Subsonic - Working Internally, but not Externally

(Mark) #1

I am having some issues getting Subsonic to work properly. It works internally without issues. Externally I get to the login page, enter my login ID and password and then get redirected to an error page from my router. I have tried a different port with the same result. I also treied different browsers and clearing my cache. I have tried from inside and outside my network with the same results as well as from Windows and iOS devices.

Seems like others have gotten a bit farther than I, but have faced issues using other reverse proxies. I see othesr are able to get logged in and see the home page and some functionality works, but not all. I am not certain how to translate those solution’s to Caddy config. Hoping someone else has a babel fish and can help.

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=18070&p=76729&hilit=proxy#p76729

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=17584&p=74716&hilit=caddy#p74716

Caddy code block and external curl request is below. An internal curl returns no results, but it is working internally.

Caddy Code Block
####################################################################################
#Subsonic Admin subdomain code block example
####################################################################################
jukebox.external.net http://internal.subsonic {
tls user@mydomain.net # Email for Let’s Encrypt Verification
gzip
log “C:\Users\user\Documents\caddy\logs\subsonic_access.log” {
rotate_size 1 # Rotate after 1 MB
rotate_age 7 # Keep log files for 7 days
rotate_keep 2 # Keep at most 2 log files
}
errors “C:\Users\user\Documents\caddy\logs\subsonic_error.log” {
rotate_size 1 # Set max size 1 MB
rotate_age 7 # Keep log files for 7 days
rotate_keep 2 # Keep at most 2 log files
}
proxy / 192.168.1.103:4040/subsonic/ { #http://www.subsonic.org
without /subsonic
transparent
}
}

External curl

<script type="text/javascript" src="/ui/1.0.99.180968/dynamic/js/ui.js.localized"></script><!-- MUST load prior to ui.js -->
<!--big.js-->
<!--BEGIN_COMBINED-->
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/jquery.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/jquery.cookie.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/browser.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/webshim/extras/html5shiv.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/webshim/extras/modernizr-custom.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/webshim/polyfiller.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/shims.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/shared/shared-util.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/util.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/linksys.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/shared/shared-ui.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/ui.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/data-bind.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/jquery.ui.widget.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/jnap.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/globals.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/devices.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/language.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/lib/ui.checkbox.js"></script>
<script type="text/javascript" src="/ui/1.0.99.180968/static/cache/js/help.js"></script>
<!--END_COMBINED-->
<script type="text/javascript">
    $('#applet-container').css('visibility', 'visible');
</script>
(Matthew Fay) #2

Not really sure what the strategy is here.

You’re proxying the web root (/) to the upstream, with the prefix /subsonic/, and then you’re trimming the /subsonic prefix from the request. But you’re not using /subsonic as the base path for the proxy, and without doesn’t act on the upstream URI if you’ve specified it. So a request to / gets routed to 192.168.1.103:4040/subsonic/. A request to /subsonic also gets routed to 192.168.1.103:4040/subsonic/.

Why not simply proxy / 192.168.1.103:4040?

(Mark) #3

Whitestrake you are correct. I had a context path setup in subsonic as /subsonic. I removed it and changed the CaddfyFile to simplify things, but still get the same results. Works fine internally using http://internal.subsonic. Does not work externally using https://jukebox.external.net. I also tried to enable https in Subsonic and that also works internally, but not externally.

It seems Subsonic does not like having an https proxy in front of it for some reason. I will poist an issue to their forum as well to see if someone there can shed some light.

Changed proxy to:
proxy / 192.168.1.103:4040/ {
transparent
}

(Matthew Fay) #4

Are you using a Linksys router, by any chance?

There’s references to it in the script tags you get from the external cURL.

I have to wonder if the login page you’re getting is for the router itself, not Subsonic. One question that might be pertinent is whether or not you’re accessing your “external” URL from within the router’s private network or if you’re truly outside the network, accessing it from the internet.

What do you get from curl -IL https://jukebox.external.net?

(Mark) #5

Yes, I am using a Linksys router. As I mentioned, I get to the SubSonic branded login page, enter my SZubSonic ID and PW whihbc are different than the router login creds, and then get redirected to an error page from my router. I tried it from my phone with wifi disabled so I have tried it both internally and externally with the same results. I never get back to the subsonic login page unless I clear my browser cache. Closing the browser and going back takes me directly to the Linksys error page. I have many other apps behind Caddy and they all work fine internally and externally.

Results from "curl -IL https://jukebox.external.net"
HTTP/1.1 302 Found
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://jukebox.external.net/login.view;jsessionid=5d56gsuvdu5s?
Server: Caddy
Server: Jetty(6.1.x)
Set-Cookie: JSESSIONID=5d56gsuvdu5s;Path=/
Date: Mon, 13 May 2019 02:16:21 GMT

HTTP/1.1 404 Not Found
Status: 404 Not Found
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
CONTENT-LANGUAGE: en
Date: Mon, 13 May 2019 02:16:26 GMT
Server: lighttpd/1.4.39

Results from "curl -IL http://internal.subsonic"
HTTP/1.1 302 Found
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://internal.subsonic/login.view;jsessionid=wme3pxknlzes?
Server: Caddy
Server: Jetty(6.1.x)
Set-Cookie: JSESSIONID=wme3pxknlzes;Path=/
Date: Mon, 13 May 2019 02:19:04 GMT

HTTP/1.1 200 OK
Content-Language: en
Content-Length: 0
Content-Type: text/html; charset=utf-8
Server: Caddy
Server: Jetty(6.1.x)
Date: Mon, 13 May 2019 02:19:04 GMT

(Matthew Fay) #6

Alright, from the Location and Server headers, we can tell that there’s a few problems here.

Jetty (the program serving Subsonic) is redirecting you down to HTTP. That’s problem #1, with its own set of issues it will cause, even if you solve the other problem, which is…

Problem #2: Caddy’s not responding on an external HTTP request, lighttpd is.

So, you’ve got your router forwarding port 443 to Caddy, but it’s eating port 80 itself for its own web interface, I’m guessing. So the first step is to check those settings and get the router behaving properly - port 80 needs to go to Caddy.

If you can fix that, you’ll then need to sort out why Subsonic is downgrading the connection from HTTPS. You’ve set transparent in your Caddyfile, and in that preset is the header X-Forwarded-Proto {scheme}, which should be all you need to tell Subsonic not to downgrade and use HTTPS instead. So I’m thinking this’ll be a bit of a hurdle. That said, the lighttpd server on the HTTP port is the first thing to fix.

(Mark) #7

Sorry if this is a newbie question, but I am not following. On my router I only have port 443 opened externally and it is forwarded internally to 192.168.1.103. 192.168.1.103 is where both SubSonic and Caddy are running from. My router is 192.168.1.1 and its admin interface is served up on port 80. There is not a way to change what port I can see in the router GUI from port 80 to any port of my choosing.

Is what you are saying is that Caddy is some how redirecting http traffic back to port 80 on my router when SubSonic fails to handle the https traffic? So changiong my router to not respond to traffic comeing to it from port 80 might fix the issue?

(Matthew Fay) #8

No. Caddy is not redirecting back to HTTP. Caddy is receiving a connection over HTTPS, proxying to Subsonic, and Subsonic issuing a redirect back to HTTP. Caddy is just relaying Subsonic’s response to the client. Subsonic is the bad actor here.

Uh, not quite. Port 80 needs to be forwarded to Caddy, not handled by your router, that’ll help the situation. But we’ll run into the next problem (Subsonic downgrading the connection). Once Caddy’s handling port 80, it’ll try to upgrade the connection again. Since Subsonic isn’t playing nicely, that’ll need to be fixed next in order to get things working.

1 Like