Subsonic Forum

by **predator7** » Mon May 24, 2010 8:46 am

hi, is it possible to provide an easy way of enabling ssl. because if i install a fresh subsonic its a bit complicated to set up ssl. cause you have to configure tomcat, make a new ssl key and so on like here

http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/

it would be much easyer if subsonic comes with a own default key, that you could change if you want to, and enabling ssl by adding just -ssl to subsonic start to have ssl enabled.

so without ssl can anybody readout the password, so i think many subsonic servers run without ssl because its to complicated to enable ssl for very much users.

by **predator7** » Thu May 27, 2010 1:06 pm

nobody answering, is the topic security so unimportant? cause without ssl can anybody log your password and have acces tot the server.

by **ttabbal** » Thu May 27, 2010 8:59 pm

predator7 wrote:nobody answering, is the topic security so unimportant? cause without ssl can anybody log your password and have acces tot the server.

While SSL would be nice, I just set up OpenVPN and use that or SSH for remote access to the internal network from outside. Secure, and I only have to set it up once per machine.

by **cbaksa** » Thu Jun 03, 2010 2:03 pm

You have my vote for SSL.
Its a must if you open it up in your router.

I'd also like to see the ability to assign the port that is used. 443 is already in use so I need to assign something else.. like 444.

Love the product. Great job!

Chris

by **skyshock21** » Tue Nov 30, 2010 1:52 am

+1 vote for SSL.

by **seanpkeown** » Tue Nov 30, 2010 3:34 am

Hey Guys,
I wrote a tutorial on how to install subsonic using tomcat and also how to setup SSL. It only works on windows at this point but i'm working on one for Ubuntu as well but it might be a while due to work and the holidays.

Maybe this will help until there is time to implement SSL into subsonic.

http://forum.subsonic.org/forum/viewtopic.php?t=4247

~ Sean K

by **neodawg** » Mon Dec 13, 2010 7:27 pm

I use apache to proxy my subsonic install on a windows box to the world, with this then i do a redirect to use https so apache encrypts the traffic leaving my network and consequently its only unencrypted on my local lan. while most of subsonic works fine, there is a few broken things and it doesnt seem like they will ever get fixed, certain parts of the site generate a 404 error. ex playing tab and settings.

by **skivinator** » Sun Jan 02, 2011 5:53 pm

+1 for SSL

by **billygoat32** » Fri Jan 07, 2011 5:37 pm

I've donated before, but I would donate again if this could be made part of the standard release.

I would like to be able to have SSL and keep up to date using the official packages without having to jump through hoops.

by **ShadowVlican** » Sun Jan 09, 2011 11:49 am

+1 for SSL because of tomcat..

i want an easy way to install tomcat (and keep up to date) because my WHS (which uses win2003) is not playing nice with jetty

by **jsmallwood** » Tue Jan 11, 2011 7:51 pm

+1 also for this feature. Kept looking through the docs and interface assuming it would be an option by default, didn't realize it wasn't built into the existing installer or service (on Windows of course).

Sure you can do it manually, but to be honest, it's a pain and something else users then have to manage and keep updated. I vote it should come as a checkbox option (during install and after install)

by **weelkin** » Tue Jan 11, 2011 10:18 pm

Hi there,

according to subsonic.org there`s already https/ssl support built in or am i mistaken? see : http://www.subsonic.org/pages/features.jsp#secure

regards
welkin

by **jsmallwood** » Wed Jan 12, 2011 1:43 am

I too saw that in the feature list, but as I understand it (which, admittedly, may not be at all) Subsonic supports HTTPS using a proxy or installed in another server like Tomcat. I've found some info online about running Jetty & Maven with SSL, but I've yet to find a switch or built-in setting in Subsonic to enable self-configured SSL and there's nothing in the install docs about it that I could find either. It is such a "switch" that I'd be interested in with this feature request.

Can anyone confirm this is, in fact, how things work in the current Subsonic release? i.e. no built-in SSL "switch"?

by **baaldemon** » Wed Jan 12, 2011 2:44 pm

HTTPS is supported in the application by default, meaning that it handles the writing of the urls based on what context its being accessed by (ie it keeps you in https if thats how you are accessing the server). Also the native android application is able to work under the https context.

This does not mean that SSL is enabled by default, but that is not up to the application itself, that depends on the webserver. The current stand alone install runs the application through a jetty webserver that is not configured to run ssl, however jetty can be configured to run ssl, however im not sure the feasibility of building this into the installer, nor do I believe its necessarily the way to go about it.

I would suggest for those of you who want ssl, and I would encourage its use, to install something like tomcat and run subsonic within it. You can follow the many guides out there to enable ssl through tomcat, its a couple command line utils and modifying a couple config files. Then its as simple as deploying a war file to the tomcat instance. Upgrading your install is as simple as deploying the new war file.

If you want ssl enabled it can be done fairly easily. Yes there are manual steps, but really if you are going to be running a web server you should be able to do it.

by **svingen** » Wed Jan 19, 2011 7:28 pm

Hello!
this work on last beta,only get up the control panel (where the windows clock is) and then option and click enable ssl and a port...work like a dream

i did send over 20euro donation and other that like ssl shold do the same

Subsonic Forum

provide SSL

provide SSL

+1 for this

last beta have this...

Who is online