diff --git a/beaglebone.txt b/beaglebone.txt
index 21c473cc..5da52236 100644
--- a/beaglebone.txt
+++ b/beaglebone.txt
@@ -7190,15 +7190,9 @@ editor /etc/nginx/sites-available/$HOSTNAME
Delete all existing contents then add the following:
#+BEGIN_SRC: bash
-upstream subsonicbackend {
- server 127.0.0.1:4040 max_fails=3 fail_timeout=30s;
- server 127.0.0.1:4040 max_fails=3 fail_timeout=60s;
- server 127.0.0.1:4040 max_fails=3 fail_timeout=90s;
-}
-
server {
listen 80;
- server_name mysubsonicdomainname.com;
+ server_name tunes.us.to;
rewrite ^ https://$server_name$request_uri? permanent;
}
@@ -7209,8 +7203,8 @@ map $http_upgrade $connection_upgrade {
server {
listen 443 ssl;
- server_name mysubsonicdomainname.com;
- index index.php;
+ server_name tunes.us.to;
+ index index.html index.htm;
error_log /var/www/mysubsonicdomainname.com/error.log debug;
@@ -7222,84 +7216,19 @@ server {
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
- add_header Strict-Transport-Security "max-age=0;";
- # Only uncomment one of the Strict-Transport-Security entries if you are
- # not using a self-signed certificate
- # add_header Strict-Transport-Security max-age=15768000; # six months
- # use this only if all subdomains support HTTPS!
- # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
+ #add_header Strict-Transport-Security max-age=0; # six months
- client_max_body_size 6m;
+ client_max_body_size 20M;
keepalive_timeout 75 75;
gzip_vary off;
location / {
- proxy_pass https://subsonicbackend;
- proxy_http_version 1.1;
- proxy_redirect off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_buffers 16 32k;
- }
-}
-
-
-
-
-server {
- listen 443 ssl;
- server_name mysubsonicdomainname.com;
- charset utf-8;
-
- root /var/www/mysubsonicdomainname.com/htdocs;
- index index.php;
-
- if ( !-d $request_filename ) {
- rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
- }
-
- if ( !-d $request_filename ) {
- rewrite ^/plex/(.*)$ /plex/index.php?action=$1 last;
- }
-
- location /rest {
- limit_except GET POST {
- deny all;
- }
- }
-
- location /plex {
- limit_except GET POST {
- deny all;
- }
- }
-
- location ^~ /bin/ {
- deny all;
- return 403;
- }
-
- location ^~ /config/ {
- deny all;
- return 403;
- }
-
- location / {
- limit_except GET POST HEAD{
- deny all;
- }
- }
-
- location ~ ^(.+\.php)(.*)$ {
- try_files $fastcgi_script_name =404;
- fastcgi_split_path_info ^(.+\.php)(.*)$;
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- include /etc/nginx/fastcgi_params;
+ proxy_pass http://localhost:4040/;
+ proxy_redirect http:// https://;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#+END_SRC
@@ -7307,193 +7236,12 @@ server {
Save and exit.
#+BEGIN_SRC: bash
+export HOSTNAME=mysubsonicdomainname.com
sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
/etc/init.d/nginx reload
#+END_SRC
-
-
-
-
-
-
-
-
-
-
-
-
-#+BEGIN_SRC: bash
-export HOSTNAME=mysubsonicdomainname.com
-editor /etc/apache2/sites-available/$HOSTNAME
-#+END_SRC
-
-Add the following, replacing /mysubsonicdomainname.com/ with your subsonic domain name and /myusername@mydomainname.com/ with your email address.
-
-#+BEGIN_SRC: bash
-
- ServerName mysubsonicdomainname.com
- Redirect permanent / https://mysubsonicdomainname.com/
-
-
-
-
- ServerAdmin myusername@mydomainname.com
- ServerName mysubsonicdomainname.com
-
- ProxyRequests Off
- ProxyPreserveHost Off
-
-
- ProxyPass http://localhost:4040/
- ProxyPassReverse http://localhost:4040/
-
-
- RewriteEngine on
- RewriteOptions inherit
-
- DocumentRoot /var/www/mysubsonicdomainname.com/htdocs
-
- Options FollowSymLinks
- AllowOverride All
-
-
- Options All
- AllowOverride All
- Order allow,deny
- allow from all
- LimitRequestBody 5120000
-
-
- # Don't serve .php~ or .php# files created by emacs
-
- Order allow,deny
- Deny from all
-
-
-
- Header set X-Content-Type-Options nosniff
- Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate, private"
- Header set Pragma no-cache
-
-
-
- deny from all
-
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride All
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- LimitRequestBody 512000
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel error
-
- CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
-
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
-
- SSLCertificateFile /etc/ssl/certs/mysubsonicdomainname.com.crt
- SSLCertificateKeyFile /etc/ssl/private/mysubsonicdomainname.com.key
-
- # Options based on bettercrypto.org
- SSLProtocol All -SSLv2 -SSLv3
- SSLHonorCipherOrder On
- SSLCompression off
- SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
-
- # Add six earth month HSTS header for all users ...
- Header add Strict-Transport-Security "max-age=15768000"
- # If you want to protect all subdomains , use the following header
- # ALL subdomains HAVE TO support https if you use this !
- # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
-
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o StrictRequire:
- # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
- # under a "Satisfy any" situation, i.e. when it applies access is denied
- # and no other module can change it.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-
- SSLOptions +StdEnvVars
-
-
- SSLOptions +StdEnvVars
-
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
-
-
-#+END_SRC
-
-Save and exit.
-
-#+BEGIN_SRC: bash
-makecert mysubsonicdomainname.com
-a2ensite mysubsonicdomainname.com
-service apache2 restart
-#+END_SRC
*** Configuration
Open a browser and go to your subsonic domain name. Log in with username /admin/ and password /admin/, then change your administrator password.