Nginx and Ampache

Having issues with your DietPi installation or found a bug? Post it here.
kk345
Posts: 18
Joined: Sun Dec 06, 2020 10:02 am

Nginx and Ampache

Post by kk345 »

Hi,

I have Nginx as default web server and installed Ampache.
Now when I open 192.168.100/ampache I am redirected to http://dietpi/ampache/login.php and says "Address Not Found"

Why is ip in URL replaced with host name? I am planing to use in local network only.
User avatar
Joulinar
Posts: 4804
Joined: Sat Nov 16, 2019 12:49 am

Re: Nginx and Ampache

Post by Joulinar »

Hi,

many thanks for your message. Pls can you have a look to the information posted.
Now when I open 192.168.100/ampache
Because the IP address is not correct. Usually an IP address consists out of four octets separated by a dot.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
kk345
Posts: 18
Joined: Sun Dec 06, 2020 10:02 am

Re: Nginx and Ampache

Post by kk345 »

Oh thats a typo error in post, its actually
192.168.1.100/ampache
Redirecting to http://dietpi/ampache/login.php
User avatar
Joulinar
Posts: 4804
Joined: Sat Nov 16, 2019 12:49 am

Re: Nginx and Ampache

Post by Joulinar »

Ok I found it. Basically you would need to adjust Nginx config file

Code: Select all

nano /etc/nginx/sites-available/default
Change server_name "$hostname"; into server_name "<192.168.x.x>";
Replace IP address with the one from your DietPi device. Once done, restart your web server

Code: Select all

systemctl restart nginx.service
Ampache should be reachable on IP address now.

@MichaIng
Something we would need to look into? Current Nginx default config is re-writing IP address into hostname
https://github.com/MichaIng/DietPi/blob ... nx.default

not an issue if you use local DNS server but without? :?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
kk345
Posts: 18
Joined: Sun Dec 06, 2020 10:02 am

Re: Nginx and Ampache

Post by kk345 »

Now its working....😃

Thanks for the help.

Could you guys help me configuring ampache with nginx.
As per https://github.com/ampache/ampache/wiki ... tion#nginx, I have created the following file.

Code: Select all

server {

    # listen to
    listen 80 default_server; #ssl; ipv6 optional with ssl enabled
    listen [::]:80 default_server; #ssl; ipv4 optional with ssl enabled

    server_name 192.168.1.100;
    charset utf-8;

    # Logging, error_log mode [notice] is necessary for rewrite_log on,
    # (very usefull if rewrite rules do not work as expected)

    access_log /var/log/nginx/ampache.access.log; # notice;
    # error_log /var/log/nginx/ampache.error.log;
    # rewrite_log     on;

    # Use secure SSL/TLS settings, see https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # ssl_protocols TLSv1.2;
    # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-E    CDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    # ssl_prefer_server_ciphers on;
    # add_header Strict-Transport-Security max-age=15768000;
    # etc.

    # Use secure headers to avoid XSS and many other things
    # add_header X-Content-Type-Options nosniff;
    # add_header X-XSS-Protection "1; mode=block";
    # add_header X-Robots-Tag none;
    # add_header X-Download-Options noopen;
    # add_header X-Permitted-Cross-Domain-Policies none;
    # add_header X-Frame-Options "SAMEORIGIN" always;
    # add_header Referrer-Policy "no-referrer";
    # add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";

    # Avoid information leak
    # server_tokens off;
    #fastcgi_hide_header X-Powered-By;

    root /var/www/ampache;
    index index.php;

    # Somebody said this helps, in my setup it doesn't prevent temporary saving in files
    # proxy_max_temp_file_size 0;

    # Rewrite rule for Subsonic backend
    if ( !-d $request_filename ) {
        rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
        rewrite ^/rest/fake/(.+)$ /play/$1 last;
    }

    # Rewrite rule for Channels
    if (!-d $request_filename){
      rewrite ^/channel/([0-9]+)/(.*)$ /channel/index.php?channel=$1&target=$2 last;
    }

    # Beautiful URL Rewriting
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&name=$5 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&name=$6 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&player=$6&name=$7 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&bitrate=$6player=$7&name=$8 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&transcode_to=$6&bitrate=$7&player=$8&name=$9 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&name=$7 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&player=$7&name=$8 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&bitrate=$7player=$8&name=$9 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&transcode_to=$7&bitrate=$8&player=$9&name=$10 last;

