How to Install Ampache Music Streaming Server on Fedora 33

Ampache is an open-source web-based personal audio streaming application written in PHP. It allows you to host and manage your digital music collection on your server and to stream it to your computer, smartphone, tablet, or smart TV. You can use various Android and iOS applications to stream your music from your Ampache music server to your personal devices.

This tutorial will cover how to install the Ampache application on a Fedora 33 based server and how to upload music to it for streaming.

Prerequisites

  • A server running Fedora 33.

  • A non-root sudo user.

  • Make sure everything is updated.

    $ sudo dnf upgrade
    
  • Few packages that your system needs.

    $ sudo dnf install wget curl nano zip -y
    
  • Disable SELinux.

    $ sudo setenforce 0
    

Configure Firewall

The first step is to configure the firewall. Fedora server comes with Firewalld preinstalled.

Check if the firewall is running.

$ sudo firewall-cmd --state

You should get the following output.

running

Set the default zone of the firewall to public.

$ sudo firewall-cmd --set-default-zone=public

Check the current allowed services/ports.

$ sudo firewall-cmd --zone=public --permanent --list-services

It should show the following output.

dhcpv6-client mdns ssh

Allow HTTP and HTTPS ports.

$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --zone=public --permanent --add-service=https

Check the status of the firewall again.

$ sudo firewall-cmd --zone=public --permanent --list-services

You should see a similar output.

dhcpv6-client http https mdns ssh

Reload the Firewall.

$ sudo systemctl reload firewalld

Install Git

Before we proceed, we need to install Git.

$ sudo dnf install git

Next, configure Git with your personal details.

$ git config --global user.name "Your Name"
$ git config --global user.email "[email protected]"

Install MariaDB

MariaDB is a drop-in replacement for MySQL which means commands to run and operate MariaDB are the same as those for MySQL.

Fedora 33 by default ships with MariaDB 10.4 bur since MariaDB 10.5 is the latest stable version, we will be using the official MariaDB repository for that.

Create the file /etc/yum.repos.d/MariaDB.repo and open it for editing.

$ sudo nano /etc/yum.repos.d/MariaDB.repo

Paste the following code in it.

# MariaDB 10.5 Fedora repository list
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/fedora33-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Save and close the file by pressing Ctrl + X and entering Y when prompted.

To install MariaDB issue the following command.

$ sudo dnf install MariaDB-server -y

Make sure you type MariaDB-server in the command above and not mariadb-server since the former will install it from the official repository while the latter command will install the older version from Fedora's repository.

Check if MariaDB is installed correctly.

$ mysql --version

You should see the following output.

mysql  Ver 15.1 Distrib 10.5.9-MariaDB, for Linux (x86_64) using  EditLine wrapper

Enable and start the MariaDB service.

$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb

Run the following command to perform default configuration such as giving a root password, removing anonymous users, disallowing root login remotely, and dropping test tables.

$ sudo mysql_secure_installation

With MariaDB 10.4, you will now be asked between using the root password or the unix_socket plugin. The plugin allows you to log in to MariaDB with your Linux user credentials. It is considered more secure though you will need a traditional username/password to use 3rd party apps like phpMyAdmin. We will stick to using the plugin for this tutorial. You can still use phpMyAdmin via any user you specific user you create for your databases.

Pressing Enter chooses the default option (the one that is capitalized, Y in this case).

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): [PRESS ENTER]
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] [PRESS ENTER]
Enabled successfully!
Reloading privilege tables..
 ... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] [ANSWER n]
... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] [PRESS ENTER]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] [PRESS ENTER]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] [PRESS ENTER]
 \- Dropping test database...
 ... Success!
 \- Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] [PRESS ENTER]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

That's it. Next time you want to login to MySQL, use the following command

$ sudo mysql

Enter your root password when prompted.

Configure MariaDB for Ampache

Now we need to set up a database to use for the Ampache application. To do that login to MySQL prompt.

