/$1 [P,L] +#ServerTokens Minimal 
- +ServerTokens Prod 
-    Normaler Proxy für alle anderen Requests +#ServerTokens Full
-    ProxyPass / http://127.0.0.1:4533/ nocanon +
-    ProxyPassReverse / http://127.0.0.1:4533/ +
- +
-    # Forwarded Headers +
-    RequestHeader set X-Forwarded-Proto "https" +
-    RequestHeader set X-Forwarded-Port "443" +
-    RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s" +
- +
-    Connection / Timeout Optimierungen +
-    KeepAlive On +
-    MaxKeepAliveRequests 100 +
-    KeepAliveTimeout 5 +
-    ProxyTimeout 300 +
- +
-    Security Headers +
-    X-XSS-Protection ist veraltetkann optional drinbleiben oder entfernt werden +
-    Header always set X-XSS-Protection "1; mode=block" +
-    Header always set X-Content-Type-Options "nosniff" +
-    Header always set Strict-Transport-Security "max-age=31536000" +
- +
-    SSL Certs +
-    Include /etc/letsencrypt/options-ssl-apache.conf +
-    SSLCertificateFile /etc/letsencrypt/live/music.example.com/fullchain.pem +
-    SSLCertificateKeyFile /etc/letsencrypt/live/music.example.com/privkey.pem +
- +
-</VirtualHost> +
-</IfModule>+
 </code> </code>
 ===== ModSecurity-Konfiguration für Apache2 Reverse Proxy vor Navidrome ===== ===== ModSecurity-Konfiguration für Apache2 Reverse Proxy vor Navidrome =====
Zeile 544: Zeile 540:
 <IfModule mod_ssl.c> <IfModule mod_ssl.c>
 <VirtualHost *:443> <VirtualHost *:443>
-    ServerName music.example.com +        ServerName music.example.de 
-    DocumentRoot /var/www/navidrome/html +        ServerAlias music.example.net 
- +        DocumentRoot /var/www/navidrome/html
-    # Logs +
-    ErrorLog /var/www/navidrome/logs/error.log +
-    CustomLog /var/www/navidrome/logs/access.log combined +
- +
-    # Proxy Settings +
-    ProxyPreserveHost On +
-    Protocols http/1.1   # HTTP/1.1 erzwingen für stabile Streaming-Verbindungen+
  
-    # WebSocket Support (Rewrites nur für Upgrade) +        ErrorLog /var/www/navidrome/logs/error.log 
-    RewriteEngine On +        CustomLog /var/www/navidrome/logs/access.log combined
-    RewriteCond %{HTTP:Upgrade} =websocket [NC] +
-    RewriteRule /(.*) ws://127.0.0.1:4533/$1 [P,L]+
  
-    # Normaler Proxy für alle anderen Requests +        ProxyPreserveHost On 
-    ProxyPass / http://127.0.0.1:4533/ nocanon +        Protocols http/1.1 
-    ProxyPassReverse http://127.0.0.1:4533/+        #ProxyPass "/.well-known/" "!"
  
-    Forwarded Headers +        WebSocket-Unterstützung 
-    RequestHeader set X-Forwarded-Proto "https" +        RewriteEngine On 
-    RequestHeader set X-Forwarded-Port "443" +        RewriteCond %{HTTP:Upgrade=websocket [NC] 
-    RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"+        RewriteRule /(.*)           ws://127.0.0.1:4533/$1 [P,L]
  
-    Connection Timeout Optimierungen +        Alles andere Proxy 
-    KeepAlive On +        ProxyPass http://127.0.0.1:4533/ nocanon 
-    MaxKeepAliveRequests 100 +        ProxyPassReverse / http://127.0.0.1:4533/
-    KeepAliveTimeout 5 +
-    ProxyTimeout 300+
  
-    # Security Headers +        RequestHeader set X-Forwarded-Proto "https" 
-    # X-XSS-Protection ist veraltet, kann optional drinbleiben oder entfernt werden +        RequestHeader set X-Forwarded-Port "443
-    # Header always set X-XSS-Protection "1; mode=block+        RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s
-    Header always set X-Content-Type-Options "nosniff+        Header always set X-XSS-Protection "1; mode=block"
-    Header always set Strict-Transport-Security "max-age=31536000"+
  
-    # SSL Certs +        KeepAlive On 
-    Include /etc/letsencrypt/options-ssl-apache.conf +        MaxKeepAliveRequests 100 
-    SSLCertificateFile /etc/letsencrypt/live/music.example.com/fullchain.pem +        KeepAliveTimeout 5 
-    SSLCertificateKeyFile /etc/letsencrypt/live/music.example.com/privkey.pem+        ProxyTimeout 300
  
 +        Include /etc/letsencrypt/options-ssl-apache.conf
 +        Include /etc/modsecurity/navidrome-exclusions.conf
 +        SSLCertificateFile  /etc/letsencrypt/live/music.example.de/fullchain.pem
 +        SSLCertificateKeyFile  /etc/letsencrypt/live/music.example.de/privkey.pem
 +        Header always set Strict-Transport-Security "max-age=31536000"
 </VirtualHost> </VirtualHost>
 </IfModule> </IfModule>
ubuntu/navidrome.1777023593.txt.gz · Zuletzt geändert: von Sebastian Hetzel
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki