Subsonic Forum

[legendario]

Hi,

I have just enabled subsonic ssl port, but everytime I try to access http port, I'm redirected to the https port. I don't want this behavior, since my server is very modest, I'd like it to use ssl only when accessing it remotely and not on LAN, for example. Is there a way to avoid https redirection?

[GJ51]

It depends. I can do it on the war version running Tomcat on Windows server, but I'm not sure that you can do that on the regular Windoze install. Linux installations will need some feedback from someone else.

Anyway, on the Tomcat install you have to ad a section to the web.xml file to force ssl connection. If you don't do that you can connect either way.

[legendario]

I'm using the default .deb file on a linux box...

[GJ51]

I think that I was trying to make the point that regardless of the installation, there are steps you take to enable SSL. One of those being that you force the connection to use the SSL connection. If you skip that step, then you should be able to make either connection.

Hopefully, a Linux user knows the details, but seeing that you were able to get SSL working, I figured you'd be able to identify what you did to force Subsonic to use that connection.

[legendario]

But you are wrong about it. I just set the default ports for both connections at the /etc/default/subsonic file, but that didn't mean that subsonic should redirect all incoming connections to https. If there is another configuration I can do to avoid that, this is exactly what I was meaning when I came here for the first time.

[GJ51]

viewtopic.php?t=7548)

The 5th post implies that specifying the standard port should enable it.

Finally, you need to edit /etc/default/subsonic. In the SUBSONIC_ARGS line, add the -https-port=PORT option. You can also disable non-SSL usage with --port=0. For example, if you want to run on SSL port 5000 with non-SSL traffic disabled, you might have a line like this:

Code:
SUBSONIC_ARGS="--port=0 --https-port=5000 --max-memory=100"

I would think that if you replaced the "0" with the http port then both should be accessible. This was on Subsonic 4.5 but I wouldn't think that would be a factor.

The last post implies that if both are enabled, the subsonic.org redirection service will use the SSL port, but inside your network you should be able to use the localhost ip and the http port number to access the site. e.g. http://192.168.1.250:4040 - assuming the default port is used.

Another approach that might work would be to disable the SSL port, go to Settings/Network and Save. That should transmit the http port to the redirection service rather than the ssl port. Once done and verified working, then re-enable the SSL port, but do not resave to subsonic.org. This may or may not work, but would be worth trying.

[madhusker]

This isn't working correctly at all as you state. The problem I have is that Sonos is not working with SSL (as of Sonos version 5.4) and I want it to use HTTP instead which I know works. When both ports are specified

Code: Select all

SUBSONIC_PORT = 4040
SUBSONIC_HTTPS_PORT = 4041


it will do the redirect EVERY TIME. I tried this on two different boxes and same thing. Change the 4041 to 0 and non-SSL works fine, but then no HTTPS for when I am remote.

Lastly, there is an option in settings (in the browser) to stream non-SSL to winamp or such. That option does nothing and still cannot load the browser non-SSL (port 4040).

-MH

[Mandrake981]

Not sure how easy this can be done with Jetty (what the .deb version uses). My suggestion would be to install and set up Tomcat, and set up Subsonic on the port (or ports) you need, and then use Apache on the front end. I did this because dealing with the cert after a new version comes out is really a pain (having to make sure the key is in the subsonic.keystore, etc.), and so I just run Tomcat on port 8009 (AJP port), and use mod_proxy_ajp on one virtual host under Apache (for the HTTPS port) - the HTTP port virtual host I have redirecting to port 443. You'd essentially want the same thing for both virtual hosts, with the HTTPS port having the SSL stuff (cert, keys, etc.) so that Tomcat doesn't know the difference, and Apache handles the redirects (if needed). You could also use mod_redirect to help redirect to a particular port dependent on which IP address you're coming from, etc..

Once you have Tomcat set up, you won't have to do anything else to it when you upgrade - just go in and delete the prior war file (I name mine ROOT.war since I'm running it with no context-root) and the prior directory for that war under webapps, then drop the new war file in, let Tomcat unpack it, and I typically restart Apache just to make sure the proxy connects, and you're good to go.

I'd be happy to point you in the right direction for info on setting it up - it's not incredibly difficult, and is definitely much more stable than using Jetty...