    # the following line was needed for me to get downloads of single songs to work
        rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/action/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4action=$5&name=$6 last;
        location /play {
                if (!-e $request_filename) {
                rewrite ^/play/art/([^/]+)/([^/]+)/([0-9]+)/thumb([0-9]*)\.([a-z]+)$ /image.php?object_type=$2&object_id=$3&auth=$1 last;
                }

        rewrite ^/([^/]+)/([^/]+)(/.*)?$ /play/$3?$1=$2;
        rewrite ^/(/[^/]+|[^/]+/|/?)$ /play/index.php last;
        break;
        }

   location /rest {
      limit_except GET POST {
         deny all;
      }
   }

   location ^~ /bin/ {
      deny all;
      return 403;
   }

   location ^~ /config/ {
      deny all;
      return 403;
   }

   location / {
      limit_except GET POST HEAD{
         deny all;
      }
   }

   #location ~ ^/.*.php {
   
   location ~ \.php(?:$|/) {
   		include snippets/fastcgi-php.conf;
		fastcgi_pass php;
		
		try_files	$uri = 404;
		
		# chose as your php-fpm is configured to listen on
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        # fastcgi_pass 127.0.0.1:8000/;
		
		fastcgi_index index.php;

		fastcgi_param  PHP_ADMIN_VALUE "open_basedir=/tmp/:/var/www/ampache/:/var/log:/usr/bin";
		
		include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;

		# sets the timeout for requests in [s] , 60s are normally enough
        # fastcgi_read_timeout 60s;
        
		# Mitigate HTTPOXY https://httpoxy.org/
        fastcgi_param HTTP_PROXY "";

		# has to be set to on if encryption (https) is used:
        # fastcgi_param HTTPS on;

        # fastcgi_split_path_info ^(.+?\.php)(/.*)$;
   }

   # Rewrite rule for WebSocket
   location /ws {
        rewrite ^/ws/(.*) /$1 break;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8100/;
   }
}
named the file as ampache and placed it in /etc/nginx/sites-enabled
(sites-enabled contain two files. ampache and default)
now restarting nginx failed.

removed the default file and tried restarting nginx but still failed.

rpi0w running latest dietpi
User avatar
Joulinar
Posts: 4804
Joined: Sat Nov 16, 2019 12:49 am

Re: Nginx and Ampache

Post by Joulinar »

ok I got it working. BUT using this configuration will manipulate Nginx away from DietPi standard and Nginx will be useable for Ampache only. Because you will have document root pointing directly to Ampache. Means, other web applications can't be used anymore.

You would need 2 files to adjusted and one sym link to be removed (if still present)

Code: Select all

rm /etc/nginx/sites-enabled/default

Code: Select all

nano /etc/nginx/sites-enabled/ampache
Add

Code: Select all

server {

    # listen to
    listen 80 default_server; #ssl; ipv6 optional with ssl enabled
    listen [::]:80 default_server; #ssl; ipv4 optional with ssl enabled

    server_name 192.168.0.17;
    charset utf-8;

    # Logging, error_log mode [notice] is necessary for rewrite_log on,
    # (very usefull if rewrite rules do not work as expected)

    access_log /var/log/nginx/ampache.access.log; # notice;
    error_log /var/log/nginx/ampache.error.log;
    # rewrite_log     on;

    # Use secure SSL/TLS settings, see https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # ssl_protocols TLSv1.2;
    # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-E    CDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    # ssl_prefer_server_ciphers on;
    # add_header Strict-Transport-Security max-age=15768000;
    # etc.

    # Use secure headers to avoid XSS and many other things
    # add_header X-Content-Type-Options nosniff;
    # add_header X-XSS-Protection "1; mode=block";
    # add_header X-Robots-Tag none;
    # add_header X-Download-Options noopen;
    # add_header X-Permitted-Cross-Domain-Policies none;
    # add_header X-Frame-Options "SAMEORIGIN" always;
    # add_header Referrer-Policy "no-referrer";
    # add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";

    # Avoid information leak
    # server_tokens off;
    #fastcgi_hide_header X-Powered-By;

    root /var/www/ampache;
    index index.php;

    # Somebody said this helps, in my setup it doesn't prevent temporary saving in files
    # proxy_max_temp_file_size 0;

    # Rewrite rule for Subsonic backend
    if ( !-d $request_filename ) {
        rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
        rewrite ^/rest/fake/(.+)$ /play/$1 last;
    }

    # Rewrite rule for Channels
    if (!-d $request_filename){
      rewrite ^/channel/([0-9]+)/(.*)$ /channel/index.php?channel=$1&target=$2 last;
    }

