Install using the installer
This guide walk you though the steps required to install LibreTime on your system using the installer.
The installer is shipped in the released tarballs or directly in the project repository.
Installing on one of the following distribution releases is recommend:
Before installing
Before installing LibreTime, you need to make sure you operating system is up to date and configured.
Operating system time configuration
Check your operating system time configuration using the following command:
sudo timedatectl
Local time: Fri 2022-08-05 12:43:39 CEST
Universal time: Fri 2022-08-05 10:43:39 UTC
RTC time: Fri 2022-08-05 10:43:40
Time zone: Europe/Berlin (CEST, +0200)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Make sure that your time zone is configured, if not you can set it using the timedatectl set-timezone command. The following command configure the timezone to Europe/Paris, make sure to set your own timezone:
sudo timedatectl set-timezone Europe/Paris
If the NTP service is inactive, you should consider enabling it using the timedatectl set-ntp command. The following command enables the NTP service:
sudo timedatectl set-ntp true
Finally, check that everything was applied by running timedatectl:
sudo timedatectl
Download
You can either download the latest released tarball or clone the repository.
- Release tarball
- Git repository
Download the latest released tarball from Github.
Or directly from the command-line:
wget https://github.com/libretime/libretime/releases/download/4.0.0/libretime-4.0.0.tar.gz
And extract the tarball:
tar -xvf libretime-4.0.0.tar.gz && cd libretime
Clone the project repository:
git clone https://github.com/libretime/libretime
cd libretime
Don't use the https://github.com/libretime/libretime-debian-packaging repository, it's only used to create LibreTime packages.
When upgrading, you should clean the local repository, pull the latest changes and finally check out the desired version:
cd libretime
git clean -xdf
git pull
And checkout the latest version:
git checkout 4.0.0
Run the installer
By default the installer will configure LibreTime to listen at the port 8080. We recommend that you configure a reverse proxy in front of LibreTime to secure the connection using HTTPS, and route the traffic from the ports 80/443 to the LibreTime server.
Install LibreTime with the following command, be sure to replace https://libretime.example.org with the public url of your installation:
sudo ./install https://libretime.example.org
When upgrading be sure to run the installer using the same arguments you used during the initial install.
If you need to change some configuration, the install script can be configured using flags or environment variables. Changing the listening port of LibreTime or whether you want to install some dependency by yourself, you could run the following:
# Install LibreTime on your system with the following tweaks:
# - don't install the liquidsoap package (remember to install liquidsoap yourself)
# - set the listen port to 8081
# - don't run the PostgreSQL setup (remember to setup PostgreSQL yourself)
sudo \
LIBRETIME_PACKAGES_EXCLUDES='liquidsoap' \
./install \
--listen-port 8081 \
--no-setup-postgresql \
https://libretime.example.org
You can persist the install configuration in a .env file next to the install script. For example, the above command could be persisted using the .env file below, and you should be able to run the install script without arguments:
LIBRETIME_PACKAGES_EXCLUDES='liquidsoap'
LIBRETIME_LISTEN_PORT='8081'
LIBRETIME_SETUP_POSTGRESQL=false
LIBRETIME_PUBLIC_URL='https://libretime.example.org'
The install script will use generated passwords to create the PostgreSQL user, RabbitMQ user and to update the default Icecast passwords. Those passwords will be saved to the configuration files.
Feel free to run ./install --help to get more details.
Using the system audio output
If you plan to output analog audio directly to a mixing console or transmitter, the user running LibreTime needs to be added to the audio user group using the command below:
sudo adduser libretime audio
Setup LibreTime
Once the installation is completed, edit the configuration file at /etc/libretime/config.yml to fill required information and to match your needs.
You may have to configure your timezone to match the one configured earlier:
# The server timezone, should be a lookup key in the IANA time zone database,
# for example Europe/Berlin.
# > default is UTC
- timezone: UTC
+ timezone: Europe/Paris
Next, run the following commands to setup the database:
sudo -u libretime libretime-api migrate
Finally, start the services, and check that they're running using the following commands:
sudo systemctl start libretime.target
sudo systemctl --all --plain | grep libretime
Securing LibreTime
Install Certbot
The first step to using Let’s Encrypt to obtain an SSL certificate is to install the Certbot software on your server:
sudo apt install certbot python3-certbot-nginx
Let’s Encrypt’s certificates are only valid for ninety days. The certbot package takes care of this for you by adding a systemd timer that will run twice a day and automatically renew any certificate that’s within thirty days of expiration.
You can query the status of the timer using:
sudo systemctl status certbot.timer
Configure a reverse proxy
Next, you have to configure a reverse proxy to route the traffic from port 80 to LibreTime (port 8080).
