# Setting up a reverse proxy A reverse proxy is a public-facing web server sitting in front of an internal server such as Libresonic. The Libresonic server never communicates with the outside ; instead, the reverse proxy handles all HTTP(S) requests and forwards them to Libresonic. This is useful in many ways, such as gathering all web configuration in the same place. It also handles some options (HTTPS) much better than the bundled Libresonic server or a servlet container such as Tomcat. This guide assumes you already have a working Libresonic installation after following the [installation guide](documentation/INSTALL.md). ## Getting a TLS certificate This guide assumes you already have a TLS certificate. [Let's Encrypt](https://letsencrypt.org) currently provides such certificates for free. ## Libresonic configuration A few settings should be tweaked via Spring Boot or Tomcat configuration: - Set the context path to `/libresonic` - Set the correct address to listen to - Set the correct port to listen to #### Spring Boot Add the following java args: ```java -Dserver.port=4040 -Dserver.address=127.0.0.1 -Dserver.contextPath=/libresonic -jar libresonic.war``` #### Tomcat Modify your `` with the proper address and port: ``` ServerName example.com ErrorDocument 404 /404.html DocumentRoot /var/www ProxyPass /libresonic http://localhost:4040/libresonic ProxyPassReverse /libresonic http://localhost:4040/libresonic ``` ### HAProxy The following configuration works for HAProxy (HTTP and HTTPS): ```haproxy defaults # Use HTTP protocole mode http frontend https # Listen on the HTTPS and HTTP ports bind :80 bind :443 ssl crt /etc/haproxy/certs/cert_key.pem # Add X-Headers necessary for HTTPS; include :[port] if not running on port 443 http-request set-header X-Forwarded-Host %[req.hdr(Host)] http-request set-header X-Forwarded-Proto https # (OPTIONAL) Force HTTPS redirect scheme https if !{ ssl_fc } # Bind URL with the right backend acl is_libresonic path_beg -i /libresonic use_backend libresonic-backend if is_libresonic backend libresonic-backend # Rewrite all redirects to use HTTPS, similar to what Nginx does in the # proxy_redirect directive. http-response replace-value Location ^http://(.*)$ https://\1 # Forward requests to Libresonic running on localhost on port 4040 server libresonic 127.0.0.1:4040 check ```