flac.stdftd.com is a dedicated Navidrome instance serving lossless FLAC audio files, running alongside the primary ipod.stdftd.com Navidrome instance. This provides high-quality music streaming for audiophile content while keeping the main library separate.
/volume1/flac/flac on cluster nodesha-nfs-flac-mountnavidrome-flac/flac (read-only)/var/lib/navidrome-flacOn Synology NAS (jgmelon - 192.168.1.246):
Control Panel → Shared Folder → flac → Edit → NFS Permissions
Create NFS rule:
192.168.1.0/24# Create mount point on both cluster nodes
sudo mkdir -p /flac
ssh thing-2 "sudo mkdir -p /flac"
# Create Pacemaker resource
sudo pcs resource create ha-nfs-flac-mount Filesystem \
device="192.168.1.246:/volume1/flac" \
directory="/flac" \
fstype="nfs" \
options="nfsvers=3,tcp,rsize=65536,wsize=65536" \
op monitor interval=30s \
op start interval=0s timeout=60s \
op stop interval=0s timeout=60s
# Add colocation constraint (follow cluster VIP)
sudo pcs constraint colocation add ha-nfs-flac-mount with cluster_vip INFINITY
# Add order constraint (mount after ha-nfs-mount)
sudo pcs constraint order ha-nfs-mount then ha-nfs-flac-mount
# Verify
sudo pcs status
mount | grep flac
ls /flac
Edit /mnt/ha-shared/navidrome/docker-compose.yml:
services:
navidrome:
# ... existing navidrome service ...
navidrome-flac:
image: deluan/navidrome:latest
container_name: navidrome-flac
restart: unless-stopped
ports:
- "4534:4533"
environment:
ND_MUSICFOLDER: /music
ND_DATAFOLDER: /data
ND_LOGLEVEL: info
ND_TRANSCODINGCACHESIZE: 2GB
ND_IMAGECACHESIZE: 1GB
ND_SCANINTERVAL: 15m
ND_ENABLETRANSCODINGCONFIG: true
ND_ENABLEDOWNLOADS: true
ND_ENABLESHARING: true
ND_ENABLEEXTERNALSERVICES: true
ND_DEFAULTBITRATE: 320
ND_MAXBITRATE: 0
ND_SCANNERPURGEMISSING: "true"
ND_RECENTLYADDEDBYMODTIME: "false"
volumes:
- /flac:/music:ro
- /var/lib/navidrome-flac:/data
- /mnt/ha-shared/letsencrypt:/etc/letsencrypt:ro
networks:
- webnet
networks:
webnet:
external: true
Create data directories:
# Create on both nodes
sudo mkdir -p /var/lib/navidrome-flac
sudo chown guernica:guernica /var/lib/navidrome-flac
ssh thing-2 "sudo mkdir -p /var/lib/navidrome-flac && sudo chown guernica:guernica /var/lib/navidrome-flac"
# Start container
cd /mnt/ha-shared/navidrome
docker compose up -d navidrome-flac
# Verify
docker ps | grep navidrome
# Disable web containers cluster resource
sudo pcs resource disable ha-web-containers
# Generate certificate
sudo certbot certonly --standalone -d flac.stdftd.com
# Copy to cluster shared storage
sudo cp -r /etc/letsencrypt/live/flac.stdftd.com /mnt/ha-shared/letsencrypt/live/
sudo cp -r /etc/letsencrypt/archive/flac.stdftd.com /mnt/ha-shared/letsencrypt/archive/
# Verify
ls -la /mnt/ha-shared/letsencrypt/live/flac.stdftd.com/
ls -la /mnt/ha-shared/letsencrypt/archive/flac.stdftd.com/
# Re-enable web containers
sudo pcs resource enable ha-web-containers
Edit /mnt/ha-shared/web-containers/nginx-reverse-proxy/nginx.conf:
Add inside the main http {} block:
# flac.stdftd.com - FLAC Navidrome Instance
server {
listen 80;
server_name flac.stdftd.com;
# Redirect to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name flac.stdftd.com;
ssl_certificate /etc/letsencrypt/live/flac.stdftd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/flac.stdftd.com/privkey.pem;
# SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://192.168.1.100:4534;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
Restart nginx:
cd /mnt/ha-shared/web-containers/nginx-reverse-proxy
docker compose restart nginx-reverse-proxy
# Verify
docker compose ps nginx-reverse-proxy
docker compose logs nginx-reverse-proxy --tail 20
Add DNS A record:
flac.stdftd.comEnsure port forwarding:
# Check mount
mount | grep flac
ls /flac
# Check Navidrome container
docker ps | grep navidrome-flac
docker logs navidrome-flac
# Check nginx
curl -I http://flac.stdftd.com
curl -I https://flac.stdftd.com
# Check Pacemaker status
sudo pcs status
Access: https://flac.stdftd.com
Problem: The "Recently Added" view shows files sorted by filesystem modification time rather than actual release dates. This occurred because files were replicated from mainsqueeze with current timestamps.
Status: Working as designed but not ideal. Files show as "recently added" based on when they were scanned into this database instance.
Workaround Options:
Re-replicate with timestamps preserved:
/volume1/flac on jgmelonRebuild database from scratch:
docker stop navidrome-flac
sudo rm -rf /var/lib/navidrome-flac/*
docker start navidrome-flac
With ND_RECENTLYADDEDBYMODTIME: "false" set, Navidrome will use metadata dates instead.
Accept current behavior - "Recently Added" will normalize over time as new music is actually added.
Certificates auto-renew via certbot systemd timer. After renewal, copy to cluster storage:
sudo cp -r /etc/letsencrypt/live/flac.stdftd.com /mnt/ha-shared/letsencrypt/live/
sudo cp -r /etc/letsencrypt/archive/flac.stdftd.com /mnt/ha-shared/letsencrypt/archive/
# Reload nginx
cd /mnt/ha-shared/web-containers/nginx-reverse-proxy
docker compose restart nginx-reverse-proxy
New FLAC files should be added to mainsqueeze at /volume2/flac/. The Synology Replication task will sync to jgmelon's /volume1/flac/, where it's mounted on the cluster.
Navidrome scans automatically every 15 minutes (ND_SCANINTERVAL: 15m).
Mount fails:
# Check NFS export on Synology
showmount -e 192.168.1.246
# Check Pacemaker resource
sudo pcs resource debug-start ha-nfs-flac-mount
# Check logs
sudo journalctl -u pacemaker -f
Navidrome not responding:
# Check container
docker logs navidrome-flac
# Restart
docker restart navidrome-flac
# Verify port
netstat -tlnp | grep 4534
Nginx errors:
# Test config
docker compose exec nginx-reverse-proxy nginx -t
# Check logs
docker compose logs nginx-reverse-proxy
# Verify cert files exist
docker compose exec nginx-reverse-proxy ls -la /etc/letsencrypt/live/flac.stdftd.com/
Internet → Port Forward (443) → cluster_vip (192.168.1.100)
↓
nginx-reverse-proxy (Docker)
↓
navidrome-flac:4534 (Docker)
↓
/flac (NFS mount)
↓
jgmelon:/volume1/flac (Synology)
↑
mainsqueeze:/volume2/flac (Synology - source)