|
@@ -8358,6 +8358,232 @@ a2ensite $HOSTNAME
|
8358
|
8358
|
service apache2 restart
|
8359
|
8359
|
#+END_SRC
|
8360
|
8360
|
|
|
8361
|
+** Subsonic
|
|
8362
|
+
|
|
8363
|
+Subsonic looks ok as a media server, but the deb file downloadable from soureforge seems to be not quite free - i.e. to have a built in licensing antifeature. There is a fully free version with the antifeature removed, but currently the debian build fails.
|
|
8364
|
+
|
|
8365
|
+#+BEGIN_SRC
|
|
8366
|
+apt-get install openjdk-7-jre openjdk-7-jdk lintian maven
|
|
8367
|
+adduser subsonic
|
|
8368
|
+mkdir ~/build
|
|
8369
|
+cd ~/build
|
|
8370
|
+git clone https://github.com/EugeneKay/subsonic.git
|
|
8371
|
+cd subsonic
|
|
8372
|
+git checkout release
|
|
8373
|
+mvn package
|
|
8374
|
+mvn -P full -pl subsonic-booter -am install
|
|
8375
|
+mvn -P full -pl subsonic-installer-debian/ -am install
|
|
8376
|
+dpkg -i ./subsonic-installer-debian/target/subsonic-*.deb
|
|
8377
|
+editor /etc/default/subsonic
|
|
8378
|
+#+END_SRC
|
|
8379
|
+
|
|
8380
|
+Settings should look like the following:
|
|
8381
|
+
|
|
8382
|
+#+BEGIN_SRC: bash
|
|
8383
|
+SUBSONIC_ARGS="--port=4040 --max-memory=100"
|
|
8384
|
+SUBSONIC_USER=subsonic
|
|
8385
|
+#+END_SRC
|
|
8386
|
+
|
|
8387
|
+Save and exit.
|
|
8388
|
+
|
|
8389
|
+#+BEGIN_SRC: bash
|
|
8390
|
+chown -R subsonic:subsonic /var/subsonic
|
|
8391
|
+service subsonic restart
|
|
8392
|
+#+END_SRC
|
|
8393
|
+
|
|
8394
|
+Edit your Apache configuration.
|
|
8395
|
+
|
|
8396
|
+#+BEGIN_SRC: bash
|
|
8397
|
+export HOSTNAME=mydomainname.com
|
|
8398
|
+editor /etc/apache2/sites-available/$HOSTNAME
|
|
8399
|
+#+END_SRC
|
|
8400
|
+
|
|
8401
|
+Add the following, replacing /mysubsonicdomainname.com/ with your subsonic domain name and /myusername@mydomainname.com/ with your email address.
|
|
8402
|
+
|
|
8403
|
+#+BEGIN_SRC: bash
|
|
8404
|
+<VirtualHost *:80>
|
|
8405
|
+ ServerAdmin myusername@mydomainname.com
|
|
8406
|
+ ServerName mysubsonicdomainname.com
|
|
8407
|
+
|
|
8408
|
+ ProxyRequests Off
|
|
8409
|
+ ProxyPreserveHost Off
|
|
8410
|
+
|
|
8411
|
+ <Location />
|
|
8412
|
+ ProxyPass http://localhost:4040/
|
|
8413
|
+ ProxyPassReverse http://localhost:4040/
|
|
8414
|
+ </Location>
|
|
8415
|
+
|
|
8416
|
+ RewriteEngine on
|
|
8417
|
+ RewriteOptions inherit
|
|
8418
|
+
|
|
8419
|
+ ErrorLog ${APACHE_LOG_DIR}/paste_error.log
|
|
8420
|
+
|
|
8421
|
+ # Possible values include: debug, info, notice, warn, error, crit,
|
|
8422
|
+ # alert, emerg.
