mbweb is the Node.js / Express web console for Mediabot v3.
It provides a web interface for existing Mediabot users, using the Mediabot database for authentication, profile data, channel visibility, radio status, commands, quotes, metrics, and privileged views.
This console is intended to be installed next to an existing Mediabot v3 setup.
Current features include:
Repository copy:
contrib/mbweb
Recommended live installation path:
/opt/mbweb/app
Recommended reverse proxy path:
/mediabotv3dev/
Local service URL:
http://127.0.0.1:4002/mediabotv3dev/
You can change the public path by editing MBWEB_BASE_URL in .env, but the Apache reverse proxy path and the app base URL must match.
Install the required system packages:
apt update
apt install nodejs npm mariadb-client curl jq rsync apache2
If Apache is used as a reverse proxy, enable the proxy modules:
a2enmod proxy proxy_http headers
systemctl reload apache2
The service is expected to run as the existing mediabot user.
mkdir -p /opt/mbweb/app
chown -R mediabot:mediabot /opt/mbweb
chmod 755 /opt/mbweb
From the Mediabot repository:
cd /home/mediabot/mediabot_v3/contrib/mbweb
rsync -a --delete ./ /opt/mbweb/app/
chown -R mediabot:mediabot /opt/mbweb/app
find /opt/mbweb/app -type d -exec chmod 755 {} \;
find /opt/mbweb/app -type f -exec chmod 644 {} \;
Install Node dependencies:
cd /opt/mbweb/app
sudo -u mediabot npm install --omit=dev
If you are installing for development instead of production, use:
sudo -u mediabot npm install
Create the local .env file from the sample:
cd /opt/mbweb/app
cp .env.sample .env
chown mediabot:mediabot .env
chmod 600 .env
Edit .env and set the real local values.
Important variables:
MBWEB_SESSION_SECRET
MBWEB_DB_HOST
MBWEB_DB_PORT
MBWEB_DB_USER
MBWEB_DB_PASS
MBWEB_DB_NAME
MBWEB_BASE_URL
MBWEB_SESSION_SECRET must be a long random value, at least 32 characters.
The application refuses to start if the session secret is missing, still set to the default value, or too short.
Never commit .env.
.env# mbweb runtime
NODE_ENV=production
MBWEB_HOST=127.0.0.1
MBWEB_PORT=4002
MBWEB_BASE_URL=/mediabotv3dev
# Session
# Must be a long random value, at least 32 characters.
MBWEB_SESSION_SECRET=CHANGE_ME_WITH_A_LONG_RANDOM_SECRET_32_CHARS_MIN
# MariaDB / Mediabot database
MBWEB_DB_HOST=localhost
MBWEB_DB_PORT=3306
MBWEB_DB_USER=mediabotv3
MBWEB_DB_PASS=CHANGE_ME
MBWEB_DB_NAME=mediabotv3
# Auth
MBWEB_AUTH_TABLE=USER
MBWEB_AUTH_LOGIN_COLUMNS=nickname,username
MBWEB_AUTH_PASSWORD_COLUMNS=password
MBWEB_AUTH_LEVEL_COLUMNS=id_user_level
MBWEB_ALLOW_PLAINTEXT_PASSWORDS=0
# Radio / metrics
MBWEB_RADIO_STATUS_URL=http://127.0.0.1:8000/status-json.xsl
MBWEB_RADIO_PUBLIC_BASE_URL=http://example.org:8000
MBWEB_RADIO_PRIMARY_MOUNT=/radio160.mp3
MBWEB_METRICS_URL=http://127.0.0.1:9108/metrics
# Partyline, read-only future use
MBWEB_PARTYLINE_HOST=127.0.0.1
MBWEB_PARTYLINE_PORT=23456
Example:
openssl rand -hex 48
Then put the generated value in .env:
MBWEB_SESSION_SECRET=PASTE_THE_GENERATED_SECRET_HERE
Create /etc/systemd/system/mbweb.service:
[Unit]
Description=Mediabot v3 web console
After=network-online.target mariadb.service
Wants=network-online.target
[Service]
Type=simple
User=mediabot
Group=mediabot
WorkingDirectory=/opt/mbweb/app
EnvironmentFile=/opt/mbweb/app/.env
ExecStart=/usr/bin/node /opt/mbweb/app/app.js
Restart=on-failure
RestartSec=3
NoNewPrivileges=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Enable and start the service:
systemctl daemon-reload
systemctl enable --now mbweb.service
Check service status and logs:
systemctl status mbweb.service --no-pager -l
journalctl -u mbweb.service -n 120 --no-pager
Restart after code or .env changes:
systemctl restart mbweb.service
Example Apache snippet:
ProxyPass /mediabotv3dev/ http://127.0.0.1:4002/mediabotv3dev/
ProxyPassReverse /mediabotv3dev/ http://127.0.0.1:4002/mediabotv3dev/
Then reload Apache:
apachectl configtest
systemctl reload apache2
If you use a different public path, update both:
Apache ProxyPass path
MBWEB_BASE_URL
They must stay consistent.
Local checks:
curl -s http://127.0.0.1:4002/mediabotv3dev/health | jq .
curl -I http://127.0.0.1:4002/mediabotv3dev/login
Browser check:
https://example.org/mediabotv3dev/
Login with an existing Mediabot user.
From the live application directory:
cd /opt/mbweb/app
node -c app.js
find lib -maxdepth 1 -name '*.js' -print -exec node -c {} \;
find routes -maxdepth 1 -name '*.js' -print -exec node -c {} \;
Check current dependencies:
npm ls --depth=0
Files that must never be committed:
.env
.env.*
node_modules/
*.log
*.bak*
*.zip
*.tar.gz
The only allowed environment file in the repository is:
.env.sample
Before committing, check:
cd /home/mediabot/mediabot_v3
find contrib/mbweb \
\( -name '.env' -o \( -name '.env.*' ! -name '.env.sample' \) -o -name 'node_modules' -o -name '*.bak*' -o -name '*.log' -o -name '*.zip' -o -name '*.tar.gz' \) \
-print
The command above should print nothing.
You can also review possible secret-looking strings:
grep -RInE 'MBWEB_DB_PASS=|MBWEB_SESSION_SECRET=|password|secret|passwd' contrib/mbweb \
--exclude='.env.sample' \
--exclude='README.md' \
--exclude='package-lock.json' \
--exclude='package.json' || true
Most results should be normal code references, not real secrets.
mbweb is currently provided as a contributed web console for Mediabot v3.
The live app can evolve under /opt/mbweb/app; when ready, copy the cleaned source back into contrib/mbweb, excluding local runtime files and secrets.
Do not publish local synchronization scripts unless they are generic and safe for other users.
You must be logged in to reply.