Subsonic Forum

[TommyAtKadx]

Hi,

I'm trying to use Subsonic with Nginx

my nginx is listening on port 8443
server {
### server port and name ###
listen 10.66.26.192:8443 ssl;
server_name subsonic.domain.org;

### SSL log files ###
access_log /var/log/nginx/subsonic-access.log;
error_log /var/log/nginx/subsonic-error.log;

### SSL cert files ###
ssl_certificate /etc/nginx/ssl/wildcard.domain.org.crt;
ssl_certificate_key /etc/nginx/ssl/wildcard.domain.org.key;

### Add SSL specific settings here ###
#port_in_redirect off;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;

### We want full access to SSL via backend ###
location / {
proxy_pass http://127.0.0.1:4040;

### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;

proxy_redirect off;

client_max_body_size 16G;

proxy_read_timeout 1800;
proxy_send_timeout 1800;
}
}

Subsonic is standard config (port 4040)

when trying to access https://subsonic.domain.org:8443/, I'm beeing redirect to:
http://subsonic.domain.org/login.view?

What's wrong?

[GJ51]

I'm not an NGINX user so I could be off a bit here, but my first thought is that vanity name success depends on redirection from the subsonic.org service over http - it's after the redirection is done that the server switches the user to the ssl port.

So you need to be connecting to http://servername.subsonic.org no explicit port statement required. The http port is transmitted to the redirection service when you save the Network settings in Subsonic.

What happens is that the URL request goes to subsonic.org which then translates the request to your http external ip and your http port - once received, if you have SSL set up on the server it will switch to the ssl port internally.

It has to be this way because there is no SSL connection to subsonic.org.

[TommyAtKadx]

I'm not using any servername.subsonic.org by my own domain name.

I want subsonic to answer on HTTPS://...:8443 from NGINX like I do with other web services like owncloud or svn...

there is probably a solution for this

[daneren2005]

In I believe /etc/default/subsonic, you need to change subsonic to use the https port instead of the http port. You will also need to configure a context path if you are trying to do something like domain.com/subsonic. You can find examples of existing nginx configurations if you search the forums.

[TommyAtKadx]

I tried using https within subsonic (--https-port=4141) and proxy_pass https://127.0.0.1:4141 in nginx

and I get 502 Bad Gateway

in my nginx log:
2014/07/24 21:14:02 [error] 22465#0: *3 SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) while SSL handshaking to upstream, client: 10.66.26.1, server: subsonic.domain.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:4141/favicon.ico", host: "subsonic.domain.org:8443"

[TommyAtKadx]

Fixed, thanks to a guy from nginx forum, and you guys too

First upgraded my nginx to the latest (I was running 1.2.1)

There is my subsonic config:
#
# This is the configuration file for the Subsonic service
# (/etc/init.d/subsonic)
#
# To change the startup parameters of Subsonic, modify
# the SUBSONIC_ARGS variable below.
#
# Type "subsonic --help" on the command line to read an
# explanation of the different options.
#
# For example, to specify that Subsonic should use port 80 (for http)
# and 443 (for https), and use a Java memory heap size of 200 MB, use
# the following:
#
# SUBSONIC_ARGS="--port=80 --https-port=443 --max-memory=200"

SUBSONIC_ARGS="--port=0 --https-port=4141 --max-memory=150"


# The user which should run the Subsonic process. Default "root".
# Note that non-root users are by default not allowed to use ports
# below 1024. Also make sure to grant the user write permissions in
# the music directories, otherwise changing album art and tags will fail.

SUBSONIC_USER=www-data


and there is my nginx config:
server {
### server port and name ###
listen 10.66.26.192:8443 ssl;
server_name subsonic.domain.org;

### SSL log files ###
access_log /var/log/nginx/subsonic-access.log;
error_log /var/log/nginx/subsonic-error.log;

### SSL cert files ###
ssl_certificate /etc/nginx/ssl/domain.org.crt;
ssl_certificate_key /etc/nginx/ssl/domain.org.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;

### We want full access to SSL via backend ###
location / {
proxy_ssl_protocols SSLv3;
proxy_pass https://127.0.0.1:4141;

### Set headers ####
proxy_set_header Host $host:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;

proxy_redirect off;

client_max_body_size 16G;

proxy_read_timeout 1800;
proxy_send_timeout 1800;
}
}

[GJ51]

Great!

Do you feel that running on this platform has significant advantges over the other platforms such as Tomcat?

[daneren2005]

In his case nginx is just a reverse proxy so it just sits in front if tomcat or jetty. It does offer some advantages but I doubt there is any performance difference since everything is still just being passed to jetty. Its just necessary if you want to have more then one server running on the same port.

Sent from my Nexus 5 using Tapatalk