Subsonic Forum

[cromnet]

I was able to get HTTPS running on my subsonic server, setup a valid certificate on my own domain name. I setup DNS on my domain and put a hole in the firewall for my HTTPS port. No problems so far, works great on my phone from anywhere and it's secure. which is primary what i am concerned about.

Where I run into issues is with other 3rd party subsonic apps which do not seem to support HTTPS. What i would like to do is have both HTTP and HTTPS enabled and working at the same time. This way clients on the internal network could access the server unencrypted since they are already on a secure network. Whereas any client on the internet would have to use HTTPS since that is the only port permitted through my firewall

Right now if you go the the HTTP port it redirects to the HTTPS port, this works okay and from other posts seems to be the expected behavior. However i think it would be a little more useful to have a functional site on both HTTP and HTTPS protocols so that apps that don't support HTTPS can still be used. This would also take off some of the overhead of HTTPS for scenarios where a secure connection is not required.

If anyone knows or has any ideas on how to accomplish this i'd really appreciate the feedback

thanks

[daneren2005]

I didn't know any clients didn't support https. Which are you having issue with out of curiosity.

Sent from my Nexus 5 using Tapatalk

[acroyear]

"It's Complicated."

Basically, it is the one part of 'same origin policy' that CORS doesn't solve. The for html5-based apps, browsers still demand that if the page is being served http, then any other asset is also http. If the browser is https, then it will be willing to serve up requests from https servers. I know because of that I won't be able to support https servers with SubFire's web version, and
I really don't know if I will be able to support it when it is deployed within a Fire platform (TV, Stick, Kindle) as I have no means to test it.

I don't know if that is the blocker for 3rd party apps written natively. I do know that setting up Java to approve a cert is a pain in the arse in a major way. I don't know if Android's version of java makes it any easier, and I have never tried IOS programming in any way beyond phonegap.

[Exrace]

See my post here:
viewtopic.php?f=5&t=15096&p=65801#p65801

I run my subsonic with both http and https depending on where the requests comes from using Sophos UTM.

I was able to get HTTPS running on my subsonic server, setup a valid certificate on my own domain name. I setup DNS on my domain and put a hole in the firewall for my HTTPS port. No problems so far, works great on my phone from anywhere and it's secure. which is primary what i am concerned about.

Where I run into issues is with other 3rd party subsonic apps which do not seem to support HTTPS. What i would like to do is have both HTTP and HTTPS enabled and working at the same time. This way clients on the internal network could access the server unencrypted since they are already on a secure network. Whereas any client on the internet would have to use HTTPS since that is the only port permitted through my firewall

Right now if you go the the HTTP port it redirects to the HTTPS port, this works okay and from other posts seems to be the expected behavior. However i think it would be a little more useful to have a functional site on both HTTP and HTTPS protocols so that apps that don't support HTTPS can still be used. This would also take off some of the overhead of HTTPS for scenarios where a secure connection is not required.

If anyone knows or has any ideas on how to accomplish this i'd really appreciate the feedback

thanks

[tafazzi87]

I was able to get HTTPS running on my subsonic server, setup a valid certificate on my own domain name. I setup DNS on my domain and put a hole in the firewall for my HTTPS port. No problems so far, works great on my phone from anywhere and it's secure. which is primary what i am concerned about.

Where I run into issues is with other 3rd party subsonic apps which do not seem to support HTTPS. What i would like to do is have both HTTP and HTTPS enabled and working at the same time. This way clients on the internal network could access the server unencrypted since they are already on a secure network. Whereas any client on the internet would have to use HTTPS since that is the only port permitted through my firewall

Right now if you go the the HTTP port it redirects to the HTTPS port, this works okay and from other posts seems to be the expected behavior. However i think it would be a little more useful to have a functional site on both HTTP and HTTPS protocols so that apps that don't support HTTPS can still be used. This would also take off some of the overhead of HTTPS for scenarios where a secure connection is not required.

If anyone knows or has any ideas on how to accomplish this i'd really appreciate the feedback

thanks

i've the same problem, some of 3rd party subsonic apps doesnt recognize my server because it'r running over https so how can i fix that?

[qupfer]

how can i fix that?

Run the subsonic.war file in a "nativ" jsp webserver like a "stand-alone jetty" or tomcat.
Or you could use a normal webserver like apache (linux) or microsft IIS as a reverse proxy.

[acroyear]

Been reading a bit more on this and following up on my "It's complicated" post above.

Question to the original poster: you claim it is a "valid certificate", but the question is, is it self-signed or was it signed by a certificate authority (translation: did you pay for it?), and does it match the domain you are attempting to connect to?

Normally when you web-browse to a self-signed cert that is not on your browser's cert store or is for a different domain than the domain you're connecting to, you are prompted to create an exception for the cert (and increasingly some browsers are now not even allowing for exceptions - Firefox is starting to get more particular in the case of incorrect domains). And in the icon in the address bar of the browser you'll see the padlock icon in red or yellow to indicate this is not a CA-signed cert, but the connectivity is still ssl so no worries there.

However, CORS connectivity, especially for Chrome (and by extension webkit) may not allow that. I know Chrome does not. The only way to get it to work in Chrome (and this could include Jamstash as well as SubFire) is to install the cert into your client's machine. There are instructions for doing this out there somewhere, and google can probably find them. Even then, it might not allow the connection if you're not connecting to the right domain that the cert is specified for.

Phonegap's documentation says that phonegap/cordova apps running on a phone or tablet shouldn't care about the signature-state of the cert, provided it at least matches the domain that you're connecting to, but I am in no position to test or confirm that.