Nginx as proxy server

Q&A
1

Hi guys,
I’m currently sitting on making Mopidy reachable via nginx.
The goal should be to make Iris or even Musicbox webclient reachable via HTTPS, so I can embed the site in my openHAB installation.
Android devices have a problem if you want to use HTTPS and HTTP at the same time…

Can anyone help me with the current nginx config for this?
I have tried through a few configs which I could find.
Unfortunately I always get a 403 error for the WSS connection because wss can’t be routed through nginx.
I have already tried the following sites:
#341
#361
#426 - Cant post 3 links :wink:

I can call Iris, but I can’t connect to the Mopidy service or Snapcast.
If someone has a good binding for openHAB 3 to integrate Mopidy directly, that would of course be awesome too.
Unfortunately, I can only find a lot of instructions for Home Assistant and nothing useful for openHAB.

2

Hi @Hoerli

I’d love to help

  1. are nginx and mopidy running on the same machine?
  2. what’s your machine arch and version
  3. please paste your nginx conf here
  4. paste your mopidy conf (removing your client ids and secrets)
3

Hi!
Tanks for your help.

  1. Yes
  2. Raspberry Pi 4B with RaspianOS (64bit)
  3. nginx-config
server {
	listen 6690 ssl http2;
	server_name 192.168.178.110;

	ssl_prefer_server_ciphers on;
	proxy_http_version 1.1;
        proxy_read_timeout 600s;
        

        location / {
                proxy_pass http://127.0.0.1:6680/;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
        }

        ssl_certificate /etc/ssl/certs/selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/selfsigned.key;

}

And number 4:

[audio]
mixer = software
mixer_volume =
output = audioresample ! audioconvert ! audio/x-raw,rate=48000,channels=2,format=S16LE ! filesink location=/tmp/snapfifo
buffer_time =

[youtube]
enabled = true
youtube_api_key = SECRET!
threads_max = 16
search_results = 15
playlist_max_videos = 1000
api_enabled = true
autoplay_enabled = true
strict_autoplay = false
max_autoplay_length = 600
max_degrees_of_separation = 3

[soundcloud]
enabled = true
auth_token = SECRET!
explore_songs = 25

[somafm]
enabled = true
encoding = mp3
quality = highest
dj_as_artist = true

[musicbox_webclient]
enabled = true
musicbox = false
websocket_host =
websocket_port =
on_track_click = PLAY_ALL

[mpd]
enabled = true
hostname = 127.0.0.1
port = 6600
password =
max_connections = 20
connection_timeout = 60
zeroconf = Mopidy MPD server on $hostname
command_blacklist =
  listall
  listallinfo
default_playlist_scheme = m3u

[iris]
enabled = true
country = DE
locale = de_DE
spotify_authorization_url = https://jamesbarnsley.co.nz/iris/auth_spotify.php
lastfm_authorization_url = https://jamesbarnsley.co.nz/iris/auth_lastfm.php
genius_authorization_url = https://jamesbarnsley.co.nz/iris/auth_genius.php
data_dir = $XDG_DATA_DIR/iris

[http]
enabled = true
hostname = 0.0.0.0
port = 6680
zeroconf = Mopidy HTTP server on $hostname
allowed_origins =
csrf_protection = true
default_app = mopidy

[m3u]
enabled = true
base_dir =
default_encoding = latin-1
default_extension = .m3u8
playlists_dir =

[softwaremixer]
enabled = true

[stream]
enabled = true
protocols =
  http
  https
  mms
  rtmp
  rtmps
  rtsp
metadata_blacklist =
timeout = 5000

[local]
enabled = true
media_dir = /mnt/
scan_timeout = 5000

[ytmusic]
enabled = true
auth_json = /home/musikbox/auth.json
auto_playlist_refresh = 60
youtube_player_refresh = 15
playlist_item_limit = 1000
subscribed_artist_limit = 100
enable_history = true
enable_liked_songs = true
enable_mood_genre = true
enable_scrobbling = true
stream_preference =
  141
  251
  140
verify_track_url = true

Tried several nginx configs from the internet, but they all didn’t work so far.
I have only read what nginx can not handle websockets through a proxy.

4

let’s try

nginx (update proxy pass)

server {
	listen 6690 ssl http2;
	server_name 192.168.178.110;

	ssl_prefer_server_ciphers on;
	proxy_http_version 1.1;
        proxy_read_timeout 600s;
        

        location / {
                proxy_read_timeout 600s;
                proxy_pass http://127.0.0.1:6680;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $http_host;
        }

        ssl_certificate /etc/ssl/certs/selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/selfsigned.key;

}

mopidy config (allow all connections on the card via ::

[audio]
mixer = software
mixer_volume =
output = audioresample ! audioconvert ! audio/x-raw,rate=48000,channels=2,format=S16LE ! filesink location=/tmp/snapfifo
buffer_time =

[youtube]
enabled = true
youtube_api_key = SECRET!
threads_max = 16
search_results = 15
playlist_max_videos = 1000
api_enabled = true
autoplay_enabled = true
strict_autoplay = false
max_autoplay_length = 600
max_degrees_of_separation = 3

[soundcloud]
enabled = true
auth_token = SECRET!
explore_songs = 25

[somafm]
enabled = true
encoding = mp3
quality = highest
dj_as_artist = true

[musicbox_webclient]
enabled = true
musicbox = false
websocket_host =
websocket_port =
on_track_click = PLAY_ALL

[mpd]
enabled = true
hostname = 127.0.0.1
port = 6600
password =
max_connections = 20
connection_timeout = 60
zeroconf = Mopidy MPD server on $hostname
command_blacklist =
  listall
  listallinfo
default_playlist_scheme = m3u

[iris]
enabled = true
country = DE
locale = de_DE
spotify_authorization_url = https://jamesbarnsley.co.nz/iris/auth_spotify.php
lastfm_authorization_url = https://jamesbarnsley.co.nz/iris/auth_lastfm.php
genius_authorization_url = https://jamesbarnsley.co.nz/iris/auth_genius.php
data_dir = $XDG_DATA_DIR/iris

[http]
enabled = true
hostname = ::
port = 6680
zeroconf = Mopidy HTTP server on $hostname
allowed_origins =
csrf_protection = true
default_app = mopidy

[m3u]
enabled = true
base_dir =
default_encoding = latin-1
default_extension = .m3u8
playlists_dir =

[softwaremixer]
enabled = true

[stream]
enabled = true
protocols =
  http
  https
  mms
  rtmp
  rtmps
  rtsp
metadata_blacklist =
timeout = 5000

[local]
enabled = true
media_dir = /mnt/
scan_timeout = 5000

[ytmusic]
enabled = true
auth_json = /home/musikbox/auth.json
auto_playlist_refresh = 60
youtube_player_refresh = 15
playlist_item_limit = 1000
subscribed_artist_limit = 100
enable_history = true
enable_liked_songs = true
enable_mood_genre = true
enable_scrobbling = true
stream_preference =
  141
  251
  140
verify_track_url = true
5

Thanks that worked!

Now I just need to figure out how to switch Snapcast to SSL or additionally to SSL.
That does not work at the moment.

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.