[Icecast] After I enabled SSL, stream mountpoints broke

"Thomas B. Rücker" thomas at ruecker.fi
Sat Apr 4 05:50:59 UTC 2015 

On 04/04/2015 02:42 AM, Nathan Miller wrote:
> Philipp,
>
> Thank you for your quick response.  I can't believe that I didn't
> think of that...I guess I just assumed that it would use SSL.  I'm
> using Liquidsoap as my source client.  Once you brought that up I
> started researching whether there was a way to force Liquidsoap to use
> SSL and from what I found it doesn't look like there is an
> option...but please correct me if you or anyone else who reads this
> knows differently.
>
> After I had a good idea of what was happening I found this other
> thread http://lists.xiph.org/pipermail/icecast/2015-January/013118.html that
> talks about exactly what I'm trying to do using Liquidsoap.  I
> followed it and I'm good now running on two ports...one SSL and one
> not from connecting to Liquidsoap.
>
> Thanks again for your hint :) and please let me know if you've seen
> other ways to tackle this with Liquidsoap than what I setup.

If you read the remainder of that thread you pointed to, you'll find
some hints.
The main thing being to "ssl enable" the source connections by using
Stunnel on the originating machine. This random picture from "the
interwebz" explains it pretty well:
http://www.ximera.de/bilder/stunnel2.png
In place of "Hamster" you'd have your source client.

I expect the TLS support situation to improve with source clients, as we
are soon going to release a TLS enabled version of libshout. The library
many clients use to talk to Icecast servers.

In case one has only local connections from source clients, then just
binding a plain http port to ::1 or 127.0.0.1 is safe too.

Cheers

Thomas



> On Fri, Apr 3, 2015 at 3:41 PM, Philipp Schafft <lion at lion.leolix.org
> <mailto:lion at lion.leolix.org>> wrote:
>
>     Good evening,
>
>     On Fri, 2015-04-03 at 14:02 -0700, Nathan Miller wrote:
>     > I'm running Icecast package 2.4.1 on Ubuntu 14.04
>     > from
>     ttp://download.opensuse.org/repositories/home:/dm8tbr/xUbuntu_14.04 <http://download.opensuse.org/repositories/home:/dm8tbr/xUbuntu_14.04>.
>     >
>     >
>     > I've been running on this server for about 6 months now without any
>     > issue and all my streams run great.  This icecast server is
>     running on
>     > the same host that my wordpress site is running on.  This is all
>     on my
>     > own private server, not a hosting service.
>     >
>     >
>     > Recently I decided to switch everything to SSL and all went well
>     with
>     > the exception of the icecast server.  The SSL portion of the icecast
>     > server is actually working just fine and the SSL certificate is
>     > loading on the admin page on all modern browsers without any
>     issue or
>     > error.  I can see the full admin page and navigate it without issue.
>     > The problem is as soon as I add this line to the <paths> section, as
>     > required to load the PEM certificate, my mountpoint streams stopped
>     > loading:
>     >
>     >
>     >
>     <ssl-certificate>/usr/share/icecast2/ssl/mysslcertname.pem</ssl-certificate>
>     >
>     >
>     >
>     > Then my icecast error log fills with this whenever anyone
>     attempts to
>     > hit any of the stream mountpoints that failed to load:
>     >
>     >
>     > [2015-04-02  18:17:59] INFO fserve/fserve_client_create checking for
>     > file /stream1 (/usr/share/icecast2/web/stream1)
>     > [2015-04-02  18:17:59] WARN fserve/fserve_client_create req for file
>     > "/usr/share/icecast2/web/stream1" No such file or directory
>     > [2015-04-03  01:52:43] INFO fserve/fserve_client_create checking for
>     > file /stream2 (/usr/share/icecast2/web/stream2)
>     > [2015-04-03  01:52:43] WARN fserve/fserve_client_create req for file
>     > "/usr/share/icecast2/web/stream2" No such file or directory
>
>     Those messages tell that there is no mount nor a file in web/. I
>     suspect
>     that the stream is not mounted (= the source is not connected).
>
>
>     > There is nothing in the error logs after I've added this line to the
>     > <paths> and restarted icecast so I'm not sure what is breaking
>     but I'm
>     > guessing from the errors whenever someone tries to hit the
>     mountpoint
>     > that the file that was supposed to be created never is.  Not
>     sure why
>     > adding to the path would cause this issue, but as soon as I
>     remove it
>     > all returns to a working order with stream mountpoints loading and
>     > working perfectly...though now SSL is broken again :(
>
>     Which source client do you use? If you switch the port to TLS that is
>     used by the source client to connect you also need to set the source
>     client to TLS mode.
>
>
>     > Hopefully someone can provide some guidance here!  Thanks!
>
>     Please come back with the answers. I'm sure this isn't impossible.
>
>     Have a good night!
>
>     --
>     Philipp.
>      (Rah of PH2)
>
>     _______________________________________________
>     Icecast mailing list
>     Icecast at xiph.org <mailto:Icecast at xiph.org>
>     http://lists.xiph.org/mailman/listinfo/icecast
>
>
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast

More information about the Icecast mailing list