[Icecast] Icecast and HTTPS
zer0___ at hotmail.com
Mon Jan 11 10:41:52 UTC 2021
You must be doing something wrong, I tested it with Debian 10 and it works fine with only one port and ssl enabled:
<!-- You may have multiple <listen-socket> elements -->
<!-- <listen-socket> -->
<!-- <port>80</port> -->
<!-- <bind-address>127.0.0.1</bind-address> -->
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
<!-- </listen-socket> -->
This is the result:
root at debian10:~# netstat -lnp | grep icecast
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 46841/icecast2
root at debian10:~#
root at debian10:~# openssl s_client -connect xxx.xxxxx.xxx:443
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
depth=1 C = US, O = Let's Encrypt, CN = R3
depth=0 CN = xxx.xxxxx.xxx
0 s:CN = xxx.xxxxx.xxx
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
Van: Icecast <icecast-bounces at xiph.org> Namens Wang
Verzonden: Sunday, 10 January 2021 11:28
Aan: Icecast streaming server user discussions <icecast at xiph.org>
Onderwerp: Re: [Icecast] Icecast and HTTPS
I am running Debian 10.
I also tested:
port 8000 without ssl, but
ports 8443 8444 8445 8846 with ssl (all of them at the same time).
It seems there has to be one non-ssl port running ...
> I tested it on a CentOS7 machine and on I actually could use only one
> listen port with ssl, so there must be something else with your setup.
> If you are on CentOS or any other RHEL based os, is selinux enabled or
> at least in permissive mode ?
> Check with “sestatus”, test with “setenforce permissive”.
>> Van: Icecast <icecast-bounces at xiph.org> Namens zer0___ at hotmail.com
>> Verzonden: Friday, 8 January 2021 14:49
>> Aan: Icecast streaming server user discussions <icecast at xiph.org>
>> Onderwerp: Re: [Icecast] Icecast and HTTPS
>> I will test this, maybe it must at least have one port with ssl disabled.
>> You could do a bind for port 8000 on 127.0.0.1
>> Then functionally you only have port 8443 on public network.
>> You can also block this port in your firewall.
Icecast mailing list
Icecast at xiph.org
More information about the Icecast