Booksonic and reverse proxy

[robflate]

I have Booksonic running in Docker. All services go through Traefik (reverse proxy) using the following Docker Compose;

version: '3'

services:

  booksonic:
    image: linuxserver/booksonic:latest
    container_name: booksonic
    hostname: booksonic
    ports:
      - "4040:4040"
    environment:
      - PUID
      - PGID
      - TZ
    volumes:
      - ${CONFIG}/booksonic:/config
      - ${DATA}/audiobooks:/books
      - ${DATA}/podcasts:/podcasts
    labels:
      traefik.enable: "true"
      traefik.port: "4040"
      traefik.frontend.rule: "Host:booksonic.${DOMAIN}"
      com.centurylinklabs.watchtower.enable: "true"
    restart: unless-stopped

I can access Booksonic on localhost:4040 but not through the reverse proxy using booksonic.domain.com. I get the normal basicauth username and password prompt from traefik but when I enter the correct details it just loops back and shows the username and password prompt again. I never actually get to the Booksonic interface where it asks for the Booksonic username and password.

I have about 20 other services all working through traefik without problems. I know this isn't strictly a Booksonic issue but I thought I'd ask anyway to see if anyone can offer any advice. Thanks.

[MrQuiX]

Also having this problem, anyone find a solution?

I am also using the linuxserver/booksonic docker build. I tried setting an environment variable: CONTEXT_PATH= but based on the subsonic documentation, I think this is for a mydomain.com/audiobooks setup whereas I am trying to do audiobooks.mydomain.com.

My docker-compose log for booksonic indicates the webserver can't respond to https traffic:

booksonic | 2018-06-07T07:12:25.896600024Z 2018-06-07 07:12:25.896:WARN:oejh.HttpParser:qtp931919113-15: bad HTTP parsed: 400 Illegal character 0x16 for HttpChannelOverHttp@6e8b5719{r=0,c=false,a=IDLE,uri=null}

[ruben-kinship]

anyone found a solution for this?

[mcrypt]

I'm having this problem as well.. Would appreciate a solution to this!

[ghost]

Hello I am facing an issue that seems very similar, where Subsonic works fine when accessed directly but not via a reverse proxy (I'm using Caddy). I found out what happens but not sure how to solve it:

• I call https://mydomain.com/booksonic
• Booksonic receives the request properly and sends back an HTTP 302 redirect with Location: http://mydomain.com/booksonic/ - notice the trailing / (as expected) AND the httP scheme. In my case, and for this flow it still goes through since I'm also serving Booksonic on plain http, but for other pages, such a redirection is blocked by the browser due to security policy (error logged in the browser console: loading mixed active content “http://mydomain.com/booksonic/musicFolderSettings.view”)

So the problem is really that Booksonic does not respect the original scheme when sending its HTTP redirections. This is usually achieved by honoring the X-Scheme header, but I tried adding this to my proxy settings to no avail.

I think this needs a code fix, I could not find a workaround at proxy level, except rewriting the downstream Location header to replace http with https, but in my case that's not an option since my proxy (Caddy) does not support this.

In any case, I firmly believe that such redirections should be relative and not absolute, to avoid such issues...

Here are some screenshots of the http flow:

Here's my proxy configuration (Caddy):

      proxy /booksonic http://booksonic {
        header_upstream    X-Forwarded-Ssl    on
        header_upstream    X-Scheme           {scheme}
        header_upstream    X-Forwarded-Proto  {scheme}
        transparent
        websocket
      }

[ghost]

Might be related to #17 as well as https://www.reddit.com/r/Booksonic/comments/66znm0/nginx_location_entry/

[halkeye]

So it looks like spring boot needs to be configured to allow those headers https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html https://stackoverflow.com/a/34273656

I don't know how to create an applications.properties. I assume it has to be added to the war file, and not something you can create runtime right?

[mvanderlee]

I spend way too much time on this. For Treafik, set the removeheader field to true: https://docs.traefik.io/v2.0/middlewares/basicauth/#removeheader

Otherwise it will forward the authentication, and if your proxy and booksonic users are different, booksonic will throw a 401.