Skip to content
This repository has been archived by the owner on Sep 8, 2021. It is now read-only.

Standalone WAR howto SSL? #1870

Open
csjjpm opened this issue Apr 6, 2021 · 2 comments
Open

Standalone WAR howto SSL? #1870

csjjpm opened this issue Apr 6, 2021 · 2 comments

Comments

@csjjpm
Copy link

csjjpm commented Apr 6, 2021

Problem description

Hi. I have a working standalone WAR version using Java. I have issues with browsers refusing to access it on HTTP and automatically redirect to HTTPS and it doesn't work. I do have a domain with a commercial SSL. How can I configure the standalone WAR version to use my certificate?

System information

  • Airsonic version: 10.6.2
  • Operating system: TrueNAS/FreeBSD
    Linux, what distribution; Windows or Mac, what version?*
  • Java version: 1.8.0_275
  • Proxy server: if running Airsonic behind a proxy, what server and
    version? Otherwise,     None
  • Client: Firefox 87.0 and Chrome 89.0.4389
  • Language: EN
@nx6
Copy link

nx6 commented Apr 6, 2021

You want to set up a reverse proxy in another jail and then use your cert there.

@lizonde
Copy link

lizonde commented Apr 19, 2021

Hello,
Try with reverse proxy in nginx, here is my config:

server {
    listen 80;
    server_name airsonic.example.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name airsonic.example.com;
    error_log /home/user/logs/airsonic.example.com.error.log;
    access_log /home/user/logs/airsonic.example.com.access.log;
    http2_chunk_size 300k;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    ssl_certificate /etc/letsencrypt/live/airsonic.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/airsonic.example.com/privkey.pem;

    location / {
	proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host  $http_host;
        proxy_set_header Host              $http_host;
        proxy_max_temp_file_size           0;
        # note, there is not SSL here! plain HTTP is used
	proxy_pass                         http://127.0.0.1:8080;
        proxy_redirect                     http:// https://;
    }
}

This was referenced Oct 14, 2022
Open
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lizonde @csjjpm @nx6