Hi!
I searched around this forum and with google but couldn't find a hint, how to set up subsonic installed via the .deb package on an Ubuntu 10.04 server to use ssl.
Maybe someone could explain to me or give me a link to an already existing explanation.
Many thanks in advance for your help,
Fabian
Subsonic 4.2.deb on Ubuntu 10.04 with SSL?
Moderator: moderators
9 posts
• Page 1 of 1
Subsonic 4.2.deb on Ubuntu 10.04 with SSL?
by zyrus » Wed Nov 24, 2010 7:37 pm
- zyrus
- Posts: 4
- Joined: Wed Nov 24, 2010 6:53 pm
by djetch » Mon Nov 29, 2010 6:09 pm
I'm going to bump this for you. I'm about to build an Ubuntu Server and I'm definitely going to using Subsonic on it although I'm not sure about using SSL.
Actually that raises a couple of questions: While I understand that SSL is for certifying https sites, I'm curious about why you are implementing it? Normally that is only used when you're sending/receiving sensitive information.
Also is your box behind a firewall? If so, is it still using private IP space or did you build a DMZ for it behind your router?
-just curious...
Actually that raises a couple of questions: While I understand that SSL is for certifying https sites, I'm curious about why you are implementing it? Normally that is only used when you're sending/receiving sensitive information.
Also is your box behind a firewall? If so, is it still using private IP space or did you build a DMZ for it behind your router?
-just curious...
- djetch
- Posts: 27
- Joined: Sun Nov 28, 2010 6:12 pm
- Location: US
by skyshock21 » Tue Nov 30, 2010 1:44 am
+1. SSL support is a must have. Subsonic is useless to me without it.
- skyshock21
- Posts: 10
- Joined: Wed Oct 13, 2010 3:15 am
- Location: US
by skyshock21 » Tue Nov 30, 2010 1:48 am
djetch wrote:I'm going to bump this for you. I'm about to build an Ubuntu Server and I'm definitely going to using Subsonic on it although I'm not sure about using SSL.
Actually that raises a couple of questions: While I understand that SSL is for certifying https sites, I'm curious about why you are implementing it? Normally that is only used when you're sending/receiving sensitive information.
Also is your box behind a firewall? If so, is it still using private IP space or did you build a DMZ for it behind your router?
-just curious...
Log in to a subsonic site that doesn't use SSL. Sniff traffic using wireshark. Notice how your username/password is presented to you in cleartext? Yeah... SUPER FAIL.
Normally this isn't a big deal because hey it's just music right? Until you remember that you use the same password for Facebook, Amazon, your Bank, Etrade, etc. In this day and age every site should utilize SSL.
Hey did you notice the forum you're posting in doesn't use SSL? Guess who has your username/password for this forum? Anyone who has a copy of wireshark, that's who.
- skyshock21
- Posts: 10
- Joined: Wed Oct 13, 2010 3:15 am
- Location: US
by seanpkeown » Tue Nov 30, 2010 2:59 am
I wrote a how-to on using SSL with subsonic if your running tomcat but it's only for windows at this point. But since tomcat runs on both windows and Linux some of the commands and concepts will be the same.
To be honest I saw your post the other day and i started installing subsonic on ubuntu but i haven't had the time to finish it yet. Maybe my current post will help with the encrypting part until i get time to write the how-to for ubuntu. In my post i also provide links to explain why encryption is necessary if you don't want someone to get access to your subsonic account.
http://forum.subsonic.org/forum/viewtopic.php?t=4247
I'm still wondering if it's possible for someone to get your user name and password and then upload a virus or maybe a mp3 with a virus in it onto your system through subsonic... hmmm
I don't know how they would execute it without local access but i still wonder.
Sorry to get everyone all paranoid but I hope that this helps.
~ Sean K
To be honest I saw your post the other day and i started installing subsonic on ubuntu but i haven't had the time to finish it yet. Maybe my current post will help with the encrypting part until i get time to write the how-to for ubuntu. In my post i also provide links to explain why encryption is necessary if you don't want someone to get access to your subsonic account.
http://forum.subsonic.org/forum/viewtopic.php?t=4247
I'm still wondering if it's possible for someone to get your user name and password and then upload a virus or maybe a mp3 with a virus in it onto your system through subsonic... hmmm
I don't know how they would execute it without local access but i still wonder.
Sorry to get everyone all paranoid but I hope that this helps.
~ Sean K
- seanpkeown
- Posts: 100
- Joined: Tue Jun 09, 2009 10:41 pm
by Exrace » Tue Nov 30, 2010 11:12 am
I am sure at some point this will be added but nothing is stopping you from setting up a web server to do https: and run subsonic on it.
You can also reverse proxy with many open source apps:
http://www.apsis.ch/pound
Also Astaro 8.0 I believe has reverse proxy built in to it.
http://www.astaro.com/solutions/web-app ... erse-proxy
If your not using Astaro yet it is worthy of a download.
Home license is free and is plenty to run your home network securely.
I am currently running 7.0 at home and I use a ssl vpn tunnel to get at my subsonic remotely.
You can also reverse proxy with many open source apps:
http://www.apsis.ch/pound
Also Astaro 8.0 I believe has reverse proxy built in to it.
http://www.astaro.com/solutions/web-app ... erse-proxy
If your not using Astaro yet it is worthy of a download.
Home license is free and is plenty to run your home network securely.
I am currently running 7.0 at home and I use a ssl vpn tunnel to get at my subsonic remotely.
- Exrace
- Posts: 218
- Joined: Thu Nov 11, 2010 5:02 am
by ootuoyetahi » Tue Nov 30, 2010 5:35 pm
skyshock21 wrote:+1. SSL support is a must have. Subsonic is useless to me without it.
SSL support was added a long time ago. I am running subsonic on ubuntu 10.04 with tomcat apache using a self signed certificate. Works on the web client and the Android client.
- ootuoyetahi
- Posts: 53
- Joined: Wed Mar 24, 2010 7:10 pm
by seanpkeown » Wed Dec 01, 2010 12:30 pm
Well i finished the Ubuntu Walk-Through. I kind of rushed through it so feel free to let me know if it works or not.
http://forum.subsonic.org/forum/viewtopic.php?t=4841
Enjoy,
Sean K
http://forum.subsonic.org/forum/viewtopic.php?t=4841
Enjoy,
Sean K
- seanpkeown
- Posts: 100
- Joined: Tue Jun 09, 2009 10:41 pm
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 28 guests