From mvandop at xs4all.nl Mon Sep 3 15:29:57 2018 From: mvandop at xs4all.nl (Michel van Dop) Date: Mon, 03 Sep 2018 17:29:57 +0200 Subject: [Icecast] Icecast 2.4.3 stop play on https Message-ID: <46f11d99392b0c6db1b2ba6e93c4fd79@xs4all.nl> Hi, We use Icecast 2.4.3 and SSL streaming for a long time on CentOS 6 and 7. The last time we have some problems on playing 192k mp3 on https. The stream play 2 second and stop, on http we have not that problem. (we restart the encoder, but same problem) (we use a jPlayer and direct stream url in chrome) We check on the error log, but no errors and in the access log we see: 2001:980:79b3:0:b1cd:e5ab:3280:e9bd - - [03/Sep/2018:17:24:00 +0200] "GET /live HTTP/1.1" 200 11648 "https://www.domein.nl/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 2 Its not a IPv6 problem we have this problem on IPv4. Best regards, Michel -------------- next part -------------- An HTML attachment was scrubbed... URL: From estudio980 at gmail.com Tue Sep 4 15:00:24 2018 From: estudio980 at gmail.com (estudio980 at gmail.com) Date: Tue, 4 Sep 2018 12:00:24 -0300 Subject: [Icecast] Icecast - Windows Message-ID: Hello, Please someone could tell me if Icecast for Windows works SSL? I'm trying but I do not know how to generate the .PEM file, at least the ones I tried through IIS and OPENSSL did not work out. --- Este email foi escaneado pelo Avast antiv?rus. https://www.avast.com/antivirus -------------- next part -------------- An HTML attachment was scrubbed... URL: From mvandop at xs4all.nl Wed Sep 5 08:00:06 2018 From: mvandop at xs4all.nl (Michel van Dop) Date: Wed, 05 Sep 2018 10:00:06 +0200 Subject: [Icecast] Icecast 2.4.3 stop play on https In-Reply-To: <46f11d99392b0c6db1b2ba6e93c4fd79@xs4all.nl> References: <46f11d99392b0c6db1b2ba6e93c4fd79@xs4all.nl> Message-ID: <9878d10cd40be620ae47412ce1b1cd83@xs4all.nl> Hi, For information, the stream play for 5 months from April. After the restart, the problem was solved for 2.4.3 and https works fine. Have someone see this problem? We use Icecast 2.4.0 CentOS 7 64bit. And every 10 or 15 hours Icecast crash. In the system log we see: kernel: icecast[3244]: segfault at 7fe66037e000 ip 00007fe66aeaf4cb sp 00007fe6670ac9d8 error 4 in libc-2.17.so[7fe66ad5a000+1c3000] We stream on FLAC and opus. When we set FLAC on a bigger bitrate, The Icecast application crash faster. (glibc-2.17-222.el7.x86_64) Best regards, Michel > Hi, > > We use Icecast 2.4.3 and SSL streaming for a long time on CentOS 6 and 7. > The last time we have some problems on playing 192k mp3 on https. > The stream play 2 second and stop, on http we have not that problem. (we restart the encoder, but same problem) > (we use a jPlayer and direct stream url in chrome) > > We check on the error log, but no errors and in the access log we see: > 2001:980:79b3:0:b1cd:e5ab:3280:e9bd - - [03/Sep/2018:17:24:00 +0200] "GET /live HTTP/1.1" 200 11648 "https://www.domein.nl/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 2 > > Its not a IPv6 problem we have this problem on IPv4. > > Best regards, > Michel > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From subscription at nextdial.com.br Thu Sep 6 12:45:52 2018 From: subscription at nextdial.com.br (subscription at nextdial.com.br) Date: Thu, 6 Sep 2018 09:45:52 -0300 Subject: [Icecast] Client auth failed with "" In-Reply-To: References: <7bbe79b1db49481eb462ca4d0ce66e13@nextdial.com.br> Message-ID: Hello, I have a dedicated host and the server is a 2 x Intel Xeon X5560 Clock 2.80 GHZ x 8 Cores. Looking at htop command report and +8k listeners streaming in 48Kbps AAC: Icecast has peak of 85% CPU usage in 1 core; Sometimes show 4 cores usage; Rarely show 8 cores usage; So, how to improve the server usage? KVM virtualize it with 1 VM per core? Or theres anything else to do? ps: Ubuntu 16.04 and Icecast 2.4.2 with SSL (http://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/) Best, Thiago -------------- next part -------------- An HTML attachment was scrubbed... URL: From epirat07 at gmail.com Thu Sep 6 13:47:54 2018 From: epirat07 at gmail.com (Marvin Scholz (ePirat)) Date: Thu, 6 Sep 2018 15:47:54 +0200 Subject: [Icecast] Client auth failed with "" In-Reply-To: References: <7bbe79b1db49481eb462ca4d0ce66e13@nextdial.com.br> Message-ID: Please stop hijacking other threads for new questions, this is incredibly annoying. What you should do is send a new email to the list with a descriptive subject and not reply to existing ones with completely unrelated questions, this makes it really hard for everyone to find your email properly later. > Am 06.09.2018 um 14:45 schrieb "subscription at nextdial.com.br" : > > Hello, > > I have a dedicated host and the server is a 2 x Intel Xeon X5560 Clock 2.80 GHZ x 8 Cores. > > Looking at htop command report and +8k listeners streaming in 48Kbps AAC: > Icecast has peak of 85% CPU usage in 1 core; > Sometimes show 4 cores usage; > Rarely show 8 cores usage; > So, how to improve the server usage? KVM virtualize it with 1 VM per core? Or theres anything else to do? > > ps: Ubuntu 16.04 and Icecast 2.4.2 with SSL (http://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/) > > > > > Best, > Thiago > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast -------------- next part -------------- An HTML attachment was scrubbed... URL: From zer0___ at hotmail.com Thu Sep 6 20:05:34 2018 From: zer0___ at hotmail.com (_zer0_ gravity) Date: Thu, 6 Sep 2018 20:05:34 +0000 Subject: [Icecast] icecast ssl and letsencrypt renewal Message-ID: Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of icecast. I am thinking of checking if the content of the cert.pem file has been altered or maybe checking the file date to see if it is not older than 1 day or something like that. Regards and tia, Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: From sigma4 at gmail.com Thu Sep 6 20:20:41 2018 From: sigma4 at gmail.com (Tycho Eggen) Date: Thu, 6 Sep 2018 13:20:41 -0700 Subject: [Icecast] icecast ssl and letsencrypt renewal In-Reply-To: References: Message-ID: You can add a posthook to your certbot cronjob: certbot renew ?post-hook ?/etc/init.d/icecast restart? Or however you restart icecast On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity wrote: > Hi all, > > > > I have setup icecast to work with letsencrypt ssl certificate, this works > fine. > > But now I am struggling a bit on how to renew the certificate every 3 > months. > > As per letsencrypt recommendation I run a cronjob to check for renewal > every day, > > problem is when there is a new certificate Icecast needs to be restarted > to pick it up, as the certificate only seems to be loaded at startup of > icecast. > > I am thinking of checking if the content of the cert.pem file has been > altered or maybe checking the file date to see if it is not older than 1 > day or something like that. > > > > Regards and tia, > > > > Paul > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zer0___ at hotmail.com Thu Sep 6 20:27:51 2018 From: zer0___ at hotmail.com (_zer0_ gravity) Date: Thu, 6 Sep 2018 20:27:51 +0000 Subject: [Icecast] icecast ssl and letsencrypt renewal In-Reply-To: References: Message-ID: That?s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew ?post-hook ?/etc/init.d/icecast restart? Or however you restart icecast On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity > wrote: Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of icecast. I am thinking of checking if the content of the cert.pem file has been altered or maybe checking the file date to see if it is not older than 1 day or something like that. Regards and tia, Paul _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast -------------- next part -------------- An HTML attachment was scrubbed... URL: From dave.mehler at gmail.com Thu Sep 6 22:20:42 2018 From: dave.mehler at gmail.com (David Mehler) Date: Thu, 6 Sep 2018 18:20:42 -0400 Subject: [Icecast] icecast ssl and letsencrypt renewal In-Reply-To: References: Message-ID: Hello, How did you get icecast and letsencrypt certificates working? Thanks. Dave. On 9/6/18, _zer0_ gravity wrote: > That?s what I have been looking for, thanks ! > > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen > Sent: donderdag 6 september 2018 22:21 > To: Icecast streaming server user discussions > Subject: Re: [Icecast] icecast ssl and letsencrypt renewal > > You can add a posthook to your certbot cronjob: > > certbot renew ?post-hook ?/etc/init.d/icecast restart? > > Or however you restart icecast > > On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity > > wrote: > Hi all, > > I have setup icecast to work with letsencrypt ssl certificate, this works > fine. > But now I am struggling a bit on how to renew the certificate every 3 > months. > As per letsencrypt recommendation I run a cronjob to check for renewal > every day, > problem is when there is a new certificate Icecast needs to be restarted to > pick it up, as the certificate only seems to be loaded at startup of > icecast. > I am thinking of checking if the content of the cert.pem file has been > altered or maybe checking the file date to see if it is not older than 1 day > or something like that. > > Regards and tia, > > Paul > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > From jxb1311 at gmail.com Fri Sep 7 14:05:29 2018 From: jxb1311 at gmail.com (Jelal Bairamoglou) Date: Fri, 7 Sep 2018 17:05:29 +0300 Subject: [Icecast] Problem directory. Message-ID: <9f7cf6f6-980b-2e37-3b9b-da61f43188e8@gmail.com> Hello lister's, I am Jelal,and I would like to inform you about a problem that I deal with it the last two days. The problem is that ?LaikiNota? does not appear on your list. Here is the settings: icecast.xml ??????? 15 http://dir.xiph.org/cgi-bin/yp-cgi ??? Client Name: LaikiNota Description: Greek Music (Laika) URL: https://laikinota.gr Genre: Pop Thank you in advance for your help! http://laikinota.ddns.net:8000/liv From thomas at ruecker.fi Sat Sep 8 18:07:25 2018 From: thomas at ruecker.fi (=?UTF-8?Q?Thomas_B._R=c3=bccker?