Guide: Subsonic with Letsencrypt SSL using IIS (revised)
Posted: Thu Jun 29, 2017 6:37 pmHey all,
Thanks for checking out my guide. I have a Windows machine and I wanted to run Subsonic over HTTPS. I also have a custom domain. I wanted to share my experience for those others out there that would like to run their Subsonic installation using HTTPS on a Windows machine using IIS.
Step 1. Install Subsonic for Windows on your server/workstation. (This will require Java, if you do not already have it installed.)
Step 2. Install the Internet Information Services (IIS) role on your server using “Add Roles & Features” in Server Manager, or in “Turn Windows features on or off” in the Programs and Features menu.
Step 3. Once IIS is installed, you’ll need to download and install the URL Rewrite module and ARR module. Found here: https://www.iis.net/downloads/microsoft ... lDownloads and here: https://www.iis.net/downloads/microsoft ... lDownloads
Step 4. Set up A record/CNAME record in DNS.
Step 5. For my installation, I used Letsencrypt for my SSL. I love this project. If you are not familiar you can get more information from their site: https://letsencrypt.org/ . Since I am using Windows, I tried a couple of the different ACME clients for Windows. I settled on a project I discovered that allows you to use Letsencrypt and provides a GUI to interact with called Certify The Web: https://certifytheweb.com. (For those that prefer, there is also a command prompt based tool called “letsencrypt-win-simple”. Found here: https://github.com/Lone-Coder/letsencry ... e/releases .)
Step 6. Run Letsencrypt to get your certificate.
Step 7. Configure reverse proxy and http redirect in IIS.
Okay, let’s break down the steps a little and show you how I configured each section.
Step 1 – Install Subsonic
This step should be self-explanatory. I used the default locations for the install and the default port for Subsonic. Since we will be using a URL rewrite, we won’t need to change anything unless you happen to already be running something that is using the default port. After Subsonic is installed, launch your browser and finish setting up according to the documentation and your requirements. Then log into your firewall and forward port 80 and 443 to your server. Now you’re ready to install IIS.
Step 2 – Install IIS
Again, this part is pretty simple. Just turn on the feature or install the role and then open your IIS console. In IIS, I am going to create a new site. Open up your inetpub folder (should be located at C:\inetpub) and create a new folder to house your site. I named my folder “subsonic”. Copy the contents of “C:\inetpub\wwwroot” to your new folder “C:\inetpub\subsonic”. In IIS, expand your server and right click on Sites. Then “Add Website” and name your site. I named it “subsonic” to match the folder I created for it and pointed to
Step 3 – Install URL Rewrite Module
Browse to the sites provided and click on “additional downloads” and download the appropriate installations. After they are installed, reboot your server. IIS should now be prepped.
Step 4 – Create A record/CNAME record
I am going to assume that if you have a custom domain name, that you are familiar with this process. It should be set to the match the hostname you gave the binding in IIS. In my case, “subsonic.mydomain.com”. This is going to be your Public A record, however, your local machine needs to resolve your hostname to its local IP. If it’s running DNS, create a record in your DNS manager or create a record in your HOSTS file to map the hostname to your servers local IP.
Step 5 – Letsencrypt Certify The Web (or letsencrypt-win-simple)
Use the link provided above to download and install Certify The Web.
Step 6 – Run Letsencrypt
Run Certify The Web application and in the upper left click on "New Certificate". Type a friendly name in the box to identify what the certificate is for and then use the drop-down box to select the Site in IIS that you are going to be using the certificate on "Subsonic". Make sure that the URL you will be using matches and the box for INCLUDE is checked at the bottom. Now you can click on Test to make sure that you have IIS configured correctly and your DNS record is forwarding port 80 through your firewall. If all tests pass, then select "Request Certificate" letsencrypt should find your HTTP page and install the certificate. If you get a success message, you can click on the "Managed Certificates" tab to return to the main page and you should see your new certificate on the left hand side. If you get an error, follow the steps in the response provided by the program. If it works correctly, you should see your new certificate in IIS under “Server Certificates”.
Step 7 – Reverse Proxy
Now we’re ready to continue in IIS. When Certify The Web installs the certificate, it adds a HTTPS binding to your HTTP site. Right click on the site and choose Edit Bindings and choose the HTTPS binding and hit edit. Make sure that “Require Server Name Indication” (SNI) is checked and that your domain name is correct and the certificate is chosen. Now go back to your “subsonic” site and click on the URL Rewrite module. First we are going to redirect our HTTP traffic to HTTPS. Click Add Rule in the upper right hand corner and choose Blank Rule. Put in a name for the rule (Something like "RedirectToHTTPS") and put a wildcard(*) in the pattern box. Now expand Conditions and add a condition. In the Condition Input box type
If everything is working, you are all set. You can now browse to Subsonic over HTTPS and your certificate should automatically stay up to date using Letsencrypt. If any of you have any questions or issues with the process, please feel free to reach out to me via email: brian@torgo.rocks
Thanks for checking out my guide. I have a Windows machine and I wanted to run Subsonic over HTTPS. I also have a custom domain. I wanted to share my experience for those others out there that would like to run their Subsonic installation using HTTPS on a Windows machine using IIS.
