CLOSED: Subsonic Encryption
Posted: Wed Apr 05, 2017 6:59 am
Hello,
Lately, I have become more aware of security with my HDA. One thing that has jumped out at me is that my Subsonic app doesn't seem to be using any sort of encryption. I'm not sure if this is a security issue or not, but I found a Subsonic page that addresses using https:
Thanks!
Lately, I have become more aware of security with my HDA. One thing that has jumped out at me is that my Subsonic app doesn't seem to be using any sort of encryption. I'm not sure if this is a security issue or not, but I found a Subsonic page that addresses using https:
Is this possible on my Amahi server? I don't see any other guidance on Subsonic's forums or website about how exactly to do this. I don't know how to add that port to the /etc/sysconfig/subsonic. I'm also not sure what the note about "encryption but not proper authentication" means. Any ideas on this?On Linux, add --https-port=4443 (or any other port) to SUBSONIC_ARGS in /etc/default/subsonic (Ubuntu/Debian) or /etc/sysconfig/subsonic (Fedora/RPM).Note that Subsonic uses a self-signed https certificate by default. This provides encryption but not proper authentication. To use your own certificate you must put it in a Java keystore, then specify the following Java system properties: subsonic.ssl.keystore (path to an alternate SSL keystore), and subsonic.ssl.password (password of the alternate SSL keystore). On Windows, you can set these system properties in C:\Program Files (x86)\Subsonic\subsonic-service.exe.vmoptions. On Mac, you can add them to /Applications/Subsonic.app/Contents/Info.plist.
Thanks!