RPI MPD music server

I remember being under-whelmed when I first came across MPD as a linux music server but our friedship has grown over the years and I am now a great admirer.  All it really does is keep a list of music it can play and it will stream the sound out to different destinations.  You cant even play music with it, for that you need the MPC client.  However it does its job very well so it has a wide variety of targets it can send music to, you can add pretty/sophisticated front-ends and it has been around so long that it has become a standard which related software can interface with.

When it comes out of the box (well apt install mpd mpc) you simply put music in /var/lib/mpd/music, tell it to add them to the database (mpc update) and play (mpc add name.mp3 | mpc play).  Music can be divided into directories and symbolic links used to connect directories on different machines into the database.  Another folder called playlists contains lists of tracks which may be in the directory structure or URLs to other sources on the web.

As a music-playing client to control mpd, mpc is a very basic command-line tool; it is good enough for basic testing and can be used to automate functions in scripts.  You really want to be able to browse music, select albums or tracks or playlists, start/pause/skip/repeat tracks through a pleasant GUI.  I use these:
 Windows : Auremo
 Android : M.A.L.P, MPDroid
 IOS: MaximumMPD
 Chrome (any platform) : ympd

Initially sound from MPD is routed to the "alsa" device in linux which is typically the headphone/speaker jack which produces a low-quality sound.  You can feed this into an amplifier which improves it but it does mean your RPI has to be near the amp. There are many other options:
pulseaudio - allows routing of sound to other devices (e.g. bluetooth) and remote systems.
shoutcast - streams output wireless to other music players which understand shout/icecast
http - outputs to a browser
pipe - send to another app for further processing

My preferred output is to a bluetooth speaker.  In particular I use Pure Jongo bluetooth+wireless adapters and a speaker.  These have a neat capability, you can configure them so that a bluetooth input to one is played on all (it is called caskeid).  Initially I had to setup pulseaudio output from MPD and route that to the speaker but I then discovered bluealsa.  Bluealsa makes it possible to treat a bluetooth device as an alsa device so that you can stream music directly to the device.

RPI Webserver

Intro

It is a while since I built a new RPI so it was a pleasant change to set one up.  This one is intended as an internet facing webserver.  Although I don't have anything of great value on my home network it isn't very well organised so concentrating all webserving functions in one place seems a good idea.  In addition any external pages should be accessed via https these days, and I dont want multiple server key admin.

Install

Downloading Raspbian lite (Buster) image and creating an SD card (Balena etcher) is easy and headless RPI installation is straightforward.  There is a short list of changes I make initially to setup the system:
tailor colours, command prompts
setting up the server name (PI32) as a host on systems which require access.
setup alias on wsl for ssh signon
put public keys on PI32 to allow password free signon.

Webserver

I continue to use lighttpd for my webserver as it is simple, has plenty of features, is widely used on RPI and apparently has reasonable security.  Letsencrypt is the obvious choice for SSH/HTTPS and I followed Danny Tuppeny instructions to set it up with lighttpd.

I want a restricted set of pages (e.g. those which provide SQL update access) only to be available locally and lighttpd allows you to have different document-home folders dependent on the incoming URL so I have a /home folder for LAN addresses and /html folder for internet URLs.

File access to my backend server is provided by a Samba read-only share.
Database access is provided using PHP, with read-only credentials supplied for external access.

I feel this is a reasonable setup for my internet facing webserver providin https and improving security without being overkill for my applications.