RIP Subsonic, Hello Libresonic

Some while ago I posted a blog detailing how to install Subsonic on a Raspberry Pi 1. If you google for “subsonic raspberry pi” my blog shows up as a top search result (normally 3rd place, but even second is possible). In addition, each day I get more than one access from somewhere in the world to that blog. There is definitely interest in running Subsonic on a RP.

Subsonic now closed source

Since the last time some things have changed. I updated to a RP2 and Subsonic was updated up to 5.3. I won`t update to version 6 and beyond. The developer of Subsonic changed the license of 6.x and made it closed source. Not a big problem for you as an end user. You can still download and install Subsonic 6 as a binary without problems. The license change however makes it unclear what the future of Subsonic will be. Is it going to be premium only, forcing you to buy a license? Currently the premium features are of no interest to me. Although not having Ads in the UI would be nice. Either way, I do not want to change software (got used to it), and staying in 5.3 for the rest of my life isn`t an option too (yes, I DO update).

Moving to Libresonic

Good news: one person is offering his own fork of Subsonic since a while: Eugene E. Kashpureff Jr. Started originally to take away the license check feature of Subsonic, he started a new project based on Subsonic 5.3: Libresonic. Available on Github, the source code is freely available and continues to offer the functionality of Subsonic. Community already started to give feedback on this new software. The name is no surprise, considering LibreOffice, Libreelec and now Libresonic.

Installation

No surprises here. It`s the same procedure as with 5.x. Ensure you have the pre-requisites installed like maven, Java, Debian tools.

git clone https://github.com/Libresonic/libresonic.git
cd libresonic/
mvn package
mvn -P full -pl libresonic-booter -am install
mvn -P full -pl libresonic-installer-debian/ -am install
sudo dpkg -i ./libresonic-installer-debian/target/libresonic-*.deb

Configuration

The name of the project changed to Libresonic, and so did the location of the configuration files and executables. The conf file is now located at: /etc/default/libresonic. The name of the parameters changed too, while the values are the same. So copy over the values of the old Subsonic conf file.

LIBRESONIC_ARGS="--max-memory=150 --port=8080 --context-path=/libresonic"
LIBRESONIC_USER=libresonic

To start Libresonic, it`s now /etc/init.d/libresonic and the program files are at /var/libresonic. After you have done this, you can access Libresonic again via web interface.

Uninstall Subsonic

I upgraded to EugeneKay fork some time ago when it was still Subsonic without license check. Therefore, I installed it using dpkg. The package is still installed and it won`t work nicely together with Libresonic because of sharing the same configuration (port, etc.). To uninstall your officially downloaded Subsonic DEB file, just follow the same steps.

dpkg –l subsonic

To uninstall that package:

sudo dpkg –r subsonic

This removes the package, but leaves the config files (can be seen when running dpkg –l subsonic again):

To remove also the config files:

sudo dpkg –P subsonic

The directory /var/subsonic containing some files wasn`t removed, you`ll have to do this manually.

Set session timeout for SMP3 admin console

SMP3 runs on Tomcat, and therefore inherits its basic configuration from Tomcat. One of these is the session timeout parameter. By default, timeout is set to 20 minutes. Depending on your requirements this can be too short or too long. Changing the value is easy as you only have to change one parameter in one file and restart SMP3 to make the change take effect. The procedure is outlined at SAP Help.

The file to be changed is the Tomcat configuration file that can be found at: <SMP_HOME>\Server\config_master\org.eclipse.gemini.web.tomcat\web.xml.

The parameter to change is: session-timeout.

To increase the timeout to 1 hour, change it to 60.

Restart SMP3 to benefit from your change.

Enable TLS in SMP3

SSL is out, TLS is the new kid in town (although already pretty old) and to keep security high on your SMP3 server, a question remains: how to enable TLS on SMP3? Easy: it is already configured!

By default, SMP3 comes with TLS enabled. The trick is to configure it how you want it to be. For once, there are the ciphers (not part of this blog) and the protocol. The protocol defines if a browser can use TLS v1, v1.1 or v1.2. The configuration is done on the server side, in the default-server.xml file located at:

/<SMP3 installation directory>/Server/config_master/org.eclipse.gemini.web.tomcat/default-server.xml

As SMP3 is using Tomcat as its web server, the usual Tomcat configuration parameters apply. To have a HTTPS connection on port 8081, the XML looks like this:

<Connector SSLEnabled=”true” ciphers=”TLS_RSA_WITH_AES_128_CBC_SHA” clientAuth=”false” keyAlias=”smp3″ maxThreads=”200″ port=”8081″ protocol=”com.sap.mobile.platform.coyote.http11.SapHttp11Protocol” scheme=”https” secure=”true” smpConnectorName=”oneWaySSL” sslEnabledProtocols=”TLSv1″ sslProtocol=”TLS”/>

Parameters

  • Port: defines the port Tomcat will listen on. Here it is 8081
  • sslEnabledProtocols: “The comma separated list of SSL protocols to support for HTTPS connections. If specified, only the protocols that are listed and supported by the SSL implementation will be enabled.” [1]
  • sslProtocol: “The SSL protocol(s) to use (a single value may enable multiple protocols – see the JVM documentation for details). If not specified, the default is TLS” [1]

Connecting to the port results in a TLSv1 connection:

The parameters that define which protocol can be used are sslEnabledProtocols and sslProtocol. Now, which one does what? I found [2] and [3] explaining this:

  1. setProtocol=”TLS” will enable SSLv3 and TLSv1
  2. setProtocol=”TLSv1.2″ will enable SSLv3, TLSv1, TLSv1.1 and TLS v1.2
  3. setProtocol=”TLSv1.1″ will enable SSLv3, TLSv1, and TLSv1.1
  4. setProtocol=”TLSv1″ will enable SSLv3 and TLSv1

In the above example, sslProtocol = TLS, therefore TLSv1 and SSLv3 is available. To limit the connection to TLSv1, sslEnabledProtocol must be set to TLSv1. To have a connection that allows for TLSv1, TLSv1.1 and TLSv1.2 (and let the browser decide which one to use), set sslEnabledProtocols to TLSv1,TLSv1.1,TLSv1.2.

Example

<Connector SSLEnabled=”true” ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA” clientAuth=”false” keyAlias=”tobias” maxThreads=”200″ port=”8081″ protocol=”com.sap.mobile.platform.coyote.http11.SapHttp11Protocol” scheme=”https” secure=”true” smpConnectorName=”oneWaySSL” sslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″ sslProtocol=”TLS”/>

If I now connect on port 8081, my browser should use the highest protocol available.

[1] https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

[2] http://mail-archives.apache.org/mod_mbox/tomcat-users/201303.mbox/%3C13A085B2E018374C813676301AED0EE412D87457C3@BLR0EXC00.us.sonicwall.com%3E

[3] http://wiki.apache.org/tomcat/Security/POODLE