Skip to content

Commit

Permalink
Upd: improve documentation #522
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcorporation
jcorporation committed Jul 16, 2021
1 parent bf0020e commit ab98190
Show file tree
Hide file tree
Showing 22 changed files with 483 additions and 97 deletions.
16 changes: 8 additions & 8 deletions README.md
View file
Expand Up @@ -26,19 +26,19 @@ myMPD also integrates extended features like an advanced jukebox mode, timers, t
- Advanced search
- Jukebox mode
- Customizable home screen and navigation bar
- [Smart playlists and saved searches](https://github.com/jcorporation/myMPD/wiki/Smart-playlists)
- [Smart playlists and saved searches](https://jcorporation.github.io/myMPD/references/smart-playlists)
- Playback statistics and song voting
- [Local albumart support: embedded and image per folder](https://github.com/jcorporation/myMPD/wiki/Albumart)
- [Unsynchronized and synchronized Lyrics](https://github.com/jcorporation/myMPD/wiki/Lyrics)
- [Local albumart support: embedded and image per folder](https://jcorporation.github.io/myMPD/references/pictures)
- [Unsynchronized and synchronized Lyrics](https://jcorporation.github.io/myMPD/references/tags)
- Local booklet support (per album folder)
- HTTP stream support
- [Local playback of mpd http stream](https://github.com/jcorporation/myMPD/wiki/Local-playback)
- [Local playback of mpd http stream](https://jcorporation.github.io/myMPD/references/local-playback)
- Timers and Triggers
- [Lua scripting](https://github.com/jcorporation/myMPD/wiki/Scripting)
- [Lua scripting](https://jcorporation.github.io/myMPD/scripting/)
- Embedded Webserver (mongoose)
- [Localized user interface](https://github.com/jcorporation/myMPD/wiki/Translating)
- [Localized user interface](https://jcorporation.github.io/myMPD/references/translating)
- Themeing
- [Publishing of mpd and myMPD directories via http](https://github.com/jcorporation/myMPD/wiki/Publishing-directories)
- [Publishing of mpd and myMPD directories via http](https://jcorporation.github.io/myMPD/references/published-directories)
- Progressiv Web App enabled
- Support of Media Session API

Expand Down Expand Up @@ -68,7 +68,7 @@ myMPD should run on all current linux distributions. There are four ways to inst

On the first startup myMPD reads some environments variables and tries to autodetect the MPD connection configuration.

- https://github.com/jcorporation/myMPD/wiki/Configuration
- [Configuration](https://jcorporation.github.io/myMPD/configuration/)


``
Expand Down
122 changes: 122 additions & 0 deletions docs/additional-topics/behind-a-reverse-proxy.md
View file
@@ -0,0 +1,122 @@
---
layout: page
permalink: /additional-topics/behind-a-reverse-proxy
title: Behind a reverse proxy
---

myMPD could be hosted behind a reverse proxy to add features like http2 and authentication.

Configure myMPD to disable ssl and listen on localhost on port 8080.

```
printf "false" > /var/lib/mympd/config/ssl
printf "8080" > /var/lib/mympd/config/http_port
printf "127.0.0.1" > /var/lib/mympd/config/http_host
```

In this examples myMPD is proxied behind the path `/mympd`.

***

# Nginx

```
location /mympd/ {
proxy_pass http://127.0.0.1:8080/;
}
```

***

# Apache

## Basic setup with proxypass

To access mympd behind apache2 enable following modules, e.g. with `a2enmod`:
- proxy
- proxy_wstunnel

Add the following to a existing or a new virtual host:
```
ProxyRequests Off
ProxyPreserveHost on
ProxyVia On
ProxyPass /mympd/ws/ ws://127.0.0.1:8080/ws/
Redirect /mympd /mympd/
ProxyPass /mympd/ http://127.0.0.1:8080/
ProxyPassReverse /mympd/ http://127.0.0.1:8080/
```

## Basic Password Authentication

To add basic password authentication create a new htpasswd file
`sudo htpasswd -c <path/to/htpasswd/file> <username to access mympd>`

Or append an existing htpasswd file
`sudo htpasswd <path/to/htpasswd/file> <username to access mympd>`

for example:
`sudo htpasswd -c /etc/apache2/.htpasswds mympd`

Then add the following to your mympd Location in your apache virtualhost configuration file

```
AuthType Basic
AuthName "Authentication Required" # or add any type of identifier you prefer
AuthUserFile <path/to/htpasswd/file> # for example /etc/apache2/.htpasswds
Require valid-user
```

for example:

```
<Location "/mympd/">
AuthType Basic
AuthName "Authentication Required" # or add any type of identifier you prefer
AuthUserFile <path/to/htpasswd/file> # for example /etc/apache2/.htpasswds
Require valid-user
</Location>
```
See https://wiki.apache.org/httpd/PasswordBasicAuth for more information

## Simple Access Control

To limit acces to mympd to the local network, add the following to the location directive adjusting for your own network:

```
Require host localhost
Require ip <ipaddress>
Require ip <ip range/netmask> # ex 192.168.1.0/24
```

