Closed the-unknown closed 3 years ago
local_web_path = "localhost"
did the job.
Sorry for the inconvenience
Don't forget to close the issue if you found the solution!
local_web_path = "localhost"
did the job. Sorry for the inconvenience
Hello. Excuse me, but can You show your nginx config please?
This is mine. I use letsencrypt for the SSL. My server is listening on port 8080 which ngnix is the reverse proxy.
server {
server_name ampache.animeshare.com ;
client_max_body_size 15G;
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_send_timeout 300;
proxy_read_timeout 300;
}
ssl_certificate /etc/letsencrypt/live/ampache.animeshare.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ampache.animeshare.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
client_max_body_size 15G;
if ($host = ampache.animeshare.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ampache.animeshare.com;
return 404; # managed by Certbot
Thank you very much @stebe. But it's not helpful for me, unfortunately. I'm trying to setup ampache in the docker container with nginx-proxy and ssl at home LAN (because I would like to get working it with Nextcloud). The problem is that I can't play/download any media from subsonic clients. But your and my setups are very different, as I can see now. So I'm going to create new issue.
Here is mine, it's very close to the default. I use no SSL or IPv6, but I do listen on a non-standard port.
server {
# listen to
# listen [::]:used_port; #ssl; ipv6 optional with ssl enabled
listen 5006; #ssl; ipv4 optional with ssl enabled
server_name 18claypitts.hova.net;
charset utf-8;
# Logging, error_log mode [notice] is necessary for rewrite_log on,
# (very usefull if rewrite rules do not work as expected)
error_log /var/log/xbmc/ampache/error.log; # notice;
access_log /var/log/xbmc/ampache/access.log;
rewrite_log on;
# Use secure SSL/TLS settings, see https://mozilla.github.io/server-side-tls/ssl-config-generator/
# ssl_protocols TLSv1.2;
# ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-E CDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# ssl_prefer_server_ciphers on;
# add_header Strict-Transport-Security max-age=15768000;
# etc.
# Use secure headers to avoid XSS and many other things
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer";
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";
# Avoid information leak
server_tokens off;
fastcgi_hide_header X-Powered-By;
root /opt/ampache;
index index.php;
# Somebody said this helps, in my setup it doesn't prevent temporary saving in files
proxy_max_temp_file_size 0;
# Rewrite rule for Subsonic backend
if ( !-d $request_filename ) {
rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
rewrite ^/rest/fake/(.+)$ /play/$1 last;
}
# Rewrite rule for Channels
if (!-d $request_filename){
rewrite ^/channel/([0-9]+)/(.*)$ /channel/index.php?channel=$1&target=$2 last;
}
# Beautiful URL Rewriting
rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&name=$5 last;
rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&name=$7 last;
rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&player=$7&name=$8 last;
rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&bitrate=$7player=$8&name=$9 last;
rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&transcode_to=$7&bitrate=$8&player=$9&name=$10 last;
# The following line necessary for me to be able to download single songs
rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/action/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4action=$5&name=$6 last;
# used for transfering art work to some clients, seems not to work for clementine because of an clementine-internal issue
location /play {
if (!-e $request_filename) {
rewrite ^/play/art/([^/]+)/([^/]+)/([0-9]+)/thumb([0-9]*)\.([a-z]+)$ /image.php?object_type=$2&object_id=$3&auth=$1;
break;
}
rewrite ^/([^/]+)/([^/]+)(/.*)?$ /play/$3?$1=$2;
rewrite ^/(/[^/]+|[^/]+/|/?)$ /play/index.php last;
break;
}
If this is resolved, please close the issue.
hello i m using ampache 4.4.1 in docker with traefik, had the same problem, struggled to make ampache play and no subsonic api working after reverse proxying. two things helped me to make it work : ampache is installed directly in htdocs so i added this: 1) local_web_path = "http://localhost/"
if you installed your ampache in /ampache use instead : local_web_path = "http://localhost/ampache"
2) and let commented : ;http_host = "localhost"
while it isnt necessary without reverse proxy, it was with one (traefik), without it ampache was looping in and out ! i guess when you use the api, once you arrive in ampache you get redirected internally many times. thats what i observed in logs.
as you guessed traefik is in charge of the ssl part, and redirecting http to https. i tested the api with my iphone and play:sub subsonic client every thing worked.
i left these variables untouched : web_path = "" ;http_port = 80 ;http_host = "localhost"
hope it will help you
@SimonHova Thank You, but it didn't work for me. @bfd69 Thank You too, but, honestly, I found the solution myself. Although I decided to switch to Airsonic anyway - ampache docker mysql constantly broke down at idle... There is my working nginx-proxy config:
server {
listen 80;
listen [::]:80;
return 301 https://192.168.0.2$request_uri;
}
server {
listen 443 ssl;
ssl_certificate certs/default.crt;
ssl_certificate_key certs/default.key;
# Redirects for DAV clients
location = /.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location /nextcloud {
rewrite ^/nextcloud(.*) $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://nextcloud.localhost;
}
location /ampache {
# TEST
# Rewrite rule for Subsonic backend
if ( !-d $request_filename ) {
rewrite ^/ampache/rest/(.*).view$ /ampache/rest/index.php?action=$1 last;
rewrite ^/ampache/rest/fake/(.+)$ /ampache/play/$1 last;
}
rewrite ^/ampache(.*) $1 break;
rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&player=$6&name=$7 last;
# TEST
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_pass http://ampache.localhost;
}
}
and important lines from ampache.cfg.php:
http_host = "192.168.0.2"
http_port = 443
web_path = "/ampache"
local_web_path = "https://192.168.0.2:443/ampache"
force_ssl = "true"
I think there are many examples of working configurations here. Thanks everyone. I think issue maybe be closed.
Description
Describe the bug
When using the official docker image and a reverse proxy, the subsonic API will provide the library, but not playback any files. Webplayer works and streaming in VLC works as well. Using the "/rest/" Link in the browser, results in a simple white page with no download.
To reproduce
Steps to reproduce the behavior:
Expected behavior
Song should play as usual.
Environment
Client type
Settings
complete settings:
Logs
Server Logs: