Page 1 of 1

Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Sun Apr 29, 2012 3:25 am
by sir2u
These instructions should walk you through getting Subsonic 4.6 in Tomcat on a headless Ubuntu 12.04 server using HTTPS and LDAPS. HTTPS will be run on port 8081 for this tutorial, but you can run it on the default 443. I've chosen to go with a Tomcat installation for scalability. Security is always a concern and I do what I can to mitigate risk.
Assumptions:
This is a based off a brand new install with nothing more than an SSH server installed.
An SSL cert has already been generated for the web server or we're using the snakeoil certificates provided by the ssl-cert package
An SSL cert is available for the issuing CA for the LDAPS server
LDAPS is already working on the LDAP server
LDAP server is 192.168.1.2

1) Install Tomcat6 w/APR and transcoders
sudo apt-get install ssl-cert tomcat6 tomcat6-admin libtcnative-1 lame ffmpeg ttf-dejavu-core

2) Prep directories; A previous version of subsonic didn't create /var/subsonic. I don't know if this has been fixed, but I do it anyway.
mkdir /var/subsonic
chown -R tomcat6:tomcat6 /var/subsonic


3) Edit Tomcat users; change the password to something useful. BE SURE TO UNCOMMENT THE STANZA (I wasted 10 minutes trying to figure out why my changes weren't taking effect. Duh.)
sudo vim /etc/tomcat6/tomcat-users.xml
Code: Select all
<tomcat-users>
  <role rolename="admin"/>
  <role rolename="manager"/>
  <user username="admin" password="password" roles="admin,manager"/>
</tomcat-users>


4) Copy certificate and private key to /etc/tomcat6 or use a real certificate that you've generated.
sudo cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/tomcat6/
sudo cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/tomcat6/
sudo chown root:tomcat6 ssl-cert-snakeoil.*


5) Enable SSL on server
sudo vim /etc/tomcat6/server.xml
uncomment the following line
Code: Select all
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />


add the following stanza where connectors are defined
Code: Select all
<!-- SSL Connector in APR format -->
        <Connector port="8081" maxThreads="200"
     scheme="https" secure="true" SSLEnabled="true"
          SSLCertificateFile="/etc/tomcat6/ssl-cert-snakeoil.pem"
          SSLCertificateKeyFile="/etc/tomcat6/ssl-cert-snakeoil.key"
     SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"
          SSLProtocol="TLSv1"/>

6) Modify the following files for basic ACL to management pages; change the IP to whatever is relevant to you.
sudo vim /etc/tomcat6/Catalina/localhost/manager.xml
Code: Select all
<Context path="/manager"
        docBase="/usr/share/tomcat6-admin/manager"
        antiResourceLocking="false" privileged="true" >
        <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="192.168.1.*"/>
</Context>


sudo vim /etc/tomcat6/Catalina/localhost/host-manager.xml
Code: Select all
<Context path="/host-manager"
        docBase="/usr/share/tomcat6-admin/host-manager"
        antiResourceLocking="false" privileged="true" >
        <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="192.168.1.*"/>
</Context>


sudo vim /etc/tomcat6/Catalina/localhost/ROOT.xml
Code: Select all
<Context path="/"
        antiResourceLocking="false" >
        <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="192.168.1.*"/>
</Context>


7) Restart Tomcat

8) Import certificates to the Java keystore for LDAPs. Default password is 'changeit'. Replace YOURCA with your actually CA name and certificate.
sudo keytool -import -trustcacerts -alias YOURCA -file YOURCA.cer -keystore /etc/ssl/certs/java/cacerts

9) Change the Java keystore password
sudo keytool -storepasswd -keystore /etc/ssl/certs/java/cacerts

10) Log into Tomcat Manager WebApp and deploy subsonic.war
Open a browser to https://yourserver:8081
Download subsonic WAR deploy using Tomcat manager-webapp

11) Link transcoders
sudo ln -s /usr/bin/lame /var/subsonic/transcode/lame && sudo ln -s /usr/bin/ffmpeg /var/subsonic/transcode/ffmpeg

12) Log into subsonic (https://yourserver:8081/subsonic) and configure LDAPS under Settings\Advanced. You can do it by users in an given OU or in a group. In the example below, users are part of a group called Subsonic. The LDAP Manager account should not be a privileged account anywhere.
By OU
LDAP URL: ldaps://192.168.1.2:636/ou=users,dc=domain,dc=local
LDAP Search Filter: (sAMAccountName={0})
LDAP Manager DN: DOMAIN\username
Check Box: Automatically create users in Subsonic