=) Date: Sat, 8 Sep 2018 18:07:25 +0000 Subject: [Icecast] Problem directory. In-Reply-To: <9f7cf6f6-980b-2e37-3b9b-da61f43188e8@gmail.com> References: <9f7cf6f6-980b-2e37-3b9b-da61f43188e8@gmail.com> Message-ID: Hi, On 09/07/2018 02:05 PM, Jelal Bairamoglou wrote: > > Hello lister's, > I am Jelal,and I would like to inform you about a problem that I deal > with it the last two days. Please go through the steps explained in our YP documentation: http://icecast.org/docs/icecast-trunk/yp/ If you don't get it working that way it explains which information we exactly need to understand your problem. Cheers, Thomas From zer0___ at hotmail.com Sat Sep 15 13:56:28 2018 From: zer0___ at hotmail.com (_zer0_ gravity) Date: Sat, 15 Sep 2018 13:56:28 +0000 Subject: [Icecast] icecast ssl and letsencrypt renewal In-Reply-To: References: Message-ID: Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat /etc/letsencrypt/live/icecast.fomain.name/privkey.pem /etc/letsencrypt/live/icecast.domain.name/cert.pem > /etc/icecast2/cert+key.pem Enable ssl on one of your Icecast sockets in Icecast.xml: 443 x.x.x.x 1 And specify the location of your certificate in the section: /etc/icecast2/cert+key.pem After restarting you should have a working Icecast with letsencrypt ssl certificate. I have a cronjob running daily calling a script to automatically renew the certificate and restart Icecast if needed: #!/bin/bash certbot-auto renew --post-hook "cat /etc/letsencrypt/live/icecast.domain.name/privkey.pem /etc/letsencrypt/live/icecast.domain.name/cert.pem > /etc/icecast2/cert+key.pem && /etc/init.d/icecast2 restart" Hope this helps. Paul -----Original Message----- From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of David Mehler Sent: vrijdag 7 september 2018 00:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal Hello, How did you get icecast and letsencrypt certificates working? Thanks. Dave. On 9/6/18, _zer0_ gravity wrote: > That?s what I have been looking for, thanks ! > > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen > Sent: donderdag 6 september 2018 22:21 > To: Icecast streaming server user discussions > Subject: Re: [Icecast] icecast ssl and letsencrypt renewal > > You can add a posthook to your certbot cronjob: > > certbot renew ?post-hook ?/etc/init.d/icecast restart? > > Or however you restart icecast > > On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity > > wrote: > Hi all, > > I have setup icecast to work with letsencrypt ssl certificate, this works > fine. > But now I am struggling a bit on how to renew the certificate every 3 > months. > As per letsencrypt recommendation I run a cronjob to check for renewal > every day, > problem is when there is a new certificate Icecast needs to be restarted to > pick it up, as the certificate only seems to be loaded at startup of > icecast. > I am thinking of checking if the content of the cert.pem file has been > altered or maybe checking the file date to see if it is not older than 1 day > or something like that. > > Regards and tia, > > Paul > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast From dave.mehler at gmail.com Sat Sep 15 22:05:04 2018 From: dave.mehler at gmail.com (David Mehler) Date: Sat, 15 Sep 2018 18:05:04 -0400 Subject: [Icecast] icecast ssl and letsencrypt renewal In-Reply-To: References: Message-ID: Hello Paul, Thank you very much. That did it. I don't use certbot, but rather acme.sh so I adapted your instructions and it's working great! One thing do I have to have an unencrypted socket on 8000 and an encrypted socket on 443? Are there other security options I can implement? Thanks. Dave. On 9/15/18, _zer0_ gravity wrote: > Install letsencrypt and request a certificate specifying the webroot of your > Icecast server and the host.domain: > > certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d > icecast.domain.name > > Now you should have a certificate for your server, it's only in the wrong > format for Icecast, copy the key and the certificate to 1 file with the > following cmd: > > cat /etc/letsencrypt/live/icecast.fomain.name/privkey.pem > /etc/letsencrypt/live/icecast.domain.name/cert.pem > > /etc/icecast2/cert+key.pem > > Enable ssl on one of your Icecast sockets in Icecast.xml: > > > 443 > x.x.x.x > 1 > > > And specify the location of your certificate in the section: > > /etc/icecast2/cert+key.pem > > After restarting you should have a working Icecast with letsencrypt ssl > certificate. > > I have a cronjob running daily calling a script to automatically renew the > certificate and restart Icecast if needed: > > #!/bin/bash > certbot-auto renew --post-hook "cat > /etc/letsencrypt/live/icecast.domain.name/privkey.pem > /etc/letsencrypt/live/icecast.domain.name/cert.pem > > /etc/icecast2/cert+key.pem && /etc/init.d/icecast2 restart" > > Hope this helps. > > Paul > > > -----Original Message----- > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of David Mehler > Sent: vrijdag 7 september 2018 00:21 > To: Icecast streaming server user discussions > Subject: Re: [Icecast] icecast ssl and letsencrypt renewal > > Hello, > > How did you get icecast and letsencrypt certificates working? > > Thanks. > Dave. > > > On 9/6/18, _zer0_ gravity wrote: >> That?s what I have been looking for, thanks ! >> >> From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen >> Sent: donderdag 6 september 2018 22:21 >> To: Icecast streaming server user discussions >> Subject: Re: [Icecast] icecast ssl and letsencrypt renewal >> >> You can add a posthook to your certbot cronjob: >> >> certbot renew ?post-hook ?/etc/init.d/icecast restart? >> >> Or however you restart icecast >> >> On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity >> > wrote: >> Hi all, >> >> I have setup icecast to work with letsencrypt ssl certificate, this works >> fine. >> But now I am struggling a bit on how to renew the certificate every 3 >> months. >> As per letsencrypt recommendation I run a cronjob to check for renewal >> every day, >> problem is when there is a new certificate Icecast needs to be restarted >> to >> pick it up, as the certificate only seems to be loaded at startup of >> icecast. >> I am thinking of checking if the content of the cert.pem file has been >> altered or maybe checking the file date to see if it is not older than 1 >> day >> or something like that. >> >> Regards and tia, >> >> Paul >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > From jayaubs89 at gmail.com Sat Sep 15 11:16:18 2018 From: jayaubs89 at gmail.com (Jay George) Date: Sat, 15 Sep 2018 12:16:18 +0100 Subject: [Icecast] cant get my radio on yp directory Message-ID: hi there i have done everything to get my radio on icecast yp directory i have searched it in there and nothing comes up please help -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomas at ruecker.fi Sun Sep 16 11:13:32 2018 From: thomas at ruecker.fi (=?UTF-8?Q?Thomas_B._R=c3=bccker?=) Date: Sun, 16 Sep 2018 11:13:32 +0000 Subject: [Icecast] cant get my radio on yp directory In-Reply-To: References: Message-ID: <2d46e665-0b62-b7ef-8a45-fc06f56448d4@ruecker.fi> Hi, On 09/15/2018 11:16 AM, Jay George wrote: > hi there i have done everything to get my radio on icecast yp directory? > i have searched it in there and nothing comes up please help Please go through the steps explained in our YP documentation: http://icecast.org/docs/icecast-trunk/yp/ If you don't get it working that way it explains which information we exactly need to understand your problem. Cheers, Thomas From jxb1311 at gmail.com Mon Sep 17 18:18:10 2018 From: jxb1311 at gmail.com (Jelal Bairamoglou) Date: Mon, 17 Sep 2018 21:18:10 +0300 Subject: [Icecast] cant get my radio on yp directory In-Reply-To: <2d46e665-0b62-b7ef-8a45-fc06f56448d4@ruecker.fi> References: <2d46e665-0b62-b7ef-8a45-fc06f56448d4@ruecker.fi> Message-ID: <1b47effb-252d-8b1b-c91e-da27e64c0db9@gmail.com> Hello I would also like to add that you must activate the Public directory from the client settings from the program that you use for broadcast. I did these and it operated correct. You should also open: Here is the settings: icecast.xml ??????? 15 http://dir.xiph.org/cgi-bin/yp-cgi ??? On 16/9/2018 2:13 ??, Thomas B. R?cker wrote: > Hi, > > > On 09/15/2018 11:16 AM, Jay George wrote: >> hi there i have done everything to get my radio on icecast yp directory >> i have searched it in there and nothing comes up please help > Please go through the steps explained in our YP documentation: > > http://icecast.org/docs/icecast-trunk/yp/ > > If you don't get it working that way it explains which information we > exactly need to understand your problem. > > Cheers, > > Thomas > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast From subscription at nextdial.com.br Sat Sep 22 16:29:07 2018 From: subscription at nextdial.com.br (subscription at nextdial.com.br) Date: Sat, 22 Sep 2018 13:29:07 -0300 Subject: [Icecast] How possible is Icecast get 2 different agents from TuneIn App? Message-ID: <7eb6ab82f534462298562e18f42d9bc2@nextdial.com.br> Hello guys, We have implemented auth url in our icecast instance. So, i installed the Android TuneIn app in my phone, opened it, search for our radio and tapped play. The request come from a load balancer that redirect to the icecast server. But, looking at the logs we saw: Load balancer: User-Agent=NSPlayer/10.0.0.3702 WMFSDK/10.0 X-Real-IP=177.33.155.000 Icecast: ip=177.33.155.000&agent=Lavf/57.25.100 Why the Icecast is getting a different agent (ie ExoPlayer don't have the same behaviour)? VPN? Proxy? Best, Thiago -------------- next part -------------- An HTML attachment was scrubbed... URL: From frs.computer.tech at gmail.com Tue Sep 25 03:49:01 2018 From: frs.computer.tech at gmail.com (Steve Wasiura) Date: Mon, 24 Sep 2018 23:49:01 -0400 Subject: [Icecast] How to troubleshoot admin auth values in url format http://admin:password@icecast.org:1234 Message-ID: Hello, I'm asking if there is a way to do extra troubleshooting for admin auth, by adjusting a config parameter (i.e. loglevel), then looking at log files. Sometimes I can auth properly when trying to update metadata using a url with basic auth embedded before the server/hostname, requested from a web browser like google chrome. i.e. http://admin:password at icecast.org:1234/admin/metadata?mode=updinfo&mount=... etc Other times, I can't, and I can't figure out why not. 1. Does admin:password in this scenario (a web browser request) need to be encoded to Base64, or can it be the "normal / plaintext" i.e. "admin" ? Reading the code on Github, in src/connection.c static int _check_pass_http it appears it calls a method util_base64_decode, so it appears it is trying to decode it. but sometimes this works from a web browser request when username:password is typed in plaintext (not base64encoded) does the browser automatically encode it behind the scenes before the network tranmission? 2. is there anyway to enable a more detailed logging level which would be able to echo the values submitted, to validate if they are being changed by the web browser during transmission? in same code file, I see WARN1("Base64 decode of Authorization header \"%s\" failed", header+6); In which log would this appear? access or error? Thank you. 3. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lion at lion.leolix.org Thu Sep 27 09:58:23 2018 From: lion at lion.leolix.org (Philipp Schafft) Date: Thu, 27 Sep 2018 09:58:23 +0000 Subject: [Icecast] How to troubleshoot admin auth values in url format http://admin:password@icecast.org:1234 In-Reply-To: References: Message-ID: <1538042303.2598.60.camel@lion.leolix.org> Good morning, On Mon, 2018-09-24 at 23:49 -0400, Steve Wasiura wrote: > Hello, > > I'm asking if there is a way to do extra troubleshooting for admin auth, by > adjusting a config parameter (i.e. loglevel), then looking at log files. Have you check the accesslog? This would be the first place to look. > Sometimes I can auth properly when trying to update metadata using a url > with basic auth embedded before the server/hostname, requested from a web > browser like google chrome. > > i.e. > http://admin:password at icecast.org:1234/admin/metadata?mode=updinfo&mount=... > etc > > Other times, I can't, and I can't figure out why not. Note that calling this API node is only for legacy codecs like MP3 and AAC. You should avoid using them. Also note that this API endpoint is special. It may require you to connect from the same source IP as the actual source you try to update. (Details are different for different versions of Icecast.) This is due to a flaw in those codec's design that would allow an attack on the server without this security check. > 1. Does admin:password in this scenario (a web browser request) need to be > encoded to Base64, or can it be the "normal / plaintext" i.e. "admin" ? > > Reading the code on Github, Don't. Use Our official repo at: http://git.xiph.org/?p=icecast-server.git;a=summary or even better: https://gitlab.xiph.org/xiph/icecast-server/tree/master > in src/connection.c > static int _check_pass_http > > it appears it calls a method util_base64_decode, so it appears it is trying > to decode it. > > but sometimes this works from a web browser request when username:password > is typed in plaintext (not base64encoded) > > does the browser automatically encode it behind the scenes before the > network tranmission? It does. No need to care about it. :) > 2. is there anyway to enable a more detailed logging level which would be > able to echo the values submitted, to validate if they are being changed by > the web browser during transmission? Not directly. Also how much Icecast logs depends on it's version. > in same code file, I see > WARN1("Base64 decode of Authorization header \"%s\" failed", header+6); In > which log would this appear? access or error? error log. > > Thank you. > 3. I hope that the above is of help for you. I feel like the same-ip check is the relevant one as this could explain why it works sometimes. With best regards, -- Philipp. (Rah of PH2) From phschafft at de.loewenfelsen.net Thu Sep 27 10:44:15 2018 From: phschafft at de.loewenfelsen.net (Philipp Schafft) Date: Thu, 27 Sep 2018 10:44:15 +0000 Subject: [Icecast] About current Icecast development Message-ID: <1538045055.2598.80.camel@de.loewenfelsen.net> Good morning, Icecast development has been a bit quiet to the outside world recently. However there is a lot of movement. Today I would like to tell you about a few new things in Icecast 2.5.x. Icecast 2.5.x is the current development branch. (We recommend to use our stable releases (2.4.x) for production.) Here are a few new things that have been implement recently. This list is just a short excerpt: TLS Support TLS support as been improved a lot. This included on the fly reloading of certificates. We also support reading key and certificate from different files in 2.5.x. OPTIONS Support We added full support for HTTP OPTIONS requests. This is mostly used by CORS. POST Support We added full support for HTTP POST requests. This is mostly useful for the admin interface. The admin interface currently accepts both GET, and POST requests. Machine readable error codes We added support for machine readable error codes. There will be more changes here. I will likely make a bigger post about this at some later point. Listen socket improvements The code handing listen sockets has been completely rewritten. We now support changing all settings related to listen sockets on the fly. Also new is that you can define authentication per listen socket. This combines very nicely with the new authentication system that comes with 2.5.x. This is e.g. useful for only allowing admin requests from a specific listen socket. Relay improvements Relays can now define multiple upstream servers. If the primary one is not reachable it will automatically fall back to another upstream server. Relays can now also be defined within tags. This makes the configuration nicer to read and write. Fixes, fixes, fixes As always there have been a long list of fixes. I exclude them here for most being boring to the user. All security fixes are also communicated on