HTTPS with Android Client and SS on Ubuntu

Frequently asked questions.

Moderator: moderators

HTTPS with Android Client and SS on Ubuntu

Postby MountainX » Wed Feb 22, 2012 5:24 am

I'm new to Subsonic - just installed it tonight. I want to use HTTPS exclusively. My only client (so far) is the Android Subsonic app. I don't know how to set up HTTPS.

Here are my settings.

I set up manual router port forwarding (because UPnP only seems to set up HTTP access). Here are my settings:
application: subsonic
protocol: both
source net: <blank>
port from: 4443
port to: 4443
IP address: <my Ubuntu server's LAN IP of 192.168.x.y>
enable: checked

I am using these args:
SUBSONIC_ARGS="--https-port=4443 --max-memory=120"

After changing the settings, I rebooted my router and restarted SS:
sudo service subsonic restart

The HTTPS settings do not work. In the Android client, after I set it up and click "Test" it returns "a network error occurred".
I tried a couple of different settings in the Android client, including:

[*]https://myname.subsonic.org
[*]https://myname.subsonic.org:4443
[*]https://myname.subsonic.org:443 (with alternate port forwarding settings)

(I also tried changing the port forwarding to forward from 443 to 4433 with the server address https://myname.subsonic.org)

I'm using the included SSL certificate. Locally, I can enter the HTTPS address in a browser and it works:
https://192.168.x.y:4443/
I can successfully log in, after I got the certificate warning the first time.

The HTTP network access still works from the Android client too. (I'll delete the UPnP entry as soon as HTTPS is working.)

Any help with HTTPS? Thanks
MountainX
 
Posts: 3
Joined: Wed Feb 22, 2012 5:14 am

Re: HTTPS with Android Client and SS on Ubuntu

Postby BKKKPewsey » Wed Feb 22, 2012 3:35 pm

I am not a droid user but I believe that you do NOT enter your the https prefix into the server address.
Just use http: myname.subsonic.org as the address and the re-direct will then go to your https: port.
No need to enter port address either as that is taken care of automatically.

:mrgreen:
Everyone is entitled to be stupid, Image but some abuse the privilege!

Due to the confusion from too many genres of music, we have decided to put both country music and rap music into the genre of Crap music.
User avatar
BKKKPewsey
 
Posts: 2080
Joined: Mon May 23, 2011 12:16 pm
Location: United Kingdom

Re: HTTPS with Android Client and SS on Ubuntu

Postby bushman4 » Wed Feb 22, 2012 4:56 pm

he is correct.

The Subsonic redirect service does not run on the SSL port, just on the standard web port.

If you use http://yourname.subsonic.org, it will then redirect to http://your.ip.address:YourHTTPPort/YourContextPath wich will then redirect to https://your.ip.address:YourHTTPSPort/YourContextPath.

HTH,

Glenn
Glenn Sullivan
Subsonic 5.2.1 (Standalone on Apache/Tomcat 6)
WHS 2003, Dual Core Athlon, 4 Gb RAM, 12 TB
50 regular Subsonic Users

Library as of 2016-03-21:
4,034 artists
16,595 albums
182,904 songs
4582.16 GB
21,558 hours
User avatar
bushman4
 
Posts: 867
Joined: Thu Dec 02, 2010 1:47 pm
Location: Massachusetts, USA

Re: HTTPS with Android Client and SS on Ubuntu

Postby MountainX » Wed Feb 22, 2012 7:20 pm

Thanks for the help!

Those redirects will happen first, before any login credentials are sent, right? I just don't want my login credentials sent in plain text.

What's the best way to test that Subsonic can be accessed only via HTTPS?

Is anyone else running Subsonic on a server with other data (other than just media)? I'm running it on a file server with a lot of different data that should remain secure. Does Subsonic create security considerations I need to know about? Where would I find more info on this subject?

Thanks again!
MountainX
 
Posts: 3
Joined: Wed Feb 22, 2012 5:14 am

Re: HTTPS with Android Client and SS on Ubuntu

Postby bushman4 » Wed Feb 22, 2012 7:37 pm

The best way to ensure that Subsonic is only accessed by HTTPS is to only access it using HTTPS. But to do that, you give up the custom domain name... your server address would be https://your.ip.address:YourHTTPSPort/YourContextPath

Baring that, I guess you would have to trust in the fact that, once you enable SSL (HTTPS) in Subsonic, it will automatically redirect all HTTP connections to the HTTPS address. So assuming that you know that HTTPS is set up on the server, and you get a connection at all, you can be assured that the connection is over HTTPS (because all HTTP connections would be redirected and fail if HTTPS was not working).

As to other security considerations, I am not a java programmer so cannot comment.

HTH,

Glenn
Glenn Sullivan
Subsonic 5.2.1 (Standalone on Apache/Tomcat 6)
WHS 2003, Dual Core Athlon, 4 Gb RAM, 12 TB
50 regular Subsonic Users

Library as of 2016-03-21:
4,034 artists
16,595 albums
182,904 songs
4582.16 GB
21,558 hours
User avatar
bushman4
 
Posts: 867
Joined: Thu Dec 02, 2010 1:47 pm
Location: Massachusetts, USA

Re: HTTPS with Android Client and SS on Ubuntu

Postby paulodell » Sat Mar 03, 2012 3:23 pm

MountainX wrote:Those redirects will happen first, before any login credentials are sent, right? I just don't want my login credentials sent in plain text.

I am not sure about how the Android Client parses your url in order to make the web calls but SubWiji (the Windows client I coded) looks up your https url BEFORE doing ANY web calls with the username and password in (which are encoded also).
So this would mean that the HTTPS url is always used whenever doing anything on your server, the only time the HTTP url is used is once to get the secure url (which when using the subsonic.org address doesn't need the username and password).

Regards

Paul
SubWiji http://tinyurl.com/7sxwbfv Install http://subwiji.paulodell.co.uk
Transcode Step1 "ffmpeg -f mp3 -i %s -ab %bk -v 0 -f mp3 -"
Tremor Games http://www.tremorgames.com/?ref=59174
User avatar
paulodell
 
Posts: 294
Joined: Fri Jul 29, 2011 11:28 am
Location: UK


Return to FAQs

Who is online

Users browsing this forum: No registered users and 1 guest