Self-hosted multi-user music platform for modern creators, with strong support for AI music workflows.
HEXSONIC focuses on:
- upload and catalog management
- album/track metadata workflows
- private/public visibility control
- streaming + transcoding
- social features (ratings, comments, follows)
- role-based administration
- OpenSubsonic-compatible API endpoints
- OIDC-based login (Keycloak)
- Hierarchical roles:
user,member,moderator,admin - Creator badge gate for upload rights
- Owner-based management boundaries (owner + admin override)
- Persistent login with refresh-token flow
- Global registration toggle (admin-controlled)
- Invite-link based onboarding (works even if public registration is disabled)
- Invite lifecycle management (create/list/revoke/expiry)
- Dedicated invite registration entry flow (
/register?invite=...)
- Album and track management separated
- Public/private visibility per album and per track
- Hierarchical behavior for album visibility (album-level public propagation)
- Metadata edit support (title, artist, album, genre, covers, lyrics)
- Album comments
- Track rating (stars)
- Public user profiles with follow support
- Uploader attribution in library views
- Dedicated Discovery landing page
- Global discovery modules (
Top Songs,Trending,Top Albums) - Personal discovery for logged-in users (
For You) - Recommendation scoring based on listening behavior, ratings, playlist adds, and skips
- Discovery-oriented playback source tracking
Jukeboxbeta mode with adaptive rolling queue, live feedback controls, and personal radio-style playback
- Dedicated
Creator Statsview in the WebUI - Plays, unique listeners, qualified listens, completed listens, playlist adds, and rating metrics
- Top tracks and top albums by creator
- Traffic-source visibility for creator uploads
- Time-window based analytics (
24h,7d,30d,90d,all)
- Web player + advanced popout player
- Playlist queue handling with direct track jump
- Background transcoding pipeline (derived formats for broader client support)
- OpenSubsonic-compatible API for external clients
- User administration (roles, moderation, account actions)
- Registration control and invite administration
- Admin log/debug views in WebUI
- Prometheus and Grafana integration (proxied through HEXSONIC)
- Docker-first deployment with systemd autostart support
HEXSONIC is designed for hosting:
- AI-generated music
- original content you created
- content you are explicitly licensed to distribute
HEXSONIC is not intended for distributing copyrighted material without rights.
The operator of the deployed instance is solely responsible for:
- uploaded content
- copyright compliance
- applicable legal and regulatory obligations
Project contributors provide software only and do not assume liability for operator misuse.
- Multi-user by design (user/member/mod/admin model)
- Creator-oriented upload and management flows
- Album + track ownership logic
- Built-in discovery landing page with personal + global recommendation layers
- Beta
Jukeboxengine for personalized radio-style playback - Creator-facing analytics for uploaded content
- OIDC authentication (Keycloak)
- Admin observability (Grafana + Prometheus via app routes)
- One-command setup with randomized secrets
Run the all-in-one installer:
./setup.shsetup.sh will:
- check/install required dependencies (Debian/Ubuntu)
- generate random passwords/secrets
- write
.env - render Keycloak realm import with your generated values
- build and start Docker services
- print URLs and initial credentials
After completion, you get:
- Web UI URL
- Keycloak URL
- HEXSONIC admin login
- Keycloak bootstrap admin login
Credentials are also written to:
runtime/setup/initial-credentials.txt
api(Go HTTP API + integrated Web UI)worker(transcoding/background jobs)postgres(catalog + jobs + app data)valkey(cache/queues)keycloak(OIDC)prometheus(metrics)grafana(dashboards)oauth2-proxy(Prometheus auth bridge)
Defaults (change in .env):
HEXSONIC_PUBLIC_PORT=18080KEYCLOAK_PUBLIC_PORT=18081
Grafana and Prometheus are exposed through HEXSONIC routes:
/grafana//prometheus/
cmd/hexsonic-apiAPI server entrypointcmd/hexsonic-workerworker entrypointinternal/core backend modulesweb/Web UI assetsdeploy/docker/systemd/provisioning assetsscripts/operational helperssetup.shone-shot install/bootstrap
Start/refresh stack:
docker compose up -d --buildStop stack:
docker compose downView logs:
docker compose logs -f api workerInstall compose autostart service:
sudo bash scripts/install_systemd.sh compose /opt/hexsonicService:
hexsonic-compose.service
HEXSONIC exposes OpenSubsonic-style endpoints (e.g. /rest/...) for client compatibility.
Notes:
- Some clients require legacy auth mode
- Some clients require explicit user/password login (not token-only)
- Compatibility coverage is broad but client behavior can vary
Use .env.example as reference for all supported variables.
Important:
- never commit real
.envvalues - never commit generated runtime artifacts
- rotate credentials when moving environments
- Put HEXSONIC behind a TLS reverse proxy (recommended: DomNexDomain for simpler secure edge handling)
- Restrict server firewall to required ports
- Keep host + container images updated
- Back up Postgres and runtime storage regularly
- Keep registration settings and role grants under control
- Audit admin logs and auth events periodically
Build:
make buildTest:
make testLint:
make lintSmoke test:
./scripts/smoke_test.shAuthenticated smoke test:
AUTH_TOKEN="<ACCESS_TOKEN>" ./scripts/smoke_test.sh- AsaTyr2018 (
hauke.lenz@lenz-service.de)
Licensed under the Mozilla Public License 2.0 (MPL-2.0).
See LICENSE.
