11-13-2010 - Android Client now supports self-signed certificates. ^_^ Big Thanks to Sindre
11-23-2010 - Updated Steps 3 & 4. I made encrypting more difficult then what it needed to be originally so i fixed this. I also made some additional changes Thanks to wraithdu
11-24-2010 - Made some more changes. Better explanations.
12-1-2010 - Added walkthrough for Ubuntu http://forum.subsonic.org/forum/viewtopic.php?t=4841
How SSL encryption works and why you would want to use it http://www.sslshopper.com/article-ssl-for-newbs.html
Why to or not to self sign versus buying a certificate. http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate.html
Let me start off by saying that there are a lot of posts on this topic but none of them really help walk you through installing tomcat and setting up HTTPS / SSL with subsonic on a windows OS.
Also by showing you how to install Subsonic on tomcat, i'm hoping that you already know how to install subsonic normally and also port forward on your router etc...
1st.) Lets start off by downloading all the required programs.
Subsonic - http://www.subsonic.org/pages/download.jsp - If you don't know why we need this download then you might want to give up now...
Even better you can download the .war file directly from here. http://sourceforge.net/projects/subsonic/files/
Also note that if subsonic is already installed then you might want to uninstall it or stop the subsonic service because it will probably conflict with tomcat when it tries to run subsonic.
Java (JRE) - https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u21-oth-JPR@CDS-CDS_Developer or
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Note: If you are going to install the 64bit version of tomcat you must install the 64bit version of Java otherwise tomcat will not work correctly. Note: that if you are running a 64bit OS and the program is 64bit then will install to C:\Program Files and the 32bit programs will install to C:\Program Files (x86) So if both java and tomcat aren't installed under the same program files folder then there is a chance you might have problems.
Tomcat - http://tomcat.apache.org/download-60.cgi - Tomcat is what will be serving you the subsonic webpages.
Note: I tried running subsonic on tomcat 7.0 but it kept returning with CSRF errors so i installed tomcat 6.0 and subsonic has worked great.
Note: You may have to point tomcat to where you installed java I also told Tomcat to do the full install Example: C:\Program Files\Java\jre6
32bit/64bit Installer http://ftp.wayne.edu/apache//tomcat/tomcat-6/v6.0.29/bin/apache-tomcat-6.0.29.exe
2nd.) Setting up subsonic on Tomcat
Now that everything is installed copy the subsonic.war file to.
- Code: Select all
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps
Make sure that you rename your .war file to subsonic.war if it isn't aready.
3rd.) Create your SSL certificate -- http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
First click Start>Run> once run opens then type CMD and press enter. Then paste the following code into the command prompt "Black Box" and press enter.
>>mkdir c:\ssl<< Code is in between the arrows.
Next make sure to change the code that's in red. Also Note that you may need to change the java location if you have a different version installed. Then do the same as above by pasting the code into the command prompt box and pressing enter.
>>"C:\Program Files\Java\jre6\bin\keytool" -genkey -alias tomcat -keyalg RSA -dname "CN=domainname, OU=Subsonic, O=Loving Music Inc, L=City, S=State, C=US" -validity 3650 -keystore c:\ssl\tomcat.ks -storepass secretpassword -keypass secretpassword<< Code is in between the arrows.
Code Meaning
CN=commonName "Domain Name"
OU=organizationUnit "Department or Division"
O=organizationName "Company Inc"
L=localityName "City Name"
S=stateName "State Name"
C=country "Country Code i.e US"
It doesn't really matter what you have in these fields but if you are using dynamic dns or something similar make the CN your domainname i.e xxxx.subsonic.org, xxxx.afraid.org, xxxx.dyndns.org. That way if you install your certificate into your trusted root authority then you won't get certificate errors.
If your looking for a higher encryption level then add -keysize 2048 to the code above right after -keyalg RSA. It will raise your encryption level from 1024 bit to 2048 bit encryption but it may also slow your connection.
4th.) Time to edit tomcat.
