I fell in love with subsonic. It allows me to play my media (music and movies) while I am away from home, getting bored in a hotel. For the installation I had a couple of requirements:

  • To prevent people from snooping on my passwords, https will be used as the protocol.
  • It must work on the default https port (443) to prevent potential problems with firewalls.

Now on Ubuntu (the Linux of choice for this installation) any port below 1024 can only be used by a process running as root. Since I didn’t want to run subsonic itself as root, I decided to use Apache in front of my subsonic installation. Apache can bind the port as root and then drop its privileges to the “www-data” user, something I don’t think subsonic is able to do.

The result of my installation is the following setup:

  • Apache running with https (ssl) on port 443. Apache will be reachable from the internet.
  • Subsonic running on port 4040 as a “normal” http service. Since the connection from apache to subsonic runs on the same machine, there is no need for encryption here. With this configuration subsonic itself is not directly reachable from the internet, but only through apache.
  • Apache will be configured as a so called reverse proxy to pass requests from apache to subsonic. This means your browser will talk to apache and Apache will talk to Subsonic.

Install Apache

The following command will install apache with support for https:

sudo apt-get install apache2 libapache-mod-ssl

Take note that for https, you will need the libapache-mod-ssl package, apache2 alone will not do https.

For ssl encryption we need to generate a so called “self signed certificate”.  There are a couple of ways to do this, I used the one described here. The steps are:

sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

This last one will ask you a lot of questions. The most important one however is the “common name”, which shall not be empty. Enter your official domain name, or your IP. If you don’t have an official domain name, or your IP keeps changing, Please set up a dynamic DNS somewhere on the net. I got mine at afraid.org. For the rest of the article I will assume that your host will be called supersonic.mydomain.com, you will need to replace that with your personal URL.

Now we need to configure in such a way that it will proxy all the requests to subsonic. Since subsonic will be installed on port 4040 afterwards, apache will forward all requests to port 4040. Create the following file for your domain /etc/apache2/sites-available/supersonic-mydomain.com-ssl with the following content:

    ServerName supersonic.mydomain.com
    ServerAlias supersonic.mydomain.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key
    BrowserMatch "MSIE [2-6]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    ProxyRequests Off

      Order allow,deny
      Allow from all

    ProxyPass /
    ProxyPassReverse /

Now enable this configuration:

sudo a2ensite supersonic-mydomain.com-ssl
sudo service apache2 reload

Install subsonic

First you need to install some dependencies for the subsonic package:

sudo apt-get install lame flac faad vorbis-tools ffmpeg openjdk-6-jre

Then head over to subsonic.org and download the latest package for your distribution. After you have downloaded change to the directory holding the package and type:

sudo dpkg -i subsonic-4.7.deb

Please note that we will install subsonic to run without https support. The https protocol will be handled by apache, so the communication between apache and subsonic is unencrypted. Since both services run on the same machine this should not be an issue at all. Now modify the file /etc/default/subsonic to look like the one below:

# This is the configuration file for the Subsonic service
# (/etc/init.d/subsonic)
# To change the startup parameters of Subsonic, modify
# the SUBSONIC_ARGS variable below.
# Type "supersonic --help" on the command line to read an
# explanation of the different options.
# For example, to specify that Subsonic should use port 80 (for http)
# and 443 (for https), and use a Java memory heap size of 120 MB, use
# the following:
SUBSONIC_ARGS="--port=4040 --max-memory=512"

# The user which should run the Subrsonic process. Default "root".
# Note that non-root users are by default not allowed to use ports
# below 1024. Also make sure to grant the user write permissions in
# the music directories, otherwise changing album art and tags will fail.

Now restart subsonic

sudo service subsonic restart

and check in your browser whether it all worked as intended: