Subsonic converted to nginx

beaglebone.txt

@@ -7190,15 +7190,9 @@ editor /etc/nginx/sites-available/$HOSTNAME
 Delete all existing contents then add the following:
 
 #+BEGIN_SRC: bash
-upstream subsonicbackend {
-    server 127.0.0.1:4040 max_fails=3 fail_timeout=30s;
-    server 127.0.0.1:4040 max_fails=3 fail_timeout=60s;
-    server 127.0.0.1:4040 max_fails=3 fail_timeout=90s;
-}
-
 server {
     listen 80;
-    server_name mysubsonicdomainname.com;
+    server_name tunes.us.to;
     rewrite ^ https://$server_name$request_uri? permanent;
 }
 
@@ -7209,8 +7203,8 @@ map $http_upgrade $connection_upgrade {
 
 server {
     listen 443 ssl;
-    server_name mysubsonicdomainname.com;
-    index index.php;
+    server_name tunes.us.to;
+    index index.html index.htm;
 
     error_log  /var/www/mysubsonicdomainname.com/error.log debug;
 
@@ -7222,84 +7216,19 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
     ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
-    add_header Strict-Transport-Security "max-age=0;";
-    # Only uncomment one of the Strict-Transport-Security entries if you are
-    # not using a self-signed certificate
-    # add_header Strict-Transport-Security max-age=15768000; # six months
-    # use this only if all subdomains support HTTPS!
-    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
+    #add_header Strict-Transport-Security max-age=0; # six months
 
-    client_max_body_size 6m;
+    client_max_body_size 20M;
 
     keepalive_timeout 75 75;
     gzip_vary off;
 
     location / {
-        proxy_pass https://subsonicbackend;
-        proxy_http_version 1.1;
-        proxy_redirect off;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_buffers 16 32k;
-    }
-}
-
-
-
-
-server {
-    listen 443 ssl;
-    server_name mysubsonicdomainname.com;
-    charset utf-8;
-
-    root /var/www/mysubsonicdomainname.com/htdocs;
-    index index.php;
-
-    if ( !-d $request_filename ) {
-        rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
-    }
-
-    if ( !-d $request_filename ) {
-        rewrite ^/plex/(.*)$ /plex/index.php?action=$1 last;
-    }
-
-    location /rest {
-        limit_except GET POST {
-            deny all;
-        }
-    }
-
-    location /plex {
-        limit_except GET POST {
-            deny all;
-        }
-    }
-
-    location ^~ /bin/ {
-        deny all;
-        return 403;
-    }
-
-    location ^~ /config/ {
-        deny all;
-        return 403;
-    }
-
-    location / {
-        limit_except GET POST HEAD{
-            deny all;
-        }
-    }
-
-    location ~ ^(.+\.php)(.*)$ {
-        try_files $fastcgi_script_name =404;
-        fastcgi_split_path_info  ^(.+\.php)(.*)$;
-        fastcgi_pass   unix:/var/run/php5-fpm.sock;
-        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-        fastcgi_param  PATH_INFO        $fastcgi_path_info;
-        include        /etc/nginx/fastcgi_params;
+        proxy_pass http://localhost:4040/;
+        proxy_redirect     http://             https://;
+        proxy_set_header   Host                $host;
+        proxy_set_header   X-Real-IP           $remote_addr;
+        proxy_set_header   X-Forwarded-For     $proxy_add_x_forwarded_for;
     }
 }
 #+END_SRC
@@ -7307,193 +7236,12 @@ server {
 Save and exit.
 
 #+BEGIN_SRC: bash
+export HOSTNAME=mysubsonicdomainname.com
 sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
 cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
 /etc/init.d/nginx reload
 #+END_SRC
 
