<span style="font-family: Arial, Helvetica, Sans-Serif; font-size: 12px"><div>Thanks for the help Thomas.</div>
<div> </div>
<div>It worked.</div>
<div> </div>
<div> </div>
<div>Best,</div>
<div>Thiago</div>
<div> </div>
<div style="-webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none;-moz-user-select: none;-ms-user-select: none;-o-user-select: none;user-select: none;"> </div>
<div> </div>
<hr align="center" size="2" width="100%" />
<div><span style="font-family: tahoma,arial,sans-serif; font-size: 10pt;"><b>De</b>: icecast-request@xiph.org<br />
<b>Enviado</b>: domingo, 12 de agosto de 2018 09:00<br />
<b>Para</b>: icecast@xiph.org<br />
<b>Assunto</b>: Icecast Digest, Vol 170, Issue 8</span>
<div> </div>
Send Icecast mailing list submissions to icecast@xiph.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.xiph.org/mailman/listinfo/icecast or, via email, send a message with subject or body 'help' to icecast-request@xiph.org You can reach the person managing the list at icecast-owner@xiph.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Icecast digest..." Today's Topics: 1. Help to enable SSL (subscription@nextdial.com.br) 2. Re: Help to enable SSL (Thomas B. Rücker) 3. Re: Help to enable SSL (Thomas B. Rücker) ---------------------------------------------------------------------- Message: 1 Date: Sat, 11 Aug 2018 23:04:12 -0300 From: "subscription@nextdial.com.br" <subscription@nextdial.com.br> To: <icecast@xiph.org> Subject: [Icecast] Help to enable SSL Message-ID: <7bbe79b1db49481eb462ca4d0ce66e13@nextdial.com.br> Content-Type: text/plain; charset="utf-8" Hello, At a test VPS running Ubuntu 16.04 LTS I did this: sudo apt-get update sudo add-apt-repository ppa:certbot/certbot sudo apt-get install certbot sudo apt-get install icecast2 sudo certbot certonly --standalone -d domain.com cat cert.pem privkey.pem | sudo tee /etc/icecast2/icecast.pem sudo vi /etc/icecast2/icecast.xml <listen-socket> <port>8443</port> <ssl>1</ssl> </listen-socket> <ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate> sudo chown icecast2:icecast /etc/icecast2/icecast.pem sudo /etc/init.d/icecast2 restart After that, I have this at the log: [2018-08-12 01:47:07] INFO stats/_stats_thread stats thread started [2018-08-12 01:47:07] INFO main/main Icecast 2.4.2 server started [2018-08-12 01:47:07] INFO connection/get_ssl_certificate No SSL capability [2018-08-12 01:47:07] INFO yp/yp_update_thread YP update thread started I tried restart the VPS and a lot of things (change the order of the pem creation, etc), all with no success. What I am doing wrong? Best, Thiago -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180811/680c713f/attachment-0001.html> ------------------------------ Message: 2 Date: Sun, 12 Aug 2018 06:55:00 +0000 From: Thomas B. Rücker <thomas@ruecker.fi> To: icecast@xiph.org Subject: Re: [Icecast] Help to enable SSL Message-ID: <30871e4d-d694-719d-d2a2-ea65769b8ad7@ruecker.fi> Content-Type: text/plain; charset=windows-1252 Hi, On 08/12/2018 02:04 AM, subscription@nextdial.com.br wrote: > Hello, > > At a test VPS running Ubuntu 16.04 LTS I did this: > > 1. sudo apt-get update > 2. sudo add-apt-repository ppa:certbot/certbot > 3. sudo apt-get install certbot > You'll need an additional step at this point, see below. > 1. sudo apt-get install icecast2 > 2. sudo certbot certonly --standalone -d domain.com > 3. cat cert.pem privkey.pem | sudo tee /etc/icecast2/icecast.pem > 4. sudo vi /etc/icecast2/icecast.xml > 5. <listen-socket> > <port>8443</port> > <ssl>1</ssl> > </listen-socket> > <ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate> > 6. sudo chown icecast2:icecast /etc/icecast2/icecast.pem > 7. sudo /etc/init.d/icecast2 restart > > > After that, I have this at the log: > > [2018-08-12 01:47:07] INFO stats/_stats_thread stats thread started > [2018-08-12 01:47:07] INFO main/main Icecast 2.4.2 server started > [2018-08-12 01:47:07] INFO connection/get_ssl_certificate No SSL > capability > [2018-08-12 01:47:07] INFO yp/yp_update_thread YP update thread started > This is because Debian (and Ubuntu, as they recycle the same packaging) refuse to compile Icecast (and other software) with openSSL support for political reasons. > What I am doing wrong > You didn't do anything wrong as such. You just didn't know that there are additional steps if you need TLS support. The official Xiph.org packages are built with openSSL support: https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) $ curl https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key >/tmp/multimedia-obs.key $ gpg /tmp/multimedia-obs.key It should yield: pub rsa2048 2017-11-21 [SC] [expires: 2020-01-30] 0E313DB7936B4E76E720065B77EC2301F23C6AA3 uid multimedia OBS Project $ sudo apt-key add /tmp/multimedia-obs.key $ sudo sh -c "echo deb http://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/ ./ >>/etc/apt/sources.list.d/icecast.list" $ sudo apt-get update $ sudo apt-get install icecast2 Make sure it downloads the package from an OBS address and not from an ubuntu.com or mirror. (Newer versions like 18.04 require an explicit version or other tricks at the moment: sudo apt-get install icecast2/2.4.2-2 ) At this point your server should already be running the Xiph.org build of Icecast and port 8443 should answer to HTTPS. If you would prefer to listen to the standard port of 443, please follow these additional directions: http://lists.xiph.org/pipermail/icecast/2015-February/013198.html Under no circumstances you should try to reverse proxy Icecast 2.4.x - while one can make it mostly work, it is far from trivial to set things up in a way that will avoid most of the corner cases. Most famously, taking down your webserver. Cheers, Thomas ------------------------------ Message: 3 Date: Sun, 12 Aug 2018 07:09:37 +0000 From: Thomas B. Rücker <thomas@ruecker.fi> To: icecast@xiph.org Subject: Re: [Icecast] Help to enable SSL Message-ID: <cb36b5eb-6b3b-beab-79e2-e4f88463d563@ruecker.fi> Content-Type: text/plain; charset=utf-8 On 08/12/2018 06:55 AM, Thomas B. Rücker wrote: > >> What I am doing wrong >> > You didn't do anything wrong as such. You just didn't know that there > are additional steps if you need TLS support. > The official Xiph.org packages are built with openSSL support: > https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) This one got munged: > $ curl > https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key >> /tmp/multimedia-obs.key That should be: curl https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key \ -o /tmp/multimedia-obs.key TBR ------------------------------ Subject: Digest Footer _______________________________________________ Icecast mailing list Icecast@xiph.org http://lists.xiph.org/mailman/listinfo/icecast ------------------------------ End of Icecast Digest, Vol 170, Issue 8 ***************************************</div></span>