this post was submitted on 14 Sep 2024
109 points (97.4% liked)

Selfhosted

40006 readers
893 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I've tried a few options over the years, including SMB and NFS, XBMC as well as HTML with javascript I found online.

I don't have a large collection of music (fewer than 100 albums), so hand coding things was actually one of the quicker options to setup. That's despite then hassle of hand coding the URL to each FLAC file as well as the album art. But sometimes the javascript doesn't handle large collections of FLAC and each implementation I tried had different quirks so I've sunk a lot of time into that in other ways without a satisfactory result.

I've heard of Emby, Jellyfin, Plex, Roon and Servio. I just need something that's simple to set up and access. I don't need fancy features beyond the ability to play the music with a pleasant UI that can be accessed from the web (HTTP, not HTTPS). I'd be running this from a Raspberry Pi 3B which already has the lighttpd server running.

I'm also considering just getting a portable, 128GB FLAC player with a minijack connection and moving on with my life without getting involved in networking at all.

Any recommendations for an uncomplicated way to approach to doing this?

Edit: Thanks so much for the helpful and enthusiastic comments! I tried Navidrome and had it up and running in ten minutes thanks to this tutorial video: https://invidious.nerdvpn.de/watch?v=7V5UUJlSknY

I had to install docker-compose on the RPi. Then I got an error which turned out to be because I also needed a separate docker daemon which I installed following these instructions: https://www.simplilearn.com/tutorials/docker-tutorial/raspberry-pi-docker

In just 10+ minutes I had my music collection accessible from all my devices - thanks again!

you are viewing a single comment's thread
view the rest of the comments
[–] FarraigePlaisteach@lemmy.world 13 points 1 month ago (2 children)

I got Navidrome working on the local network quickly with docker compose thanks to this video: https://invidious.nerdvpn.de/watch?v=7V5UUJlSknY

Once I forwarded the right port on my router I was also able to access the music from the web. Thanks for the recommendation, I'm very happy!

[–] tux7350@lemmy.world 7 points 1 month ago (2 children)

Another tip, please be very careful when exposing ports to the public. With docker you're already mitigating your attack surfaces but an open port allows anyone to make a connection and there are lots of bots out there looking for open ports and vulnerabilities. A good alternative would be to setup wireguard and instead then connect through that or if you like simplicity check out Tailscale.

[–] FarraigePlaisteach@lemmy.world 3 points 1 month ago (1 children)

Thanks for that. I'll look into tail scale (since you mentioned the magic word, 'simplicity'). My domain doesn't have any links to the pages on my server, and Navidrome is username and password protected. Would that be safe enough? I am using unencrypted http, though.

[–] tux7350@lemmy.world 5 points 1 month ago (1 children)

Unencrypted HTTP can mean that anyone can see your traffic as it passes through their network. Your ISP will see that traffic. If you're streaming pirated music and you're in a country that cares about those things, might not go very well. From a security stand point though, you still wouldn't want to trust the authentication on the open port. A vulnerability may exist that you don't know about. It's always better to keep them closed and add another layer or two between your home computer and the public.

Tailscale let's you tunnel into your home network without opening any ports, and it encrypts the traffic. Much safer way of doing it.

[–] FarraigePlaisteach@lemmy.world 3 points 1 month ago (1 children)

Thanks. I really appreciate the insight. I’ll start learning about tailscale as a priority.

[–] tux7350@lemmy.world 2 points 1 month ago (1 children)
[–] FarraigePlaisteach@lemmy.world 2 points 1 month ago (1 children)

Thanks again! Do I understand right that once I:

  1. Run tail scale on each machine
  2. Register those with my account

The machines will be able to see each other, but the machines can not be seen outside of the network of those machines?

Also, my Raspberry Pi is hosting some other publicly exposed services that need to remain that way. Will tail scale take over those too?

I found a nice overview video here for anyone who might want it: https://invidious.nerdvpn.de/watch?v=Kzyolu9yn0E

[–] tux7350@lemmy.world 3 points 1 month ago (1 children)

It shouldn't mess with your current routing but if you're running other VPNs you may run into issues.

After you join the machines to the tailnet, each machine gets a new IP address ( only visible to other machines in the tailnet), by default it's a 100.x.y.z you can check the tailnet for the device IP.

Now you can keep the port closed on your router and it will still be accessible over the usual lan ip and port. But when you want to access remotely, turn on tailscale and connect using the tailnet IP.

Another cool thing you can do with this setup is turn your home server into an exit node. By default it will only route things that are in the tailnet (100.x.y.z subnet). But if you turn your home server into an exit node you can funnel all your traffic back through the exit node. Instant free VPN back home!

[–] FarraigePlaisteach@lemmy.world 2 points 1 month ago

That sounds promising, thanks! You say LAN, but I can share this with people over the internet too, right?

[–] undefined@links.hackliberty.org 2 points 1 month ago* (last edited 1 month ago) (1 children)

Especially with music, if any of this is plain HTTP (or any other plaintext, non-encrypted protocol) and you live in a lawsuit happy jurisdiction you might end up with piracy letters in the mail.

[–] FarraigePlaisteach@lemmy.world 3 points 1 month ago (1 children)

It is plain HTTP. There's a username and password needed to log in and access the music, though if that helps?

[–] undefined@links.hackliberty.org 2 points 1 month ago (1 children)

Plain HTTP means anyone between you and the server can see those credentials and gain access.

It it using HTTP Basic Auth by chance? It would be so easy to put nginx (or some other reverse proxy with TLS) in front and just pass the authentication headers.

[–] FarraigePlaisteach@lemmy.world 1 points 1 month ago* (last edited 1 month ago) (1 children)

I don’t know what kind of authentication it uses, but it dots appear to be susceptible to brute force https://github.com/navidrome/navidrome/issues/242

But if I add a reverse proxy I would need it to just affect that one service/port. I’m running a publicly facing static (amateur/hobby) website - and other services - from there too and I’d prefer it to remain public.

[–] themelm@sh.itjust.works 1 points 1 month ago

All of my public facing sites are behind a reverse proxy. I use Nginx Proxy Manager it runs from docker and has an easy webgui. It takes care of things like https certificates and stuff to.

[–] friend_of_satan@lemmy.world 6 points 1 month ago (1 children)

I saw in your update you mentioned installing docker-compose. Modern docker has "compose" as a verb, and should work as docker compose. I haven't tested this on raspberry pi though.

[–] FarraigePlaisteach@lemmy.world 4 points 1 month ago (1 children)

You’re right. It’s just that the package to installed is called docker-compose (if I remember right. I’m on mobile now). So the command to install was: apt install docker-compose, and the command was: docker compose. Thanks man.

[–] friend_of_satan@lemmy.world 8 points 1 month ago* (last edited 1 month ago) (1 children)

No, thats not how it works now. You used to have to install docker-compose and run docker-compose, but now you don't. Docker comes with compose, but you call it as docker compose rather than the old Python module based way docker-compose

https://www.docker.com/blog/new-docker-compose-v2-and-v1-deprecation/

[–] FarraigePlaisteach@lemmy.world 9 points 1 month ago

Thanks for clarifying. I might be sent to uninstall that other package in that case. It’s all working nicely anyway. Appreciate it, thanks again for your help!