Subsonic Forum

Update
11-13-2010 - Android Client now supports self-signed certificates. ^_^ Big Thanks to Sindre
11-23-2010 - Updated Steps 3 & 4. I made encrypting more difficult then what it needed to be originally so i fixed this. I also made some additional changes Thanks to wraithdu
11-24-2010 - Made some more changes. Better explanations.
12-1-2010 - Added walkthrough for Ubuntu http://forum.subsonic.org/forum/viewtopic.php?t=4841


How SSL encryption works and why you would want to use it http://www.sslshopper.com/article-ssl-for-newbs.html
Why to or not to self sign versus buying a certificate. http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate.html



Let me start off by saying that there are a lot of posts on this topic but none of them really help walk you through installing tomcat and setting up HTTPS / SSL with subsonic on a windows OS.
Also by showing you how to install Subsonic on tomcat, i'm hoping that you already know how to install subsonic normally and also port forward on your router etc...



1st.) Lets start off by downloading all the required programs.

Subsonic - http://www.subsonic.org/pages/download.jsp - If you don't know why we need this download then you might want to give up now...
Even better you can download the .war file directly from here. http://sourceforge.net/projects/subsonic/files/
Also note that if subsonic is already installed then you might want to uninstall it or stop the subsonic service because it will probably conflict with tomcat when it tries to run subsonic.

Java (JRE) - https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u21-oth-JPR@CDS-CDS_Developer or
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Note: If you are going to install the 64bit version of tomcat you must install the 64bit version of Java otherwise tomcat will not work correctly. Note: that if you are running a 64bit OS and the program is 64bit then will install to C:\Program Files and the 32bit programs will install to C:\Program Files (x86) So if both java and tomcat aren't installed under the same program files folder then there is a chance you might have problems.

Tomcat - http://tomcat.apache.org/download-60.cgi - Tomcat is what will be serving you the subsonic webpages.
Note: I tried running subsonic on tomcat 7.0 but it kept returning with CSRF errors so i installed tomcat 6.0 and subsonic has worked great.
Note: You may have to point tomcat to where you installed java I also told Tomcat to do the full install Example: C:\Program Files\Java\jre6
32bit/64bit Installer http://ftp.wayne.edu/apache//tomcat/tomcat-6/v6.0.29/bin/apache-tomcat-6.0.29.exe



2nd.) Setting up subsonic on Tomcat
Now that everything is installed copy the subsonic.war file to.

Code: Select all

C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps

Make sure that you rename your .war file to subsonic.war if it isn't aready.



3rd.) Create your SSL certificate -- http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

First click Start>Run> once run opens then type CMD and press enter. Then paste the following code into the command prompt "Black Box" and press enter.

>>mkdir c:\ssl<< Code is in between the arrows.

Next make sure to change the code that's in red. Also Note that you may need to change the java location if you have a different version installed. Then do the same as above by pasting the code into the command prompt box and pressing enter.

>>"C:\Program Files\Java\jre6\bin\keytool" -genkey -alias tomcat -keyalg RSA -dname "CN=domainname, OU=Subsonic, O=Loving Music Inc, L=City, S=State, C=US" -validity 3650 -keystore c:\ssl\tomcat.ks -storepass secretpassword -keypass secretpassword<< Code is in between the arrows.

Code Meaning
CN=commonName "Domain Name"
OU=organizationUnit "Department or Division"
O=organizationName "Company Inc"
L=localityName "City Name"
S=stateName "State Name"
C=country "Country Code i.e US"

It doesn't really matter what you have in these fields but if you are using dynamic dns or something similar make the CN your domainname i.e xxxx.subsonic.org, xxxx.afraid.org, xxxx.dyndns.org. That way if you install your certificate into your trusted root authority then you won't get certificate errors.

If your looking for a higher encryption level then add -keysize 2048 to the code above right after -keyalg RSA. It will raise your encryption level from 1024 bit to 2048 bit encryption but it may also slow your connection.


4th.) Time to edit tomcat.

