Hello everyone!
I’m really happy to see what the libretime project has become. Albert Bruc would have been proud of you guys (Airtime old time users will know).
I had no problem setting up the server, firewall and installing Libretime… but I’m lost setting up the reverse proxy…
Do I have to secure both Apache and Nginx with let’s Encrypt ? Or just choose one of these guides ?
Thank you for your help
Hello,
LibreTime only install/requires nginx as webserver/proxy.
So unless you have a complex setup, you should only configure nginx.
1 Like
Hello Joola Thanks for your help !
So I had no problem setting up Icecast HTTPS/SSL with Let’s Encrypt but I still struggle with Libretime HTTPS/SSL…
First, let me walk you trought my setup :
- I installed correctly Certbot and Nginx
- I got an SSL certificat for radio.example.org
- I allowed ports 8080, Nginx Full… through the Firewall
- I added the code below to /etc/nginx/sites-available/libretime.conf (following the existing code)
server {
listen 80;
server_name radio.example.org;
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 ssl;
server_name radio.example.com;
ssl_certificate /etc/letsencrypt/live/radio.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/radio.example.org/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://localhost:8080/;
}
}
- I changed /etc/libretime/config.yml site address http://radio.example.org for https://radio.example.org
After following all this steps I got 502 bad gateway error message when I’ll try to access to https://radio.example.org
Any Idea on how to fix this problem ? Thank you !
Ok so I figured it out… for anyone having the problem please follow the steps below :
INFO : Change radio.libretime.org with your own site
1- First install Libretime with 8080 as a listening port
sudo ./install --listen-port 8080 https://radio.libretime.com
2- Install only python3-certbot-nginx
sudo apt-get install python3-certbot-nginx
3- Get the certificat
sudo certbot --nginx -d radio.libretime.com
4- Allow large file uploads
open and edit nginx.conf
sudo nano -l /etc/nginx/nginx.conf
add at line 63 just before }
client_max_body_size 1000M;
5- Restart nginx
sudo systemctl restart nginx
6- configure the reverse proxy to work with LibreTime. Add this at the end of the code
server {
listen 80;
server_name radio.libretime.com;
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 ssl;
server_name radio.libretime.com;
ssl_certificate /etc/letsencrypt/live/radio.libretime.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/radio.libretime.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://localhost:8080/;
}
}
7- Enable the nginx configuration and restart nginx using the commands below
ln -s /etc/nginx/sites-available/libretime.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx
I spend time finding the right method… hope it helps saving you time !
PS: you can change the title at SOLVED