[Icecast] icecast, ssl, windows environment

Federico Miniussi federico.miniussi at gmail.com
Wed Apr 29 08:31:17 UTC 2020 

Hello everyone.
Thanks a lot! I got it working.
Frankly speaking I had already tested the setup proposed, but I made two
mistakes, first i tried to setup the port 443 and it was stupid as this
port is already used by web service https.

Second mistake was the .pem file that probably was wrongly concatenated and
was not recognized/loaded by icecast.

However I confirm that in most places on internet is stated that icecast
2.4.4. windows package has no ssl capability as well as linux package that
must be recompiled with openssl
In fact the guides online suggests to install the KH branch of icecast that
should be fine with SSL.

So all wrong and all fine. thank you again. Now with SSL stream running I
can finally program the Alexa skill for listening the radio on amazon
devices :)

Have nice day
Federico



Il giorno mar 28 apr 2020 alle ore 23:25 estudio980 at gmail.com <
estudio980 at gmail.com> ha scritto:

> Hello,
> The icecast 2.4 is compatible with ssl, I use it here (windows server too).
> Just set up your icecast to read your certificate (.pem).
> you will only have to use a different port than the current one you use to
> hear. (8003)
>
>
> SEE AN EXAMPLE OF MY CONFIGURATION:
>
> <icecast>
>     <location> XXXXXXXXX </location>
>     <admin> XXXXX @ XXXXX </admin>
>     <hostname> 127.0.0.1 </hostname>
>
>     <limits>
>         <clients> 100 </clients>
>         <sources> 1 </sources>
>         <queue-size> 524288 </queue-size>
>         <client-timeout> 30 </client-timeout>
>         <header-timeout> 15 </header-timeout>
>         <source-timeout> 10 </source-timeout>
>         <burst-on-connect> 1 </burst-on-connect>
>         <burst-size> 65535 </burst-size>
>     </limits>
>
>     <authentication>
>         <source-password> XXXXXXXX </source-password>
>         <relay-password> XXXXXXXXXX </relay-password>
>         <admin-user> XXXXXXXXXXX </admin-user>
>         <admin-password> XXXXXXXXX </admin-password>
>     </authentication>
>
>     <listen-socket>
>         <port> 8002 </port>
>         <shoutcast-mount> / 8002 </shoutcast-mount>
>     </listen-socket>
>
>
>     <listen-socket>
>         <port> 8003 </port> <--------- THIS WILL BE YOUR SSL PORT
>          <ssl> 1 </ssl>
>    </listen-socket>
>
>
>     <http-headers>
>         <header name = "Access-Control-Allow-Origin" value = "*" />
>     </http-headers>
>
>
>     <fileserve> 1 </fileserve>
>
>     <paths>
>         <logdir> .. \ log </logdir>
>         <webroot> .. \ web </webroot>
>         <adminroot> .. \ admin </adminroot>
>         <ssl-certificate> .. \ ssl \ CERTIFICADO.PEM </ssl-certificate>
>         <alias source = "/" destination = "/ status.xsl" />
>     </paths>
>
>     <logging>
>         <accesslog> - </accesslog>
>         <errorlog> error.log </errorlog>
>         <loglevel> 1 </loglevel> <! - 4 Debug, 3 Info, 2 Warn, 1 Error ->
>         <logsize> 10000 </logsize> <! - Max size of a logfile ->
>     </logging>
> </icecast>
>
>
> HOPE THIS HELPS
>
> GOOD LUCK!!
>
>
>
>
> Em 28/04/2020 17:35, Federico Miniussi escreveu:
>
> Hello,
> Before writing here I really tried almost everything, reading the archives
> here, the FAQ and dozens of more or less well commented online guides and
> posts.
>
> My environment is a Windows server, with IIS as web server (I know, blame
> and flame on me, but this was available on my hands at the time). The
> server is hosting several websites and an icecast 2.4.4 running an online
> radio.
>
> The radio on icecast can be listen through its website (on my server too)
> with an html5 player.
>
> Of course since end of january I started to have notifications from
> listeners that were unable to hear anything due to Chrome browser update
> and unsecure content (website is of course under SSL with its cert).
>
> A patch has been forwarded by myself to the Chrome listeners by
> instructing them how to allow the unsecure content from the radio's website
> in the settings of chrome, then I started to find the solution.
>
> As you of course know, the windows package of icecast 2.4.4 has no SSL
> capability so I switched almost immediately into the proxy forward
> solution. However no way as I'm not able to bind the SSL certificate to the
> icecast streaming port (8002 in my case).
>
> If you have any advice about a possible solution (even temporary) with a
> windows and IIS environment, it would be highly appreciated. Otherwise, if
> you know that it is literally impossible, simply tell me "no way" so I
> simply stop struggling.
>
> I have full access to the server so I can play with settings, install
> other softwares and so on.
>
> Thanks a lot, all the best to you.
> Federico from Italy
>
>
>
> _______________________________________________
> Icecast mailing listIcecast at xiph.orghttp://lists.xiph.org/mailman/listinfo/icecast
>
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Livre
> de vírus. www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>.
> <#m_-4065800161397005807_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20200429/5f131e8e/attachment.htm>

More information about the Icecast mailing list