docker run --rm --volumes-from cherrymusic-data -it klingtdotnet/cherrymusic
edit the configuration
docker run --rm --volumes-from cherrymusic-data -it klingtdotnet/vim vim /home/cm/.¬config/cherrymusic/cherrymusic.conf
normal run with read-only mounted music volume (or as SystemD service)
docker run --rm --volumes-from cherrymusic-data --volume /path/to/local/music:/home/cm/basedir/:ro -it klingtdotnet/vim vim /home/cm/.¬config/cherrymusic/cherrymusic.conf
SystemD Service
copy the [email protected] file to /etc/systemd/system and run systemctl daemon-reload
edit the environment file cherrymusic and copy it to /etc/sysconfig
run the service with systemctl start cherrymusic@someuser or enable it (start automatically on boot) systemctl enable cherrymusic@someuser
nginx Reverse Proxy Example
to generate a self-signed certificate: openssl req -x509 -newkey rsa:4096 -keyout music.klingt.net.pem -out music.klingt.net.crt -days 360
erver {
listen80;
listen [::]:80;
server_name music.some.domain;
return301 https://music.some.domain$request_uri;
}
server {
listen443 ssl spdy;
listen [::]:443 ssl spdy;
server_name music.some.domain;
ssl_certificate /etc/nginx/certs/_.some.domain/_.some.domain.pem;
ssl_certificate_key /etc/nginx/certs/_.some.domain/_.some.domain.key;
ssl_password_file /etc/nginx/certs/_.some.domain/.pass;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location/ {
proxy_http_version1.1;
# Set proxy headers for the passthroughproxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Let the Set-Cookie header through.proxy_pass_header Set-Cookie;
proxy_pass http://localhost:8765/;
}
}
SELinux Troublehshooting
certificate not readable by nginx, despite correct permmissions -> update SELinux context
restorecon -v -R /path/to/certs/
nginx returns 502 Bad Gateway -> add port to allowed http ports
semanage port -a -t http_port_t -p tcp 20800
# check
semanage port -l | grep 20800
note that semanage takes a lot of resources (I would like to know why), maybe you have to setup a swapfile for systems with less than 512MB of RAM. Otherwise it will stop with a KILLED message