Applications Azure

Lidarr on Ubuntu 24.04 on Azure User Guide

| Product: Lidarr on Ubuntu 24.04 LTS on Azure

Overview

Lidarr is the open source music collection manager of the arr family (GPL 3.0). It monitors your favourite artists, automatically fetches and organises new releases from your own indexers and download clients, tags and renames tracks, and keeps a tidy library, all through a modern web interface and a full REST API. The cloudimg image installs the self contained Lidarr release, runs it as a systemd service bound to loopback behind an nginx reverse proxy on port 80, protects that interface with HTTP Basic authentication whose password is unique to every VM, keeps all Lidarr state on a dedicated Azure data disk, and regenerates the Basic auth password and the Lidarr API key on the first boot of each VM. Backed by 24/7 cloudimg support.

What is included:

  • Lidarr 3.1.0.4875 installed from the official self contained linux core release, running as lidarr.service
  • nginx on :80 as an authenticating reverse proxy to the loopback Lidarr backend (127.0.0.1:8686)
  • HTTP Basic authentication on the web interface, with a per VM password generated on first boot (user admin)
  • A fresh per VM Lidarr API key generated on first boot, so no shared secret ships in the image
  • A dedicated 30 GiB Azure data disk at /var/lib/lidarr holding config, the SQLite databases, artwork cache and backups
  • lidarr.service + nginx.service as systemd units, enabled and active
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a good starting point. NSG inbound: allow 22/tcp from your management network and 80/tcp. Lidarr serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Lidarr by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name lidarr \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name lidarr --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the services are running

systemctl is-active lidarr.service nginx.service

Both report active. Lidarr listens on the loopback interface 127.0.0.1:8686 only, and nginx fronts it on port 80. You can confirm the listeners:

sudo ss -tlnp | grep -E ':80 |:8686 '

Port 8686 is bound to 127.0.0.1 (never exposed on the network); only port 80, protected by Basic authentication, is reachable.

lidarr.service and nginx.service active, with port 80 on nginx and Lidarr bound to loopback on 8686

Step 5 - Retrieve your sign in password

The admin Basic auth password is generated uniquely on the first boot of your VM and written to a root only file:

sudo cat /root/lidarr-credentials.txt

This file contains LIDARR_URL, LIDARR_ADMIN_USER (admin) and LIDARR_ADMIN_PASSWORD. Store the password somewhere safe.

The per VM credentials file showing the sign in URL, the admin user and the generated password

Step 6 - Verify the authentication gate (optional)

The web interface is never open. nginx rejects a request with HTTP 401 when no credentials or a wrong password are supplied. Both of these return 401:

curl -s -o /dev/null -w '%{http_code}\n' http://localhost/
curl -s -o /dev/null -w '%{http_code}\n' -u admin:wrong-password http://localhost/

nginx accepts HTTP 200 only with the per VM password. Using the LIDARR_ADMIN_PASSWORD from Step 5 (substitute your own password for <LIDARR_ADMIN_PASSWORD>), this returns 200:

curl -s -o /dev/null -w '%{http_code}\n' -u admin:<LIDARR_ADMIN_PASSWORD> http://localhost/

An unauthenticated health endpoint is proxied at /ping for load balancers and probes:

curl -s http://localhost/ping; echo

It returns {"status":"OK"}.

The Basic auth gate rejecting no credentials and a wrong password with 401, accepting the per VM password with 200, and the health endpoint returning status OK

Step 7 - Sign in to the web interface

Browse to http://<vm-public-ip>/. Your browser prompts for the Basic auth credentials: sign in as user admin with the password from Step 5. You land on the Library view, which on a fresh VM shows the empty state, ready for you to add a root folder and your first artist.

Lidarr Library view after signing in, showing the empty first run state with Add Root Folder and Add New Artist

Step 8 - Add artists to your library

Choose Add New from the sidebar (or Add New Artist on the Library view) and search for an artist by name. Lidarr looks the artist up, and once you pick a root folder and quality profile it begins monitoring for releases.

The Add New Artist search page where you look up artists to monitor

Step 9 - Review media management settings

Open Settings then Media Management to control how Lidarr renames and organises tracks, and to add the root folder where your music library lives.

Lidarr Media Management settings for track naming, file organisation and root folders

Step 10 - Check the system status

Open System then Status to see the running version, the bundled .NET runtime, the SQLite database version, disk space and any health messages. On a fresh VM the health panel notes that no indexer or download client is configured yet, which you add under Settings.

Lidarr System Status page reporting version 3.1.0.4875, the .NET runtime, the SQLite database and disk space

Step 11 - Confirm data lives on the dedicated disk

All Lidarr state, configuration, the SQLite databases, artwork cache and backups, is stored on the dedicated Azure data disk so it survives OS changes and can be resized independently:

findmnt -no SOURCE,TARGET,FSTYPE /var/lib/lidarr

The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.

The Lidarr data disk mounted at /var/lib/lidarr holding config.xml and the SQLite databases

Maintenance

  • Sign in password: the Basic auth password is unique per VM in /root/lidarr-credentials.txt. To change it, run sudo htpasswd -B /etc/nginx/.lidarr-htpasswd admin and reload nginx.
  • Indexers and download clients: add them under Settings then Indexers and Settings then Download Clients so Lidarr can find and fetch releases.
  • Root folders: point Lidarr at the folder where your music library lives under Settings then Media Management.
  • Data: configuration, the SQLite databases, artwork and backups all live under /var/lib/lidarr on the dedicated data disk; snapshot it to back Lidarr up.
  • TLS: Lidarr is served over plain HTTP on port 80; front it with TLS (e.g. certbot) and your own domain before production use.
  • Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.

Support

cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.