[Icecast] Icecast SSL endpoint timeout issue
Jay George
jayaubs89 at gmail.com
Sat Mar 28 19:36:09 UTC 2020
does anyone know how i can setup my own icecast server?
On Sun, Feb 16, 2020 at 9:57 AM James Turner <james at switchbladeuk.com>
wrote:
> Hi team,
>
> Please accent my apologies if this is NOT the place/distro list to be
> raising this. I had major dramas with the standard forum - registration and
> decided this may be a better route.
>
> My current instance icecast server has been built with --with-curl
> --with-openssl options as outlined within this post:
> https://weekly-geekly.github.io/articles/350236/index.html and the build
> version is 2.4.99.2
>
> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted
> by AWS. Icecast recognizes this without issue.
>
> I'm having issues disconnecting my source client from Icecast when the
> connections is via SSL. Non SSL source clients work as intended, connecting
> and disconnecting without issues and Icecast shuts down the mount points
> after client drop-outs as intended. See the logs outlined below for
> details.
> Using an SSL connection and once the client connection drops (for whatever
> reason) Icecast does not recognize this and keeps the mount point active
> forever - even when there's no data being sent by the client. On a
> reconnect try the client gets a 'mount point already in use' message. To
> get over this state I either have to restart the Icecast service OR
> manually
> kill the source from the admin interface. Once done. I can reconnect
> again.repeating the process
>
> Frustratingly, this (SSL) works (source>icecast>listener) - just about -
> but I'd dearly like to understand the issue with the ssl connection and
> mountpoint not being released. I would expect a source timeout to occur, as
> defined in the Icecast config file thus releasing the mount point. However,
> not to be.
>
> Connecting to unencrypted Icecast port (8000)
>
> Access.log
> xx.xx.xx.xxx- - [09/Feb/2020:17:56:50 +0000] "SOURCE /acdc.ogg HTTP/1.0"
> 401
> 777 "-" "libshout/2.4.1" 0
> Error.log
> [2020-02-09 17:56:50] EROR connection/_handle_authed_client Client
> (role=anonymous, username=(null)) not allowed to use this request method on
> /acdc.ogg
> [2020-02-09 17:56:50] EROR util/util_http_select_best Input string does
> not
> parse as KVA. Selecting first option.
> [2020-02-09 17:56:50] WARN reportxml/reportxml_database_build_report No
> matching definition for "25387198-0643-4577-9139-7c4f24f59d4a"
> [2020-02-09 17:56:50] INFO connection/_handle_source_request Source
> logging
> in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role
> legacy-global-source
> [2020-02-09 17:56:50] INFO source/source_main listener count on /acdc.ogg
> now 0
> [2020-02-09 17:56:50] INFO format-opus/initial_opus_page seen initial opus
> header
>
> Source client disconnects.
> Access.log
> xx.xx.xx.xxx- source [09/Feb/2020:17:56:57 +0000] "SOURCE /acdc.ogg
> HTTP/1.0" 200 324 "-" "libshout/2.4.1" 7
>
> Error.log
> [2020-02-09 17:53:12] INFO source/get_next_buffer End of Stream /acdc.ogg
> [2020-02-09 17:53:12] INFO source/source_shutdown Source from xx.xx.xx.xxx
> at "/acdc.ogg" exiting
>
>
> Connection by source client Using SSL (port 8444):
> Connect:
> Access.log
> xx.xx.xx.xxx- source [09/Feb/2020:18:00:25 +0000] "GET /admin/metadata
> HTTP/1.1" 200 481 "-" "Mozilla/5.0" 0
> Error.log
>
> [2020-02-09 18:00:24] INFO connection/_handle_source_request Source
> logging
> in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role
> legacy-global-source
> [2020-02-09 18:00:24] WARN format/format_get_type Unsupported or legacy
> stream type: "audio/mpeg". Falling back to generic minimal handler for best
> effort.
> [2020-02-09 18:00:25] INFO source/source_main listener count on /acdc.ogg
> now 0
> [2020-02-09 18:00:25] INFO admin/admin_handle_request Received admin
> command metadata on mount '/acdc.ogg'
> [2020-02-09 18:00:25] INFO util/util_conv_string converting metadata from
> utf-8 to ISO8859-1
> [2020-02-09 18:00:25] INFO admin/command_metadata Metadata on mountpoint
> /acdc.ogg changed to " - "
>
> Source disconnects here.
> . No log entries - no source timeouts.
