Setting up a reverse proxy in front of LibreTime can improve security by enabling HTTPS and centralizing certificate management. However, it is not recommended to reverse proxy Icecast or Liquidsoap harbor inputs as they do not support it. Here's how to set up a reverse proxy in front of LibreTime:

Prerequisites:

  • A domain name and TLS certificate for that domain
  • Knowledge of the location of the services that should be exposed to the public, such as the LibreTime web server (usually located at localhost:8080)

Note: If LibreTime is running on the same host as the reverse proxy, the default listening port of the LibreTime web server needs to be changed because the reverse proxy needs to listen on ports 80 and 443.

Additionally, it is important to ensure that the firewall and network allow communication from the reverse proxy to the services. Tools like ping, telnet, and curl can be used to test communication.

To set up a reverse proxy, you can use Apache or Nginx. Here are the steps for Nginx:

  1. Install Nginx and retrieve the required certificates.
  1. Configure Nginx with Let's Encrypt.
  1. Create a new file called /etc/nginx/sites-available/libretime.conf and paste the following configuration, replacing the placeholders with your own station URL and the location of your LibreTime web server:
server {
    listen 80;
    server_name radio.example.com;
    location / {
        rewrite ^ https://$server_name$request_uri? permanent;
    }
}

server {
    listen 443 ssl;
    server_name radio.example.com;

    ssl_certificate /etc/letsencrypt/live/radio.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/radio.example.com/privkey.pem;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;

        proxy_pass http://libretime:8080/;
    }
}
 

Enable the Nginx configuration and restart Nginx using the following commands:

ln -s /etc/nginx/sites-available/libretime.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx

Note that if you attempt to listen to an insecure Icecast stream on a secure website, your browser may raise a mixed content error, preventing your player from listening to the stream. It is recommended to follow a guide to configuring a secure Icecast server with a Let's Encrypt certificate.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Configure Static IP using Netplan in Libretime

This tutorial will guide you through the process of setting up a static IP address on your server...
How to install LibreTime on your system by using the Installer?

Libre Time is a free and open-source radio automation system. It allows users to schedule and...
How to Configure LibreTime?

Once installed Libretime, you can configure LibreTime in your system. The following are the...
How to broadcast live with LibreTime?

To broadcast live with LibreTime, you can use Mixxx, an Open Source application for DJs. Mixxx...
How to prepare media for uploading in Libretime?

To prepare media for uploading in LibreTime, there are several factors to be considered,...