[Icecast] Having icecast SSL connection problem

Zernick, John John.Zernick at ideastream.org
Fri Sep 22 17:34:44 UTC 2017 

Here are the last few lines in the error.log file:


[2017-09-22  13:20:07] DBUG stats/modify_node_event update global connections (21)
[2017-09-22  13:20:11] DBUG stats/modify_node_event update "/wcpn" total_bytes_read (42454353)
[2017-09-22  13:20:11] DBUG stats/modify_node_event update "/wcpn" total_bytes_sent (4642577)


And here are the few lines of the access log:



10.9.1.112 - - [22/Sep/2017:12:36:33 -0400] "GET /tunein.png HTTP/1.1" 200 1934 "http://audio2.ideastream.org:443/style.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0

10.9.1.112 - - [22/Sep/2017:12:36:41 -0400] "GET /wcpn HTTP/1.1" 200 68979 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 1

10.9.1.112 - - [22/Sep/2017:12:41:53 -0400] "GET /wcpn HTTP/1.1" 200 4522571 "http://audio2.ideastream.org:443/wcpn" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 313

52.71.155.178 - - [22/Sep/2017:13:08:10 -0400] "GET /wcpn HTTP/1.1" 200 51027 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25" 0

66.249.88.82 - - [22/Sep/2017:13:21:10 -0400] "GET / HTTP/1.1" 200 2418 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon" 0

66.249.88.84 - - [22/Sep/2017:13:21:10 -0400] "GET /favicon.ico HTTP/1.1" 404 365 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon" 0



I am 10.9.1.112. I don’t see the same message and the connections in the error log are all from me attempting to connect using https.



I attempted to connect using https and the error log shows bytes sent. And the access.log shows different connections.



-----Original Message-----
From: José Luis Artuch [mailto:artuch at speedy.com.ar]
Sent: Friday, September 22, 2017 1:15 PM
To: Icecast streaming server user discussions <icecast at xiph.org>
Cc: Zernick, John <John.Zernick at ideastream.org>
Subject: Re: [Icecast] Having icecast SSL connection problem



Hi John,

El vie, 22-09-2017 a las 16:50 +0000, Zernick, John escribió:

>

> I have been trying to get icecast 2.4.2 to stream with ssl to https.

> But so far I have had no luck.

>

> I am running Ubuntu 16.04 and the regular stream is working properly

> over port 80. I want to stream securely over port 443. I need to use

> 443 because of network rules here. I can view the Icecast2 Status

> pages and listen to a stream, but once I add https:// I get 'Secure

> Connection Failed' on Firefox and 'This site can’t be reached' from

> Chrome. Both can view and stream non-ssl content.

>

> I have tried both a Digicert and a self-signed cert. I have followed

> the pem rules from Digicert. I have set the permissions to the user

> Icecast2 from the group Icecast. I have read almost everything on this

> and I have tried Walter York's instructions to pre-install a number of

> packages that icecast needs to successfully enable ssl. I have placed

> the cert files in the same directory as the icecast.xml file. Here are

> the details regarding the ssl portions of the XML config file.

>

> ...

>     <!-- You may have multiple <listener> elements -->

>     <listen-socket>

>         <port>80</port>

>         <!-- <shoutcast-mount>/stream</shoutcast-mount> -->

>     </listen-socket>

>

>     <listen-socket>

>         <port>443</port>

>         <ssl>1</ssl>

>     </listen-socket>

> ...

>     <paths>

>

>         <!-- The certificate file needs to contain both public and

> private part.

>              Both should be PEM encoded. -->

>         <ssl-certificate>/etc/icecast2/icecast2_new.pem</ssl-

> certificate>

> ...

>

> So, there you have it. The only anomaly with the set up was that when

> the VMWare instance of the site started it was running dhcp and I

> struggled to wrestle control away from it. And I was never able to get

> eth0 to work so I used same interface name that dhcp used 'ens160'.

>

> Any and all suggestions, recommendation, ideas, and solutions would be

> greatly appreciated.

>

Take a look at /var/log/icecast2/error.log In my case it says something like:

[2017-09-17  11:40:43] INFO connection/get_ssl_certificate No SSL capability Then, I interpret that Icecast2 is not compiled with SSl support.

Regards.

José Luis

> Thanks,  --John

>

>

>

>

>  John Zernick | Senior Systems Administrator (Web)| D: (216) 916-6472

> | F: (216) 916-6473

>  Idea Center | 1375 Euclid | Cleveland OH 44115

>

>

>  The mission of ideastream is to strengthen our communities

>  Follow us on Facebook and Twitter

>  Explore what you love, discover even more at ideastream.org

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> _______________________________________________

> Icecast mailing list

> Icecast at xiph.org<mailto:Icecast at xiph.org>

> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20170922/a274f4e3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 43 bytes
Desc: image001.gif
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20170922/a274f4e3/attachment.gif>

More information about the Icecast mailing list