[Icecast-dev] exposed-port option for Icecast behind reverse proxy

"Thomas B. Rücker" thomas at ruecker.fi
Sat Mar 21 22:59:21 PDT 2015


On 03/22/2015 03:10 AM, Damien Garrido wrote:
> Hello,
> I didn't want to have to choose between Icecast running on port 80 and
> all my Apache virtual hosts, running also on port 80, on my sole
> external IP address.
> I didn't want either to open port 8000 on my firewall because I wanted
> all users being able to reach Icecast even the ones behind enterprise
> firewalls.
> So I managed to run Apache 2.2 listening on port 80 and Icecast 2.3.2
> listening on port 8000 on the same host.

I hope you're experienced with reverse proxies and the implications. We
generally don't recommend this as users tend to underestimate the impact
and also the Icecast code base is not prepared for being behind a
reverse proxy. In addition to what you see, e.g. your access.log and
some of the admin pages will be rather useless, listing ::1 or
as the origin address of all connections.

We are considering how to make Icecast more suitable for reverse proxy
setups. So your input is certainly welcome.

> I added a new virtual host radio.domain.com
> <http://radio.domain.com/> (listening on port 80) which is routing the
> Icecast traffic to/from the local Icecast server (listening on port 8000):
> |<VirtualHost *:80>
>     ServerName radio.domain.com <http://radio.domain.com/>
>     ServerAdmin hostmaster at domain.com <mailto:hostmaster at domain.com>
>     ProxyPreserveHost On
>     ProxyPass / http://localhost:8000/
>     ProxyPassReverse / http://localhost:8000/
> </VirtualHost>
> |
> I was then able to connect audio clients like VLC/Winamp to Icecast
> mount points using addresses like |http://radio.domain.com/my_stream|.
> However, when connecting to the Icecast virtual
> host |http://radio.domain.com/| web page, the m3u and the xspf files
> where still exposing the
> URL |http://radio.domain.com:8000/my_stream| with that annoying port
> 8000. Then people downloading those files weren't able to connect to
> the Icecast server because they were trying to connect on the wrong
> port. The same was occuring with the YP updates ondir.xiph.org
> <http://dir.xiph.org/>.
> I then downloaded the Icecast 2.3.2 source code, and modified it to
> add a new option:
> |<exposed-port>80</exposed-port>|

The latest Icecast stable version is 2.4.1, we strongly recommend using
that due to previous security issues and tons of bugfixes.
Development patches are preferably against git head. Details how to
check out can be found here:

> If this option is present in the Icecast configuration file, then
> m3u/xspf files as well as YP updates will use that port number.
> The below patch is for Icecast version 2.3.2:

<snip value="removed HTML 'patch'">

Please send patches as attachments, HTML mails tend to malform them.
Also preferably use plain text emails on mailing lists.



More information about the Icecast-dev mailing list