Page 1 of 1

Reverse proxy SSL to Subsonic using Apache

PostPosted: Fri Dec 16, 2011 6:20 pm
by mikes
I have a Linux box which is not only my Subsonic server, but serves as my Internet NAT router. I wanted Internet side connections to Subsonic to be via SSL, so passwords aren't passed in the clear, but there are some local clients which don't work with Subsonic via SSL. Unfortunately, Subsonic with do HTTP or HTTPS, but not both at once.

I was able to create a reverse proxy using Apache, which accepts HTTPS connections, and connects them to Subsonic.

This is under Debian squeeze. Other Debian-based distros should be similar. Subsonic is configured with
Code: Select all
SUBSONIC_ARGS="--max-memory=384 --port=4040 --https-port=0"
in /etc/default/subsonic. HTTPS connections will be accepted on port 4041 (e.g. https://subsonic.example.com:4041/)

I already had a running Apache server supporting SSL, so there may be other things which need to happen - I'm just describing what I needed to add to get reverse SSL proxy working to Subsonic. Apache needs the following mods: proxy, proxy_http:
Code: Select all
a2enmod proxy
a2enmod proxy_http
Edit /etc/apache2/mods-enabled/proxy.conf. Leave "ProxyRequests Off," but change "Deny from all" to "Allow from all". Create a file in /etc/apache2/sites-enabled for the new host (I copied, then edited and existing one.)

Code: Select all
# subsonic.example.com (ssl)
<VirtualHost *:4041>
  ServerName subsonic.example.com

  DocumentRoot /var/www/
  SSLEngine on
  SSLCertificateFile /etc/ssl/mycerts/subsonic.example.com.cert.pem
  SSLCertificateKeyFile /etc/ssl/private/subsonic.example.com.privkey.pem
  SSLCertificateChainFile /etc/ssl/example.com.cacert.pem

  <IfModule mod_proxy.c>
     ProxyRequests Off
     ProxyPass / http://localhost:4040/
     ProxyPassReverse / http://localhost:4040/
  </IfModule>
</VirtualHost>


Enable the new site (a2ensite subsonic.ssl), restart Apache, and that's it (need to open the port in the firewall, too). The above will accept HTTPS connections on port 4041 (https://subsonic.example.com:4041/), and proxy them to the local subsonic server using HTTP (http://localhost:4040/). I have iptables set up to accept incoming connections from the Internet on HTTPS/4041, but not HTTP/4040. Local clients can connect to Subsonic via either port.

This mostly works. Some links end up pointing to localhost:4040 (such as links to songs playing, as displayed on the right of the page). It looks like those are picked up from Subsonic via Javascript somehow. I tried using mod_proxy_html, but things didn't get any better. I also tried doing a proxy via a "subdirectory" off my main server URI (e.g. https://www.example.com/subsonic/), and that only made things worse.

In any case, my home devices which can't handle SSL can now connect, and my Android client can navigate and play from the public side using SSL.

Re: Reverse proxy SSL to Subsonic using Apache

PostPosted: Thu Jan 19, 2012 3:33 am
by nigeltufnel
I've tried this, too many HTTP requests still occur.

Re: Reverse proxy SSL to Subsonic using Apache

PostPosted: Wed Feb 08, 2012 4:52 am
by Fazel
This is my current configuration and it works without issue. I looks like you are missing 'SSLProxyEngine'

Code: Select all
<VirtualHost *:80>
   ServerName subsonic.example.net

   ProxyRequests Off
   ProxyPreserveHost Off

  <Location />
   ProxyPass  http://local_subsonic_server:4040/
   ProxyPassReverse  http://local_subsonic_server:4040/
  </Location>

   RewriteEngine on
   RewriteOptions inherit
</VirtualHost>


<VirtualHost *:443>
   ServerName subsonic.example.net   

   ProxyRequests Off
   ProxyPreserveHost Off

  <Location />
   ProxyPass  http://local_subsonic_server:4040/
   ProxyPassReverse  http://local_subsonic_server:4040/
  </Location>

   RewriteEngine on
   RewriteOptions inherit

   SSLProxyEngine On
   SSLEngine On
   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
   SSLCertificateFile    /path/to/cert.pem
   SSLCertificateKeyFile /path/to/key.key
   SSLVerifyDepth 3
   SSLOptions +ExportCertData
   SSLProtocol all -SSLv2
   SSLVerifyClient None
</VirtualHost>

Re: Reverse proxy SSL to Subsonic using Apache

PostPosted: Tue Dec 11, 2012 9:15 pm
by lunarok
Hi,

Is there anyone with a success complete setup for proxying from Apache on different host ?
I have subsonic installed on an host and a yunohost on another. The proxy is working fine, unless I cannot add anything to playlist, everything else is ok (searching, navigate, settings ...)

Thanks