Copy the following in a new Nginx configuration file, make sure to replace libretime.example.org with your own domain name:
server {
listen 80;
listen [::]:80;
server_name libretime.example.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://localhost:8080/;
}
}
Enable the new reverse proxy configuration, make sure to replace libretime.example.org with your own domain name:
sudo ln -s /etc/nginx/sites-{available,enabled}/libretime.example.org.conf
Then, check that the nginx config is valid and reload nginx:
sudo nginx -t
sudo systemctl reload nginx
Obtain a certificate
Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary.
To request a Let’s Encrypt certificate using Certbot with the Nginx plugin, be sure to replace libretime.example.org with the domain name of your installation and run the following:
sudo certbot --nginx -d libretime.example.org
Setup the certificate for Icecast
By default, browsers will prevent loading mixed content on secure pages, so you won't be able to listen the insecure Icecast streams on a secure website. To fix that you need to secure the Icecast streams.
Create a Icecast specific SSL certificate bundle, be sure to replace libretime.example.org with the domain name of your installation:
sudo bash -c "install \
--group=icecast \
--mode=640 \
<(cat /etc/letsencrypt/live/libretime.example.org/{fullchain,privkey}.pem) \
/etc/icecast2/bundle.pem"
Enable the secure socket and set the SSL certificate bundle path in the Icecast configuration file:
<!-- You may have multiple <listen-socket> elements -->
<listen-socket>
<port>8000</port>
<!-- <bind-address>127.0.0.1</bind-address> -->
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
</listen-socket>
<!--
<listen-socket>
<port>8080</port>
</listen-socket>
-->
- <!--
<listen-socket>
<port>8443</port>
<ssl>1</ssl>
</listen-socket>
- -->
<!-- Aliases: can also be used for simple redirections as well,
this example will redirect all requests for http://server:port/ to
the status page
-->
<alias source="/" destination="/status.xsl"/>
<!-- The certificate file needs to contain both public and private part.
Both should be PEM encoded.
<ssl-certificate>/usr/share/icecast2/icecast.pem</ssl-certificate>
-->
+ <ssl-certificate>/etc/icecast2/bundle.pem</ssl-certificate>
</paths>
Restart Icecast to apply the changes:
sudo systemctl restart icecast2
Next, you need to change the LibreTime stream.outputs.icecast.*.public_url configuration to use the newly enabled Icecast secure port:
# Icecast output streams.
# > max items is 3
icecast:
- <<: *default_icecast_output
enabled: true
- public_url:
+ public_url: https://libretime.example.org:8443/main.ogg
mount: main.ogg
audio:
format: ogg
bitrate: 256
- <<: *default_icecast_output
enabled: true
- public_url:
+ public_url: https://libretime.example.org:8443/main.mp3
mount: main.mp3
audio:
format: mp3
bitrate: 320
Restart the LibreTime to apply the changes:
sudo systemctl restart libretime.target
Finally, you need to configure the Certbot renewal to bundle a Icecast specific SSL certificate and restart the Icecast service:
# Options used in the renewal process
[renewalparams]
account = d76ce6a241c7c74f79e5443216ee420e
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
+
+deploy_hook = 'bash -c "install --group=icecast --mode=640 <(cat $RENEWED_LINEAGE/{fullchain,privkey}.pem) /etc/icecast2/bundle.pem && systemctl restart icecast2"'
Check that the renewal configuration is valid:
sudo certbot renew --dry-run
Setup the certificate for Liquidsoap
To stream audio content from an external source to the LibreTime server, Liquidsoap creates input harbors (Icecast mount points) for the clients to connect to. These mount points are insecure by default, so it's recommended secure them.
To enable the secure input streams, edit the configuration file at /etc/libretime/config.yml with the following, be sure to replace libretime.example.org with the domain name of your installation:
liquidsoap:
- harbor_ssl_certificate:
- harbor_ssl_private_key:
+ harbor_ssl_certificate: /etc/letsencrypt/live/libretime.example.org/fullchain.pem
+ harbor_ssl_private_key: /etc/letsencrypt/live/libretime.example.org/privkey.pem
stream:
inputs:
main:
public_url:
mount: main
port: 8001
- secure: false
+ secure: true
show:
public_url:
mount: show
port: 8002
- secure: false
+ secure: true
Restart the LibreTime to apply the changes:
sudo systemctl restart libretime.target
First login
Once the setup is completed, log in the interface (with the default user admin and password admin), and edit the project settings (go to Settings > General) to match your needs.
Remember to change your password.