Subsonic Forum

[apastuszak]

I'd like to be able to configure Subsonic to use my domain name and then be able to connect to let's encrypt and get a free cert from them.

[apastuszak]

Found this script that might do what I need here.

https://pastebin.com/8cSL1uES

Haven't tested it yet, but it does look promising if you run Subsonic on Linux

[wl-lankin]

Hi. I solved this by registrating the letsencrypt Certificate to my Domain and implemented this in Apache. Then set up a reverse Proxy in Apache to localhost:4040. Now you have to set up a DNS Server and bind the subsonic Server IP to your Domainname to use your Domain in your private Network instead of IP's that the Certificate will work. You can also do this with nginx. The SSL function of subsonic must be set to off.
Sorry for My bad english

[b.bassett]

I have all my music on a Windows 2012 Server with subsonic installed and I am also using Letsencrypt with IIS. I have gotten it all to work, but I would love to see Subsonic come bundled with Letsencrypt so there is no need to do URL rewrites.

[kulps]

I would also like this.

[wendigo]

I second that, it would be a very welcome feature for me as well.

[kulps]

Having built-in LetsEncrypt would be really great. I can imagine having an option in the settings that says "only allow https" followed by options for LetsEncrypt.

[rveach]

I found this easier to do with an nginx reverse proxy. It has better performance than apache for this kind of thing.

I've removed hosts and passwords from configs.

FIrst, I moved the context root for subsonic to /subsonic.
/etc/default/subsonic:

Code: Select all

SUBSONIC_ARGS="--max-memory=150 --context-path=/subsonic --db=jdbc:mysql:########"

filename /etc/nginx/sites-available/<hostname>

Code: Select all

server {
        listen 80;
        server_name <hostname>;
        access_log /var/log/nginx/<hostname>.log;


        # subsonic - jetty
        location /subsonic {
                proxy_pass http://localhost:4040/subsonic;
                access_log /var/log/nginx/subsonic.access.log;
                error_log /var/log/nginx/subsonic.error.log;
        }


    listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/<hostname>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<hostname>/privkey.pem;
        ssl_session_cache shared:le_nginx_SSL:1m;
        ssl_session_timeout 1440m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";

}


[josquin]

Hello Guys,

On a linux box (Debian).
I did it like that.

Code: Select all

/opt/letsencrypt/letsencrypt-auto certonly -t --agree-tos --renew-by-default --standalone --preferred-challenges http-01 -d www.foobar.org
cat /etc/letsencrypt/live/www.foobar.org/privkey.pem /etc/letsencrypt/live/www.foobar.org/fullchain.pem > /mnt/msa-foo-store/certs/www.foobar.org.crt
openssl pkcs12 -in /mnt/msa-foo-store/certs/www.foobar.org.crt -export -out /mnt/msa-foo-store/certs/www.foobar.org.pkcs12 -passout pass:mypass
keytool -importkeystore -srckeystore /mnt/msa-foo-store/certs/www.foobar.org.pkcs12 -srcstorepass subsonic -destkeystore /mnt/msa-foo-store/certs/subsonic.keystore -deststorepass mypass --srcstoretype PKCS12 -srcalias 1 -destalias subsonic
cd /mnt/msa-foo-store/certs
zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore
/etc/init.d/subsonic restart


Hope this helps.