Hello everyone!
I’m really happy to see what the libretime project has become. Albert Bruc would have been proud of you guys (Airtime old time users will know).
I had no problem setting up the server, firewall and installing Libretime… but I’m lost setting up the reverse proxy…
Do I have to secure both Apache and Nginx with let’s Encrypt ? Or just choose one of these guides ?
Thank you for your help
Hello,
LibreTime only install/requires nginx as webserver/proxy.
So unless you have a complex setup, you should only configure nginx.
1 Like
Hello Joola Thanks for your help !
So I had no problem setting up Icecast HTTPS/SSL with Let’s Encrypt but I still struggle with Libretime HTTPS/SSL…
First, let me walk you trought my setup :
- I installed correctly Certbot and Nginx
- I got an SSL certificat for radio.example.org
- I allowed ports 8080, Nginx Full… through the Firewall
- I added the code below to /etc/nginx/sites-available/libretime.conf (following the existing code)
server {
listen 80;
server_name radio.example.org;
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 ssl;
server_name radio.example.com;
ssl_certificate /etc/letsencrypt/live/radio.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/radio.example.org/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://localhost:8080/;
}
}
- I changed /etc/libretime/config.yml site address http://radio.example.org for https://radio.example.org
After following all this steps I got 502 bad gateway error message when I’ll try to access to https://radio.example.org
Any Idea on how to fix this problem ? Thank you !
Ok so I figured it out… for anyone having the problem please follow the steps below :
INFO : Change radio.libretime.org with your own site
1- First install Libretime with 8080 as a listening port
sudo ./install --listen-port 8080 https://radio.libretime.com
2- Install only python3-certbot-nginx
sudo apt-get install python3-certbot-nginx
3- Get the certificat
sudo certbot --nginx -d radio.libretime.com
4- Allow large file uploads
open and edit nginx.conf
sudo nano -l /etc/nginx/nginx.conf
add at line 63 just before }
client_max_body_size 1000M;
5- Restart nginx
sudo systemctl restart nginx
6- configure the reverse proxy to work with LibreTime. Add this at the end of the code
server {
listen 80;
server_name radio.libretime.com;
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 ssl;
server_name radio.libretime.com;
ssl_certificate /etc/letsencrypt/live/radio.libretime.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/radio.libretime.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://localhost:8080/;
}
}
7- Enable the nginx configuration and restart nginx using the commands below
ln -s /etc/nginx/sites-available/libretime.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx
I spend time finding the right method… hope it helps saving you time !
PS: you can change the title at SOLVED
I tried it exactly like you did, but I still can’t access my site via https. It’s frustrating.
Step 6. refers to changing the /etc/nginx/sites-available/libretime.conf correct?
This code snippet here, you add it simply at the end of the existing code in the file?
Any help would be appreciated - I’ve been trying to get this to run for weeks, and I’m on Digital Ocean droplet #9 or #10, but who’s counting 
Hello Max. This method was the one I use for the 3.1.0 Libretime version… it will not work with latest version of Libretime unfortunately
The /etc/nginx/sites-available/libretime.conf should not be edited, or the file might get overwritten the next time you run the install script.
You probably want to check out the docs and follow the instructions there.
Thanks for your reply nonetheless NessRadio!
Thanks for the hint Joola. I won’t touch that file then.