[Icecast] Having icecast SSL connection problem
Zernick, John
John.Zernick at ideastream.org
Fri Sep 22 17:34:44 UTC 2017
Here are the last few lines in the error.log file:
[2017-09-22 13:20:07] DBUG stats/modify_node_event update global connections (21)
[2017-09-22 13:20:11] DBUG stats/modify_node_event update "/wcpn" total_bytes_read (42454353)
[2017-09-22 13:20:11] DBUG stats/modify_node_event update "/wcpn" total_bytes_sent (4642577)
And here are the few lines of the access log:
10.9.1.112 - - [22/Sep/2017:12:36:33 -0400] "GET /tunein.png HTTP/1.1" 200 1934 "http://audio2.ideastream.org:443/style.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0
10.9.1.112 - - [22/Sep/2017:12:36:41 -0400] "GET /wcpn HTTP/1.1" 200 68979 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 1
10.9.1.112 - - [22/Sep/2017:12:41:53 -0400] "GET /wcpn HTTP/1.1" 200 4522571 "http://audio2.ideastream.org:443/wcpn" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 313
52.71.155.178 - - [22/Sep/2017:13:08:10 -0400] "GET /wcpn HTTP/1.1" 200 51027 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25" 0
66.249.88.82 - - [22/Sep/2017:13:21:10 -0400] "GET / HTTP/1.1" 200 2418 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon" 0
66.249.88.84 - - [22/Sep/2017:13:21:10 -0400] "GET /favicon.ico HTTP/1.1" 404 365 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon" 0
I am 10.9.1.112. I don’t see the same message and the connections in the error log are all from me attempting to connect using https.
I attempted to connect using https and the error log shows bytes sent. And the access.log shows different connections.
-----Original Message-----
From: José Luis Artuch [mailto:artuch at speedy.com.ar]
Sent: Friday, September 22, 2017 1:15 PM
To: Icecast streaming server user discussions <icecast at xiph.org>
Cc: Zernick, John <John.Zernick at ideastream.org>
Subject: Re: [Icecast] Having icecast SSL connection problem
Hi John,
El vie, 22-09-2017 a las 16:50 +0000, Zernick, John escribió:
>
> I have been trying to get icecast 2.4.2 to stream with ssl to https.
> But so far I have had no luck.
>
> I am running Ubuntu 16.04 and the regular stream is working properly
> over port 80. I want to stream securely over port 443. I need to use
> 443 because of network rules here. I can view the Icecast2 Status
> pages and listen to a stream, but once I add https:// I get 'Secure
> Connection Failed' on Firefox and 'This site can’t be reached' from
> Chrome. Both can view and stream non-ssl content.
>
> I have tried both a Digicert and a self-signed cert. I have followed
> the pem rules from Digicert. I have set the permissions to the user
> Icecast2 from the group Icecast. I have read almost everything on this
> and I have tried Walter York's instructions to pre-install a number of
> packages that icecast needs to successfully enable ssl. I have placed
> the cert files in the same directory as the icecast.xml file. Here are
> the details regarding the ssl portions of the XML config file.
>
> ...
> <!-- You may have multiple <listener> elements -->
> <listen-socket>
> <port>80</port>
> <!-- <shoutcast-mount>/stream</shoutcast-mount> -->
> </listen-socket>
>
> <listen-socket>
> <port>443</port>
> <ssl>1</ssl>
> </listen-socket>
> ...
> <paths>
>
> <!-- The certificate file needs to contain both public and
> private part.
> Both should be PEM encoded. -->
> <ssl-certificate>/etc/icecast2/icecast2_new.pem</ssl-
> certificate>
> ...
>
> So, there you have it. The only anomaly with the set up was that when
> the VMWare instance of the site started it was running dhcp and I
> struggled to wrestle control away from it. And I was never able to get
> eth0 to work so I used same interface name that dhcp used 'ens160'.
>
> Any and all suggestions, recommendation, ideas, and solutions would be
> greatly appreciated.
>
Take a look at /var/log/icecast2/error.log In my case it says something like:
[2017-09-17 11:40:43] INFO connection/get_ssl_certificate No SSL capability Then, I interpret that Icecast2 is not compiled with SSl support.
Regards.
José Luis
> Thanks, --John
>
>
>
>
> John Zernick | Senior Systems Administrator (Web)| D: (216) 916-6472
> | F: (216) 916-6473
> Idea Center | 1375 Euclid | Cleveland OH 44115
>
>
> The mission of ideastream is to strengthen our communities
> Follow us on Facebook and Twitter
> Explore what you love, discover even more at ideastream.org
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org<mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20170922/a274f4e3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 43 bytes
Desc: image001.gif
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20170922/a274f4e3/attachment.gif>
More information about the Icecast
mailing list