[Icecast] Icecast SSL endpoint timeout issue

Jay George jayaubs89 at gmail.com
Sat Mar 28 19:36:09 UTC 2020


does anyone know how i can setup my own icecast server?


On Sun, Feb 16, 2020 at 9:57 AM James Turner <james at switchbladeuk.com>
wrote:

> Hi team,
>
> Please accent my apologies if this is NOT the place/distro list to be
> raising this. I had major dramas with the standard forum - registration and
> decided this may be a better route.
>
> My current instance icecast server has been built with  --with-curl
> --with-openssl  options as outlined within this post:
> https://weekly-geekly.github.io/articles/350236/index.html and the build
> version is 2.4.99.2
>
> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted
> by AWS. Icecast recognizes this without issue.
>
> I'm having issues disconnecting  my source client  from Icecast when the
> connections is via SSL. Non SSL source clients work as intended, connecting
> and disconnecting without issues and Icecast shuts down the mount points
> after client drop-outs as intended. See the logs outlined below for
> details.
> Using an SSL connection and once the client connection drops (for whatever
> reason) Icecast does not recognize this and keeps the mount point active
> forever - even when there's no data being sent by the client.  On a
> reconnect try  the client gets a 'mount point already in use' message. To
> get over this state I either have to restart the Icecast service OR
> manually
> kill the source from the admin interface. Once done. I can reconnect
> again.repeating the process
>
> Frustratingly, this (SSL) works (source>icecast>listener) - just about -
> but I'd dearly like to understand the issue with the ssl connection and
> mountpoint not being released. I would expect a source timeout to occur, as
> defined in the Icecast config file thus releasing the mount point. However,
> not to be.
>
> Connecting to unencrypted Icecast port (8000)
>
> Access.log
> xx.xx.xx.xxx- - [09/Feb/2020:17:56:50 +0000] "SOURCE /acdc.ogg HTTP/1.0"
> 401
> 777 "-" "libshout/2.4.1" 0
> Error.log
> [2020-02-09  17:56:50] EROR connection/_handle_authed_client Client
> (role=anonymous, username=(null)) not allowed to use this request method on
> /acdc.ogg
> [2020-02-09  17:56:50] EROR util/util_http_select_best Input string does
> not
> parse as KVA. Selecting first option.
> [2020-02-09  17:56:50] WARN reportxml/reportxml_database_build_report No
> matching definition for "25387198-0643-4577-9139-7c4f24f59d4a"
> [2020-02-09  17:56:50] INFO connection/_handle_source_request Source
> logging
> in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role
> legacy-global-source
> [2020-02-09  17:56:50] INFO source/source_main listener count on /acdc.ogg
> now 0
> [2020-02-09  17:56:50] INFO format-opus/initial_opus_page seen initial opus
> header
>
> Source client disconnects.
> Access.log
> xx.xx.xx.xxx- source [09/Feb/2020:17:56:57 +0000] "SOURCE /acdc.ogg
> HTTP/1.0" 200 324 "-" "libshout/2.4.1" 7
>
> Error.log
> [2020-02-09  17:53:12] INFO source/get_next_buffer End of Stream /acdc.ogg
> [2020-02-09  17:53:12] INFO source/source_shutdown Source from xx.xx.xx.xxx
> at "/acdc.ogg" exiting
>
>
> Connection by source client Using SSL (port 8444):
> Connect:
> Access.log
> xx.xx.xx.xxx- source [09/Feb/2020:18:00:25 +0000] "GET /admin/metadata
> HTTP/1.1" 200 481 "-" "Mozilla/5.0" 0
> Error.log
>
> [2020-02-09  18:00:24] INFO connection/_handle_source_request Source
> logging
> in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role
> legacy-global-source
> [2020-02-09  18:00:24] WARN format/format_get_type Unsupported or legacy
> stream type: "audio/mpeg". Falling back to generic minimal handler for best
> effort.
> [2020-02-09  18:00:25] INFO source/source_main listener count on /acdc.ogg
> now 0
> [2020-02-09  18:00:25] INFO admin/admin_handle_request Received admin
> command metadata on mount '/acdc.ogg'
> [2020-02-09  18:00:25] INFO util/util_conv_string converting metadata from
> utf-8 to ISO8859-1
> [2020-02-09  18:00:25] INFO admin/command_metadata Metadata on mountpoint
> /acdc.ogg changed to " - "
>
> Source disconnects here.
> .       No log entries - no source timeouts.
> .       Mountpoint (here acdc.ogg) still active and visible in the admin
> interface
> .       Source client cannot reconnect - see message below:
>
>
> Action: Source client tries to reconnect (port 8000 or 8444)
>
> Access.log
> xx.xx.xx.xxx- - [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg HTTP/1.0"
> 401
> 777 "-" "libshout/2.4.1" 1
> xx.xx.xx.xxx- source [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg
> HTTP/1.0" 409 706 "-" "libshout/2.4.1" 0
>
> Error.log
>
> [2020-02-09  18:03:52] EROR connection/_handle_authed_client Client
> (role=anonymous, username=(null)) not allowed to use this request method on
> /acdc.ogg
> [2020-02-09  18:03:52] EROR util/util_http_select_best Input string does
