AudioSilo

Configuration

On first run the server writes config.yaml into the data directory with secure defaults. Edit it and restart, or override individual values with the environment variables shown in brackets — handy for Docker. Command-line flags set the data dir and ffprobe path: audiosilo --data ./data --ffprobe ffprobe.

config.yaml 
# Written to <data-dir>/config.yaml on first run with secure defaults.
# Edit and restart, or override selected values with the [ENV_VAR] shown.

bind: "0.0.0.0:8080"          # listen address                    [AUDIOSILO_BIND]
public_url: ""                # external base URL for QR/invite    [AUDIOSILO_PUBLIC_URL]

tls:
  mode: "selfsigned"          # off | selfsigned | autocert       [AUDIOSILO_TLS_MODE]
  hosts: []                   # autocert hostnames                 [AUDIOSILO_TLS_HOSTS]

trusted_proxies: []           # CIDRs whose X-Forwarded-For is trusted   [AUDIOSILO_TRUSTED_PROXIES]
cors_origins: []              # allowed browser origins ("*" disables the check)  [AUDIOSILO_CORS_ORIGINS]
max_upload_bytes: 2147483648  # 2 GiB                             [AUDIOSILO_MAX_UPLOAD_BYTES]
web_dir: ""                   # web player dir; Docker bakes /app/web   [AUDIOSILO_WEB_DIR]

libraries: []                 # declare libraries to sync + scan on startup
# - name: "Main"
#   root: "/srv/audiobooks"

demo:
  enabled: false              # public throwaway demo accounts     [AUDIOSILO_DEMO_ENABLED]
  library: ""                 # library granted to demo users      [AUDIOSILO_DEMO_LIBRARY]
  idle_ttl: "24h"             # reap demo users idle longer than this   [AUDIOSILO_DEMO_IDLE_TTL]

app_links:                    # native deep-linking (iOS/Android), YAML only
  apple_app_ids: []
  android_package: ""
  android_sha256: []

Networking

  • bind — the address to listen on. Default 0.0.0.0:8080.
  • public_url — the externally reachable base URL, used to build QR pairing payloads and copy-invite links. If empty it's derived from the incoming request; set it explicitly behind a reverse proxy.
  • trusted_proxies — CIDRs whose X-Forwarded-For header is trusted. Set this behind a proxy so client IPs (used for rate limiting) are accurate, e.g. ["127.0.0.1/32", "10.0.0.0/8"].
  • cors_origins — allowed browser origins. Empty grants no cross-origin headers (native apps and same-origin web clients still work); "*" disables the check.

TLS

The tls.mode key takes one of three values:

  • selfsigned (default) — generates and persists a self-signed cert. Good for a LAN; clients must accept it.
  • autocert — automatic Let's Encrypt certificates (set tls.hosts). Needs a public hostname reachable on :443.
  • off — plain HTTP for use behind a reverse proxy that terminates TLS. See reverse proxy & TLS.

Libraries

Declaring libraries here syncs them into the database and scans them on startup; you can also create libraries at runtime from the admin console. There's no folder layout to configure — the scanner classifies each folder on its own (a directory of audio is one book; loose files at the root are single-file books), and any folder it gets wrong is fixed with a per-folder override (book | collection).

Public demo mode

With demo.enabled, an unauthenticated visitor can mint a throwaway account that's granted the named library; idle demo accounts and their data are reaped automatically after idle_ttl. Intended for a public demo instance such as demo.audiosilo.app.

Native deep links

Set app_links so the server publishes /.well-known/apple-app-site-association and /.well-known/assetlinks.json, letting a phone open the installed app straight from a pairing/invite link (iOS Universal Links / Android App Links). Leave it empty to fall back to the web player.