Setting up subsonic behind an HTTPS reverse proxy

Need help? Post your questions here.

Moderator: moderators

Setting up subsonic behind an HTTPS reverse proxy

Postby koniiiik » Wed Aug 29, 2018 9:22 am

I have a mostly working setup with nginx as a reverse proxy with TLS termination, using Let's Encrypt certificates. Most things seem to be working fine, except for a few pages that don't load, specifically, the settings page, and the “Playing” entry in the top menu.

The reason those don't work is that they return redirects to plain-text HTTP resources on the same domain, which are rejected by the browser, since the origin is loaded over HTTPS. (And as I'm typing this, I noticed that other redirects also lead to HTTP resources, like the login page; the login page in particular doesn't break everything, since it's loaded as a top-level browser context, so the browser just follows the redirect, which then gets redirected back to HTTPS by nginx anyway.)

I have tried to change the “Access your server over the Internet using an easy-to-remember address.” setting to use my custom HTTPS root URL, but it doesn't seem to make any difference – that would probably have something to do with the message that gets displayed below:

Status: Could not connect to https://my.subsonic.domain. (SSLException)


I have no idea why Subsonic throws that exception – I have both ISRG Root X1, and DST Root CA X3 in my system CA bundle, and no other client appears to have any trouble verifying the reverse proxy. Could it be that the HTTPS client library used by Subsonic doesn't support TLS1.2?

Either way, any idea if there's anything I can do here to make Subsonic aware that it's being served to clients over HTTPS?
koniiiik
 
Posts: 2
Joined: Wed Aug 29, 2018 8:45 am

Re: Setting up subsonic behind an HTTPS reverse proxy

Postby gnorkh » Wed Aug 29, 2018 10:01 am

koniiiik wrote:I have a mostly working setup with nginx as a reverse proxy with TLS termination, using Let's Encrypt certificates. Most things seem to be working fine, except for a few pages that don't load, specifically, the settings page, and the “Playing” entry in the top menu.


I had a very similar sounding problem, but with Apache as SSL reverse proxy. There, I solved it by configuring "ProxyPreserveHost Off".

Here's a discussion about an equivalent parameter in nginx; maybe try to play around with that:
https://serverfault.com/questions/87056/when-nginx-is-configured-as-reverse-proxy-can-it-rewrite-the-host-header-to-the/87059

Cheers
Ben
gnorkh
 
Posts: 1
Joined: Wed Aug 29, 2018 9:46 am

Re: Setting up subsonic behind an HTTPS reverse proxy

Postby koniiiik » Wed Aug 29, 2018 10:53 am

Yeah, I actually figured out how to resolve this within nginx in the mean time; everything seems to work fine after I added the following two lines to the relevant location block (I already had the correct Host header, which was mentioned in the serverfault answer, in place):
Code: Select all
proxy_redirect default;
proxy_redirect http://$host/ /;


I still want to do some more experimentation; for instance, I'm not sure if nginx sets the X-Forwarded-Proto header by default, and whether Subsonic takes it into account; however, for now, this seems to work just fine. I'll post an update if I get around to figuring out the X-Forwarded-Proto situation.
koniiiik
 
Posts: 2
Joined: Wed Aug 29, 2018 8:45 am

Re: Setting up subsonic behind an HTTPS reverse proxy

Postby StalkS » Fri Nov 23, 2018 10:40 am

I am using Caddy as my https reverse proxy and hitting the same issues with the Settings page - Has any one else managed to resolve it?
StalkS
 
Posts: 6
Joined: Tue Apr 19, 2016 12:57 pm


Return to Help

Who is online

Users browsing this forum: Bing [Bot] and 15 guests