Docker images are available, please see detailed instructions on https://hub.docker.com/r/epoupon/lms.
Bookworm packages are provided for amd64 architectures. As root, trust the following debian package provider and add it in your list of repositories:
wget --backups=1 https://debian.poupon.dev/apt/debian/epoupon.gpg -P /usr/share/keyrings
echo "deb [signed-by=/usr/share/keyrings/epoupon.gpg] https://debian.poupon.dev/apt/debian bookworm main" > /etc/apt/sources.list.d/epoupon.list
To install or upgrade LMS:
apt update
apt install lms
The lms service is started just after the package installation, run by a dedicated lms system user.
Please refer to Deployment for further configuration options.
Note: this installation process and the default values of the configuration files have been written for Debian Bookworm. Therefore, you may have to adapt commands and/or paths in order to fit to your distribution.
Notes:
- a C++20 compiler is needed
- ffmpeg version 4 minimum is required
apt-get install g++ cmake libboost-program-options-dev libboost-system-dev libavutil-dev libavformat-dev libstb-dev libconfig++-dev ffmpeg libtag1-dev libpam0g-dev libgtest-dev libarchive-dev
Notes:
- libpam0g-dev is optional (only for using PAM authentication)
- libstb-dev can be replaced by libgraphicsmagick++1-dev (the latter will likely use more RAM)
You also need Wt4, which is not packaged on Debian. See installation instructions.
No optional requirement is needed, except openSSL if you plan not to deploy behind a reverse proxy (which is not recommended).
Get the latest stable release and build it:
git clone https://github.com/epoupon/lms.git lms
cd lms
mkdir build
cd build
cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr
Notes:
- you can customize the installation directory using
-DCMAKE_INSTALL_PREFIX=path
(defaults to/usr/local
). - you can customize the image library using
-DLMS_IMAGE_BACKEND=<stb|graphicsmagick>
(defaults tostb
)
make
Note: you can use make -jN
to speed up compilation time (N is the number of compilation workers to spawn).
Note: the commands of this section require root privileges.
make install
Create a dedicated system user:
useradd --system --group lms
Copy the configuration files:
cp /usr/share/lms/lms.conf /etc/lms.conf
cp /usr/share/lms/lms.service /lib/systemd/system/lms.service
Create the working directory and give it access to the lms user:
mkdir /var/lms
chown lms:lms /var/lms
To make LMS run automatically during startup:
systemctl enable lms
To upgrade LMS from sources, you need to update the master branch and rebuild/install it:
cd build
git pull
make
Then using root privileges:
make install
systemctl restart lms
Note: don't forget to give the lms user read access to the music directory you want to scan.
LMS uses a configuration file, installed by default in /etc/lms.conf
. It is recommended to edit this file and change relevant settings (listen address, listen port, working directory, Subsonic API activation, deployment path, ...).
All other settings are set using the web interface (user management, scan settings, transcode settings, ...).
If a setting is not present in the configuration file, a hardcoded default value is used (the same as in the default configuration file)
You can define which authentication backend to be used thanks to the authentication-backend
option:
internal
(default): LMS uses an internal database to store users and their associated passwords (salted and hashed using Bcrypt). Only the admin user can create, edit or remove other users.PAM
: the user/password authentication request is forwarded to PAM (see the default PAM configuration file provided).http-headers
: LMS uses a configurable HTTP header field, typically set by a reverse proxy to handle SSO, to extract the login name. You can customize the field to be used using thehttp-headers-login-field
option. Note: the first created user is the admin user.
Open the the database file located in /var/lms/lms.db
using sqlite3
:
sqlite3 /var/lms/lms.db
Now force reset the password of the admin user to adminadmin
:
UPDATE user SET password_salt="sliIgHUpEoAlBMquivH4VzKXbSzexlvS", password_hash="$2y$07$a0vnQUbGTV/DZyDqOizvbOdCaytNjDhkOPcGoBZup4V0MRKDzOpEG" WHERE id=1;
.quit
If you want to deploy on non root path (e.g. https://mydomain.com/newroot/), you have to set the deploy-path
option accordingly in lms.conf
.
As static resources are not related to the deploy-path
option, you have to perform the following steps if you want them to be on a non root path too:
- Create a new intermediary
newroot
directory in/usr/share/lms/docroot
and move everything in it. - Symlink
/usr/share/lms/docroot/newroot/resources
to/usr/share/Wt/resources
. - Edit
lms.conf
and set:
wt-resources = "" # do not comment the whole line
docroot = "/usr/share/lms/docroot/;/newroot/resources,/newroot/css,/newroot/images,/newroot/js,/newroot/favicon.ico";`
deploy-path = "/newroot/"; # ending slash is important
If you use nginx as a reverse proxy, you can simply replace location /
with location /newroot/
to achieve the same result.
LMS is shipped with an embedded web server, but it is recommended to deploy behind a reverse proxy. You have to set the behind-reverse-proxy
option to true in the lms.conf
configuration file and to adjust the trusted proxy list in trusted-proxies
option.
Note: when running in a docker environment, you have to trust the docker gateway IP (which is 172.17.0.1
by default)
Here is an example to make LMS properly work on myserver.org using nginx:
server {
listen 80;
server_name myserver.org;
access_log /var/log/nginx/myserver.access.log;
proxy_request_buffering off;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_read_timeout 10m;
proxy_send_timeout 10m;
keepalive_timeout 10m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:5082/;
proxy_read_timeout 120;
}
}
Note: to mitigate brute force login attempts, LMS uses an internal login throttler based on the client IP address. The Client-IP
or X-Forwarded-For
headers are used to determine the real IP adress, so make sure to properly configure your reverse proxy to filter or even erase the values.
systemctl start lms
Log traces can be accessed using journactl:
journalctl -u lms.service
To connect to LMS, just open your favorite browser and go to http://localhost:5082
At the first launch, a setup assistant will guide you through creating the administrator account (username and password). Once this information is saved, you can refresh the page to access the LMS login screen.
Note: If you are using PAM
or http-header
authentication, this setup assistant will not appear (see Authentication backends).
Once logged in as an administrator, you will need to define your libraries—that is, select the music folders you want to scan. Then, check that the scan settings meet your needs (scan frequency, tag delimiters, etc.).
You can now initiate the initial scan to import your music into LMS.