• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

Seeking Open Source Playback Streaming Solution with Specific Requirements

AlfieFroud

Member
Joined
Sep 4, 2020
Messages
70
Likes
8
I’m on the hunt for a playback streaming device or software that aligns with my specific needs, and I could use your expertise in finding the right fit.

Here are my requirements:

1. Open Source: I’m looking for a solution that is open source, ensuring transparency and flexibility.
2. Secure Protocols: It should not rely on insecure protocols like UPnP, as security is a priority.
3. Linux Compatibility: My music is stored on a Linux server, so I need the streaming device or software to either run on the server and stream to a separate endpoint or run on the output device and access music from the server.
4. Remote Control: I require the ability to control the playback remotely. Compatibility with both Android devices and Linux on a laptop is crucial.

If you have any recommendations or suggestions that match these criteria, I would greatly appreciate your insights. Thank you in advance for your help!
 

somebodyelse

Major Contributor
Joined
Dec 5, 2018
Messages
3,889
Likes
3,193
You'll probably fall down on 2, depending on definition of 'secure'. Do LMS or MPD fit the bill?
 

Berwhale

Major Contributor
Forum Donor
Joined
Aug 29, 2019
Messages
4,033
Likes
5,079
Location
UK

FreakyKiwi

Active Member
Joined
Jun 29, 2023
Messages
121
Likes
65
There was no mention of requiring external access, highlighting that exposing a local service to the internet with no added security is a bad idea does not make it insecure for normal use.

OP - what do you mean by secure?
Do you want to restrict LAN access, or are you only concerned about unauthorised access from the internet?
Part of the UPnP protocol is allowing router ports to be opened but this is not required for local music streaming. UPnP/DLNA streaming is generally terrible in any case.

I would also recommend LMS/Squeezelite which can be secured using HTTPS and authentication.
 
Last edited:

Berwhale

Major Contributor
Forum Donor
Joined
Aug 29, 2019
Messages
4,033
Likes
5,079
Location
UK
There was no mention of requiring external access, highlighting that exposing a local service to the internet with no added security is a bad idea does not make it insecure for normal use.

Keeping an insecure protocol behind a firewall doesn't make the protocol secure, which is what the OP asked for.

I would also recommend LMS/Squeezelite which can be secured using HTTPS and authentication.

I don't think clients can stream over HTTPS, is this not the case?

That said, I run LMS at home and I'm not particularly worried about doing so.
 

MaxwellsEq

Major Contributor
Forum Donor
Joined
Aug 18, 2020
Messages
1,942
Likes
2,945
OP - what do you mean by secure?
In my opinion, a secure protocol should be strongly encrypted with a session key and strongly authenticated.

Most audio protocols when operating natively do not come close, forcing all traffic behind a NAT masquerade and/or firewall and requiring strong segmentation at the server end and secure VPNs between sites.
 

somebodyelse

Major Contributor
Joined
Dec 5, 2018
Messages
3,889
Likes
3,193
That's why I think it will fail on 2 - I'm not aware of anything using protocols I would consider secure. You could arrange for server and clients to communicate via secure tunnels though - WireGuard or something. It depends on exactly what OP means by 'secure'.
 
OP
A

AlfieFroud

Member
Joined
Sep 4, 2020
Messages
70
Likes
8
My apologies for late reply. I think you’re correct in that I’m not going to find a secure protocol. Looking at my options I think I’m going to have to go with LMS but try to secure it as much as possible. Any suggestions?
 

fatoldgit

Senior Member
Joined
Feb 29, 2020
Messages
340
Likes
397
So lets say you end up with a two tier (LMS server running on file server -> end point) or three tier (file server->lms server->end point) topology then you can:

1- Run a firewall on each Linux device that only allows the specific ports needed and disable ssh****
2- Also configure the firewalls to only allow traffic from a defined set of MAC addresses
3- Additionally tie specific ports to specific MAC addresses (i.e. HTTP browsing on port XXX into hardware running LMS server only from MAC address YYY, squeezelite traffic from LMS server to endpoint similarly locked down, NFS traffic from fileserver to LMS server similarly locked down)
4- run ethernet (no wifi) between all devices and dont connect to your router (optional)
5- if wifi from say ipad is needed to browse, setup the server running LMS as an access point over its wifi (use USB wifi dongle if needed) or use a private WAP hardwired in via ethernet.. avoids sending traffic over your ISP router)
6- if using WAP wifi, also use MAC address filtering/port filtering configured in the WAP on the port use for browsing
7- if super paraniod and need to stream music services via ISP router, tie all of this into a managed switch and do the port and address filtering at this level as well (i.e. keeps ISP router restricted at two levels.. logical at the server level and physical at the switch level)

All of the above assumes you have the admin skills to do it.

Logically, as no PI (personal info) is moving between the various PC's involved, your only concern (albeit paranoid) is to stop someone connecting in from a remote device should they somehow breach your ISP router

Peter

**** To manage/admin each server system in a non-ssh env, you would need to connect a monitor/keyboard as needed OR get fancy and have a monitor/keyboard permanently attached and use a KVM switch
 
Last edited:

bachatero

Active Member
Joined
Dec 25, 2023
Messages
140
Likes
102
Why make it so complicated? Introducing NextCloud: store everything and access it anytime anywhere on any device. Although I don't have it set up with HTTPS on my local network, I use LetsEncrypt to get an encryption certificate for everywhere else.
 

Attachments

  • Screenshot from 2023-12-30 15-34-54.png
    Screenshot from 2023-12-30 15-34-54.png
    695.7 KB · Views: 25

fatoldgit

Senior Member
Joined
Feb 29, 2020
Messages
340
Likes
397
Why make it so complicated? Introducing NextCloud: store everything and access it anytime anywhere on any device. Although I don't have it set up with HTTPS on my local network, I use LetsEncrypt to get an encryption certificate for everywhere else.

Cause (speaking for the OP):

- you are trusting a third party
- you need to copy all your stuff to the cloud
- only addresses the file server side... doesnt address all tiers in an LMS config (say LMS server to squeezelite)

Now the OP's requirements are a bit over the top but between a self managed solution (mine) and a "trust some cloud company" solution (yours), they have options
 

bachatero

Active Member
Joined
Dec 25, 2023
Messages
140
Likes
102
NextCloud is all self-hosted, which means it stays all on your own server and nothing gets out.
 
Top Bottom