myMPD HELP PLEASE

Having issues with your DietPi installation, or, found a bug? Post it here.
User avatar
MichaIng
Site Admin
Posts: 2419
Joined: Sat Nov 18, 2017 6:21 pm

Re: myMPD HELP PLEASE

Post by MichaIng »

@Edward
Is this still an issue? MPD is running as root:dietpi, myMPD as mympd:dietpi.
Since we managed to have samba drives and several other software creating their files with 66X permissions, the shared dietpi group should allow full cross access.

Not sure, why we switched MPD back to root user. I opened a PR to revert this, adding some capabilities to the systemd unit from official one, that were perhaps missing in the past for full features. However it's the shared group that should guarantee cross access.

@naum
Did you setup the SSL key + certificate properly? Note that the mympd user or dietpi group need read access to those files, which is not the default, if you enabled SSL via LetsEncrypt.

Check myMPD and system logs for errors: journalctl -u mympd or journalctl -t mympd and I don't know if/where myMPD places it's log file(s)?

Another issue could be either browser or server side caching. Reload the page on the browser via pressing both: <ctrl>+<F5>
I guess you restarted myMPD service already after doing the change, as last resort try if a reboot helps.
And did you try it with different browsers?

About English: No worries, it's not native for many of us, including me :). Since you are from Russia, instead of Google translator I recommend: https://www.deepl.com/translator
It translates especially whole texts/sentences much better than Google in terms of grammar and wording, but is limited to currently 9 European languages.
naum
Posts: 3
Joined: Mon Dec 24, 2018 2:38 pm

Re: myMPD HELP PLEASE

Post by naum »

@MichaIng
Thank you for responding!
I've been away so long because I'm suddenly sick, but now I'm recovering and I can communicate.

I'm not sure if I understand what to do with the key, but the certificate has been installed and I have marked the trust for it for all protocols. I also checked another browser on another computer without a certificate - it behaves just like a browser in a system with a certificate.

The journalctl -u mympd command shows the following:
2019-01-06_18-08-23.png
How to fix this?

Thank you for your advice on translator! Now I will only use it. Hopefully, the text will look much better for you now. :-)
User avatar
MichaIng
Site Admin
Posts: 2419
Joined: Sat Nov 18, 2017 6:21 pm

Re: myMPD HELP PLEASE

Post by MichaIng »

@naum

Btw, systemd seemed to become stricter about comments within the service files, leading to the red error in your log. However it has not effect, since root user is anyway applied by default. You can prevent this error by opening /lib/systemd/system/mympd.service and simply remove the User=root # ... line, then systemctl daemon-reload to apply changes. I did the same within DietPi code for v6.20.

Okay about SSL, lets start from the beginning:
You configure mympd.conf with cert + key, e.g.:

Code: Select all

ssl = true
sslport = 443
sslcert = /path/to/your/cert.pem
sslkey = /path/to/your/privkey.pem
Then you need to allow the "mympd" user to read those files. Usually (e.g. installed via LetsEncrypt), they have very strict permissions that nothing but root can read them, especially the key.

Handy is the following:

Code: Select all

usermod -a -G dietpi mympd # Adds mympd to dietpi group, if not yet the case
chown root:dietpi /path/to/your/cert.pem /path/to/your/privkey.pem # Add cert and key to dietpi group
chmod 640 /path/to/your/cert.pem /path/to/your/privkey.pem # Make cert and key readable for group members
However it is not too secure, since the whole dietpi group can read you private key. Safer is, if you create a new group, e.g. called ssl to apply as above.

The safest is to make a copy of cert + key and chown mympd:root; chmod 400 those, so really only mympd has read access and no one else. But this need to be redone on every certificate renewal, which makes it a bid unhandy ;).
naum
Posts: 3
Joined: Mon Dec 24, 2018 2:38 pm

Re: myMPD HELP PLEASE

Post by naum »

@MichaIng

The red error disappeared after a complete reboot.
And this is the only thing I have, unfortunately, succeeded. I am a good graphic designer, but I am a very bad programmer, no matter how hard I try.

I see the following lines in the file: /etc/mympd/mympd.conf:

Code: Select all

sslcert = /etc/mympd/ssl/server.pem
sslkey = /etc/mympd/ssl/server.key 

I put these values on the next team you brought in, if I understand correctly.

I do not know how to create a new ssl group.

The command chown mympd: root; chmod 400 did not work for me. Cries out that there is no root directory.

Anyway, I can see that you're trying to help, thank you for your help, but I'm doing nothing, anyway. I lack fundamental knowledge in this field. Usually, if I look carefully at the code and try to find patterns and variables and substitute the necessary values, I often get what I need. But not this time.

Thank you again for your help, but I don't think I can handle it anymore. I will limit myself to O!MPD - good thing it works without any complications.

I have another question (I hope it is much easier). I will try to ask it in the relevant topic.
Edward
Posts: 93
Joined: Sun Apr 09, 2017 6:24 am

Re: myMPD HELP PLEASE

Post by Edward »

MichaIng wrote: Mon Dec 31, 2018 5:01 pm @Edward
Is this still an issue? MPD is running as root:dietpi, myMPD as mympd:dietpi.
Since we managed to have samba drives and several other software creating their files with 66X permissions, the shared dietpi group should allow full cross access.

Not sure, why we switched MPD back to root user. I opened a PR to revert this, adding some capabilities to the systemd unit from official one, that were perhaps missing in the past for full features. However it's the shared group that should guarantee cross access.
Hi Michalng

Everything seems to be okay with permissions and owners.

Thanks for looking into this... :D
Post Reply