[Icecast] running an icecast server
David Saunders
abitar.com at gmail.com
Sun Jan 17 16:24:19 UTC 2016
oops, I hit the return and it got sent.
All those questions depends on the application you setting up. if your
worried about security, isolate the icecast server from your network.
We designed a user interface on the company web site fronts the stream
servers. The customers get a simple URL for the stream. We use several
stream servers some on site and some off, our web server setup to server up
a play list or a message when the http client goes to stream.company/mount.
When you go to the company site www.comapny/mount you get information about
the stream, and archive.company/mount will bring up archives :)
since we run multiple IPs with multiple servers and multiple connections
to the internet we can spread the load around. We aculy have not done any
customization of the icecast servers they are set up on the default ports.
only thing we have seen over the years with icecast is a attempt to DOS the
mount point. We would get 1000s/sec of connection with no streaming, I
wrote a condition in the security monitor that will block the ip and place
it in the blacklist of icecast. And we have a short spike of connections
now then they get blocked off. And since I keep the black list updated I
remove any connections from that IP from then stream use report.
What you can disable or enable on the UI I never got into, Never needed to.
Just use strong passwords. Make separate passwords for all sources. And
only use the master password for testing or emergency use.
On Sun, Jan 17, 2016 at 9:36 AM, David Saunders <abitar.com at gmail.com>
wrote:
> Hey.
>
> They are big questions, I no expert with exploits of icecast so I
> will give you what I have gain from experiences.
>
>
>
> On Sun, Jan 17, 2016 at 9:30 AM, Edoardo Putti <edoardo.putti at gmail.com>
> wrote:
>
>> Hello everyone,
>>
>> I'm in the process of running an Icecast server and I would like to know
>> some best pratices.
>>
>> 1. Should I place Icecast on port 8000 or should I change that to one
>> more common (80, 443...)?
>> 2. Should I place the server behind a webserver like ngingx or apache?
>> 3.Can I disable the login interface? what can be disabled?
>>
>> My best guess is to run icecast behind a webserver, keeping icecast on
>> port 8000 and refusing everything that is not a request for a legit mount,
>> adding a custom admin url.
>>
>> Thanks for your input
>>
>> Edoardo Putti
>>
>> _______________________________________________
>> Icecast mailing list
>> Icecast at xiph.org
>> http://lists.xiph.org/mailman/listinfo/icecast
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20160117/7419cc27/attachment.htm>
More information about the Icecast
mailing list