Go to C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf and edit server.xml with a program called notepad++ or with regular notepad but it may be harder to read.

First find and remove the <!-- and --> from the code.

Code: Select all

   
<!--      
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->


and then add the following two lines keystoreFile="C:\ssl\tomcat.ks", keystorePass="secretpassword" and modify the protocol="org.apache.coyote.http11.Http11Protocol"" to the code making it look like the example below. Don't forget to put your secret password that you used in step 3 in the keystorePass="secretpassword".

The Connector Port is the port that you will be logging into. Example https://localhost:8443/subsonic non-encrypted it will be on http://localhost:8080/subsonic by default.

Code: Select all

       
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\ssl\tomcat.ks"
keystorePass="secretpassword"
clientAuth="false" sslProtocol="TLS" />


5th.) I almost forgot... Don't forget your transcode Files.
You can download them from http://sourceforge.net/projects/subsonic/files/ Place them in C:\subsonic\transcode unzipped.


6th.) Restart Tomcat
Now restart the tomcat service by using the tomcat monitor or typing the following commands

Code: Select all

net stop tomcat6

then

Code: Select all

net start tomcat6

Enjoy - Encrypted - https://localhost:8443/subsonic ______ non-encrypted -- http://localhost:8080/subsonic by default.






Congratulations you are now able to surf and stream your subsonic webpage from another location with out having to worry that someone is going to get your username and password. ------ Let me know if this helped anyone and if there is something that i need to be clearer on.







EXTRA's ------------------------------------------------------------------------------------------------------------------------------------


Future Updates to subsonic.
To upgrade subsonic in the future all you have to do is delete C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic and C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic.war and then download the newest subsonic.war file from http://sourceforge.net/projects/subsonic/files/ and paste it under C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps and then reboot the tomcat service.


Optional Additions to Tomcat If you want your http port to auto forward to https then add the following to C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\web.xml and from now on when you browse to your website http://whatever/subsonic it will forward to https://whatever/subsonic

Code: Select all

   <security-constraint>
     <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>
     </web-resource-collection>
  <!-- auth-constraint goes here if you require authentication -->
     <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>

How to self sign certificates in IIS 7
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html



Note: Problems that might crop up.


You can access subsonic from the local computer but not from another.

Example: You can go to http://localhost:8080/subsoinc or to http://127.0.0.1:8080/subsonic but you can't browse to http://serverip:8080/subsonic from another computer. Try disabling your windows firewall to see if that helps. If it does that turn your firewall back on and allow the ports that subsonic is using to pass through.


You get a warning that there is a problem with this website's security certificate.

You are always going to get this error if you connect via ip or by dns since we are using a self signed certificate. If you are connecting via your dynamic dns name or by a full dns name you will be able to install the certificate locally preventing this error from happening.




- *Updated* Works with Subsonic 4.3.1 Beta

The flash player in subsonic won't always play in IE 7 and 8 with a self signed certificate unless you install the certificate which is explained in the link below. http://forum.subsonic.org/forum/viewtopic.php?t=2748&highlight=https

I thought that i was able to fix the problem by updating the flash player but after a flash update i'm unable to again.

Instructions on how to update JWPlayer thanks wraithdu
1) Download the JWPlayer archive and extract 'player.swf' to
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\flash\jw-player-5.3.swf
2) Modify the following lines in the following files:

--> C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\WEB-INF\jsp\playlist.jsp
-----> swfobject.embedSWF("<c:url value="/flash/jw-player-5.3.swf"/>", "placeholder", "340", "24", "9.0.0", false, flashvars, params, attributes);

--> C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\WEB-INF\jsp\videoPlayer.jsp
-----> swfobject.embedSWF("<c:url value="/flash/jw-player-5.3.swf"/>", "placeholder1", "100%", "100%", "9.0.0", false, flashvars, params, attributes);

Where 'jw-player-5.3.swf' is the name of the new player you extracted from the JWPlayer archive in step 1.