Step 1. Install Subsonic for Windows on your server/workstation. (This will require Java, if you do not already have it installed.)
Step 2. Install the Internet Information Services (IIS) role on your server using “Add Roles & Features” in Server Manager, or in “Turn Windows features on or off” in the Programs and Features menu.
Step 3. Once IIS is installed, you’ll need to download and install the URL Rewrite module and ARR module. Found here: https://www.iis.net/downloads/microsoft ... lDownloads and here: https://www.iis.net/downloads/microsoft ... lDownloads
Step 4. Set up A record/CNAME record in DNS.
Step 5. For my installation, I used Letsencrypt for my SSL. I love this project. If you are not familiar you can get more information from their site: https://letsencrypt.org/ . Since I am using Windows, I tried a couple of the different ACME clients for Windows. I settled on a project I discovered that allows you to use Letsencrypt and provides a GUI to interact with called Certify The Web: https://certifytheweb.com. (For those that prefer, there is also a command prompt based tool called “letsencrypt-win-simple”. Found here: https://github.com/Lone-Coder/letsencry ... e/releases .)
Step 6. Run Letsencrypt to get your certificate.
Step 7. Configure reverse proxy and http redirect in IIS.
Okay, let’s break down the steps a little and show you how I configured each section.
Step 1 – Install Subsonic
This step should be self-explanatory. I used the default locations for the install and the default port for Subsonic. Since we will be using a URL rewrite, we won’t need to change anything unless you happen to already be running something that is using the default port. After Subsonic is installed, launch your browser and finish setting up according to the documentation and your requirements. Then log into your firewall and forward port 80 and 443 to your server. Now you’re ready to install IIS.
Step 2 – Install IIS
Again, this part is pretty simple. Just turn on the feature or install the role and then open your IIS console. In IIS, I am going to create a new site. Open up your inetpub folder (should be located at C:\inetpub) and create a new folder to house your site. I named my folder “subsonic”. Copy the contents of “C:\inetpub\wwwroot” to your new folder “C:\inetpub\subsonic”. In IIS, expand your server and right click on Sites. Then “Add Website” and name your site. I named it “subsonic” to match the folder I created for it and pointed to
- Code: Select all
%systemdrive%\inetpub\subsonic
- Code: Select all
subsonic.mydomain.com
Step 3 – Install URL Rewrite Module
Browse to the sites provided and click on “additional downloads” and download the appropriate installations. After they are installed, reboot your server. IIS should now be prepped.
Step 4 – Create A record/CNAME record
I am going to assume that if you have a custom domain name, that you are familiar with this process. It should be set to the match the hostname you gave the binding in IIS. In my case, “subsonic.mydomain.com”. This is going to be your Public A record, however, your local machine needs to resolve your hostname to its local IP. If it’s running DNS, create a record in your DNS manager or create a record in your HOSTS file to map the hostname to your servers local IP.
Step 5 – Letsencrypt Certify The Web (or letsencrypt-win-simple)
Use the link provided above to download and install Certify The Web.
Step 6 – Run Letsencrypt
Run Certify The Web application and in the upper left click on "New Certificate". Type a friendly name in the box to identify what the certificate is for and then use the drop-down box to select the Site in IIS that you are going to be using the certificate on "Subsonic". Make sure that the URL you will be using matches and the box for INCLUDE is checked at the bottom. Now you can click on Test to make sure that you have IIS configured correctly and your DNS record is forwarding port 80 through your firewall. If all tests pass, then select "Request Certificate" letsencrypt should find your HTTP page and install the certificate. If you get a success message, you can click on the "Managed Certificates" tab to return to the main page and you should see your new certificate on the left hand side. If you get an error, follow the steps in the response provided by the program. If it works correctly, you should see your new certificate in IIS under “Server Certificates”.
Step 7 – Reverse Proxy
Now we’re ready to continue in IIS. When Certify The Web installs the certificate, it adds a HTTPS binding to your HTTP site. Right click on the site and choose Edit Bindings and choose the HTTPS binding and hit edit. Make sure that “Require Server Name Indication” (SNI) is checked and that your domain name is correct and the certificate is chosen. Now go back to your “subsonic” site and click on the URL Rewrite module. First we are going to redirect our HTTP traffic to HTTPS. Click Add Rule in the upper right hand corner and choose Blank Rule. Put in a name for the rule (Something like "RedirectToHTTPS") and put a wildcard(*) in the pattern box. Now expand Conditions and add a condition. In the Condition Input box type
- Code: Select all
{HTTPS}
- Code: Select all
off
- Code: Select all
https://{HTTP_HOST}{REQUEST_URI}
- Code: Select all
subsonic.mydomain.com:4040
If everything is working, you are all set. You can now browse to Subsonic over HTTPS and your certificate should automatically stay up to date using Letsencrypt. If any of you have any questions or issues with the process, please feel free to reach out to me via email: brian@torgo.rocks
