Broken HTTPS/SSL browsing

Need help? Post your questions here.

Moderator: moderators

Broken HTTPS/SSL browsing

Postby zeekay » Fri Oct 03, 2008 3:18 pm

Trying to use subsonic with SSL, and I have been having an issue with subsonic's internal redirection. For instance when you try to go nowPlaying.view, it redirects to main.vew, and the redirection is to HTTP, it drops the HTTPS, which breaks the site. (Also there are issues with the Now playing info on the right of the main.view, with broken images, links, also using HTTP, instead of HTTPS). Is there any way to force subsonic to use HTTPS urls internally, or to possibly drop the http://, https://, and use relative urls?
zeekay
 
Posts: 63
Joined: Sun Aug 03, 2008 6:33 pm

Postby mbo030 » Fri Oct 03, 2008 5:34 pm

I am running Ubuntu 8.04 and Tomcat 5.5 with SSL. I did not experience any of the described problems. I also had Tomcat and SSL with previous Ubuntu versions and WinXP running. Subsonic always worked great with SSL.
mbo030
 
Posts: 4
Joined: Thu Nov 15, 2007 11:34 pm

Postby zeekay » Fri Oct 03, 2008 9:36 pm

I should clarify, in my case I run nginx in front of tomcat. If I allow HTTP traffic, the pages will forward properly, and I don't have any difficulties. It'll use SSL from streaming and most of the pages, but certain elements, like the album images in the now playing sidebar are transmitted over regular HTTP. I think SSL is broken behind a proxy because of the absolute urls. It'd be great if there was a switch to force it to use HTTPS for all the urls.
zeekay
 
Posts: 63
Joined: Sun Aug 03, 2008 6:33 pm

Postby sindre_mehus » Sat Oct 04, 2008 5:38 am

Yes, I can confirm that there are some bugs related to URL rewriting / redirection when using SSL.

Will be fixed in 3.5 or 3.6.

Thanks!
Sindre
User avatar
sindre_mehus
 
Posts: 1954
Joined: Tue Nov 29, 2005 6:19 pm
Location: Oslo, Norway

Postby zeekay » Sat Oct 04, 2008 2:40 pm

Thanks for the reply sindre! I'll keep an eye out ;D
zeekay
 
Posts: 63
Joined: Sun Aug 03, 2008 6:33 pm

Postby corentin » Wed Feb 04, 2009 9:55 am

Hi,

I've tested the new stable release (3.6) and there is some improvement with proxy support, since the embedded player is now trying to reach my server instead of localhost (I'm using Subsonic behind nginx; Jetty is listening on localhost, port 80 and nginx is making it reachable with SSL support on port 443).

There is still an issue, though. I've seen in my firewall logs that the embedded flash player is trying to reach my server on port 80 (HTTP) instead of 443 (HTTPS).

I had a quick look in the source code and I found this (file StringUtil.java, function rewriteUrl):

Code: Select all
  392     /**
  393      * Rewrites the URL by changing the host and port.
  394      *
  395      * @param urlToRewrite       The URL to rewrite.
  396      * @param urlWithHostAndPort Use host and port from this URL.
  397      * @return The rewritten URL, or an unchanged URL if either argument is not a proper URL.
  398      */
  399     public static String rewriteUrl(String urlToRewrite, String urlWithHostAndPort) {
  400         if (urlToRewrite == null) {
  401             return null;
  402         }
  403
  404         try {
  405             URL urlA = new URL(urlToRewrite);
  406             URL urlB = new URL(urlWithHostAndPort);
  407
  408             URL result = new URL(urlA.getProtocol(), urlB.getHost(), urlB.getPort(), urlA.getFile());
  409             return result.toExternalForm();
  410         } catch (MalformedURLException x) {
  411             return urlToRewrite;
  412         }
  413     }


I haven't tested it, but I assume rewriting line 408 with urlB.getProtocol() instead would solve the problem.
corentin
 
Posts: 3
Joined: Wed Feb 04, 2009 9:48 am

Postby omatzyo » Tue Mar 03, 2009 9:07 pm

I've having the same problem listed above (that started this topic). Slightly different configuration. My Ubuntu Subsonic host lies behind an ISA firewall. IDS accepts connections on a non-standard SSL port and mask forwards the traffice to the Subsonic at 8080. But Subsonic tries to change the link and the SSL is then broken, the whole site gets screwy after that.

Inside the LAN everything works great. Any thoughts?
omatzyo
 
Posts: 5
Joined: Tue Mar 03, 2009 8:47 pm

Postby Vasteel » Sat Mar 14, 2009 12:19 am

I've got the same problem as Omatzyo, here.

SubSonic running on a Windows 2003 server, listens on 8082 HTTP port within local area network.
ISA 2006 listening on 443 SSL port within LAN and public DMZ, redirects (publishes) traffic to the HTTP SubSonic website.

Everything works fine except for the embedded player when I'm using the ISA published SubSonic website (I get no buffering, so I can't play anything).
Everything works OK when I log on to SubSonic directly from the LAN.
If I set ISA to listen on 80 HTTP port, everything works OK too.

