Subsonic Forum

That way people can have custom certificates in an automated, easy and secure way.

I'd actually be willing to pay a one-time contribution for that feature!

I'd actually be willing to pay a one-time contribution for that feature!

You already have this feature. You can use any webserver as a reverse proxy.

That way people can have custom certificates in an automated, easy and secure way.

It is not a secure way because it's automated.

It is more secure than using the bog-standard subsonic generic certificate. And involves less hassle on the end users end.

And I didn't write that it is more secure due to the automation. It is more secure than the bog-standard setup and on top of that it would be automated.

mrfloppy wrote:

That way people can have custom certificates in an automated, easy and secure way.

It is not a secure way because it's automated.

I don't see by any way how that's not secure. It's probably one of the most secure way to obtain your certificates. You don't have to manipulate your private key and neither the rest of the certificate chain, plus you need to renew once every 3 months. Google do have certificates that last only three months:


And I'm probably sure they automate everything, because it's the most logical thing to do when you have a lot of servers to manage (like they do).

As for your question JollyOrc, use an Apache2 proxy. It will make your setup a little simpler. You won't have to change the configuration of the subsonic web server and it will allow you to centralize the management of your certificates only by using the client command line tool of Let's Encrypt.

DaveWut wrote:As for your question JollyOrc, use an Apache2 proxy. It will make your setup a little simpler. You won't have to change the configuration of the subsonic web server and it will allow you to centralize the management of your certificates only by using the client command line tool of Let's Encrypt.

I'm doing this with Caddyserver right now, but I run into the problem that the login.view and the settings pages somehow call localhost directly. (more wordy here: http://www.orkpiraten.de/blog/subsonic-caddy-oh-my)

Is there a way to force Subsonic to not do this?

It's extremely possible, just reverse proxy it.

JollyOrc wrote:

DaveWut wrote:As for your question JollyOrc, use an Apache2 proxy. It will make your setup a little simpler. You won't have to change the configuration of the subsonic web server and it will allow you to centralize the management of your certificates only by using the client command line tool of Let's Encrypt.

I'm doing this with Caddyserver right now, but I run into the problem that the login.view and the settings pages somehow call localhost directly. (more wordy here: http://www.orkpiraten.de/blog/subsonic-caddy-oh-my)

Is there a way to force Subsonic to not do this?

I'm not sure how Caddyserver works for their reverse proxy settings, but as for Apache2, you need to add a directive that tells apache to preserve the hostname. Here is what I recommend: viewtopic.php?f=6&t=14746