> not
> parse as KVA. Selecting first option.
> [2020-02-09  18:03:52] WARN reportxml/reportxml_database_build_report No
> matching definition for "25387198-0643-4577-9139-7c4f24f59d4a"
> [2020-02-09  18:03:53] INFO connection/_handle_source_request Source
> logging
> in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role
> legacy-global-source
> [2020-02-09  18:03:53] EROR util/util_http_select_best Input string does
> not
> parse as KVA. Selecting first option.
> [2020-02-09  18:03:53] WARN reportxml/reportxml_database_build_report No
> matching definition for "c5724467-5f85-48c7-b45a-915c3150c292"
> [2020-02-09  18:03:53] WARN connection/source_startup Mountpoint /acdc.ogg
> in use
>
>
> Any pointers very welcome.
>
> Here is the config.xml file for the server used:
>
> <icecast>
>     <!-- location and admin are two arbitrary strings that are e.g. visible
>          on the server info page of the icecast web interface
>          (server_version.xsl). -->
>     <location>earth</location>
>     <admin>icemaster at localhost</admin>
>
>     <!-- IMPORTANT!
>          Especially for inexperienced users:
>          Start out by ONLY changing all passwords and restarting Icecast.
>          For detailed setup instructions please refer to the documentation.
>          It's also available here: http://icecast.org/docs/
>    -->
>
>     <limits>
>         <clients>100</clients>
>         <sources>2</sources>
>         <queue-size>524288</queue-size>
>         <client-timeout>30</client-timeout>
>         <header-timeout>15</header-timeout>
>         <source-timeout>10</source-timeout>
>         <!-- If enabled, this will provide a burst of data when a client
>              first connects, thereby significantly reducing the startup
>              time for listeners that do substantial buffering. However,
>              it also significantly increases latency between the source
>              client and listening client.  For low-latency setups, you
>              might want to disable this. -->
>
>         <!-- same as burst-on-connect, but this allows for being more
>              specific on how much to burst. Most people won't need to
>              change from the default 64k. Applies to all mountpoints  -->
>         <burst-size>65535</burst-size>
>     </limits>
>
>     <authentication>
>         <!-- Sources log in with username 'source' -->
>         <source-password>hackme57</source-password>
>         <!-- Relays log in with username 'relay' -->
>         <relay-password>hackme58</relay-password>
>
>         <!-- Admin logs in with the username given below -->
>         <admin-user>admin</admin-user>
>         <admin-password>ITJShKNE0pRg</admin-password>
>     </authentication>
>
>     <!-- set the mountpoint for a shoutcast source to use, the default if
> not
>          specified is     /stream but you can change it here if an
> alternative is
>          wanted or an extension is required
>     <shoutcast-mount>/live.nsv</shoutcast-mount>
>     -->
>
>     <!-- Uncomment this if you want directory listings -->
>     <!--
>     <directory>
>         <yp-url-timeout>15</yp-url-timeout>
>         <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
>     </directory>
>     -->
>
>     <!-- This is the hostname other people will use to connect to your
> server.
>          It affects mainly the urls generated by Icecast for playlists and
> yp
>          listings. You MUST configure it properly for YP listings to work!
>     -->
>     <hostname>localhost</hostname>
>
>     <!-- You may have multiple <listener> elements -->
>     <listen-socket>
>            <port>8000</port>
>            <ssl>0</ssl>
>         <!-- <bind-address>127.0.0.1</bind-address> -->
>         <!-- <shoutcast-mount>/stream</shoutcast-mount> -->
>     </listen-socket>
>     <!--
>     <listen-socket>
>         <port>8080</port>
>     </listen-socket>
>     -->
>
>     <listen-socket>
>            <port>8444</port>
>         <ssl>1</ssl>
>     </listen-socket>
>
>
>     <!-- Global header settings
>          Headers defined here will be returned for every HTTP request to
> Icecast.
>
>          The ACAO header makes Icecast public content/API by default
>          This will make streams easier embeddable (some HTML5 functionality
> needs it).
>          Also it allows direct access to e.g. /status-json.xsl from other
> sites.
>          If you don't want this, comment out the following line or read up
> on CORS.
>     -->
>     <http-headers>
>         <header name="Access-Control-Allow-Origin" value="*" />
>     </http-headers>
>
>
>     <!-- Relaying:
>          You don't need this if you only have one server.
>          Please refer to the config for a detailed explanation.
>     -->
>     <!--<master-server>127.0.0.1</master-server>-->
>     <!--<master-server-port>8001</master-server-port>-->