their own. Got curious? To get the most recent updates you sadly need to install Icecast from source on your own. Please see: * https://wiki.xiph.org/Icecast_Server/Getting_Started * https://wiki.xiph.org/Icecast_Server/Git_workflow With best regards, -- Philipp Schafft (CEO/Gesch?ftsf?hrer) Telephon: +49.3535 490 17 92 L?wenfelsen UG (haftungsbeschr?nkt) Registration number: Bickinger Stra?e 21 HRB 12308 CB 04916 Herzberg (Elster) VATIN/USt-ID: Germany DE305133015 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From dave.mehler at gmail.com Thu Sep 27 20:01:23 2018 From: dave.mehler at gmail.com (David Mehler) Date: Thu, 27 Sep 2018 16:01:23 -0400 Subject: [Icecast] Tweaking an Icecast server, file conversions, lyrics, currently playing script and multiple streams Message-ID: Hello, I've got a new Icecast2 server that I'm setting up. Previously it was on a machine with ices0 so I could just stream a directory of mp3 files. Now using ices2 I've got to convert many files to .ogg and .opus, I also added in .flac for another project. So I goto the directory that for now just has .mp3 files and do: for f in *.mp3; do ffmpeg -i "$f" "$f.opus" "$f.ogg" "$f.flac"; done So I've got an .mp3, an .opus, and .ogg, and a .flac version of the files. What I'm wanting to know is first of all I read up on lyrics, but that seems to require a kodi plugin, is there something standalone I can use? I'm also looking for a currently playing script, searching has only revealed again a kodi plugin, I am looking for something standalone. I'm wanting to do multiple streams at various bitrates, the original files are 192KBPS .mp3 files, i'd like for those .opus files to be the high bandwidth files, then encode the .mp3 files to 128KBPS (for medium bandwidth), 64KBPS (low bandwidth), and 56KBPS (dialup). How would I get ices2 set up like this and how would I get the files in to the various bitrates? Thanks. Dave. From dave.mehler at gmail.com Fri Sep 28 03:56:04 2018 From: dave.mehler at gmail.com (David Mehler) Date: Thu, 27 Sep 2018 23:56:04 -0400 Subject: [Icecast] multiple mounts each varying bitrates Message-ID: Hello, If anyone is running an Icecast server that serves at least 3 separate streams each with it's own bitrate can I get a look at your config? Thanks. Dave. From jake at jakebriggs.com Fri Sep 28 09:56:47 2018 From: jake at jakebriggs.com (jake) Date: Fri, 28 Sep 2018 21:56:47 +1200 Subject: [Icecast] multiple mounts each varying bitrates In-Reply-To: References: Message-ID: Hiya David, see my previous answer - I am sure it addresses these questions. Just to reiterate, icecast will serve whatever the source tells it to. If you have 3 separate ices0 processes running, icecast will serve 3 streams. There is a setting in icecast that can limit the maximum number of sources. On 2018-09-28 15:56, David Mehler wrote: > Hello, > > If anyone is running an Icecast server that serves at least 3 separate > streams each with it's own bitrate can I get a look at your config? > > Thanks. > Dave. > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast From jake at jakebriggs.com Fri Sep 28 10:00:51 2018 From: jake at jakebriggs.com (jake) Date: Fri, 28 Sep 2018 22:00:51 +1200 Subject: [Icecast] multiple mounts each varying bitrates In-Reply-To: References: Message-ID: <30a790e2c48346a751b40a1f6fc582e7@jakebriggs.com> I just realised my previous email didn't go to the list for some reason. Here it is again: Currently, I have three liquadsoap ".liq" files, and they all look very similar to this: -------- 8< -------- jake at beastie:/etc/liquidsoap$ cat jake.liq #!/usr/bin/liquidsoap #set("log.file.path","/tmp/basic-radio.log") def my_request_function() = # Get the first line of my external process result = list.hd( get_process_lines("/usr/bin/getrandomsong.sh /etc/liquidsoap/jakeradio.sh")) # Create and return a request using this result request.create(result) end # Create the source s = mksafe(request.dynamic(my_request_function)) sc = smart_crossfade(conservative=true, s) output.icecast(%mp3.vbr(quality=1), host = "localhost", port = 8000, password = "ICECASTPASSWORD", mount = "jake-radio.mp3", description="jakeradio - all my songs on random", name="jakeradio", sc) jake at beastie:/etc/liquidsoap$ -------- 8< -------- The important differences between the configs are the "mount", "description", and "name" in the last command. As you can see, the mp3's are re-encoded to a variable bit rate, quality set to 1, which I am sure is overkill lol There is no special config in icecast, icecast will stream whatever the streaming source tells it to - in my case, the streaming source is liquadsoap. You may want to look at the setting in icecast.xml icecast/limits/clients and/or icecast/limits/sources - mine is set to 100, I *think* sources defaults to something quite low, like 2, which bit me when I tried to stream 3 things.... Also, you'll want to look at icecast/authentication/source-password and set that to something - Above, in my liq file, you'll see 'password = "ICECASTPASSWORD"' - they need to match. I hope I've given you enough to get you on the right track :D Jake On 2018-09-28 15:56, David Mehler wrote: > Hello, > > If anyone is running an Icecast server that serves at least 3 