See https://httpd.apache.org/docs/2.4/howto/access.html for more information

## Full Example Config

```
<VirtualHost *:80>
ServerName yourserver.example.com
ProxyRequests Off
ProxyPreserveHost on
ProxyVia On
<Location "/mympd/">
Require host localhost
Require ip 192.168.1.0/24
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /etc/apache2/.passwds/mympd
Require valid-user
</Location>
ProxyPass /mympd/ws/ ws://127.0.0.1:8080/ws/
Redirect /mympd /mympd/
ProxyPass /mympd/ http://127.0.0.1:8080/
ProxyPassReverse /mympd/ http://127.0.0.1:8080/
</VirtualHost>
```
8 changes: 8 additions & 0 deletions docs/additional-topics/index.md
View file
@@ -0,0 +1,8 @@
---
layout: page
permalink: /additional-topics/
title: Additional topics
---

- [Behind a reverse proxy]({{ site.baseurl }}/additional-topics/behind-a-reverse-proxy)
- [Recommended MPD configuration]({{ site.baseurl }}/additional-topics/recommended-mpd-configuration)
51 changes: 51 additions & 0 deletions docs/additional-topics/recommended-mpd-configuration.md
View file
@@ -0,0 +1,51 @@
---
layout: page
permalink: /additional-topics/recommended-mpd-configuration
title: Recommended MPD configuration
---

myMPD needs the following mpd settings for all features. If a feature is not enabled in mpd, myMPD disables the associated features.

```
# Enable stickers - myMPD uses stickers for play statistics
sticker_file "/var/lib/mpd/sticker.sql"
# Enable stored playlists, also needed for myMPD smart playlists
playlist_directory "/var/lib/mpd/playlists"
# Enable metadata. If set to none, you can only browse the filesystem
metadata_to_use "AlbumArtist,Artist,Album,Title,Track,Disc,Genre"
# bind mpd to a unix socket
bind_to_address "/run/mpd/socket"
# Mounting is only possible with the simple database plugin and a cache_directory
database {
plugin "simple"
path "/var/lib/mpd/tag_cache"
cache_directory "/var/lib/mpd/cache"
}
# Enable neighbor plugins
neighbors {
plugin "smbclient"
}
neighbors {
plugin "udisks"
}
neighbors {
plugin "upnp"
}
# Ouput for http stream - myMPD local playback
audio_output {
type "httpd"
name "HTTP Stream"
encoder "lame" #to support safari on ios
port "8000"
bitrate "128"
format "44100:16:1"
always_on "yes"
tags "yes"
}
```
2 changes: 1 addition & 1 deletion docs/configuration/acl.md
View file
Expand Up @@ -8,7 +8,7 @@ myMPD supports simple IP ACLs to restrict connections to the webserver and to th

The ACL is a comma separated list of IPv4 subnets: x.x.x.x/x Each subnet is prepended by either a - or a + sign. A plus sign means allow, where a minus sign means deny.

If the acl is empty, all connections are allowed.
If the acl is empty, all connections are allowed else all connections are denied if not explicitely allowed.

## Example ACLs

Expand Down
40 changes: 20 additions & 20 deletions docs/configuration/index.md
View file
Expand Up @@ -14,33 +14,33 @@ The `workdir` option is useful if you want to run more then one instance of myMP

| OPTION | DESCRIPTION |
| ------ | ----------- |
| -c, --config | creates config and exits (default directory: /var/lib/mympd/config/) |
| -c, --config | creates config and exits (default directory: `/var/lib/mympd/config/`) |
| -h, --help | displays this help |
| -u, --user `<username>`| username to drop privileges to (default: mympd) |
| -u, --user `<username>`| username to drop privileges to (default: `mympd`) |
| -s, --syslog | enable syslog logging (facility: daemon) |
| -w, --workdir `<path>` | working directory (default: /var/lib/mympd) |
| -w, --workdir `<path>` | working directory (default: `/var/lib/mympd`) |
{: .table .table-sm }

## Configuration files

At first startup (if there is no ẁorking directory) myMPD tries to autodetect the MPD connection and reads some environment variables.

After first startup all environment variables are ignored and the file in the directory `/var/lib/mympd/config/` should be edited.

| FILE | ENVIRONMENT | DEFAULT | DESCRIPTION |
| ---- | ----------- | ------- | ----------- |
| acl | MYMPD_ACL | | ACL to access the myMPD webserver: [ACL]({{ site.baseurl }}/configuration/acl), allows all hosts in the default configuration |
| http_host | MYMPD_HTTP_HOST | 0.0.0.0 | IP address to listen on |
| http_port | MYMPD_HTTP_PORT | 80 | Port to listen on. Redirect to `ssl_port` if `ssl` is set to `true` |
| loglevel | MYMPD_LOGLEVEL | 5 | [Logging]({{ site.baseurl }}/configuration/logging) |
| lualibs | MYMPD_LUALIBS | all | [Scripting]({{ site.baseurl }}/references/scripting) |
| scriptacl | MYMPD_SCRIPTACL | +127.0.0.1 | ACL to access the myMPD script backend: [ACL]({{ site.baseurl }}/configuration/acl), allows only local connections in the default configuration |
| ssl | MYMPD_SSL | true | `true` = enables ssl |
| ssl_port | MYMPD_SSL_PORT | 443 | Port to listen to https traffic |
| ssl_san | MYMPD_SSL_SAN | | Additional SAN |
| custom_cert | MYMPD_CUSTOM_CERT | false | `true` = use custom ssl key and certificate |
| ssl_cert | MYMPD_SSL_CERT | | Path to custom ssl certificate file |
| ssl_key | MYMPD_SSL_KEY | | Path to custom ssl key file |
After first startup all environment variables are ignored and the files in the directory `/var/lib/mympd/config/` should be edited.

