From heberr at 247hostu.com Wed Jul 3 18:52:30 2024 From: heberr at 247hostu.com (Heber Reynoso) Date: Wed, 3 Jul 2024 12:52:30 -0600 Subject: [Icecast] Securing the IceCast webpages Message-ID: <012301dacd7a$28befb80$7a3cf280$@247hostu.com> Hi There, Newbie here. I would like to password protect all web pages that the IceCast webserver creates, is that possible? I was hoping to setup an .htaccess file situation to secure all folder and subfolders like I can do with apache2. No sure how to go about it. To be more specific I would like the "Icecast2 Status" public page and any other public pages to be secured like the admin page. When I click on the "Administration" link I am prompted for a user ID and Password. That what I want to happen for all pages. Any help would be much appreciated. Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From heberr at 247hostu.com Wed Jul 3 18:56:33 2024 From: heberr at 247hostu.com (Heber Reynoso) Date: Wed, 3 Jul 2024 12:56:33 -0600 Subject: [Icecast] SSL mountpoint left open after a disconnect Message-ID: <012801dacd7a$b93b33e0$2bb19ba0$@247hostu.com> Hi There, it appears that occasionally when using SSL, a mountpoint will be left open even after the source has disconnected. The result is an empty mountpoint that I can't connect to using our broadcast tool since the "Mountpoint is in use." Is there a way to help ensure the mountpoint closes? Any guidance would be much appreciated Thank You -------------- next part -------------- An HTML attachment was scrubbed... URL: From lianergoist at vongriffen.dk Sat Jul 13 11:59:13 2024 From: lianergoist at vongriffen.dk (Thomas Jensen) Date: Sat, 13 Jul 2024 13:59:13 +0200 Subject: [Icecast] Invalid SSL-certificate Message-ID: <13b55b560712466747c4083679ef735eee779817.camel@vongriffen.dk> Hello I am running https://radio.horsens-garage.rocks:8443. The SSL- certificate is made like this: cat /etc/letsencrypt/live/horsens-garage.rocks/fullchain.pem /etc/letsencrypt/live/horsens-garage.rocks/privkey.pem > /etc/icecast2/bundle.pem I have had no errors or warnings in any browser. Until now! Fulguris, a FOSS-browser for android, gave me a warning about invalide date in the certificate... https://horsens-garage.rocks has a mediaplayer, that will stream music from the radio. If I test horsens-garage.rocks in a "Test-Your-SSL" site, there are no problems. But if I test radio.horsens- garage.rocks:8443, it report invalide date. https://www.sslshopper.com/ssl-checker.html#hostname=radio.horsens-garage.rocks:8443 But they both use the very same letsencrypt certificate! Icecast use the bundle.pem made from the letsencrypt certificate/key. /etc/icecast2/bundle.pem Does any of you know what is wrong? -- Thomas Jensen, Denmark From jordan at subj.am Sat Jul 13 13:56:25 2024 From: jordan at subj.am (Jordan Erickson) Date: Sat, 13 Jul 2024 06:56:25 -0700 Subject: [Icecast] Invalid SSL-certificate In-Reply-To: <13b55b560712466747c4083679ef735eee779817.camel@vongriffen.dk> References: <13b55b560712466747c4083679ef735eee779817.camel@vongriffen.dk> Message-ID: Hi, On 7/13/24 04:59, Thomas Jensen wrote: > I am runninghttps://radio.horsens-garage.rocks:8443. Ok. > If I test horsens-garage.rocks in a "Test-Your-SSL" > site, there are no problems. But if I test radio.horsens- > garage.rocks:8443, it report invalide date. horsens-garage.rocks != radio.horsens-garage.rocks, BUT, according to the testing site you're using radio.horsens-garage.rocks as a SAN so that should be fine. Serial numbers are the same: --- Common name: horsens-garage.rocks SANs: horsens-garage.rocks, radio.horsens-garage.rocks, www.horsens-garage.rocks Valid from June 9, 2024 to September 7, 2024 Serial Number: 03d86c7828fdae42b7d00f7159e11df15a36 Signature Algorithm: sha256WithRSAEncryption Issuer: R10 --- However, going to the radio.horsens-garage.rocks URL in Firefox renders that your cert is expired: Did you replace the cert on Icecast and not reload? Cheers, Jordan Erickson -- https://subj.am/ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: gkINTHOrdx2JFuYu.png Type: image/png Size: 48800 bytes Desc: not available URL: From lianergoist at vongriffen.dk Sat Jul 13 16:18:08 2024 From: lianergoist at vongriffen.dk (Thomas Jensen) Date: Sat, 13 Jul 2024 18:18:08 +0200 Subject: [Icecast] Invalid SSL-certificate In-Reply-To: References: <13b55b560712466747c4083679ef735eee779817.camel@vongriffen.dk> Message-ID: <44ecf78fef39fe79250d71544a8afd9a94b10eb5.camel@vongriffen.dk> l?r, 13 07 2024 kl. 06:56 -0700, skrev Jordan Erickson: > > Did you replace the cert on Icecast and not reload? > Yes, ?I did replace it and I did restart both ezstream, icecast and apache. I also rebooted the server, but for some reasons the certificate survivede in cache. But after I gave the certificate a new name, it is working again. Glad the error was mine fault... ;-) --? Thomas Jensen, Denmark -------------- next part -------------- An HTML attachment was scrubbed... URL: From mph at emotrics.com Fri Jul 19 00:31:28 2024 From: mph at emotrics.com (Milton Huang) Date: Thu, 18 Jul 2024 17:31:28 -0700 Subject: [Icecast] switching Masters in a Master-Slave Relay Message-ID: I have a question about how the Master-Slave Relay works. Our current setup has an Icecast master running on an AWS EC2 Instance, that feeds its output to a few Icecast Relays on other EC2 instances which in turn connect to clients