Restrict access to Volumio

Sometimes you just don’t want everyone to have access to your Volumio interface. This very simple method will ask for a username/password:

Create a file in /var/www called login.php with

sudo nano /var/www/login.php

Insert the following text:

and save the file (Ctrl+X, Y, Enter)

Change the file /var/www/index.php

sudo nano /var/www/index.php

Change the following lines:


The next time you start browsing to Volumio it will ask you for a username/password which in this case is music/player
(can be changed in the first line of the php code in login.php)

It would be nice if that worked but Volumio doesn’t use /var/www but /static/volumio/http with the javascript express web server thingy.

If someone finds out how to run php code, the code above is easily changed to a ip-whitelist. E.g.

<?php $ip_access = array(
    "",   // localhost
    "", // he
    "", // she
    ""  // it

$ip_user = $_SERVER['REMOTE_ADDR'];

if (!in_array($ip_user, $ip_access))
    header('WWW-Authenticate: Basic realm="MusicPlayer"');
    header('HTTP/1.0 401 Unauthorized');
    die("Not authorized");
} ?>