Subsonic Forum

Posted: **Sat Dec 10, 2011 4:40 pm**

I want to use HTTPS on my public interface, so passwords are encrypted. But, some of the clients I would like to use locally (Roku, Chumby) don't support SSL, they want a plain HTTP connection.

Would it be possible to have Subsonic support both types of connections simultaneously, but on different interfaces?

maybe options like:

Code: Select all: --host=0.0.0.0 --https-port=4443 --host=192.168.100.1 --port=4040

...which would listen for https on all interfaces (external is DHCP, so difficult to specify a specific IP), but only listen for http on 192.168.100.1 (the internal interface)? Alternately:

Code: Select all: --host=eth1 --https-port=4443 --host=eth0 --port=4040

to specify by interface name.

I looked into doing an SSL proxy, but it looks like proxying causes it's own set of problems.

edit: or maybe ever easier, just offer a --no-redirect option, and accept connections via both HTTP and HTTPS ports, and the HTTP port could be blocked on the public side by a firewall.

Posted: **Sat Dec 10, 2011 5:40 pm**

Have you tried setting up a non ssl stream port in settings/advanced ?

:mrgreen:

Posted: **Sat Dec 10, 2011 6:09 pm**

BKKKPewsey wrote:Have you tried setting up a non ssl stream port in settings/advanced ?

I'm not sure how that would help - the non-SSL clients don't even connect in the first place. So, they don't get artists/albums, etc. - no interface to select what you want to stream. It sounds like that setting just makes it so the streams themselves don't use SSL. Is that right?

Posted: **Sat Dec 10, 2011 6:40 pm**

mikes wrote:I'm not sure how that would help - the non-SSL clients don't even connect in the first place

Unless I misunderstanding what you are trying to do, if you point the clients, that do not want ssl, at your server with the ip:non-ssl port no that should work

Posted: **Sat Dec 10, 2011 6:58 pm**

BKKKPewsey wrote:
mikes wrote:I'm not sure how that would help - the non-SSL clients don't even connect in the first place

Unless I misunderstanding what you are trying to do, if you point the clients, that do not want ssl, at your server with the ip:non-ssl port no that should work

Thanks, but nope, it makes no difference. When a client tries to connect to the non-SSL port (4040), SS immediately redirects them to the SSL port. SS doesn't respond to HTTP connection requests on the "non ssl stream port," nor would I expect it to.

The problem is not that the clients won't accept SSL encrypted streams (although they probably don't), but that they don't do SSL at all, so they can't even open the control plane connection to Subsonic.

Posted: **Sun Dec 11, 2011 5:20 pm**

Thats right, if HTTPS is configured, all HTTP connections will be redirected to the HTTPS port.

I am using an Apache/Proxy to circumvent this:
PC <-- (HTTP or HTTPS) --> Apache <-- (HTTP localhost) --> Subsonic

The basic settings for this can be found here: viewtopic.php?f=6&t=7991

Posted: **Fri Dec 16, 2011 6:21 pm**

I got this working acceptably. Description is here.

Subsonic Forum

Both HTTP and HTTPS

Both HTTP and HTTPS

Re: Both HTTP and HTTPS

Re: Both HTTP and HTTPS

Re: Both HTTP and HTTPS

Re: Both HTTP and HTTPS

Re: Both HTTP and HTTPS

Re: Both HTTP and HTTPS