>     <!--<master-update-interval>120</master-update-interval>-->
>     <!--<master-password>hackme</master-password>-->
>
>     <!-- setting this makes all relays on-demand unless overridden, this is
>          useful for master relays which do not have <relay> definitions
> here.
>          The default is 0 -->
>     <!--<relays-on-demand>1</relays-on-demand>-->
>
>     <!--
>     <relay>
>         <server>127.0.0.1</server>
>         <port>8080</port>
>         <mount>/example.ogg</mount>
>         <local-mount>/different.ogg</local-mount>
>         <on-demand>0</on-demand>
>
>         <relay-shoutcast-metadata>0</relay-shoutcast-metadata>
>     </relay>
>     -->
>
>
>     <!-- Mountpoints
>          Only define <mount> sections if you want to use advanced options,
>          like alternative usernames or passwords
>     -->
>
>     <!-- Default settings for all mounts that don't have a specific <mount
> type="normal">.
>     -->
>     <!--
>     <mount type="default">
>         <public>0</public>
>         <intro>/server-wide-intro.ogg</intro>
>         <max-listener-duration>3600</max-listener-duration>
>         <authentication type="url">
>                 <option name="mount_add"
> value="http://auth.example.org/stream_start.php"/>
>         </authentication>
>         <http-headers>
>                 <header name="foo" value="bar" />
>         </http-headers>
>     </mount>
>     -->
>
>     <!-- Normal mounts -->
>
>     <mount type="normal">
>         <mount-name>/acdc.ogg</mount-name>
>
>         <!--username>othersource</username>
>         <password>hackme_1666</password-->
>
>         <max-listeners>1</max-listeners>
>         <!--dump-file>/tmp/dump-example1.ogg</dump-file-->
>         <burst-size>65536</burst-size>
>         <!--fallback-mount>/example2.ogg</fallback-mount>
>         <fallback-override>1</fallback-override>
>         <fallback-when-full>1</fallback-when-full>
>         <intro>/example_intro.ogg</intro-->
>         <hidden>0</hidden>
>         <public>0</public>
>         <authentication type="htpasswd">
>              <option name="filename" value="/var/log/icecast2/password"/>
>                 <option name="allow_duplicate_users" value="0"/>
>         </authentication>
>         <http-headers>
>                 <header name="Access-Control-Allow-Origin"
> value="http://webplayer.example.org" />
>         </http-headers>
>         <!--on-connect>/home/icecast/bin/stream-start</on-connect>
>         <on-disconnect>/home/icecast/bin/stream-stop</on-disconnect-->
>     </mount>
>
>
>     <fileserve>1</fileserve>
>
>     <paths>
>         <!-- basedir is only used if chroot is enabled -->
>         <basedir>./</basedir>
>
>         <!-- Note that if <chroot> is turned on below, these paths must
> both
>              be relative to the new root, not the original root -->
>         <logdir>/var/log/icecast2</logdir>
>        <webroot>/usr/local/share/icecast/web</webroot>
>        <adminroot>/usr/local/share/icecast/admin</adminroot>
>         <!-- <pidfile>/usr/share/icecast/icecast.pid</pidfile> -->
>
>         <!-- Aliases: treat requests for 'source' path as being for 'dest'
> path
>              May be made specific to a port or bound address using the
> "port"
>              and "bind-address" attributes.
>           -->
>         <!--
>         <alias source="/foo" destination="/bar"/>
>         -->
>         <!-- Aliases: can also be used for simple redirections as well,
>              this example will redirect all requests for http://server:port
> /
> to
>              the status page
>         -->
>         <alias source="/" destination="/status.xsl"/>
>         <!-- The certificate file needs to contain both public and private
> part.
>              Both should be PEM encoded.
>     -->
>         <ssl-certificate>/var/log/icecast2/icecast.pem</ssl-certificate>
>     </paths>
>
>     <logging>
>         <accesslog>access.log</accesslog>
>         <errorlog>error.log</errorlog>
>         <!-- <playlistlog>playlist.log</playlistlog> -->
>         <loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
>         <logsize>10000</logsize> <!-- Max size of a logfile -->
>         <!-- If logarchive is enabled (1), then when logsize is reached
>              the logfile will be moved to
> [error|access|playlist].log.DATESTAMP,
>              otherwise it will be moved to [error|access|playlist].log.old.
>              Default is non-archive mode (i.e. overwrite)
>         -->
>         <!-- <logarchive>1</logarchive> -->
>     </logging>
>
>     <security>
>         <chroot>0</chroot>
>
>         <changeowner>
>             <user>icecast</user>
>             <group>icecast</group>
>         </changeowner>
>
>     </security>
> </icecast><?xml version="1.0" encoding="utf-8"?>
>
>
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20200328/f71e1766/attachment.htm>


More information about the Icecast mailing list