separate > streams each with it's own bitrate can I get a look at your config? > > Thanks. > Dave. > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast From dave.mehler at gmail.com Fri Sep 28 17:20:25 2018 From: dave.mehler at gmail.com (David Mehler) Date: Fri, 28 Sep 2018 13:20:25 -0400 Subject: [Icecast] multiple mounts each varying bitrates In-Reply-To: <30a790e2c48346a751b40a1f6fc582e7@jakebriggs.com> References: <30a790e2c48346a751b40a1f6fc582e7@jakebriggs.com> Message-ID: Hi, Thanks, that helps a lot. I'm trying to get ices2 now to do the multiple clients and sources, I'll post what I get later today. Thanks. Dave. On 9/28/18, jake wrote: > I just realised my previous email didn't go to the list for some reason. > Here it is again: > > Currently, I have three liquadsoap ".liq" files, and they all look very > similar to this: > > -------- 8< -------- > jake at beastie:/etc/liquidsoap$ cat jake.liq > #!/usr/bin/liquidsoap > > #set("log.file.path","/tmp/basic-radio.log") > > def my_request_function() = > # Get the first line of my external process > result = > list.hd( > get_process_lines("/usr/bin/getrandomsong.sh > /etc/liquidsoap/jakeradio.sh")) > # Create and return a request using this result > request.create(result) > end > > # Create the source > s = mksafe(request.dynamic(my_request_function)) > > sc = smart_crossfade(conservative=true, s) > > output.icecast(%mp3.vbr(quality=1), > host = "localhost", port = 8000, > password = "ICECASTPASSWORD", mount = "jake-radio.mp3", > description="jakeradio - all my songs on random", name="jakeradio", > sc) > > > jake at beastie:/etc/liquidsoap$ > -------- 8< -------- > > The important differences between the configs are the "mount", > "description", and "name" in the last command. > As you can see, the mp3's are re-encoded to a variable bit rate, quality > set to 1, which I am sure is overkill lol > > There is no special config in icecast, icecast will stream whatever the > streaming source tells it to - in my case, the streaming source is > liquadsoap. > > You may want to look at the setting in icecast.xml > icecast/limits/clients and/or icecast/limits/sources - mine is set to > 100, I *think* sources defaults to something quite low, like 2, which > bit me when I tried to stream 3 things.... > > Also, you'll want to look at icecast/authentication/source-password and > set that to something - Above, in my liq file, you'll see 'password = > "ICECASTPASSWORD"' - they need to match. > > I hope I've given you enough to get you on the right track :D > > Jake > > > On 2018-09-28 15:56, David Mehler wrote: >> Hello, >> >> If anyone is running an Icecast server that serves at least 3 separate >> streams each with it's own bitrate can I get a look at your config? >> >> Thanks. >> Dave. >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast > From dave.mehler at gmail.com Fri Sep 28 18:06:02 2018 From: dave.mehler at gmail.com (David Mehler) Date: Fri, 28 Sep 2018 14:06:02 -0400 Subject: [Icecast] self-signed ssl certificate, icecast2, and no ssl capability Message-ID: Hello, I'm trying to get ssl going via a self-signed certificate on my Icecast server. It's running raspbian stretch on a Raspberry Pi so the latest version from packages. I tried to connect to the web site via https specifically: https://hostname:8000 thinking it would go ssl, it didn't I got a could not connect error message, site might use unsafe or outdated tls security protocols, that's from memory. I set icecast2 logging to 4 debug prior to this and looked at my error file grep for the term ssl I got this: #grep ssl /var/log/icecast2/error.log [2018-09-28 13:43:48] INFO connection/get_ssl_certificate No SSL capability The relevant portions of my icecast.xml file: #cat icecast.xml ... 8000 xxx.xxx.xxx.xxx /stream 1 ... paths section: /etc/icecast2/icecast.pem ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS 0 icecast2 icecast I then checked the permissions on my self-signed certificate: #ls -l icecast.pem -rw-r----- 1 icecast2 icecast 5455 Sep 27 13:17 icecast.pem and taking out the gibbrish of my certificate: #cat icecast.pem -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- To create this self-signed certificate I did: cd /etc/icecast2 openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout icecast.pem -out icecast.pem chown icecast2:icecast icecast.pem chmod 0640 icecast.pem Suggestions as to where I went wrong appreciated. Thanks. Dave. From jake at jakebriggs.com Fri Sep 28 18:07:45 2018 From: jake at jakebriggs.com (Jake) Date: Sat, 29 Sep 2018 06:07:45 +1200 Subject: [Icecast] multiple mounts each varying bitrates In-Reply-To: References: <30a790e2c48346a751b40a1f6fc582e7@jakebriggs.com> Message-ID: Awesome :) I have nothing for the lyrics. The source should send metadata to icecast though, and icecast should update the metadata to any listening clients. Kodi will show that metadata, and so will Audacious, and I presume almost any client will. I've never used ices2 but presumably it can send metadata? Jake ---- David Mehler wrote ---- >Hi, > >Thanks, that helps a lot. I'm trying to get ices2 now to do the >multiple clients and sources, I'll post what I get later today. > >Thanks. >Dave. > > >On 9/28/18, jake wrote: >> I just realised my previous email didn't go to the list for some reason. >> Here it is again: >> >> Currently, I have three liquadsoap ".liq" files, and they all look very >> similar to this: >> >> -------- 8< -------- >> jake at beastie:/etc/liquidsoap$ cat jake.liq >> #!