Go to C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf and edit server.xml with a program called notepad++ or with regular notepad but it may be harder to read.
First find and remove the <!-- and --> from the code.
- Code: Select all
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
and then add the following two lines keystoreFile="C:\ssl\tomcat.ks", keystorePass="secretpassword" and modify the protocol="org.apache.coyote.http11.Http11Protocol"" to the code making it look like the example below. Don't forget to put your secret password that you used in step 3 in the keystorePass="secretpassword".
The Connector Port is the port that you will be logging into. Example https://localhost:8443/subsonic non-encrypted it will be on http://localhost:8080/subsonic by default.
- Code: Select all
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\ssl\tomcat.ks"
keystorePass="secretpassword"
clientAuth="false" sslProtocol="TLS" />
5th.) I almost forgot... Don't forget your transcode Files.
You can download them from http://sourceforge.net/projects/subsonic/files/ Place them in C:\subsonic\transcode unzipped.
6th.) Restart Tomcat
Now restart the tomcat service by using the tomcat monitor or typing the following commands
- Code: Select all
net stop tomcat6
- Code: Select all
net start tomcat6
Enjoy - Encrypted - https://localhost:8443/subsonic ______ non-encrypted -- http://localhost:8080/subsonic by default.
Congratulations you are now able to surf and stream your subsonic webpage from another location with out having to worry that someone is going to get your username and password. ------ Let me know if this helped anyone and if there is something that i need to be clearer on.
EXTRA's ------------------------------------------------------------------------------------------------------------------------------------
Future Updates to subsonic.
To upgrade subsonic in the future all you have to do is delete C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic and C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic.war and then download the newest subsonic.war file from http://sourceforge.net/projects/subsonic/files/ and paste it under C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps and then reboot the tomcat service.
Optional Additions to Tomcat If you want your http port to auto forward to https then add the following to C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\web.xml and from now on when you browse to your website http://whatever/subsonic it will forward to https://whatever/subsonic
- Code: Select all
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you require authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
How to self sign certificates in IIS 7
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
Note: Problems that might crop up.
You can access subsonic from the local computer but not from another.
Example: You can go to http://localhost:8080/subsoinc or to http://127.0.0.1:8080/subsonic but you can't browse to http://serverip:8080/subsonic from another computer. Try disabling your windows firewall to see if that helps. If it does that turn your firewall back on and allow the ports that subsonic is using to pass through.
You get a warning that there is a problem with this website's security certificate.
You are always going to get this error if you connect via ip or by dns since we are using a self signed certificate. If you are connecting via your dynamic dns name or by a full dns name you will be able to install the certificate locally preventing this error from happening.
- *Updated* Works with Subsonic 4.3.1 Beta
The flash player in subsonic won't always play in IE 7 and 8 with a self signed certificate unless you install the certificate which is explained in the link below. http://forum.subsonic.org/forum/viewtopic.php?t=2748&highlight=https
I thought that i was able to fix the problem by updating the flash player but after a flash update i'm unable to again.
Instructions on how to update JWPlayer thanks wraithdu
1) Download the JWPlayer archive and extract 'player.swf' to
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\flash\jw-player-5.3.swf
2) Modify the following lines in the following files:
--> C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\WEB-INF\jsp\playlist.jsp
-----> swfobject.embedSWF("<c:url value="/flash/jw-player-5.3.swf"/>", "placeholder", "340", "24", "9.0.0", false, flashvars, params, attributes);
--> C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\WEB-INF\jsp\videoPlayer.jsp
-----> swfobject.embedSWF("<c:url value="/flash/jw-player-5.3.swf"/>", "placeholder1", "100%", "100%", "9.0.0", false, flashvars, params, attributes);
Where 'jw-player-5.3.swf' is the name of the new player you extracted from the JWPlayer archive in step 1.
If your're really lazy and don't feel like changing the code then just rename jw-player-5.3.swf to jw-player-5.0.swf and past it over the old jw-player-5.0.swf located at
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\subsonic\flash --- and delete your temp internet files.