$ sudo mysql

Once at the prompt, enter the following commands which will set up a database named ampache and a database user named ampuser and grant it access to the database.

mysql> CREATE DATABASE ampache;
mysql> CREATE USER 'ampuser'@'localhost' IDENTIFIED BY 'yourpassword';
mysql> GRANT ALL PRIVILEGES ON ampache.* TO 'ampuser'@'localhost';
mysql> exit

Install PHP

Fedora 33 by default ships with PHP 7.4 but to have an updated PHP repository, we will add the REMI repository.

Install the REMI repository which is the official Fedora repository for installing PHP packages.

$ sudo dnf -y install https://rpms.remirepo.net/fedora/remi-release-33.rpm

Install PHP 7.4 as a module.

$ sudo dnf module install php:remi-7.4

Check if PHP is working correctly.

$ php --version

You should see a similar output.

PHP 7.4.16 (cli) (built: Mar  2 2021 10:35:17) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

Install PHP extensions

Ampache needs few PHP extensions. Use the following command to install them.

sudo dnf install php-curl php-gd php-intl php-mysql

Configure PHP-FPM

Open the file /etc/php-fpm.d/www.conf.

$ sudo nano /etc/php-fpm.d/www.conf

We need to set the Unix user/group of PHP processes to nginx. Find the user=apache and group=apache lines in the file and change them to nginx.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Save the file by pressing Ctrl + X and entering Y when prompted.

Next, we need to increase the file size for music uploads in the /etc/php.ini file. Open the file for editing.

$ sudo nano /etc/php.ini

Change the following lines

. . .
post_max_size = 8M
. . .
upload_max_filesize = 2M

to

. . .
post_max_size = 110M
. . .
upload_max_filesize = 100M
. . .

Now, you can upload files up to 100MB in size. You can change the value to anything you like. Just make sure, the post_max_size is greater than the upload_max_filesize variable.

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart the PHP-fpm process.

$ sudo systemctl restart php-fpm

Install Nginx

Fedora 33 by default ships with Nginx's latest Stable version. (1.18.0).

Install Nginx.

$ sudo dnf install nginx -y

Check if it is working correctly.

$ nginx -v

You should see the following output depending upon the version of Nginx you chose to install.

nginx version: nginx/1.18.0

Start and enable Nginx.

$ sudo systemctl start nginx
$ sudo systemctl enable nginx

Open your server's IP address in a browser to see the following page. It means Nginx is working properly.

Fedora Nginx Home

Configure Nginx

Set up directories where the server blocks will live.

$ sudo mkdir /etc/nginx/sites-available
$ sudo mkdir /etc/nginx/sites-enabled

Open the /etc/nginx/nginx.conf file for editing.

$ sudo nano /etc/nginx/nginx.conf	

Paste the following lines after the line include /etc/nginx/conf.d/*.conf

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;

Press Ctrl + X to close the editor and press Y when prompted to save the file.

Run the following command to add a configuration file for Ampache.

$ sudo nano /etc/nginx/sites-available/ampache.conf

Paste the following code in the editor.

server {

    # listen to
    listen  [::]:80;
    listen       80;

    server_name ampache.example.com;
    charset utf-8;

    # Logging, error_log mode [notice] is necessary for rewrite_log on,
    # (very usefull if rewrite rules do not work as expected)

    error_log       /var/log/nginx/ampache.error.log; # notice;
    access_log      /var/log/nginx/ampache.access.log;
    # rewrite_log     on;

    # Use secure headers to avoid XSS and many other things
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Referrer-Policy "no-referrer";
    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";

    # Avoid information leak
    server_tokens off;
    fastcgi_hide_header X-Powered-By;

    root /var/www/html/ampache;
    index index.php;
    client_max_body_size 100m;

    # Somebody said this helps, in my setup it doesn't prevent temporary saving in files
    proxy_max_temp_file_size 0;

    # Rewrite rule for Subsonic backend
    if ( !-d $request_filename ) {
        rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
        rewrite ^/rest/fake/(.+)$ /play/$1 last;
    }

