How To Install Ampache Audio Streaming with SSL on Debian 10

by

A lot audio/video application combined out there, such as Plex, Emby or Jellyfin. But most of them develop as video streamer which make the user experience for streaming audio less interested. For many years I’ve been use ampache on AWS EC2 to stream my music. I’ve large music collection, about 100GB from various country/genre, Ampache able to handle that just fine.

Install Dependency

Install dependency for Ampache

sudo apt install unzip wget -y

unzip will be used to extract the ampache source code, while wget used to download the source code.

Install PHP 7

PHP 7.3 comes by default in Debian 10, let’s install it using apt package manager

sudo apt install php php-cli php-common php-gd php-xmlrpc php-fpm php-curl php-intl php-imagick php-mysql php-zip php-xml php-mbstring php-bcmath -y

Install MariaDB Server

Install the latest MariaDB version from the repository

sudo apt install mariadb-server -y

Create database and user for Ampache

Ampache uses MySQL to store its databases, for this application we’ll create a new database and user.

Database name : ampache
Database user : ampache

I prefer using application names both for database and user to keep it simple and easy to spot when managing a lot of databases for various applications.

Login as mysql root

sudo mysql

Create database

create database ampache

assign user to ampache database

GRANT ALL PRIVILEGES ON ampache.* TO "ampache"@"localhost" IDENTIFIED BY "STRONGPASSWORD";

replace STRONGPASSWORD with random secure password.
create database and user ampache

Install Nginx Web Server

sudo apt install nginx -y

Install Lets Encrypt SSL

We’ll use the free Let’s Encrypt SSL for Ampache services.

sudo apt-get install python-certbot-nginx -y

Create a new server block for your Ampache domain (ex. ampache.domain.com), replace these domain with your own.

sudo nano /etc/nginx/sites-enabled/ampache.domain.com.conf

copy belowing code

server {
    listen 80;
    root /var/www/html;
    index index.php;
    server_name ampache.domain.com;
}

Generate SSL using certbot

sudo certbot --register-unsafely-without-email -d ampache.domain.com

When asked :
Please read the Terms of Service at …. Enter A (Agree)
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. Enter 1 (No redirect)
full log

atetux@atetux-ampache:~$ sudo certbot --register-unsafely-without-email  -d ampache.atetux.com 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Registering without email!
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ampache.atetux.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ampache.atetux.com.conf
 
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://ampache.atetux.com
 
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ampache.atetux.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/ampache.atetux.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/ampache.atetux.com/privkey.pem
   Your cert will expire on 2020-12-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Check the server block for ampache.domain.com.conf, certbot add 5 new lines start from listen 443 line.

server {
    listen 80;
    root /var/www/html;
    index index.php;
    server_name ampache.atetux.com;
 
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ampache.atetux.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ampache.atetux.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
}

changes that server block to

server {
    listen 80;
    root /var/www/html/ampache;
    index index.php;
    server_name ampache.atetux.com;
 
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ampache.atetux.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ampache.atetux.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        fastcgi_intercept_errors on;
    }
 
}

restart nginx

sudo systemctl restart nginx

Install Ampache Application

Download Ampache

Download the latest Ampache, currently version 4.2.2

wget https://github.com/ampache/ampache/releases/download/4.2.2/ampache-4.2.2_all.zip

Extract the zip file, to /var/www/html/ampache

sudo unzip ampache-4.2.2_all.zip -d /var/www/html/ampache

Ampache Web Installer

The next step is to install Ampache via web Installer, open https://ampache.domain.com on browser
ampache web ui installer
click Start configuration

Scroll down, then click Continue
php nginx check ampache

Database Settings
Enter the database credentials, remember to uncheck create databases.
database setting for ampache
click Create database

Scroll down to File Insight part
write ampache configuration
click Write, to write configuration file to /var/www/html/ampache/config/ampache.cfg.php directly

Create Admin Account
create admin account ampache
Use other than admin for admin account, it’s to avoid brute-force from random bot out there.
create admin account ampache
click Create Account

Now we can login via https://ampache.domain.com, to start manage/upload our collections
atetux ampache dashboard

Leave a Comment