If your're really lazy and don't feel like changing the code then just rename jw-player-5.3.swf to jw-player-5.0.swf and past it over the old jw-player-5.0.swf located at
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\flash --- and delete your temp internet files.

Fixed a couple typo's in the tutorial. Feel free to write back if you have any questions.

~ Sean K

Wow, Sean, thanks for all the effort. I've been trying to get Subsonic to run on an Acer Easystore running Windows Home Server for a while now with no luck. Hopefully this will be the help I'm looking for.

Let's start with the basics. I am hoping to reach my server with a URL (https would be a plus) via the internet throught port 8080 of my router using Subsonic. My sever has my music files in a shared folder. Does your install process take place on the machine (server) I intend to serve my music, namely, my Acer Easystore? And I assume this install process takes place through the Remote Desktop. My network consists of the Acer and my desktop connected to an unmanaged gigabit switch. The switch is connected to my AT&T gateway/router which provides wireless service to a Acer netbook. So far, I have not had any issues with my network and computers accessing each other or the internet.

Thanks for your help,
BigD

BigD25 wrote:Wow, Sean, thanks for all the effort. I've been trying to get Subsonic to run on an Acer Easystore running Windows Home Server for a while now with no luck. Hopefully this will be the help I'm looking for.

Let's start with the basics. I am hoping to reach my server with a URL (https would be a plus) via the internet throught port 8080 of my router using Subsonic. My sever has my music files in a shared folder. Does your install process take place on the machine (server) I intend to serve my music, namely, my Acer Easystore? And I assume this install process takes place through the Remote Desktop. My network consists of the Acer and my desktop connected to an unmanaged gigabit switch. The switch is connected to my AT&T gateway/router which provides wireless service to a Acer netbook. So far, I have not had any issues with my network and computers accessing each other or the internet.

Thanks for your help,
BigD

No Problem. From what I've read subsonic should be able to run on WHS just by useing the normal subsonic installer on the server as long as you are able to get to the desktop. But if your looking to install subsonic with encryption then the information above will help. Just keep in mind that the certificate will be self signed so you may get some warnings in your browser telling you so but they can be ignored.

Here are a couple things to keep in mind when installing subsonic.
- Its always good to set a static IP address to what ever computer/server is hosting subsonic. If you don't do this then you will for sure need UPnP enabled on your router incase your ip address changes.
- Don't forget to open windows firewall settings "on the WHS server" and allow your port through the firewall under the exceptions tab. Then click the add port button. As an example you might type Subsonic in the name field and port 8080 in the port number field.

How far have you got when trying to install subsonic normally?

~ Sean K

So far I've been able to successfully install Java 6 and Tomcat 6.0.29 trying to follow Drashna's tutorial...

http://wiki.wegotserved.com/index.php?t ... ntegration

I get the "Hello World" page after the Tomcat install. I have followed the instructions for the Jakarta installation. Drashna was even kind enough to provide me with isapi_redirect.properties, uriworkermap.properties, and workers.properties so I wouldn't have to create them myself. I downloaded and renamed the isapi_redirect.dll and believe they were all unblocked and placed in the proper directories. I use the standard default install locations for everything. I have not tried actually installing Subsonic on the server yet as I have been unable to successfully see the

https://myserver.homeserver.com/example ... rldExample

prompt, so I'm assuming that it hasn't been installed properly. I'm not experienced enough to know where or how to begin trouble shooting. Any help would be greatly appreciated,

Big D

First try turning off your windows firewall as a test. You can re-enable it at a later point.

Then try browsing to http://localhost:8080 from the server. Then try from another computer http://serverip:8080 you should at least get a tomcat page to show up.

If you get the tomcat page then your half way there.
First go to http://sourceforge.net/projects/subsonic/files/subsonic/4.1/subsonic-4.1-war.zip/download and download the zip file. Once you unzip the file you will find a file called subsonic.war place this file under

C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps

Once you reboot the computer or the tomcat service then you should be able to browse to http://serverip:8080/subsonic or http://servername:8080/subsonic.