    # Rewrite rule for Channels
    if (!-d $request_filename){
      rewrite ^/channel/([0-9]+)/(.*)$ /channel/index.php?channel=$1&target=$2 last;
    }

    # Beautiful URL Rewriting
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&name=$5 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&name=$6 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&player=$6&name=$7 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&bitrate=$6player=$7&name=$8 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&transcode_to=$6&bitrate=$7&player=$8&name=$9 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&name=$7 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&player=$7&name=$8 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&bitrate=$7player=$8&name=$9 last;
    rewrite ^/play/ssid/(\w+)/type/(\w+)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/noscrobble/([0-1])/transcode_to/(w+)/bitrate/([0-9]+)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&noscrobble=$6&transcode_to=$7&bitrate=$8&player=$9&name=$10 last;

    # the following line was needed for me to get downloads of single songs to work
    rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/action/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4action=$5&name=$6 last;
    location /play {
        if (!-e $request_filename) {
			rewrite ^/play/art/([^/]+)/([^/]+)/([0-9]+)/thumb([0-9]*)\.([a-z]+)$ /image.php?object_type=$2&object_id=$3&auth=$1 last;
        }

		rewrite ^/([^/]+)/([^/]+)(/.*)?$ /play/$3?$1=$2;
		rewrite ^/(/[^/]+|[^/]+/|/?)$ /play/index.php last;
		break;
    }

   location /rest {
      limit_except GET POST {
         deny all;
      }
   }

   location ^~ /bin/ {
      deny all;
      return 403;
   }

   location ^~ /config/ {
      deny all;
      return 403;
   }

   location / {
      limit_except GET POST HEAD{
         deny all;
      }
   }

   location ~ ^/.*.php {
        fastcgi_index index.php;

        # sets the timeout for requests in [s] , 60s are normally enough
        fastcgi_read_timeout 600s;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        # Mitigate HTTPOXY https://httpoxy.org/
        fastcgi_param HTTP_PROXY "";

        # has to be set to on if encryption (https) is used:
        fastcgi_param HTTPS on;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;

        # chose as your php-fpm is configured to listen on
        fastcgi_pass unix:/run/php-fpm/www.sock;
   }

   # Rewrite rule for WebSocket
   location /ws {
        rewrite ^/ws/(.*) /$1 break;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8100/;
   }
}

This file assumes that we will be installing Ampache to the domain ampache.example.com and in the directory /var/www/html/ampache. Press Ctrl + X to close the editor and press Y when prompted to save the file.

Activate this configuration file by linking it to the sites-enabled directory.

$ sudo ln -s /etc/nginx/sites-available/ampache.conf /etc/nginx/sites-enabled/

Test the Nginx configuration.

$ sudo nginx -t

You should see the following output indicating your configuration is correct.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload the Nginx service.

$ sudo systemctl reload nginx

Setting up HTTPS using Let's Encrypt

For using Let's encrypt, we need to install the Certbot package.

Install Certbot.

$ sudo dnf install certbot certbot-nginx -y

Install the certificate.

$ sudo certbot --nginx -d ampache.example.com

If this is your first time with the tool on this server, you need to agree to the terms and enter your email address. Say no when asked if you want to share your email with the EFF foundation.

If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select 2 and then hit ENTER. Your certificate is now installed and activated.

Run the following command to set up automatic renewal.

$ echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null

Install Ampache

Create an empty document root folder for Ampache.

$ sudo mkdir -p /var/www/html/ampache

The -p argument ensures that parent directories var and www are automatically created if they don't exist.

Next, download the ZIP archive of the latest release of Ampache. You can find the link to the latest release from its Github releases page. At the time of writing this tutorial, 4.4.1 is the latest version so we will download that.

$ wget https://github.com/ampache/ampache/releases/download/4.4.1/ampache-4.4.1_all.zip

Next, unpack the ZIP file to the directory we created earlier.

$ sudo unzip ampache-4.4.1_all.zip -d /var/www/html/ampache/

Next, set the permissions on the /var/www/html/ampache directory for the Nginx webserver.

