# Setting up a reverse proxy A reverse proxy is a public-facing web server sitting in front of an internal server such as Libresonic. The Libresonic server never communicates with the outside ; instead, the reverse proxy handles all HTTP(S) requests and forwards them to Libresonic. This is useful in many ways, such as gathering all web configuration in the same place. It also handles some options (HTTPS) much better than the bundled Libresonic server or a servlet container such as Tomcat. This guide assumes you already have a working Libresonic installation after following the [installation guide](documentation/INSTALL.md). ## Getting a TLS certificate This guide assumes you already have a TLS certificate. [Let's Encrypt](https://letsencrypt.org) currently provides such certificates for free. ## Libresonic configuration A few settings should be tweaked via Spring Boot or Tomcat configuration: - Set the context path to `/libresonic` - Set the correct address to listen to - Set the correct port to listen to #### Spring Boot Add the following java args: ```java -Dserver.port=4040 -Dserver.address=127.0.0.1 -Dserver.contextPath=/libresonic -jar libresonic.war``` #### Tomcat Modify your `` with the proper address and port: ``` ServerName example.com ErrorDocument 404 /404.html DocumentRoot /var/www ProxyPass /libresonic http://localhost:4040/libresonic ProxyPassReverse /libresonic http://localhost:4040/libresonic ``` ### HAProxy The following configuration works for HAProxy (HTTPS with HTTP redirection): ```haproxy frontend https # Make sure that we are in HTTP mode so that we can rewrite headers mode http # Listen on the HTTPS and HTTP ports bind :80 bind :443 ssl crt /etc/haproxy/cert_key.pem # Some useful headers option httpclose option forwardfor # HTTP: Redirect insecure requests to HTTPS acl http ssl_fc,not http-request redirect scheme https if http # HTTPS: Forward requests to the Libresonic backend acl is_libresonic path_beg -i /libresonic use_backend libresonic-backend if is_libresonic backend libresonic-backend # Make sure that we are in HTTP mode so that we can rewrite headers mode http # Rewrite all redirects to use HTTPS, similar to what Nginx does in the # proxy_redirect directive. http-response replace-value Location ^http://(.*)$ https://\1 # Forward requests to Libresonic running on localhost on port 4040 server libresonic 127.0.0.1:4040 check ```