{"id":190,"date":"2015-05-10T22:16:10","date_gmt":"2015-05-11T04:16:10","guid":{"rendered":"https:\/\/www.guammie.com\/donovan\/?p=190"},"modified":"2015-05-10T22:16:11","modified_gmt":"2015-05-11T04:16:11","slug":"subsonic-on-freenas","status":"publish","type":"post","link":"https:\/\/www.guammie.com\/donovan\/2015\/05\/10\/subsonic-on-freenas\/","title":{"rendered":"Subsonic on FreeNAS"},"content":{"rendered":"<p>I posted this on the freenas forums..<\/p>\n<p>Here&#8217;s a short write-up on how I got SSL going with LDAPS against AD for authentication. I used the plugin and am working out of \/ in the jail.   <br \/>keytool is located at \/usr\/pbi\/subsonic-amd64\/bin    <br \/>1) Create a cnf file to be used for generating the csr.<\/p>\n<blockquote>\n<p>[ req ]     <br \/>default_bits = 2048      <br \/>distinguished_name = req_distinguished_name      <br \/>req_extensions = v3_req      <br \/>x509_extensions = v3_req      <br \/>[ req_distinguished_name ]      <br \/>countryName = Country Name (2 letter code)      <br \/>countryName_default = US      <br \/>countryName_min = 2      <br \/>countryName_max = 2      <br \/>stateOrProvinceName = State or Province Name (full name)      <br \/>stateOrProvinceName_default = Texas      <br \/>localityName = Locality Name (eg, city)      <br \/>localityName_default = San Antonio      <br \/>0.organizationName = Organization Name (eg, company)      <br \/>0.organizationName_default = Company      <br \/>organizationalUnitName = Organizational Unit Name (eg, section)      <br \/>organizationalUnitName_default = Department      <br \/>commonName = Common Name (hostname)      <br \/>commonName_default = subsonic      <br \/>commonName_max = 64      <br \/>emailAddress = Email Address      <br \/>emailAddress_default = <a href=\"mailto:email@domain.com\">email@domain.com<\/a>      <br \/>emailAddress_max = 64      <br \/>[ v3_req ]      <br \/>basicConstraints = CA:FALSE      <br \/>keyUsage = nonRepudiation, digitalSignature, keyEncipherment      <br \/>subjectAltName=@alt_names      <br \/>[alt_names]      <br \/>DNS.1 = subsonic      <br \/>DNS.2 = subsonic.domain.com      <br \/>IP.1 = 192.168.0.1<\/p>\n<\/blockquote>\n<p>2) Generate the csr and private key<\/p>\n<blockquote>\n<p>openssl req -new -sha256 -out subsonic.csr -config subsonic.cnf -newkey rsa:2048 -nodes -keyout subsonic.key<\/p>\n<\/blockquote>\n<p>3) Submit the CSR to your CA. I used a Windows CA and received the subsonic.cer certificate.   <br \/>4) Generate a PKCS12 file to be used for the Web SSL Java Keystore. I could not get this working using the sytem keystore, so this one is just for https.<\/p>\n<blockquote>\n<p>openssl pkcs12 -export -out subsonic.pfx -inkey subsonic.key -in subsonic.cer -certfile CA-Certificate.cer<\/p>\n<\/blockquote>\n<p>5) Create the Java Keystore to be used for SSL access.<\/p>\n<blockquote>\n<p>.\/keytool -importkeystore -srckeystore subsonic.pfx -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias subsonic.domain.com<\/p>\n<\/blockquote>\n<p>6) Add your CA certificate to the system Java Keystore as well. This will be used for LDAPS authentication. The default password is &#8216;changeit&#8217; You should probably change that as well.<\/p>\n<blockquote>\n<p>.\/keytool -import -trustcacerts -alias CA-domain.com -file \/CA-Certificate.cer -keystore \/usr\/pbi\/subsonic-amd64\/openjdk7\/jre\/lib\/security\/cacerts<\/p>\n<\/blockquote>\n<p>7) Enable LDAP Authentcation under Settings\\Advanced<\/p>\n<blockquote>\n<p>LDAP URL: ldaps:\/\/server.domain.com:636\/dc=domain,dc=com     <br \/>LDAP search filter: (&amp;(sAMAccountName={0})(&amp;(objectCategory=user)(memberof=cn=subsonic,ou=groups,dc=domain,dc=com)))      <br \/>LDAP Manager: DOMAIN\\user (non privileged!)<\/p>\n<\/blockquote>\n<p>8) The default user cache is too high. Edit it in \/var\/db\/subsonic\/jetty\/4427\/webapp\/WEB-INF\/classes\/ehcache.xml<\/p>\n<blockquote>\n<p>&lt;cache name=&quot;userCache&quot;     <br \/>maxElementsInMemory=&quot;1000&quot;      <br \/>eternal=&quot;false&quot;      <br \/>timeToIdleSeconds=&quot;3600&quot;      <br \/>timeToLiveSeconds=&quot;3600&quot;      <br \/>overflowToDisk=&quot;false&quot;      <br \/>diskSpoolBufferSizeMB=&quot;1&quot;      <br \/>statistics=&quot;true&quot;\/&gt;<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>I posted this on the freenas forums.. Here&#8217;s a short write-up on how I got SSL going with LDAPS against AD for authentication. I used the plugin and am working out of \/ in the jail. keytool is located at \/usr\/pbi\/subsonic-amd64\/bin 1) Create a cnf file to be used for generating the csr. [ req [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[11],"tags":[],"class_list":["post-190","post","type-post","status-publish","format-standard","hentry","category-linux"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1tGEc-34","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/posts\/190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/comments?post=190"}],"version-history":[{"count":1,"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/posts\/190\/revisions"}],"predecessor-version":[{"id":191,"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/posts\/190\/revisions\/191"}],"wp:attachment":[{"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/media?parent=190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/categories?post=190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.guammie.com\/donovan\/wp-json\/wp\/v2\/tags?post=190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}