Sean K

Thanks for the help Sean. I overlooked the Windows software firewalls on my desktop and server and had just tried to create exceptions in them just prior to posting to you. Not sure what exactly seemed to be hanging me up but now everything seems to work as hoped, even with software firewalls turned on! Your directions were spot on and led me directly to what I needed. Stay tuned as I explore more options about Subsonic and accessing it remotely. But right now, at least I can access all my music files in the shared folder via Subsonic. Thanks for all your help!

Big D

Updated - 11-13-2010

The Android Client now supports Self Signed Certificates. Feel free to encrypt all your traffic without involving a 3rd party.

Anyone try this on 2008 R2 IIS 7?
Was going to try this at some point.

Currently I stream from work to home via a vpn tunnel with my Astaro Firewall. Maybe I can try a reverse proxy on Astaro directly?

Hi!

I'm following the steps for my Debian install but I'm stuck at the 4th step, since I cannot find the server.xml of the Tomcat instance.

Could you please help me with it?

Thanks in advance.

syrou wrote:Hi!

I'm following the steps for my Debian install but I'm stuck at the 4th step, since I cannot find the server.xml of the Tomcat instance.

Could you please help me with it?

Thanks in advance.

Hi syrou

Try looking here. /usr/local/tomcat/conf/server.xml or /etc/tomcat/server.xml or /etc/tomcat/conf/server.xml << Just a guess.

Step 4 involves creating a self signed certificate with openssl. The only problem is that the batch file i created was for windows along with the commands. You maybe able to use parts of the command on a linux system but they will have to be altered.

When i get some free time I'll look into creating a walk though for linux also.

The certificate creation step of this tutorial seems unnecessarily complicated.

There's no reason to use OpenSSL at all unless using Tomcat's ARP implementation of SSL, which uses the OpenSSL engine by default. And in this tutorial you end up using the Java JSSE implementation of SSL anyway. It would be much better to refer to the Tomcat FAQ SSL How-To for easy server setup.

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

You only need one line to create the certificate:

Code: Select all

keytool -genkey -alias tomcat -keyalg RSA

Enter in the requested information, the default password of 'changeit', and a .keystore file is created in the user's home directory.

Then in the "Edit the Tomcat Configuration File" section, simply specify the JSSE connector protocol to avoid having to rename the tcnative-1.dll file.

wraithdu wrote:The certificate creation step of this tutorial seems unnecessarily complicated.

There's no reason to use OpenSSL at all unless using Tomcat's ARP implementation of SSL, which uses the OpenSSL engine by default. And in this tutorial you end up using the Java JSSE implementation of SSL anyway. It would be much better to refer to the Tomcat FAQ SSL How-To for easy server setup.

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

You only need one line to create the certificate:

Code: Select all

keytool -genkey -alias tomcat -keyalg RSA

Enter in the requested information, the default password of 'changeit', and a .keystore file is created in the user's home directory.

Then in the "Edit the Tomcat Configuration File" section, simply specify the JSSE connector protocol to avoid having to rename the tcnative-1.dll file.

Thanks wraithdu for pointing this out. I'll rewrite this this with just the keytool.

Thanks,
Sean K

Updated - 11-23-2010

Corrected walk though making it easier to self sign certificates. Sorry for making it so difficult in the beginning.

Feel free to comment and let me know if this works.

No problem. Just two more changes I think:

1) In the <connector ... settings, you need to set the protocol as described in the documentation to force the JSSE implementation and allow SSL to work without renaming/removing tcnative-1.dll

protocol="org.apache.coyote.http11.Http11Protocol"

Otherwise the default of protocol="HTTP/1.1" really means auto-detect, which will switch to APR if tcnative-1.dll is loaded. This will cause SSL to fail in the current configuration.

2) You have some extraneous / (forward slashes) in your XML in the section "Optional Additions to Tomcat" before and after the <security-constraint> lines.

I forgot to thank you for this tutorial originally. I found the security-constraint settings especially useful