Or by Group
LDAP URL: ldaps://192.168.1.2:636/dc=domain,dc=local
LDAP Search Filter: (&(sAMAccountName={0})(&(objectCategory=user)(memberof=cn=subsonic,ou=groups,dc=domain,dc=local)))
LDAP Manager DN: DOMAIN\username
Check Box: Automatically create users in Subsonic

13) Some tweaks
Add cache memory and change usercache. I've set my usercache to be 1 hour. That means if I remove access for a user it will take up to an hour for Subsonic to reflect the change. The defaults are ridiculously high and users never lose access until a restart of the service.
sudo vim /var/lib/tomcat6/webapps/subsonic/WEB-INF/classes/ehcache.xml
Code: Select all
    <defaultCache maxElementsInMemory="10000"
           eternal="false"
           timeToIdleSeconds="120"
           timeToLiveSeconds="120"
           overflowToDisk="true"
           maxElementsOnDisk="10000000"
           diskPersistent="false"
           diskExpiryThreadIntervalSeconds="120"
           memoryStoreEvictionPolicy="LRU"/>

    <cache name="musicFileCache"
           maxElementsInMemory="1000"
           eternal="true"
           timeToIdleSeconds="0"
           timeToLiveSeconds="0"
           overflowToDisk="false"/>

    <cache name="childDirCache"
           maxElementsInMemory="100"
           eternal="true"
           timeToIdleSeconds="0"
           timeToLiveSeconds="0"
           overflowToDisk="false"/>

    <cache name="coverArtCache"
           maxElementsInMemory="200"
           eternal="false"
           timeToIdleSeconds="300"
           timeToLiveSeconds="300"
           overflowToDisk="false"/>

    <cache name="userCache"
           maxElementsInMemory="1000"
           eternal="false"
           timeToIdleSeconds="3600"
           timeToLiveSeconds="3600"
           overflowToDisk="false"/>

    <cache name="musicFolderCache"
           maxElementsInMemory="250"
           eternal="true"
           diskPersistent="true"
           overflowToDisk="true"/>

    <cache name="chatCache"
           maxElementsInMemory="10"
           eternal="true"
           diskPersistent="true"
           overflowToDisk="true"/>

</ehcache>


14) Increase heap memory available to tomcat. This is what I have configured. My library is only 13,000 songs with 5 users. My install is on a VM with 2 vCPUs and 2GB RAM. Adjust your values to fit your needs.
vim /etc/default/tomcat6
JAVA_OPTS="-Djava.awt.headless=true -Xmx512m -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode"

Tomcat

PostPosted: Mon Apr 30, 2012 2:17 pm
by spookybathtub
Very detailed, thanks for adding that write-up to the community. I don't understand why some people use Tomcat, though. Is it an alternative to jetty? I've installed Subsonic on an Ubuntu (lucid) machine, and an OS X, and have never fooled with Tomcat. What's that for?

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Mon Apr 30, 2012 2:44 pm
by bushman4
I agree... great detailed write-up. Thank you!

Having used both the default Jetty installation and a WAR installation in Tomcat (on Windows mind you, but I think it is universal) the Tomcat instance is drastically quicker.

I am not sure at what size library it is advantageous to change over, but with one my size the difference is very noticeable... like an entire order of magnitude. An artist listing that used to take 45 to 60 seconds to load now takes between 6 and 10 seconds.

And I've got to say that once Tomcat is installed and working, upgrades are super easy... stop the server, delete the webapp\subsonic and work directory, replace the old subsonic.war with a new one and restart the server.

Easy Peasy Lemon Squeezy.

Hope this helps,

Glenn

Tomcat errors

PostPosted: Tue May 01, 2012 6:21 am
by spookybathtub
Alright you've convinced me :) I just switched to Tomcat. It was fairly painless, having already learned all about keystores, and your guide was helpful.

I'm getting an error every time Subsonic tries to create thumbnails.
Code: Select all
[2012-04-30 23:15:05,884] INFO CoverArtController - Created thumbnail cache /var/subsonic/thumbs/48
[2012-04-30 23:15:05,885] WARN CoverArtController - Failed to create thumbnail for /Volumes/NewData/CDrips/AIR/Pocket Symphony/Folder.jpg
java.lang.NoClassDefFoundError: Could not initialize class sun.java2d.Disposer

Is this related to permissions? The permissions on that cache folder (48) are drwxr-xr-x 2 tomcat:staff. Tomcat is run by the user called tomcat, but I'm not sure if that means subsonic is also run by the same user?