|
|
8423
|
+ LogLevel error
|
|
8424
|
+
|
|
8425
|
+ CustomLog ${APACHE_LOG_DIR}/paste.log combined
|
|
8426
|
+</VirtualHost>
|
|
8427
|
+
|
|
8428
|
+
|
|
8429
|
+<IfModule mod_ssl.c>
|
|
8430
|
+<VirtualHost *:443>
|
|
8431
|
+ ServerAdmin myusername@mydomainname.com
|
|
8432
|
+ ServerName mysubsonicdomainname.com
|
|
8433
|
+
|
|
8434
|
+ ProxyRequests Off
|
|
8435
|
+ ProxyPreserveHost Off
|
|
8436
|
+
|
|
8437
|
+ <Location />
|
|
8438
|
+ ProxyPass http://localhost:4040/
|
|
8439
|
+ ProxyPassReverse http://localhost:4040/
|
|
8440
|
+ </Location>
|
|
8441
|
+
|
|
8442
|
+ RewriteEngine on
|
|
8443
|
+ RewriteOptions inherit
|
|
8444
|
+
|
|
8445
|
+ DocumentRoot /var/www/mysubsonicdomainname.com/htdocs
|
|
8446
|
+ <Directory />
|
|
8447
|
+ Options FollowSymLinks
|
|
8448
|
+ AllowOverride All
|
|
8449
|
+ </Directory>
|
|
8450
|
+ <Directory /var/www/mysubsonicdomainname.com/htdocs/>
|
|
8451
|
+ Options All
|
|
8452
|
+ AllowOverride All
|
|
8453
|
+ Order allow,deny
|
|
8454
|
+ allow from all
|
|
8455
|
+ LimitRequestBody 5120000
|
|
8456
|
+ </Directory>
|
|
8457
|
+
|
|
8458
|
+ # Don't serve .php~ or .php# files created by emacs
|
|
8459
|
+ <Files ~ "(^#.*#|~|\.sw[op])$">
|
|
8460
|
+ Order allow,deny
|
|
8461
|
+ Deny from all
|
|
8462
|
+ </Files>
|
|
8463
|
+
|
|
8464
|
+ <IfModule headers_module>
|
|
8465
|
+ Header set X-Content-Type-Options nosniff
|
|
8466
|
+ Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate, private"
|
|
8467
|
+ Header set Pragma no-cache
|
|
8468
|
+ </IfModule>
|
|
8469
|
+
|
|
8470
|
+ <Files .htaccess>
|
|
8471
|
+ deny from all
|
|
8472
|
+ </Files>
|
|
8473
|
+
|
|
8474
|
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
|
8475
|
+ <Directory "/usr/lib/cgi-bin">
|
|
8476
|
+ AllowOverride All
|
|
8477
|
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
8478
|
+ Order allow,deny
|
|
8479
|
+ Allow from all
|
|
8480
|
+ LimitRequestBody 512000
|
|
8481
|
+ </Directory>
|
|
8482
|
+
|
|
8483
|
+ ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
8484
|
+
|
|
8485
|
+ # Possible values include: debug, info, notice, warn, error, crit,
|
|
8486
|
+ # alert, emerg.
|
|
8487
|
+ LogLevel error
|
|
8488
|
+
|
|
8489
|
+ CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
|
|
8490
|
+
|
|
8491
|
+ # SSL Engine Switch:
|
|
8492
|
+ # Enable/Disable SSL for this virtual host.
|
|
8493
|
+ SSLEngine on
|
|
8494
|
+
|
|
8495
|
+ SSLCertificateFile /etc/ssl/certs/mysubsonicdomainname.com.crt
|
|
8496
|
+ SSLCertificateKeyFile /etc/ssl/private/mysubsonicdomainname.com.key
|
|
8497
|
+
|
|
8498
|
+ # Options based on bettercrypto.org
|
|
8499
|
+ SSLProtocol All -SSLv2 -SSLv3
|
|
8500
|
+ SSLHonorCipherOrder On
|
|
8501
|
+ SSLCompression off
|
|
8502
|
+ SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
|
|
8503
|
+
|
|
8504
|
+ # Add six earth month HSTS header for all users ...
|
|
8505
|
+ Header add Strict-Transport-Security "max-age=15768000"
|
|
8506
|
+ # If you want to protect all subdomains , use the following header
|
|
8507
|
+ # ALL subdomains HAVE TO support https if you use this !
|
|
8508
|
+ # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
|
|
8509
|
+
|
|
8510
|
+ # SSL Engine Options:
|
|
8511
|
+ # Set various options for the SSL engine.
|
|
8512
|
+ # o FakeBasicAuth:
|
|
8513
|
+ # Translate the client X.509 into a Basic Authorisation. This means that
|
|
8514
|
+ # the standard Auth/DBMAuth methods can be used for access control. The
|
|
8515
|
+ # user name is the `one line' version of the client's X.509 certificate.