> . Mountpoint (here acdc.ogg) still active and visible in the admin
> interface
> . Source client cannot reconnect - see message below:
>
>
> Action: Source client tries to reconnect (port 8000 or 8444)
>
> Access.log
> xx.xx.xx.xxx- - [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg HTTP/1.0"
> 401
> 777 "-" "libshout/2.4.1" 1
> xx.xx.xx.xxx- source [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg
> HTTP/1.0" 409 706 "-" "libshout/2.4.1" 0
>
> Error.log
>
> [2020-02-09 18:03:52] EROR connection/_handle_authed_client Client
> (role=anonymous, username=(null)) not allowed to use this request method on
> /acdc.ogg
> [2020-02-09 18:03:52] EROR util/util_http_select_best Input string does
> not
> parse as KVA. Selecting first option.
> [2020-02-09 18:03:52] WARN reportxml/reportxml_database_build_report No
> matching definition for "25387198-0643-4577-9139-7c4f24f59d4a"
> [2020-02-09 18:03:53] INFO connection/_handle_source_request Source
> logging
> in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role
> legacy-global-source
> [2020-02-09 18:03:53] EROR util/util_http_select_best Input string does
> not
> parse as KVA. Selecting first option.
> [2020-02-09 18:03:53] WARN reportxml/reportxml_database_build_report No
> matching definition for "c5724467-5f85-48c7-b45a-915c3150c292"
> [2020-02-09 18:03:53] WARN connection/source_startup Mountpoint /acdc.ogg
> in use
>
>
> Any pointers very welcome.
>
> Here is the config.xml file for the server used:
>
> <icecast>
> <!-- location and admin are two arbitrary strings that are e.g. visible
> on the server info page of the icecast web interface
> (server_version.xsl). -->
> <location>earth</location>
> <admin>icemaster at localhost</admin>
>
> <!-- IMPORTANT!
> Especially for inexperienced users:
> Start out by ONLY changing all passwords and restarting Icecast.
> For detailed setup instructions please refer to the documentation.
> It's also available here: http://icecast.org/docs/
> -->
>
> <limits>
> <clients>100</clients>
> <sources>2</sources>
> <queue-size>524288</queue-size>
> <client-timeout>30</client-timeout>
> <header-timeout>15</header-timeout>
> <source-timeout>10</source-timeout>
> <!-- If enabled, this will provide a burst of data when a client
> first connects, thereby significantly reducing the startup
> time for listeners that do substantial buffering. However,
> it also significantly increases latency between the source
> client and listening client. For low-latency setups, you
> might want to disable this. -->
>
> <!-- same as burst-on-connect, but this allows for being more
> specific on how much to burst. Most people won't need to
> change from the default 64k. Applies to all mountpoints -->
> <burst-size>65535</burst-size>
> </limits>
>
> <authentication>
> <!-- Sources log in with username 'source' -->
> <source-password>hackme57</source-password>
> <!-- Relays log in with username 'relay' -->
> <relay-password>hackme58</relay-password>
>
> <!-- Admin logs in with the username given below -->
> <admin-user>admin</admin-user>
> <admin-password>ITJShKNE0pRg</admin-password>
> </authentication>
>
> <!-- set the mountpoint for a shoutcast source to use, the default if
> not
> specified is /stream but you can change it here if an
> alternative is
> wanted or an extension is required
> <shoutcast-mount>/live.nsv</shoutcast-mount>
> -->
>
> <!-- Uncomment this if you want directory listings -->
> <!--
> <directory>
> <yp-url-timeout>15</yp-url-timeout>
> <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
> </directory>
> -->
>
> <!-- This is the hostname other people will use to connect to your
> server.
> It affects mainly the urls generated by Icecast for playlists and
> yp
> listings. You MUST configure it properly for YP listings to work!
> -->
> <hostname>localhost</hostname>
>
> <!-- You may have multiple <listener> elements -->
> <listen-socket>
> <port>8000</port>
> <ssl>0</ssl>
> <!-- <bind-address>127.0.0.1</bind-address> -->
> <!-- <shoutcast-mount>/stream</shoutcast-mount> -->
> </listen-socket>
> <!--
> <listen-socket>
> <port>8080</port>
> </listen-socket>
> -->
>
> <listen-socket>
> <port>8444</port>
> <ssl>1</ssl>
> </listen-socket>
>
>
> <!-- Global header settings
> Headers defined here will be returned for every HTTP request to
> Icecast.
>
> The ACAO header makes Icecast public content/API by default
> This will make streams easier embeddable (some HTML5 functionality
> needs it).
> Also it allows direct access to e.g. /status-json.xsl from other
> sites.
> If you don't want this, comment out the following line or read up
> on CORS.
> -->
> <http-headers>
> <header name="Access-Control-Allow-Origin" value="*" />
> </http-headers>
>
>
> <!-- Relaying:
> You don't need this if you only have one server.
> Please refer to the config for a detailed explanation.