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Thu May 03, 2012 11:46 am
by sir2u
What OS are you running this on? Are you sure that's the correct Tomcat user?

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Thu May 03, 2012 2:15 pm
by spookybathtub
It's Mac OS X. But I figured out the solution is to run Java in headless mode. Not really sure why, but it works :D
Code: Select all
CATALINA_OPTS=-Djava.awt.headless=true

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Fri Dec 14, 2012 9:37 am
by KBanause
spookybathtub wrote:It's Mac OS X. But I figured out the solution is to run Java in headless mode. Not really sure why, but it works :D
Code: Select all
CATALINA_OPTS=-Djava.awt.headless=true


Sorry to warm up that thread but I have the same problem. Where did you add this line?

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Fri Dec 14, 2012 9:52 am
by spookybathtub
That goes with any other Tomcat startup options in the Tomcat5.sh startup script. This is usually located in $CATALINA_HOME/bin

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Fri Dec 14, 2012 9:57 am
by KBanause
Thanks.

But since I have installed tomcat using macports, it seems that I have to add it to the the JAVA_OPTS variable in the tomcatctl script (located at /opt/local/share/java/tomcat6/bin/ )

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Mon Dec 24, 2012 12:00 pm
by getwired
Question for you guys running on Tomcat:

I have read that Tomcat seems to correctly stream transcoded files by sending an accurate (or at least acceptable) content header length to the "client", whereas Jetty has had problems with this in the past. The net-net of this is that when the streaming transcoded files hit the client from Jetty, the currently playing media cannot be seeked forward or in reverse, because the external player client (WinAMP in my case) has no idea of the length of the content. This is a small thing, but it is driving me completely batty, and I am feeling the need to fix it, or at least avoid it.

Can you successfully seek a transcoded streamed FLAC->MP3 file backwards / forwards in any external players on a Tomcat/WAR install? THANK YOU!

Here's my one-step transcode settings in case you can help a brotha out. :)

Code: Select all
ffmpeg -i %s -ar 44100 -ac 2 -request_sample_fmt s16 -acodec libmp3lame -ab %bk -map_metadata 0:0 -f mp3 -id3v2_version 3 -

Try it if you want... :wink:

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Thu Dec 19, 2013 7:40 pm
by HerrNilsson
I now run Subsonic 4.9 beta 3 on a brand new Ubuntu 12.04.3 with Tomcat7 and HTTPS, war-deployed.

Working like a charm, insanely fast with over 4TB of music.
I've made some adjustments to the jsp-files. My question is, how do i upgrade when next version is released?

Thanks

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Thu Dec 19, 2013 8:37 pm
by sir2u
My experience is to take notes of any customization you have done because when you redeploy the WAR file it overwrites everything. After you redeploy, just go back in and edit the files again.

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Thu Jan 30, 2014 12:01 pm
by HerrNilsson
sir2u wrote:My experience is to take notes of any customization you have done because when you redeploy the WAR file it overwrites everything. After you redeploy, just go back in and edit the files again.


Alright, just upgraded to 4.9 from 4.9 beta3.
All the playlists, starred and so on is still there. That's aswesome.
Just some minor graphic changes i need to do when i deploy the new war.

Still have this problem though
viewtopic.php?f=4&t=14023&p=61314#p61314

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Thu Jan 30, 2014 4:01 pm
by sir2u
Sent you a PM.

Re: Subsonic 4.6 WAR, Tomcat 6, Ubuntu 12.04, HTTPS, LDAPS

PostPosted: Sat Mar 14, 2015 5:47 pm
by raydiognome
I'm assuming there may be close similarities so I'm asking here.
I have Tomcat 7 installed on my Synology DS and deployed the Subsonic war on it. Ports are open. Works great locally but when I access it outside of my LAN I can login and get the GUI complete with the library listing but no album covers and no music will play
I receive the following error when I try to play something: "Cannot read property 'html' of null

I thought it was a transcoding issue at first so I made sure to point subsonic to synology's ffmpeg instance by running the following line: "ln -s /usr/syno/bin/ffmpeg /var/subsonic/transcode/ffmpeg

After restarting Tomcat Subsonic would not start. It took rebooting my entire Diskstation to get it running again.
At this point I get nothing after logging in remotely

Any ideas?