|
|
8516
|
+ # Note that no password is obtained from the user. Every entry in the user
|
|
8517
|
+ # file needs this password: `xxj31ZMTZzkVA'.
|
|
8518
|
+ # o ExportCertData:
|
|
8519
|
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
|
|
8520
|
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
|
|
8521
|
+ # server (always existing) and the client (only existing when client
|
|
8522
|
+ # authentication is used). This can be used to import the certificates
|
|
8523
|
+ # into CGI scripts.
|
|
8524
|
+ # o StdEnvVars:
|
|
8525
|
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
|
|
8526
|
+ # Per default this exportation is switched off for performance reasons,
|
|
8527
|
+ # because the extraction step is an expensive operation and is usually
|
|
8528
|
+ # useless for serving static content. So one usually enables the
|
|
8529
|
+ # exportation for CGI and SSI requests only.
|
|
8530
|
+ # o StrictRequire:
|
|
8531
|
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
|
|
8532
|
+ # under a "Satisfy any" situation, i.e. when it applies access is denied
|
|
8533
|
+ # and no other module can change it.
|
|
8534
|
+ # o OptRenegotiate:
|
|
8535
|
+ # This enables optimized SSL connection renegotiation handling when SSL
|
|
8536
|
+ # directives are used in per-directory context.
|
|
8537
|
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
|
|
8538
|
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
8539
|
+ SSLOptions +StdEnvVars
|
|
8540
|
+ </FilesMatch>
|
|
8541
|
+ <Directory /usr/lib/cgi-bin>
|
|
8542
|
+ SSLOptions +StdEnvVars
|
|
8543
|
+ </Directory>
|
|
8544
|
+
|
|
8545
|
+ # SSL Protocol Adjustments:
|
|
8546
|
+ # The safe and default but still SSL/TLS standard compliant shutdown
|
|
8547
|
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
|
|
8548
|
+ # the close notify alert from client. When you need a different shutdown
|
|
8549
|
+ # approach you can use one of the following variables:
|
|
8550
|
+ # o ssl-unclean-shutdown:
|
|
8551
|
+ # This forces an unclean shutdown when the connection is closed, i.e. no
|
|
8552
|
+ # SSL close notify alert is send or allowed to received. This violates
|
|
8553
|
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
|
|
8554
|
+ # this when you receive I/O errors because of the standard approach where
|
|
8555
|
+ # mod_ssl sends the close notify alert.
|
|
8556
|
+ # o ssl-accurate-shutdown:
|
|
8557
|
+ # This forces an accurate shutdown when the connection is closed, i.e. a
|
|
8558
|
+ # SSL close notify alert is send and mod_ssl waits for the close notify
|
|
8559
|
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
|
|
8560
|
+ # practice often causes hanging connections with brain-dead browsers. Use
|
|
8561
|
+ # this only for browsers where you know that their SSL implementation
|
|
8562
|
+ # works correctly.
|
|
8563
|
+ # Notice: Most problems of broken clients are also related to the HTTP
|
|
8564
|
+ # keep-alive facility, so you usually additionally want to disable
|
|
8565
|
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
|
|
8566
|
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
|
|
8567
|
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
|
|
8568
|
+ # "force-response-1.0" for this.
|
|
8569
|
+ BrowserMatch "MSIE [2-6]" \
|
|
8570
|
+ nokeepalive ssl-unclean-shutdown \
|
|
8571
|
+ downgrade-1.0 force-response-1.0
|
|
8572
|
+ # MSIE 7 and newer should be able to use keepalive
|
|
8573
|
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
8574
|
+
|
|
8575
|
+</VirtualHost>
|
|
8576
|
+</IfModule>
|
|
8577
|
+#+END_SRC
|
|
8578
|
+
|
|
8579
|
+Save and exit.
|
|
8580
|
+
|
|
8581
|
+#+BEGIN_SRC: bash
|
|
8582
|
+makecert mysubsonicdomainname.com
|
|
8583
|
+a2ensite mysubsonicdomainname.com
|
|
8584
|
+service apache2 restart
|
|
8585
|
+#+END_SRC
|
|
8586
|
+
|
8361
|
8587
|
* Related projects
|
8362
|
8588
|
|
8363
|
8589
|
* [[https://freedomboxfoundation.org/][Freedombox]]
|