Subsonic with Caddy
Ok, now that there is Let's Encrypt, I thought that I shouldn’t have to do this certificate hackery all the time when Subsonic updates or the StartSSL certificate expires.
Caddyserver is the first Webserver/Proxy that I found that has most of the process automated and build in, so I’m using this. Getting started with this was pretty straightforward: Download, expand, create a config file and before you start up, make sure that Caddy can run on port 80 without requiring to be root:
sudo setcap cap_net_bind_service=+ep ./caddy
My Caddyfile eventually ended up looking like this:
server.mydomain.de { proxy / localhost:4040 { proxy_header Host server.mydomain.de proxy_header Scheme https }
Well, it turned out to not be quite as easy. First I also had to make Subsonic stop hogging port 443. Those settings are found in /etc/default/subsonic. And while you’re at it, also edit out any certificates you may have added earlier in /usr/bin/subsonic. Oh, and make sure to note down which port non-https Subsonic runs, hopefully not 80, because Caddy needs that! I may have chosen 4040.
Restart Subsonic and make sure that you can reach it on the correct ports.
As stated, Caddy also needs to run on Port 80 for a brief moment. This is so it can do the certificate domain validation process. So edit your /etc/apache2/ports.conf to make sure not to block anything.
Restart apache2.
Now, to find out if everything works, start Caddy. If all is good, you’ll see a glorious all-ok message and can now access the server via https with a valid certificate.
But as you’ve undoubtedly noticed, Caddy isn’t running as a service yet. Thankfully Ubuntu has Upstart. So, add in a new file /etc/init/caddyservice.conf (thank you Mathias):
description "Caddy Server startup script" author "Mathias Beke"
start on runlevel [2345] stop on runlevel [016]
setuid runasme setgid runasme
respawn respawn limit 10 5
script cd /home/runasme/ exec ./caddy
At this point I want to take a short moment to mention that whoever thinks that the Upstart Cookbook is an easy entry-level document is clearly out of their mind. Seriously, this „Cookbook“ has a whole chapter named „Critique of the System V init System“!
But I digress. If you don’t make the same mistake as me and confuse init with init.d, then you’re golden and now have a Caddy running as a service, forwarding requests to your Subsonic installation.
The only issue I haven’t been able to solve is that Subsonic has some stupid static URL linking going on so I have to open the settings in a new tab. But I can live with that.