/usr/bin/liquidsoap >> >> #set("log.file.path","/tmp/basic-radio.log") >> >> def my_request_function() = >> # Get the first line of my external process >> result = >> list.hd( >> get_process_lines("/usr/bin/getrandomsong.sh >> /etc/liquidsoap/jakeradio.sh")) >> # Create and return a request using this result >> request.create(result) >> end >> >> # Create the source >> s = mksafe(request.dynamic(my_request_function)) >> >> sc = smart_crossfade(conservative=true, s) >> >> output.icecast(%mp3.vbr(quality=1), >> host = "localhost", port = 8000, >> password = "ICECASTPASSWORD", mount = "jake-radio.mp3", >> description="jakeradio - all my songs on random", name="jakeradio", >> sc) >> >> >> jake at beastie:/etc/liquidsoap$ >> -------- 8< -------- >> >> The important differences between the configs are the "mount", >> "description", and "name" in the last command. >> As you can see, the mp3's are re-encoded to a variable bit rate, quality >> set to 1, which I am sure is overkill lol >> >> There is no special config in icecast, icecast will stream whatever the >> streaming source tells it to - in my case, the streaming source is >> liquadsoap. >> >> You may want to look at the setting in icecast.xml >> icecast/limits/clients and/or icecast/limits/sources - mine is set to >> 100, I *think* sources defaults to something quite low, like 2, which >> bit me when I tried to stream 3 things.... >> >> Also, you'll want to look at icecast/authentication/source-password and >> set that to something - Above, in my liq file, you'll see 'password = >> "ICECASTPASSWORD"' - they need to match. >> >> I hope I've given you enough to get you on the right track :D >> >> Jake >> >> >> On 2018-09-28 15:56, David Mehler wrote: >>> Hello, >>> >>> If anyone is running an Icecast server that serves at least 3 separate >>> streams each with it's own bitrate can I get a look at your config? >>> >>> Thanks. >>> Dave. >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From pm at nowster.me.uk Sun Sep 30 16:55:53 2018 From: pm at nowster.me.uk (Paul Martin) Date: Sun, 30 Sep 2018 17:55:53 +0100 Subject: [Icecast] multiple mounts each varying bitrates In-Reply-To: References: Message-ID: <20180930165552.GA5252@thinkpad.nowster.org.uk> On Thu, Sep 27, 2018 at 11:56:04PM -0400, David Mehler wrote: > If anyone is running an Icecast server that serves at least 3 separate > streams each with it's own bitrate can I get a look at your config? A live config for liquidsoap. The telnet server is used to update live metadata. #!/usr/bin/liquidsoap # Enable telnet server set("server.telnet",true) set("log.file.path","/tmp/liquid.log") set("frame.audio.samplerate",48000) source = input.alsa() source = server.insert_metadata(id="ID", source) ice_host = "127.0.0.1" ice_pass = "xxxxxxxxxxx" station = "My station" output.icecast( %ogg(%flac(samplerate=48000,compression=5)), host = ice_host, port = 8000, password = ice_pass, mount = "medium.flac", name = "My Station FLAC", icy_metadata = "true", url="", encoding="UTF-8", description = station, source ) output.icecast( %ogg(%vorbis(quality=0.0, samplerate=48000)), host = ice_host, port = 8000, password = ice_pass, mount = "medium.ogg", name = "My Station Vorbis", icy_metadata = "true", description = station, url="", encoding="UTF-8", source ) output.icecast( %ogg(%vorbis(quality=0.9, samplerate=48000)), host = ice_host, port = 8000, password = ice_pass, mount = "high.ogg", name = "My Station Vorbis High", icy_metadata = "true", description = station, url="", encoding="UTF-8", source ) output.icecast( %ogg(%opus(bitrate=128, samplerate=48000, application="audio",complexity=5)), host = ice_host, port = 8000, password = ice_pass, mount = "medium.opus", name = "My Station Opus", icy_metadata = "true", description = station, url="", encoding="UTF-8", source ) #output.icecast( # %ogg(%opus(bitrate=48, samplerate=48000, application="audio",complexity=8)), # host = ice_host, # port = 8000, # password = ice_pass, # mount = "low.opus", # name = "My Station Opus Low", # icy_metadata = "true", # description = station, # url="", # encoding="UTF-8", # source #) output.icecast( %mp3(bitrate=128, samplerate=48000), host = ice_host, port = 8000, password = ice_pass, mount = "medium.mp3", name = "My Station MP3", icy_metadata = "true", description = station, url="", encoding="UTF-8", source ) output.icecast( %fdkaac(bitrate=128, samplerate=48000, afterburner=true, aot="mpeg4_aac_lc", transmux="adts", sbr_mode=false), host = ice_host, port = 8000, password = ice_pass, mount = "medium.aac", name = "My Station AAC", icy_metadata = "true", description = station, url="", encoding="UTF-8", source ) output.icecast( %fdkaac(bitrate=64, samplerate=48000, afterburner=true, aot="mpeg4_he_aac", transmux="adts", sbr_mode=true), host = ice_host, port = 8000, password = ice_pass, mount = "low.aac", name = "My Station AAC Low", icy_metadata = "true", description = station, url="", encoding="UTF-8", source ) -- Paul Martin