Subsonic Forum

Hello,
I was experimenting with IIS and ARR in order to reverse proxy Subsonic, as I am planning to integrate Subsonic into my standard webpage (and also hope to integrate authentication somehow). During that exercise I figured out that when https is enabled and I connect via http I get redirected to https, which in turn fails as the certificate is not accepted. I have not seen this documented anywhere, and cannot tell whether it is Jetty standard or Subsonic. Ideally I would like to control this behaviour instead of figuring out the hard way - and that´s also the primary motivation to create this issue report - avoid someone else has to figure out the hard way...
I am using https externally for all users (http is not exposed through my firewall), but it does not make sense for the local ARR connection.

Problem Description: https redirects to http
Troubleshooting Steps:
Playback Application and version: Subsonic 4.6
Subsonic Version: 4.6 (build 2583) – December 6, 2011
Server Version: jetty-6.1.x, java 1.6.0_27, Windows Server 2008 R2 (86.5 MB / 96.7 MB) -
Hardware Platform: Windows Homeserver 2011
Java Memory Limit: 100MB
Problem Filename: no specific file, tried several
Output from ffmpeg -i: irrelevant
Last ten log file lines: irrelevant

If someone knows how to turn off the redirect - appreciated. Otherwise my next step towards a solution will be to use ARR for the external connection as well and have Jetty support http only.
Thanks, jol

This is by design... once you enable https, Subsonic will redirect all requests using http to the https address with a 302 response.

Glenn

I want all users to use http but when I login as an admin I will use https. So is there a way NOT to be automatically re-directed to SSL? Thanks.

No.

Glenn

I have to ask...

Why? If HTTPs is available, why leave non-admin connections on HTTP? I have seen less than a 2-4% difference in resource usage with SSL turned on.

Glenn

Because I'm tired of people asking me about the security warning and I don't want to spend the time or effort in setting up a valid cert.

Gotcha.

Thanks,

Glenn

willieb wrote:I want all users to use http but when I login as an admin I will use https. So is there a way NOT to be automatically re-directed to SSL? Thanks.

In fact there is, but its not trivial to set up. My Subsonic is configured with http only, but the port is open in my local network only. Access from the internet is using https port going to IIS, which uses Application Request Routing to rewrite the URL and to proxy to Subsonic. I.e. if you terminate SSL on a web server acting as reverse proxy, Subsonic does not know and thus will not redirect.
However I cannot recomment to use this on the internet as anyone can then sniff credentials and listen to or even download your music.
Best regards, jol

willieb wrote:Because I'm tired of people asking me about the security warning and I don't want to spend the time or effort in setting up a valid cert.

I had the same problem about not wanting to have people be bothered by that warning. I fixed it by using a vallid cert. It can be obtained for free and I have also created a tutorial on how to do this

http://forum.subsonic.org/forum/viewtopic.php?f=6&t=9977

Unfortunately that method won't work with a dynamic IP using the subsonic redirect service... you'd have to get a new cert ever time your IP address changed...

Glenn

dr3van wrote:

willieb wrote:Because I'm tired of people asking me about the security warning and I don't want to spend the time or effort in setting up a valid cert.

I had the same problem about not wanting to have people be bothered by that warning. I fixed it by using a vallid cert. It can be obtained for free and I have also created a tutorial on how to do this

http://forum.subsonic.org/forum/viewtopic.php?f=6&t=9977

Thanks for the tutorial link and the time you took to create it. I've actually tried following that tutorial with no luck so far. I'm a Telco Network Manager and have experience with installing certs for servers, etc, but in the limited time I had available thus far I couldn't get it to work with those instructions. For one, my subsonic server is on Windows XP Pro so several of the commands don't apply to me. I am also using 2 host names for 2 instances (www & www2), which leaves me out of the free one, unless I want to change both instances to the same host on different ports.

Anyway I look at it, it sucks lol. But on a positive note it's a great problem to have because if subsonic didn't exist I wouldn't have a free streaming server (I donated) to begin with.

With all that said for now they can just deal with the warnings or not listen lol.

I solved all the problems listed here by using a MS Forefront TMG server.
My IP is dynamic, I have a domain name and the TMG server allows me to control 80 & 443 redirects.

My cert is on my TMG server too so I just installed the subsonic.org cert on the local machine and added a localhost entry.

Sorry to dig up an old thread, but thought I'd give another "valid" reason why someone may want HTTP and HTTPS working at the same time.

I've just upgraded to Android L, and there are some issues with their implementation of openSSL meaning that Dsub no longer works. Rather than asking all ten of my users to change the URL in their clients, I hoped I could just turn on http and use that until the openSSL issue is resolved.