$ sudo chown --recursive  nginx:nginx /var/www/html/ampache/

Create another directory to store your music. We don't need sudo here because we are creating in our own user directory.

$ sudo mkdir -p /data/Music

Change ownership of the /home/user/music to nginx so that server can write and read from the directory where you will store music.

$ sudo chown -R nginx:nginx /data/Music

To finish setting up Ampache, install FFmpeg, a utility to convert audio and video files from one format to another. Ampache uses FFmpeg to convert audio files on the fly from the format to which it was uploaded into a format that the listening device can play.

Fedora doesn't ship with FFmpeg by default so we need to add the RPMFusion repository first.

$ sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

Next, install FFmpeg.

$ sudo dnf install ffmpeg

Using Ampache Installer

Your Ampache site is ready for use and can be accessed via https://example.com in your browser. The first time you open it, you will be greeted by the web installer of Ampache.

Ampache Installer Home

Select your language and continue to the next page where you will be shown if your server fulfills the requirements for Ampache.

Ampache Installer Requirements

If you have followed the tutorial properly, then you should be able to move to the next page where you will be asked to fill in the Database details. Since we have already created the database, we can leave the checkbox for it unchecked. The same goes for the database user. Fill in the database name, user, and password which we created and proceed to the next page.

Ampache Database Setup

Next, you will be shown the configuration options for Ampache. Most of the information is pre-filled and doesn't need any modification.

Ampache Installer Configuration

For some reason, the Ampache web installer doesn't detect the installed FFmpeg binary on Fedora. We will enable that later by editing the configuration file manually.

Next, fill in the details for the Administrator account for Ampache.

Ampache Admin Account Setup

You will now be redirected to the login page for Ampache.

Ampache Login

Fill in your user details and you can now access the Ampache player.

Ampache Home

Before you can start using it, we need to enable FFmpeg for transcoding purposes. To enable that, you need to open the /var/www/html/ampache/config/ampache.cfg.php file for editing.

$ sudo nano /var/www/html/ampache/config/ampache.cfg.php

Replace the following line

;transcode_cmd = "ffmpeg"

with the following line by removing the ampersand sign in front of it.

transcode_cmd = "ffmpeg"

Press Ctrl + X to close the editor and press Y when prompted to save the file. You can make a lot more changes you want through this file. Your Ampache installation is ready but for it to work, we need to add some music to it first.

Adding Music

To add music to Ampache, we need to create a catalog in the player and then upload the files from the web interface.

First, use the Add catalog option on the homepage.

Ampache Add Catalog

Select local as the type of catalog and fill in the path /home/user/music. If you want to import playlists, you can select the option Build Playlists from Playlist Files. Give your catalog a name and then click Add Catalog to proceed.

Now that our catalog is created, we need to enable the option to be able to upload music files. To do that, click on the fourth navigation button on the top left toolbar to access Admin settings.

Ampache Admin Button

Scroll down to the Server Config section and click on System.

Ampache Server Config Section

Find the Allow user uploads line and select On from the dropdown menu. You can also select the type of user who is allowed to add the files. In our case, it is the Catalog Manager who also happens to be the Administrator.

You also need to set the destination for the user uploaded files. You can set this using the Destination catalog line. Select the catalog we just created from the dropdown menu.

Ampache Upload Settings

Click Update Preferences when you are done. You can now add music to your Ampache installation. For that, click the headphone icon in the top left navigation menu.

Ampache Toolbar

Then, click the Upload link in the Music section.

Ampache Music Section

On the Upload page, browse and select your music files from your local PC and upload them. If you leave the Artist and Album fields blank, Ampache will automatically try to identify using the ID3 tags from the files themselves.

Ampache Upload Page

Once you are done, you can now find your files on any of the sections from the left pane and you can now stream your music.

Conclusion

This concludes our tutorial on how to install and use the Ampache Music streaming server powered by Fedora 33. If you have any questions or feedback, post it in the comments below.

Share this page:

0 Comment(s)