> -->
> <!--<master-server>127.0.0.1</master-server>-->
> <!--<master-server-port>8001</master-server-port>-->
> <!--<master-update-interval>120</master-update-interval>-->
> <!--<master-password>hackme</master-password>-->
>
> <!-- setting this makes all relays on-demand unless overridden, this is
> useful for master relays which do not have <relay> definitions
> here.
> The default is 0 -->
> <!--<relays-on-demand>1</relays-on-demand>-->
>
> <!--
> <relay>
> <server>127.0.0.1</server>
> <port>8080</port>
> <mount>/example.ogg</mount>
> <local-mount>/different.ogg</local-mount>
> <on-demand>0</on-demand>
>
> <relay-shoutcast-metadata>0</relay-shoutcast-metadata>
> </relay>
> -->
>
>
> <!-- Mountpoints
> Only define <mount> sections if you want to use advanced options,
> like alternative usernames or passwords
> -->
>
> <!-- Default settings for all mounts that don't have a specific <mount
> type="normal">.
> -->
> <!--
> <mount type="default">
> <public>0</public>
> <intro>/server-wide-intro.ogg</intro>
> <max-listener-duration>3600</max-listener-duration>
> <authentication type="url">
> <option name="mount_add"
> value="http://auth.example.org/stream_start.php"/>
> </authentication>
> <http-headers>
> <header name="foo" value="bar" />
> </http-headers>
> </mount>
> -->
>
> <!-- Normal mounts -->
>
> <mount type="normal">
> <mount-name>/acdc.ogg</mount-name>
>
> <!--username>othersource</username>
> <password>hackme_1666</password-->
>
> <max-listeners>1</max-listeners>
> <!--dump-file>/tmp/dump-example1.ogg</dump-file-->
> <burst-size>65536</burst-size>
> <!--fallback-mount>/example2.ogg</fallback-mount>
> <fallback-override>1</fallback-override>
> <fallback-when-full>1</fallback-when-full>
> <intro>/example_intro.ogg</intro-->
> <hidden>0</hidden>
> <public>0</public>
> <authentication type="htpasswd">
> <option name="filename" value="/var/log/icecast2/password"/>
> <option name="allow_duplicate_users" value="0"/>
> </authentication>
> <http-headers>
> <header name="Access-Control-Allow-Origin"
> value="http://webplayer.example.org" />
> </http-headers>
> <!--on-connect>/home/icecast/bin/stream-start</on-connect>
> <on-disconnect>/home/icecast/bin/stream-stop</on-disconnect-->
> </mount>
>
>
> <fileserve>1</fileserve>
>
> <paths>
> <!-- basedir is only used if chroot is enabled -->
> <basedir>./</basedir>
>
> <!-- Note that if <chroot> is turned on below, these paths must
> both
> be relative to the new root, not the original root -->
> <logdir>/var/log/icecast2</logdir>
> <webroot>/usr/local/share/icecast/web</webroot>
> <adminroot>/usr/local/share/icecast/admin</adminroot>
> <!-- <pidfile>/usr/share/icecast/icecast.pid</pidfile> -->
>
> <!-- Aliases: treat requests for 'source' path as being for 'dest'
> path
> May be made specific to a port or bound address using the
> "port"
> and "bind-address" attributes.
> -->
> <!--
> <alias source="/foo" destination="/bar"/>
> -->
> <!-- Aliases: can also be used for simple redirections as well,
> this example will redirect all requests for http://server:port
> /
> to
> the status page
> -->
> <alias source="/" destination="/status.xsl"/>
> <!-- The certificate file needs to contain both public and private
> part.
> Both should be PEM encoded.
> -->
> <ssl-certificate>/var/log/icecast2/icecast.pem</ssl-certificate>
> </paths>
>
> <logging>
> <accesslog>access.log</accesslog>
> <errorlog>error.log</errorlog>
> <!-- <playlistlog>playlist.log</playlistlog> -->
> <loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
> <logsize>10000</logsize> <!-- Max size of a logfile -->
> <!-- If logarchive is enabled (1), then when logsize is reached
> the logfile will be moved to
> [error|access|playlist].log.DATESTAMP,
> otherwise it will be moved to [error|access|playlist].log.old.
> Default is non-archive mode (i.e. overwrite)
> -->
> <!-- <logarchive>1</logarchive> -->
> </logging>
>
> <security>
> <chroot>0</chroot>
>
> <changeowner>
> <user>icecast</user>
> <group>icecast</group>
> </changeowner>
>
> </security>
> </icecast><?xml version="1.0" encoding="utf-8"?>
>
>
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20200328/f71e1766/attachment.htm>
More information about the Icecast
mailing list