[Icecast] Icecast and HTTPS

_zer0_ gravity zer0___ at hotmail.com
Mon Jan 11 10:41:52 UTC 2021 

You must be doing something wrong, I tested it with Debian 10 and it works fine with only one port and ssl enabled:

    <!-- You may have multiple <listen-socket> elements -->
    <!-- <listen-socket> -->
        <!-- <port>80</port> -->
        <!-- <bind-address>127.0.0.1</bind-address> -->
        <!-- <shoutcast-mount>/stream</shoutcast-mount> -->
    <!-- </listen-socket> -->

    <listen-socket>
        <port>443</port>
        <ssl>1</ssl>
    </listen-socket>

This is the result:

root at debian10:~# netstat -lnp | grep icecast
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      46841/icecast2
root at debian10:~#
root at debian10:~# openssl s_client -connect xxx.xxxxx.xxx:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = xxx.xxxxx.xxx
verify return:1
---
Certificate chain
 0 s:CN = xxx.xxxxx.xxx
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---



-----Oorspronkelijk bericht-----
Van: Icecast <icecast-bounces at xiph.org> Namens Wang
Verzonden: Sunday, 10 January 2021 11:28
Aan: Icecast streaming server user discussions <icecast at xiph.org>
Onderwerp: Re: [Icecast] Icecast and HTTPS

Hello Paul,

I am running Debian 10.

I also tested:
port 8000 without ssl, but
ports 8443 8444 8445 8846 with ssl (all of them at the same time).
It worked.

It seems there has to be one non-ssl port running ...

> I tested it on a CentOS7 machine and on I actually could use only one 
> listen port with ssl, so there must be something else with your setup.
>
> If you are on CentOS or any other RHEL based os, is selinux enabled or 
> at least in permissive mode ?
>
> Check with “sestatus”, test with “setenforce permissive”.
>
> Paul
> 
>> Van: Icecast <icecast-bounces at xiph.org> Namens zer0___ at hotmail.com
>> Verzonden: Friday, 8 January 2021 14:49
>> Aan: Icecast streaming server user discussions <icecast at xiph.org>
>> Onderwerp: Re: [Icecast] Icecast and HTTPS
>> 
>> I will test this, maybe it must at least have one port with ssl disabled.
>>
>> You could do a bind for port 8000 on 127.0.0.1
>>
>> Then functionally you only have port 8443 on public network.
>>
>> You can also block this port in your firewall.
>>
>> Paul
_______________________________________________
Icecast mailing list
Icecast at xiph.org
http://lists.xiph.org/mailman/listinfo/icecast

More information about the Icecast mailing list