CLOSED: Subsonic Encryption

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

CLOSED: Subsonic Encryption

Postby burn913 » Wed Apr 05, 2017 6:59 am

Hello,

Lately, I have become more aware of security with my HDA. One thing that has jumped out at me is that my Subsonic app doesn't seem to be using any sort of encryption. I'm not sure if this is a security issue or not, but I found a Subsonic page that addresses using https:
On Linux, add --https-port=4443 (or any other port) to SUBSONIC_ARGS in /etc/default/subsonic (Ubuntu/Debian) or /etc/sysconfig/subsonic (Fedora/RPM).Note that Subsonic uses a self-signed https certificate by default. This provides encryption but not proper authentication. To use your own certificate you must put it in a Java keystore, then specify the following Java system properties: subsonic.ssl.keystore (path to an alternate SSL keystore), and subsonic.ssl.password (password of the alternate SSL keystore). On Windows, you can set these system properties in C:\Program Files (x86)\Subsonic\subsonic-service.exe.vmoptions. On Mac, you can add them to /Applications/Subsonic.app/Contents/Info.plist.
Is this possible on my Amahi server? I don't see any other guidance on Subsonic's forums or website about how exactly to do this. I don't know how to add that port to the /etc/sysconfig/subsonic. I'm also not sure what the note about "encryption but not proper authentication" means. Any ideas on this?

Thanks!

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Subsonic Encryption

Postby bigfoot65 » Wed Apr 05, 2017 7:36 am

Hello,

The Secure App Access wiki page might help.

Unless you are exposing your network and HDA to the internet, this should not be necessary.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

Re: Subsonic Encryption

Postby burn913 » Wed Apr 05, 2017 9:14 am

Subsonic is accessible via the web from anywhere, which is why I love it and use it so much. Very easy to set up but I guess a possible security risk. I think I have Amahi 8 or 9, so I don't want to mess with something that is untested and not recommended, as stated in the secure access wiki page. Thanks.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Subsonic Encryption

Postby bigfoot65 » Wed Apr 05, 2017 10:06 am

Understand.

Marking this thread closed.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 11 guests