57 lines
1.7 KiB
Markdown
57 lines
1.7 KiB
Markdown
+++
|
|
title = "Subsonic and licensing"
|
|
date = "2015-07-26"
|
|
tags = ["security", "music"]
|
|
+++
|
|
|
|
#### Subsonic
|
|
|
|
[Subsonic](http://subsonic.org) is a reasonably neat "personal cloud" sort of
|
|
thing for playing music. In many ways, it replicates the [Owncloud](http://owncloud.org)
|
|
Music application. I'm a fan of that too, but switched to Subsonic once it became
|
|
clear that upgrading OC would always be a trial. Unfortunately, although Subsonic
|
|
is open-source, it includes a bunch of money-making "premium" stuff backed by a
|
|
licensing scheme. This includes nagware, etc.
|
|
|
|
With an open-source project, you can just fork it and release a version with all
|
|
that crap removed, of course, and that's precisely what
|
|
[@EugeneKay has done](https://github.com/EugeneKay/subsonic/commit/a08c8a80da07ddfe8d34dada439cc3480ddce725).
|
|
|
|
#### Do not trust HTTP or DNS
|
|
|
|
As the patch notes, the licensing scheme is fairly hilariously simple: the
|
|
license "key" is just the md5sum of the email address; a remote HTTP server
|
|
is looked up over DNS and queried to see if that license is on a central DB and,
|
|
if it is, whether it has expired.
|
|
|
|
So in /etc/hosts:
|
|
|
|
127.0.0.1 subsonic.org
|
|
|
|
|
|
In /etc/nginx/sites-enabled/subsonic.org.conf:
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name subsonic.org;
|
|
|
|
location /backend/validateLicense.view {
|
|
return 200 "true\n2068585481000\n";
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://66.49.215.227;
|
|
}
|
|
}
|
|
|
|
(I've not actually tested the proxy_pass but I imagine it'll work).
|
|
|
|
Then in the Subsonic licensing box:
|
|
|
|
Email: foo@example.com
|
|
Key: b48def645758b95537d4424c84d1a9ff
|
|
|
|
So, no need to maintain a separate fork after all. Beautiful.
|
|
|