    # Beautiful URL Rewriting
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&name=$5 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&name=$6 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&player=$6&name=$7 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&bitrate=$6player=$7&name=$8 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&transcode_to=$6&bitrate=$7&player=$8&name=$9 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&name=$7 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&player=$7&name=$8 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&bitrate=$7player=$8&name=$9 last;
        rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&transcode_to=$7&bitrate=$8&player=$9&name=$10 last;

    # the following line was needed for me to get downloads of single songs to work
        rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/action/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4action=$5&name=$6 last;
        location /play {
                if (!-e $request_filename) {
                rewrite ^/play/art/([^/]+)/([^/]+)/([0-9]+)/thumb([0-9]*)\.([a-z]+)$ /image.php?object_type=$2&object_id=$3&auth=$1 last;
                }

        rewrite ^/([^/]+)/([^/]+)(/.*)?$ /play/$3?$1=$2;
        rewrite ^/(/[^/]+|[^/]+/|/?)$ /play/index.php last;
        break;
        }

   location /rest {
      limit_except GET POST {
         deny all;
      }
   }

   location ^~ /bin/ {
      deny all;
      return 403;
   }

   location ^~ /config/ {
      deny all;
      return 403;
   }

   location / {
      limit_except GET POST HEAD{
         deny all;
      }
	  try_files $uri $uri/ =404;
   }

	location ~ \.php(?:$|/) {
		include snippets/fastcgi-php.conf;
		fastcgi_pass php;
	}

   # Rewrite rule for WebSocket
   location /ws {
        rewrite ^/ws/(.*) /$1 break;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8100/;
   }
}

Code: Select all

nano /var/www/ampache/config/ampache.cfg.php
change (around line 40)

Code: Select all

web_path = "/ampache"
to

Code: Select all

web_path = "/"
Restart Nginx

Code: Select all

systemctl restart nginx.service
Ampache is available on http://192.168.1.100 (without any sub folder)

disclaimer: I'm not an Ampache specialist and I'm not sure if all these changes are working as expected. I never used Ampache myself. I fixed the Nginx errors only, that showed up on the error.log
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 3011
Joined: Sat Nov 18, 2017 6:21 pm

Re: Nginx and Ampache

Post by MichaIng »

Strange, that server_name should only be relevant Nginx internally in case one is running multiple servers, so they can be identified. Using an IP address there is not foreseen and I cannot find any hint that it is used for redirects. I mean you can assign a wildcard there, how would the rewrite then look like?

Ah now I found an option that just triggers this: https://nginx.org/en/docs/http/ngx_http ... n_redirect

Code: Select all

Syntax:		server_name_in_redirect on | off;
Default:	server_name_in_redirect off;
Context:	http, server, location
Default is off, reasonably, and now I see that we even actively set it off: https://github.com/MichaIng/DietPi/blob ... x.conf#L58

Either hostname or none is the correct server_name I'd say, so we need to find the reason why even a default directory index is rewritten to server_name and disable that.
User avatar
MichaIng
Site Admin
Posts: 3011
Joined: Sat Nov 18, 2017 6:21 pm

Re: Nginx and Ampache

Post by MichaIng »

It is not an issue with the Nginx configuration but with Ampache PHP scripts. Any other page index and rewrites do not suffer from this, so the Nginx config works as expected. By default Nginx passes the server name to PHP handler via fastcgi_param SERVER_NAME $server_name;, pretty common with other webservers as well. I commented that (in /etc/nginx/fastcgi.conf) and now every non-explicit access to Ampache is redirected to http://ampache/whichever.php, the same happens when instead unsetting server_name (so that it is in fact an empty string).

Here it can be fixed: https://github.com/ampache/ampache/blob ... it.php#L86
Replacing SERVER_NAME with HOST_NAME in this line solves the issue, probably it is required in a few other cases as well. While SERVER_NAME usually should match the FQDN of the server, it is not reliable and sometimes not possible. HTTP_HOST simply matches the hostname or IP whichever the client accessed the server with, hence using that is safest as the existing request is not changed. I'll open an issue at Ampache to make this a topic.

PR opened to make this more robust: https://github.com/ampache/ampache/pull/2670
User avatar
Joulinar
Posts: 4804
Joined: Sat Nov 16, 2019 12:49 am

Re: Nginx and Ampache

Post by Joulinar »

good find, well done @MichaIng
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 3011
Joined: Sat Nov 18, 2017 6:21 pm

Re: Nginx and Ampache

Post by MichaIng »

I opened a PR to make this estimation more robust in Ampache: https://github.com/ampache/ampache/pull/2670

Btw in /var/www/ampache/config/ampache.cfg.php the http_host setting is what overrides this otherwise. Only the auto estimation was not great.
Post Reply