Subsonic Forum

[GJ51]

You might try checking Internet properties, Connections, LAN Settings and see if it's configured to use the proxy server. Unchecking it may allow you to bypass the proxy server.

[SlyGuy77]

No proxy servers configured..

[SlyGuy77]

You know what would solve all of my issues is if I were able to make subsonic a subsite on my IIS server.. Is there anyway to make that happen?

[GJ51]

Actually, I think we were doing that before we switched to WHS 2011. I'll ask my son if he remembers what we did when he gets home from school. He's the webmaster around here.

[SlyGuy77]

Problem solved!!!

I managed to get subsonic as sort of a sub-site using tomcat and Jakarta isapi_redirect..

I Just followed this guide

http://www.wegotserved.com/2009/10/08/h ... me-server/

Then I installed subsonic war version.. best part is that It kept all of my subsonic preferences.. and I can use https://servername.homeserver.com/subsonic/ and streaming works!

Thanks for all the help..

Sly.

[GJ51]

Congrats

[jerryyyyy]

I also just installed WHS 2011 and installed Subsonic on it (4.4). I have exactly the same question about how to open a secure port. I did not like the 443 idea since I believe I have to use that for remote access (1 am only 6 hours into the install).

I assume that is it simply more secure to use https that http as the later will allow login information to appear in the clear (correct?).

Therefore, I conclude the simple solution is to open another port for https for subsonic, but is this safe?

[GJ51]

I run 3 SS instances on my servers, one of which is publicly listed in my signature. I've not had any security issues as yet, nor do I expect it to be a problem.

Can it be hacked? There are no guarantees as we see even Sony has recently been hacked. But you have to ask yourself, why would anyone be interested in hacking an obscure SS site, and to what end? I don't see a big danger, but again, no one can make you any guarantees.

I operate all my SS sites on 809X for http and 45x for https. SSL connection will give you a warning msg. similar to what you get when you connect to the WHS remote webpage locally. It can safely be ignored as you know what you're connecting to.

Remember that if you enable ssl for Subsonic, you still use the http://servername.subsonic.org (the HTTP address) for the remote connection. SS will internally respond and connect over ssl.

You can also use http://servername.homeserver.com:SSport# if you've setup the WHS remote connection.

[jerryyyyy]

I run 3 SS instances on my servers, one of which is publicly listed in my signature. I've not had any security issues as yet, nor do I expect it to be a problem.

Can it be hacked? There are no guarantees as we see even Sony has recently been hacked. But you have to ask yourself, why would anyone be interested in hacking an obscure SS site, and to what end? I don't see a big danger, but again, no one can make you any guarantees.

I operate all my SS sites on 809X for http and 45x for https. SSL connection will give you a warning msg. similar to what you get when you connect to the WHS remote webpage locally. It can safely be ignored as you know what you're connecting to.

Remember that if you enable ssl for Subsonic, you still use the http://servername.subsonic.org (the HTTP address) for the remote connection. SS will internally respond and connect over ssl.

You can also use http://servername.homeserver.com:SSport# if you've setup the WHS remote connection.

Thanks for the help. Will put all the WHS11 questions here... BTW I think you helped me with basic port-forwarding a few months ago. Anyhow...

I have SS up and running on WHS11 over 8081. I checked it at the office today and it works remotely. I did not enable https on port 443 when I installed SS4.4 on the server.

Now I am trying to slowly and carefully invoke Remote Access on WHS11 while retaining SS access.

In the manual Remote Access setup I get the expected failure with a two-part solution suggested:

1. On the Router (NETGEAR WNDR3700) create IP address reservation for WHS11 and must set-up DHCP reservation for WHS11.

2. Set up port-forwarding http 80 and https 443.

Now, I understand part 2, not part 1 and I do not see appropriate settings on the router???

Parenthetically, if I set up port-forwarding on 443 for https for WHS, will that conflict if I eventually want to also use 443 for SS [will cross this bridge if I come to it, maybe]. Your solution implies I can use another port for SS or just the registered name.

Thanks

[GJ51]

OK -

If WHS 2011 did not place the proper forwarding entries in the router for you, then manually forward 80, 443, and 4125 to the WHS to enable access to the WHS remote web access.

If you have SS running on 8081, then set up a forward on 441 to the host computer and then use 441 in Subsonic to enable ssl. Just go to the SS Control Panel after the forward is set up and check the box on the settings tab and change the port number from 443 to 441. Once you have all that done you should be able to connect to SS using http and then SS will convert the connection to ssl for you. DO NOT attempt to connect to SS using https://servername.subsonic.org - it will fail. Use HTTP://severname.subsonic.org.

If you register WHS for remote access using servername.homeserver.com, you can then access SS using http://servername.homeserver.com:8081 OR https://servername.homeserver.com:441

If you use either homeserver address without adding the specific port number, you should get to the homeserver remote webpage.

The best of all worlds.


http://maplegrovepartners.subsonic.org
http://maplegrove.homeserver.com:8092
https://maplegrove.homeserver.com:452
http://108.17.27.224:8092
https://108.17.27.224:452

Should all get you to my public site's logon page. The best part is that the server that hosts the public site isn't even on the same host pc as maplegrove.homserver.com, it's actually on a Server o8 box in a WHS2011 Virtual Machine.

If you understand that the router is sending everything to the right Subsonic instance no matter which address is used, then you've got it all figured out.

EDIT: I recommend setting up a fixed internal ip address for the server so that the router can't randomly reassign a new ip address to it. If that happens, all your forward rules are no longer valid and you'll lose the connection. DHCP reservation is unique to each mfgr. Read the documentation for your router. I also recommend that you manually assign the ip address in the host PC's NIC so that it matches the settings in the router. I use a high address, such as 192.168.1.254, so that there is no chance of interfering with DCHP. Perhaps overkill, but it makes the ip address of the server rock solid.

I recently had to undo all that when I switched to using my Server 08 box as a Domain Controller and set up Activd Directory, but trust me, you don't want to go inot that. The details were gruesome.

[jerryyyyy]

Your recipe worked. Thanks very much. However, I had to use the default settings on WHS rather than setting port forwarding as there is no https setting in my router. It used uPnP.

I checked the ports as being open and set up the domain correctly.

However, I am not sure I want those ports open given the various unknown risks, so I tried to shut down Remote Access by turning off in the server control panel, but the ports remained open. They were not listed as port-forwarded ports in the router. I then turned off uPnP on the router. To my surprise there were about 6-7 other ports turned on... when I shut it down all but one went away after I turned it back on (52196 UDP Protocol).

I am under the influence of Steve Gibson at grc.com, so I think I will go slow on all this. Nonetheless, it is an excellent learning experience and I thank-you for your erudite assistance.

PS I turned off uPnP...

[jerryyyyy]

This is a wonderfully written article. You must have done a lot of research in this area. You have made this topic easy to read, interesting and easy to understand.

This is a very complex area and the people on this group (GJ51 not me) seem to have very good information on routers etc.

After sleeping on this, I decided to turn Remote Access back on WHS11 this morning after setting up Port Forwarding for TCP on both 80 and 443. I have turned off uPnP. After all, WHS is build on Small Business Server 2008...

[edit] I have a copy of WHS Unleashed v3 and it says you need TCP on 443 (SSL) and 4125 (RDP).

But, I wonder if I need to have 80 open at all? I can test this now by shutting down that port on my router.

I now have a XXXXX.homeserver.com domain and will test the suggestions above for logging into SS [edit: it worked].

Thanks to the group and GJ51 for the help.