-
-
-
-
-
-
-
-
-
-
-
-
-#+BEGIN_SRC: bash
-export HOSTNAME=mysubsonicdomainname.com
-editor /etc/apache2/sites-available/$HOSTNAME
-#+END_SRC
-
-Add the following, replacing /mysubsonicdomainname.com/ with your subsonic domain name and /myusername@mydomainname.com/ with your email address.
-
-#+BEGIN_SRC: bash
-<VirtualHost *:80>
-    ServerName mysubsonicdomainname.com
-    Redirect permanent / https://mysubsonicdomainname.com/
-</VirtualHost>
-
-<IfModule mod_ssl.c>
-<VirtualHost *:443>
-    ServerAdmin myusername@mydomainname.com
-    ServerName mysubsonicdomainname.com
-
-    ProxyRequests Off
-    ProxyPreserveHost Off
-
-    <Location />
-        ProxyPass  http://localhost:4040/
-        ProxyPassReverse  http://localhost:4040/
-    </Location>
-
-    RewriteEngine on
-    RewriteOptions inherit
-
-    DocumentRoot /var/www/mysubsonicdomainname.com/htdocs
-    <Directory />
-        Options FollowSymLinks
-        AllowOverride All
-    </Directory>
-    <Directory /var/www/mysubsonicdomainname.com/htdocs/>
-        Options All
-        AllowOverride All
-        Order allow,deny
-        allow from all
-        LimitRequestBody 5120000
-    </Directory>
-
-    # Don't serve .php~ or .php# files created by emacs
-    <Files ~ "(^#.*#|~|\.sw[op])$">
-        Order allow,deny
-        Deny from all
-    </Files>
-
-    <IfModule headers_module>
-        Header set X-Content-Type-Options nosniff
-        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate, private"
-        Header set Pragma no-cache
-    </IfModule>
-
-    <Files .htaccess>
-      deny from all
-    </Files>
-
-    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-    <Directory "/usr/lib/cgi-bin">
-        AllowOverride All
-        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-        Order allow,deny
-        Allow from all
-        LimitRequestBody 512000
-    </Directory>
-
-    ErrorLog ${APACHE_LOG_DIR}/error.log
-
-    # Possible values include: debug, info, notice, warn, error, crit,
-    # alert, emerg.
-    LogLevel error
-
-    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
-
-    #   SSL Engine Switch:
-    #   Enable/Disable SSL for this virtual host.
-    SSLEngine on
-
-	SSLCertificateFile    /etc/ssl/certs/mysubsonicdomainname.com.crt
-	SSLCertificateKeyFile /etc/ssl/private/mysubsonicdomainname.com.key
-
-    # Options based on bettercrypto.org
-    SSLProtocol All -SSLv2 -SSLv3
-    SSLHonorCipherOrder On
-    SSLCompression off
-    SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
-
-    # Add six earth month HSTS header for all users ...
-    Header add Strict-Transport-Security "max-age=15768000"
-    # If you want to protect all subdomains , use the following header
-    # ALL subdomains HAVE TO support https if you use this !
-    # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
-
-    #   SSL Engine Options:
-    #   Set various options for the SSL engine.
-    #   o FakeBasicAuth:
-    #     Translate the client X.509 into a Basic Authorisation.  This means that
-    #     the standard Auth/DBMAuth methods can be used for access control.  The
-    #     user name is the `one line' version of the client's X.509 certificate.
-    #     Note that no password is obtained from the user. Every entry in the user
-    #     file needs this password: `xxj31ZMTZzkVA'.
-    #   o ExportCertData:
-    #     This exports two additional environment variables: SSL_CLIENT_CERT and
-    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-    #     server (always existing) and the client (only existing when client
-    #     authentication is used). This can be used to import the certificates
-    #     into CGI scripts.
-    #   o StdEnvVars:
-    #     This exports the standard SSL/TLS related `SSL_*' environment variables.
-    #     Per default this exportation is switched off for performance reasons,
-    #     because the extraction step is an expensive operation and is usually
-    #     useless for serving static content. So one usually enables the
-    #     exportation for CGI and SSI requests only.
-    #   o StrictRequire:
-    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-    #     under a "Satisfy any" situation, i.e. when it applies access is denied
-    #     and no other module can change it.
-    #   o OptRenegotiate:
-    #     This enables optimized SSL connection renegotiation handling when SSL
-    #     directives are used in per-directory context.
-    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-    <FilesMatch "\.(cgi|shtml|phtml|php)$">
-        SSLOptions +StdEnvVars
-    </FilesMatch>
-    <Directory /usr/lib/cgi-bin>
-        SSLOptions +StdEnvVars
-    </Directory>
-
-    #   SSL Protocol Adjustments:
-    #   The safe and default but still SSL/TLS standard compliant shutdown
-    #   approach is that mod_ssl sends the close notify alert but doesn't wait for
-    #   the close notify alert from client. When you need a different shutdown
-    #   approach you can use one of the following variables:
-    #   o ssl-unclean-shutdown:
-    #     This forces an unclean shutdown when the connection is closed, i.e. no
-    #     SSL close notify alert is send or allowed to received.  This violates
-    #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
-    #     this when you receive I/O errors because of the standard approach where
-    #     mod_ssl sends the close notify alert.
-    #   o ssl-accurate-shutdown:
-    #     This forces an accurate shutdown when the connection is closed, i.e. a
-    #     SSL close notify alert is send and mod_ssl waits for the close notify
-    #     alert of the client. This is 100% SSL/TLS standard compliant, but in
-    #     practice often causes hanging connections with brain-dead browsers. Use
-    #     this only for browsers where you know that their SSL implementation
-    #     works correctly.
-    #   Notice: Most problems of broken clients are also related to the HTTP
-    #   keep-alive facility, so you usually additionally want to disable
-    #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
-    #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
-    #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-    #   "force-response-1.0" for this.
-    BrowserMatch "MSIE [2-6]" \
-        nokeepalive ssl-unclean-shutdown \
-        downgrade-1.0 force-response-1.0
-    # MSIE 7 and newer should be able to use keepalive
-    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
-</VirtualHost>
-</IfModule>
-#+END_SRC
-
-Save and exit.
-
-#+BEGIN_SRC: bash
-makecert mysubsonicdomainname.com
-a2ensite mysubsonicdomainname.com
-service apache2 restart
-#+END_SRC
 *** Configuration
 Open a browser and go to your subsonic domain name. Log in with username /admin/ and password /admin/, then change your administrator password.