I'd like to use SSL on ISA, so if anyone has a clue to override this behavior, I would be very grateful!
Vasteel
 
Posts: 1
Joined: Sat Mar 14, 2009 12:10 am

Postby sindre_mehus » Sat Mar 14, 2009 4:38 pm

corentin,

Yes, I think you hit the nail on the head. The protocol should also be rewritten in rewriteUrl().

I've tested it with apache httpd + mod_ssl + mod_proxy and it seems to work fine.

I'll include the fix in Subsonic 3.7.

Thanks,
Sindre
User avatar
sindre_mehus
 
Posts: 1954
Joined: Tue Nov 29, 2005 6:19 pm
Location: Oslo, Norway

Postby omatzyo » Tue Mar 17, 2009 11:38 am

Thank you Sindre, we're looking forward to it!

Vasteel, I've been able to get streaming working fine. Its just that the SSL breaks when the album art is published without ssl.

Try this: run subsonic inside of tomcat (the WAR version is provided here also). then publish a certificate from your CA (export key too), place the cert in a folder on the server and edit the tomcat secure config (server.xml). here is what mine looks like:

Code: Select all
<Connector port="4330" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/var/lib/tomcat6/webapps/tckey.pfx" keystorePass="MYPASS"
           keystoreType="PKCS12"
           clientAuth="false" sslProtocol="TLS"/>


restart tomcat Now my subonsic server is listening on port 4330 and secured using a trusted certificate (neccessary for ISA to use this as a published site. This should be the same/similar using windows.

ISA: create a weblistener on 443, use the same certificate (or at least one that contains your public address). then publish a site using ssl bridging, uses your new listener, and recognizes a certain string (/subsonic/* for example.)

This works great for me, streams over ssl everywhere. i was a bit vague, so let me know if you need any more help.
omatzyo
 
Posts: 5
Joined: Tue Mar 03, 2009 8:47 pm

Postby anitract » Fri Oct 23, 2009 9:00 pm

This still seems to to be an issue in the latest version (3.8). I've been trying to get subsonic working through apache's ssl authentication, but experience the same thing as the parent poster...it appears there are hard-coded http links which break my https connection when they are hit.

If relative URLS are not going to be used, I was considering using http://apache.webthing.com/mod_proxy_html/ to change the http references on the fly. I was also looking into using tomcat's ssl, but I like the idea of keeping everything together in apache.

Anyone have a different work around?
anitract
 
Posts: 28
Joined: Wed Sep 23, 2009 5:27 pm

Postby neodawg » Wed Feb 24, 2010 7:10 pm

anitract wrote:This still seems to to be an issue in the latest version (3.8). I've been trying to get subsonic working through apache's ssl authentication, but experience the same thing as the parent poster...it appears there are hard-coded http links which break my https connection when they are hit.

If relative URLS are not going to be used, I was considering using http://apache.webthing.com/mod_proxy_html/ to change the http references on the fly. I was also looking into using tomcat's ssl, but I like the idea of keeping everything together in apache.

Anyone have a different work around?


I am also have similar issues, I have apache proxying from another computer and then out to the internet, it works cept for when you login it drops the https for http on login and logout, also the nowPlaying page gives a 404. Adding the (s) to http when i get the 404 fixes the issues and it continues on, except for the now playing page, which just gives the 404 and tries to go back to the main view like stated above.

Thanks for any help on this.

Edit: also just noticed that the Settings page behaves like the nowPlaying page.
Music Collection--
2,890 artists
8,253 albums
103,492 songs
640.11 GB
7,023 hours
neodawg
 
Posts: 51
Joined: Fri Feb 12, 2010 2:51 pm

Postby rks » Fri Mar 19, 2010 8:25 pm

Hello

The Login-bug when rewriting to https can be fixed by editing /var/subsonic/jetty/1388/webapp/WEB-INF/jsp/login.jsp -- remove / before "j_acegi_security_check".

Anyway, the Android program, or whatever underlying feature that does the actual connection, nags about "Connection failure. Scheme 'https' not registered." (I am on HTC Hero, Android v. 1.5) -- something I'm doing wrong?

Richard
rks
 
Posts: 4
Joined: Fri Mar 19, 2010 8:21 pm

Postby wraithdu » Thu Apr 01, 2010 10:53 pm

I'd like to echo the https -> http problems above. I have SSL working on a Windows 7 install using a LightTPD server as a proxy (mod_proxy). Subsonic v3.9 keeps changing https to http after login and on other assorted pages, Settings for example.

The above login.jsp patch does not work for me, in fact it breaks pretty much everything.

I'm going to assume this needs to be fixed before any of the iPhone or Android mobile apps can reliably implement SSL. I'll be registering shortly as this server works so beautifully on my mobile devices. I hope this can sorted out as well.

Keep up the great work!
wraithdu
 
Posts: 50
Joined: Thu Apr 01, 2010 10:34 pm

Postby wraithdu » Fri Apr 09, 2010 9:10 pm

Sorry to bump... but is this in your queue to be fixed for the next version of Subsonic? Z-Subsonic will have SSL support in v1.5 which should make SSL configurations more popular for users. This bug seems to be a final hurdle to get it working for the web interface as well.
wraithdu
 
Posts: 50
Joined: Thu Apr 01, 2010 10:34 pm

Next

Return to Help

Who is online

Users browsing this forum: No registered users and 5 guests