Saturday, March 2, 2013

Subsonic Proxy

Today's goal is to update Subsonic and Nginx so that all requests for Subsonic come through Nginx.  The reason for this is two-fold.
  1. I can use the same port (ssl 443) and URL (www.domain.com) for all my server apps.  Thus I don't need to poke a hole in my NAT to forward new ports, and users don't have to remember special ports.
  2. I can use the same SSL certificate for all my server apps, and it is a officially signed certificate, unlike the self-signed that comes with subsonic.
So, first step is to configure Subsonic.  I know that my Subsonic is going to be under the subdomain https://www.domain.com/subsonic, so I need to specify the context-path variable in the configuration.  Also, I still need to run Subsonic on a different port, I will just have Nginx redirect requests to this port.  Lastly, I will increase the max-memory available to Subsonic a bit to have a few more resources. To start, open the startup script for Subsonic
sudo vi /etc/default/subsonic
and change the args to
SUBSONIC_ARGS="--context-path=/subsonic --port=8080 --https-port=0 --max-memory=300"
Finally, for security reasons, change the user for Subsonic from root to www-data, the default user for Nginx. Make sure the permissions on your media files are set to allow this user.
SUBSONIC_USER=www-data
Next step is to configure Nginx.  Open the config
sudo vi /etc/nginx/sites-enabled/default
Then add the following section to the server section for port 443. We need to fix up some headers, and make sure that https is properly redirected.
location ^~ /subsonic/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $http_host;
        proxy_max_temp_file_size 0;
        proxy_pass http://localhost:8080;
        proxy_redirect http:// https://;
}
Then just restart both services, and you should be able to access Subsonic via http://www.domain.com/subsonic
sudo service restart nginx
sudo service restart subsonic
Posted by at

3 comments:

  1. phihosJuly 22, 2013 at 8:15 PM

    Your article helped me to finally configure my own setup right. Thanks!

    ReplyDelete
  2. UnknownAugust 27, 2013 at 5:40 AM

    I have a Linux box which is not only my Subsonic server, but serves as my Internet NAT router. I wanted Internet side connections to Subsonic to be via SSL, so passwords aren't passed in the clear, but there are some local clients which don't work with Subsonic via SSL. Unfortunately, Subsonic with do HTTP or HTTPS, but not both at once.

    Youtube Proxy

    ReplyDelete
    Replies
    1. DanAugust 27, 2013 at 6:22 AM

      If you are using the above instructions, I see 2 options.

      1) Just access subsonic locally using port 8080. It is already setup to be HTTP, it is just Nginx on port 443 using HTTPS. i.e. http://www.domain.com:8080/subsonic

      2) If you must use port 80, create a new section in Nginx for port 80, remove all the options for SSL, and from the port 80 section remove the line. It should redirect port 80 to port 8080 without SSL.

      proxy_redirect http:// https://

      Delete

Subscribe to: Post Comments (Atom)