via an AWS load balancer. To make the system more robust, we have added a second Icecast master which all the Relays can switch to via a change in the Routing Table. My question is about the best way to manage such a switch. My understanding is that each client is linked to the Master via their Relay, so if I pull a switch, the connection will die and need to be reestablished with the new master on the backup Instance. Do I need to set up a back channel to signal a reset to the clients when I switch? Or is there some magic way to alert the Relays to a switch so that they maintain client connections and change the source? Milton Huang -------------- next part -------------- An HTML attachment was scrubbed... URL: From sergioalfonsonieto at gmail.com Fri Jul 19 21:00:11 2024 From: sergioalfonsonieto at gmail.com (Sergio N) Date: Fri, 19 Jul 2024 14:00:11 -0700 Subject: [Icecast] How to install certs on a working icecast ? Message-ID: Hi guys!!! Years ago I installed icecast on a Redhat server (also apache and cpanel are installed). There are several radio stations that stream to online listeners through that server. Recently online listeners reported that when using chrome no audio comes out. So I discovered that chrome needs https to enable audio stream and also that the audio source needs to be secure otherwise problems will persist. Through cpanel I can enable free certs for every domain so https be enabled but I have several questions about icecast. A. Can I use cert issued for lets say radio1.com or some other domain hosted in the box? Or do I have to issue another different cert just for the icecast? What kind of cert do I need to issue? Where Do I get it? B. Is there a step by step procedure to install certs on that running icecast? including uninstall the current icest if there is no easy way to enable certs? I really appreciate your help. Regards, SAN. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sm at noisynotes.com Mon Jul 29 19:23:32 2024 From: sm at noisynotes.com (Steve Matzura) Date: Mon, 29 Jul 2024 15:23:32 -0400 Subject: [Icecast] New SSL certificate! Does it require reload or restart? Message-ID: <9A05855B-B7DD-44C3-BAC8-D84F3AA99D0A@noisynotes.com> I purchased a new SSL certificate and installed it correctly, using the same combine procedures I?ve always used. I tried to reload the configuration, but it didn?t work. When I try the secure port, it still tells me my key has expired. I have to really think hard about when it will be appropriate to restart the server, so I was hoping that reload would work. Looks like a restart is needed. Is that right? From sm at noisynotes.com Tue Jul 30 22:05:40 2024 From: sm at noisynotes.com (Steve Matzura) Date: Tue, 30 Jul 2024 18:05:40 -0400 Subject: [Icecast] Solved: New Certificate - reload or restart Message-ID: I tried everything, including changing the name of the new PEM containing the properly concatenated certificates as specified in the Icecast configuration. The reload command did not, does not appear to, re-read the certificate file even though the filename has been changed. To make it work, I had to restart the Icecast server in the usual manner. Is this a bug or is it by design? -------------- next part -------------- An HTML attachment was scrubbed... URL: From epirat07 at gmail.com Tue Jul 30 22:13:35 2024 From: epirat07 at gmail.com (epirat07 at gmail.com) Date: Wed, 31 Jul 2024 00:13:35 +0200 Subject: [Icecast] Solved: New Certificate - reload or restart In-Reply-To: References: Message-ID: On 31 Jul 2024, at 0:05, Steve Matzura wrote: > I tried everything, including changing the name of the new PEM containing the properly concatenated certificates as specified in the Icecast configuration. The reload command did not, does not appear to, re-read the certificate file even though the filename has been changed. To make it work, I had to restart the Icecast server in the usual manner. Is this a bug or is it by design? Which version of Icecast are you using? > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast From nickm at coastradio.com.au Wed Jul 31 01:15:14 2024 From: nickm at coastradio.com.au (Nick Morgan) Date: Wed, 31 Jul 2024 01:15:14 +0000 Subject: [Icecast] Solved: New Certificate - reload or restart In-Reply-To: References:

Message-ID: On 31 Jul 2024, at 0:05, Steve Matzura wrote: > I tried everything, including changing the name of the new PEM containing the properly concatenated certificates as specified in the Icecast configuration. The reload command did not, does not appear to, re-read the certificate file even though the filename has been changed. To make it work, I had to restart the Icecast server in the usual manner. Is this a bug or is it by design? I've always had to restart the server (2.4.4) to reload an updated certificate. I believe reload works in version 2.5 (beta). > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast From mayianmm at jmu.edu Wed Jul 31 20:47:01 2024 From: mayianmm at jmu.edu (Mayiani, Martin Martine - mayianmm) Date: Wed, 31 Jul 2024 20:47:01 +0000 Subject: [Icecast] Enforcing HTTPS Message-ID: Hi, How are y'all enforcing the https option here http://XX.XXX.XXX.XX:8000/admin.html. Basically, taking away the http option. Thanks Martin Mayiani Operation Specialist WMRA & WEMC 540.568.4045 wmra.org -------------- next part -------------- An HTML attachment was scrubbed... URL: