Taliesin requires libav version 11, or equivalent ffmpeg, available in Debian Stretch or Ubuntu 17.04. It also requires orcania, yder, ulfius, hoel, rhonabwy, iddawc, libconfig, libshout and their dependencies.
$ # Install libraries
$ apt install -y libjansson-dev libavfilter-dev libavcodec-dev libavformat-dev libswresample-dev libavutil-dev libcurl4-gnutls-dev libgnutls28-dev libgcrypt20-dev libsqlite3-dev libmariadbclient-dev libconfig-dev zlib1g-dev libshout3-dev
Download Taliesin from Github, then use the CMake script to build the application:
# Install Taliesin
$ git clone https://github.com/babelouest/taliesin.git
$ mkdir taliesin/build
$ cd taliesin/build
$ cmake ..
$ make
$ sudo make install
The available options for cmake are:
-DWITH_JOURNALD=[on|off]
(defaulton
): Build with journald (SystemD) support for logging-DCMAKE_BUILD_TYPE=[Debug|Release]
(defaultRelease
): Compile with debugging symbols or not
Download Taliesin and its dependencies hosted on github, compile and install.
$ # Install Orcania
$ git clone https://github.com/babelouest/orcania.git
$ cd orcania/src/
$ make
$ sudo make install
$ cd ../..
$ # Install Yder
$ git clone https://github.com/babelouest/yder.git
$ cd yder/src/
$ make
$ sudo make install
$ cd ../..
$ # Install Ulfius
$ git clone https://github.com/babelouest/ulfius.git
$ cd ulfius/src/
$ make
$ sudo make install
$ cd ../..
$ # Install Hoel
$ git clone https://github.com/babelouest/hoel.git
$ cd hoel/src/
$ make DISABLE_POSTGRESQL=1
$ sudo make install
$ cd ../..
# Install Rhonabwy
$ git clone https://github.com/babelouest/rhonabwy.git
$ cd rhonabwy/src/
$ make
$ sudo make install
# Install Iddawc
$ git clone https://github.com/babelouest/iddawc.git
$ cd iddawc/src/
$ make
$ sudo make install
$ git clone git@github.com:babelouest/taliesin.git
$ cd taliesin/src/
$ make && sudo make install
Copy taliesin.conf.sample
to /usr/local/etc/taliesin/taliesin.conf
, edit the file /usr/local/etc/taliesin/taliesin.conf
with your own settings.
Change the value app_files_path
to your taliesin/webapp
if necessary.
Also, change the value server_remote_address
to a remote accessible url if you want to access Taliesin from different devices.
You can use a MySql/MariaDB database or a SQLite3 database file.
Use the dedicated script, taliesin.mariadb.sql
or taliesin.sqlite3.sql
to initialize your database.
$ # Example to install the database with MariaDB
$ mysql taliesin < taliesin.mariadb.conf
$ # Example to install the database with SQLite3
$ sqlite3 [path/to/taliesin.db] < taliesin.sqlite3.sql
If you set the config parameter use_oidc_authentication
to true, you must set the configuration values to verify the access tokens provided by the OAuth2 server.
In the oidc
block, you must set server_remote_config
or server_public_jwks
:
server_remote_config
: address to the.well-known/openid-configuration
url of the OAuth2 serverserver_remote_config_verify_cert
: set to false if you want to ignore TLS certificate error in the.well-known/openid-configuration
urlserver_public_jwks
: path to the OAuth2 server public keys to validate the access token signatureiss
: issuer to verify when checking access tokens, mandatory ifserver_public_jwks
is setrealm
realm claim to verify, optionalaud
aud claim to verify, optionaldpop_max_iat
: maximum duration for a DPoP token, optional
Copy webapp/config.json.sample
to webapp/config.json
and edit the file webapp/config.json
with your own settings.
If you want to setup Taliesin without OAuth2 authentication, you can use have a config.json
like this:
{
"taliesinApiUrl": "http://localhost:8576/api",
"storageType": "local"
}
The web application is located in webapp
, its source is located in webapp-src
. Go to webapp-src/README.md if you want more details on the front-end implementation.
You can either use Taliesin built-in static file server or host the web application in another place, e.g. an Apache or nginx instance.
To configure the front-end, rename the file webapp/config.json.sample
to webapp/config.json
and modify its content for your configuration.
{
"taliesinApiUrl": "http://localhost:8576/api", // URL to your Taliesin API
"angharadApiUrl": "http://localhost:2473/api", // URL to your Angharad API (optional)
"storageType": "local", // Storage type to keep local config values like last player used, last stream or last data source
"oauth2Config": {
"enabled": true,
"storageType": "local", // local or cookie
"responseType": "code", // code or implicit
"authUrl": "http://localhost:4593/api/oidc/auth",
"tokenUrl": "http://localhost:4593/api/oidc/token",
"clientId": "taliesin",
"redirectUri": "http://localhost:8576/", // Url to your Taliesin front-end
"scope": "taliesin taliesin_admin angharad"
"userinfoUrl": "http://localhost:4593/api/oidc/userinfo"
}
}
The files taliesin-init
(SysV init) and taliesin.service
(Systemd) can be used to run taliesin as a daemon. They are fitted for a Raspbian distrbution, but can easily be changed for other systems.
$ sudo cp taliesin-init /etc/init.d/taliesin
$ sudo update-rc.d taliesin defaults
$ sudo service taliesin start
$ sudo cp taliesin.service /etc/systemd/system
$ sudo systemctl enable taliesin
$ sudo systemctl start taliesin
If you use a Glewlwyd instance as Oauth2 server, you must setup a new client, don't forget to setup properly the new scope, here set to taliesin
and taliesin_admin
, the client_id
and at least one correct redirect_uri
value.
Taliesin front-end is a React JS application with Redux, it will need a non confidential client_id, and the authorization types code
and/or token
.
A good practice consists to protect Taliesin behind a http proxy. This way you can add specific security rules, redirect to a standard TCP port, e.g. 443, etc.
Since Taliesin webapp must be executed from a root path (e.g. http://localhost:8576/ and not http://localhost:8576/app/), you must set the apache proxy to the root of a domain or sub-domain.
For the following exemple, it configuration configures a reverse-proxy and encapsulates the http connection in a secured https connection, better for the outside world, the apache server must have the modules proxy_http.load
(mandatory) and proxy_wstunnel.load
(optional) enabled:
<VirtualHost *:443>
ServerName taliesin.my-domain.org
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/privkey.pem
ProxyPassMatch ^/api/stream/(.*)/ws$ ws://localhost:8576/api/stream/$1/ws
ProxyPass / http://localhost:8576/ retry=0 connectiontimeout=30 timeout=300 nocanon
ProxyPassReverse / http://localhost:8576/
</VirtualHost>
Run the application using the service command if you installed the init file:
$ sudo service taliesin start
You can also manually start the application like this:
$ ./taliesin --config-file=taliesin.conf
By default, Taliesin is available on TCP port 8576, the API is located at http://localhost:8576/api and the web application is located at the url http://localhost:8576/.