Subsonic Forum

I have a mostly working setup with nginx as a reverse proxy with TLS termination, using Let's Encrypt certificates. Most things seem to be working fine, except for a few pages that don't load, specifically, the settings page, and the “Playing” entry in the top menu.

The reason those don't work is that they return redirects to plain-text HTTP resources on the same domain, which are rejected by the browser, since the origin is loaded over HTTPS. (And as I'm typing this, I noticed that other redirects also lead to HTTP resources, like the login page; the login page in particular doesn't break everything, since it's loaded as a top-level browser context, so the browser just follows the redirect, which then gets redirected back to HTTPS by nginx anyway.)

I have tried to change the “Access your server over the Internet using an easy-to-remember address.” setting to use my custom HTTPS root URL, but it doesn't seem to make any difference – that would probably have something to do with the message that gets displayed below:

Status: Could not connect to https://my.subsonic.domain. (SSLException)

I have no idea why Subsonic throws that exception – I have both ISRG Root X1, and DST Root CA X3 in my system CA bundle, and no other client appears to have any trouble verifying the reverse proxy. Could it be that the HTTPS client library used by Subsonic doesn't support TLS1.2?

Either way, any idea if there's anything I can do here to make Subsonic aware that it's being served to clients over HTTPS?

koniiiik wrote:I have a mostly working setup with nginx as a reverse proxy with TLS termination, using Let's Encrypt certificates. Most things seem to be working fine, except for a few pages that don't load, specifically, the settings page, and the “Playing” entry in the top menu.

I had a very similar sounding problem, but with Apache as SSL reverse proxy. There, I solved it by configuring "ProxyPreserveHost Off".

Here's a discussion about an equivalent parameter in nginx; maybe try to play around with that:
https://serverfault.com/questions/87056/when-nginx-is-configured-as-reverse-proxy-can-it-rewrite-the-host-header-to-the/87059

Cheers
Ben

Yeah, I actually figured out how to resolve this within nginx in the mean time; everything seems to work fine after I added the following two lines to the relevant location block (I already had the correct Host header, which was mentioned in the serverfault answer, in place):

Code: Select all

proxy_redirect default;
proxy_redirect http://$host/ /;


I still want to do some more experimentation; for instance, I'm not sure if nginx sets the X-Forwarded-Proto header by default, and whether Subsonic takes it into account; however, for now, this seems to work just fine. I'll post an update if I get around to figuring out the X-Forwarded-Proto situation.

I am using Caddy as my https reverse proxy and hitting the same issues with the Settings page - Has any one else managed to resolve it?

I just wanted to post this as I had a similar issue and it might help someone. I have a pfsense router with haproxy that does ssl offloading for subsonic as well as other apps and sites.

I have a frontend that redirects to https and then a https frontend that if the host contains music will directly go to subsonic running http on port 8181. It does not pass through nginx or apache reverse proxy after haproxy.

To get the settings and playing links to work I modified the subsonic backend in haproxy. Under actions I selected http-response header replace, the acl is left blank. For the name field i entered Location, for the find field i entered ^http://(.*)$, and for the replace field I entered https://\1.

For copy/paste...
name: Location
find: ^http://(.*)$
replace: https://\1

source https://github.com/airsonic/airsonic/commit/fedcddc06060cdeb6ec7b7892a72f240e7c3cda9
Line 132