| FILE | TYPE | ENVIRONMENT | DEFAULT | DESCRIPTION |
| ---- | ---- | ----------- | ------- | ----------- |
| acl | string | MYMPD_ACL | | ACL to access the myMPD webserver: [ACL]({{ site.baseurl }}/configuration/acl), allows all hosts in the default configuration |
| http_host | string | MYMPD_HTTP_HOST | 0.0.0.0 | IP address to listen on |
| http_port | number | MYMPD_HTTP_PORT | 80 | Port to listen on. Redirects to `ssl_port` if `ssl` is set to `true` |
| loglevel | number | MYMPD_LOGLEVEL | 5 | [Logging]({{ site.baseurl }}/configuration/logging) - this environment variable is always used |
| lualibs | string | MYMPD_LUALIBS | all | [Scripting]({{ site.baseurl }}/references/scripting) |
| scriptacl | string | MYMPD_SCRIPTACL | +127.0.0.1 | ACL to access the myMPD script backend: [ACL]({{ site.baseurl }}/configuration/acl), allows only local connections in the default configuration |
| ssl | boolean | MYMPD_SSL | true | `true` = enables https, `false` = disables https |
| ssl_port | number | MYMPD_SSL_PORT | 443 | Port to listen to https traffic |
| ssl_san | string | MYMPD_SSL_SAN | | Additional SAN for certificate creation |
| custom_cert | boolean | MYMPD_CUSTOM_CERT | false | `true` = use custom ssl key and certificate |
| ssl_cert | string | MYMPD_SSL_CERT | | Path to custom ssl certificate file |
| ssl_key | string | MYMPD_SSL_KEY | | Path to custom ssl key file |
{: .table .table-sm }

- More details on [SSL]({{ site.baseurl }}/configuration/ssl)
Expand All @@ -57,5 +57,5 @@ myMPD tries to autodetect the mpd connection at first startup.
| ENVIRONMENT | DEFAULT | DESCRIPTION |
| ----------- | ------- | ----------- |
| MPD_HOST | `/run/mpd/socket` | MPD host or path to mpd socket |
| MPD_PORT | 0.0.0.0 | MPD port |
| MPD_PORT | 6600 | MPD port |
{: .table .table-sm}
6 changes: 3 additions & 3 deletions docs/configuration/ssl.md
View file
Expand Up @@ -11,9 +11,9 @@ In the default configuration myMPD encrypts traffic on port 443, set `/var/lib/m
Certificates are checked at startup and if necessary created or renewed. myMPD maintains a CA certificate and a server certificate signed with this ca.

- Lifetime of the CA certificate: approximately 10 years
- Lifetime of the server certificate: 90 days
- Lifetime of the server certificate: 1 year

The validity of the server certificate is so low because browsers no longer trust certificates with long durations, even if they are self-signed. You should restart your myMPD instance minimum each 90 days and import the ca certificate to have no trouble.
The validity of the server certificate is so short because browsers no longer trust certificates with long durations, even if they are self-signed. On startup myMPD checks the expiration date of the certificate and renews it if necessary.

The default certificates are saved in the directory `/var/lib/mympd/ssl/`.

Expand All @@ -36,7 +36,7 @@ The server certificates SAN is:

You can edit the file `/var/lib/mympd/config/ssl_san` before starting myMPD to add additional names or ip addresses to the certificate, e.g. `DNS:jukebox.local`.

To regenerate the server certificate stop myMPD, and remove the `/var/lib/mympd/ssl/server.crt` and `/var/lib/mympd/ssl/server.key`.
To regenerate the server certificate stop myMPD, and remove the `/var/lib/mympd/ssl/server.crt` and `/var/lib/mympd/ssl/server.key` files.

## Default CA

Expand Down
4 changes: 2 additions & 2 deletions docs/debug.md
View file
Expand Up @@ -9,11 +9,11 @@ Tips to debug problems with myMPD. Try these steps and reproduce the error.
## myMPD logging

- Stop myMPD
- Set loglevel to debug: ``printf "7" > /var/lib/mympd/config/loglevel``
- Set loglevel to debug: ``export MYMPD_LOGLEVEL=7``
- Start it in the console ``mympd``
- Debug output is printed to the console
- Press Ctrl + C to abort
- Set loglevel to notice: ``printf "5" > /var/lib/mympd/config/loglevel``
- Set loglevel to notice: ``unset MYMPD_LOGLEVEL``

## Webbrowser logging

Expand Down

0 comments on commit ab98190

Please sign in to comment.