Hi ! Still fighting here :) /var/log/icecast2/error.log ... [2017-08-08??03:05:34] INFO main/main Icecast 2.4.2 server started [2017-08-08??03:05:34] INFO connection/get_ssl_certificate No SSL capability *** [2017-08-08??03:05:34] INFO yp/yp_update_thread YP update thread started ... What exactly does *** mean ?. Thanks ! Jos? Luis El vie, 21-07-2017 a las 19:44 +0200, Marvin Scholz escribi?:> > On 21 Jul 2017, at 19:27, Jos? Luis Artuch wrote: > > > El vie, 21-07-2017 a las 19:07 +0200, Marvin Scholz escribi?: > > > > > > On 21 Jul 2017, at 18:41, Jos? Luis Artuch wrote: > > > > > > > Hello ! > > > > > > > > El lun, 10-07-2017 a las 09:31 +0000, Philipp Schafft escribi?: > > > > > Good morning, > > > > > > > > > > > > > > > On Mon, 2017-07-10 at 01:25 +0000, ScanCaster wrote: > > > > > > IceCast is one of the last services I have that doesn't > > > > > > connect > > > > > > securely,? > > > > > > and I am looking to close that hole.... > > > > > > [...] > > > > > > OK... add a port for SSL for IceCast in icecast.xml...path > > > > > > for > > > > > > cert > > > > > > file? > > > > > > in same.... no biggie > > > > > > > > > > The <ssl-certificate> belongs in the <paths> section of the > > > > > config > > > > > file. > > > > > (I'm not sure what you mean with 'in same', just wanted to > > > > > make > > > > > it > > > > > clear.) > > > > > > > > > > > > > > > > The key/cert needs to be in a dir and file with applicable > > > > > > permissions? > > > > > > for the IceCast user... no biggie.. > > > > > > > > > > > > chown icecastusergroup:icecastusergroup??certfile > > > > > > > > > > > > > > > > What I am looking to confirm is that the cert file needs to > > > > > > contain: > > > > > > > > > > > > -----BEGIN RSA PRIVATE KEY----- > > > > > > MII > > > > > > -----END RSA PRIVATE KEY----- > > > > > > > > > > > > -----BEGIN CERTIFICATE----- > > > > > > MI > > > > > > -----END CERTIFICATE-----? > > > > > > > > > > > > Where the Cert is the file/text Comodo sends me, and the > > > > > > key is > > > > > > the > > > > > > one? > > > > > > openssl spit out earlier,? > > > > > > > > > > > > Combine them up in certfile, Correct? Special order?? KEY > > > > > > then > > > > > > Cert, or v- > > > > > > v? Line separating them? > > > > > > > > > > The format is the OpenSSL format: key, blank line, cert > > > > > (chain). > > > > > echo | cat key.pem - cert.pem > combo.pem > > > > > > > > > > > > > > > > kill -HUP pidOfIcecast > > > > > > > > > > As of Icecast2 2.4.x you need to restart Icecast to reload > > > > > the > > > > > cert. > > > > > There is however a fix in 2.5.x (development) which is > > > > > hopefully > > > > > released with the next development update. > > > > > > > > > > > > > > > > And good???? > > > > > > > > > > > > One thing can the web server spit out just a text file that > > > > > > is > > > > > > used > > > > > > by? > > > > > > Comodo to verify ownership of the domain? The DNS method > > > > > > normally? > > > > > > fails.... > > > > > > > > > > Sure. Just put it into the webroot (<webroot> in <paths>). > > > > > Icecast > > > > > handles files in webroot according to your operating system's > > > > > mine- > > > > > type > > > > > table. > > > > > > > > > > > > > On Debian 9, in the configuration file it says: > > > > > > > > <webroot>/usr/share/icecast2/web</webroot> > > > > <ssl-certificate>/usr/share/icecast2/icecast.pem</ssl- > > > > certificate> > > > > > > > > What should be the correct path of the icecast.pem file ?. > > > > Should it be /usr/share/icecast2/web/icecast.pem ?. > > > > > > You certainly do not want to put your private key in your public > > > webroot... > > > > > > > Thanks Marvin. Is ok into any other directory, for example > > /etc/icecast2/ssl ?. > > I think so, yes. > > > > > > > > > Thanks. > > > > > > > > > > > ie: http://icecast.domain.invalid/somestringofletersnumbers > > > > > > .txt > > > > > > That they? > > > > > > request if its dumped in the webroot stuff of Icecast? With > > > > > > out > > > > > > any > > > > > > XSLT? > > > > > > markup? > > > > > > > > > > Icecast only processes XSLT files as XSLT. > > > > > > > > > > > > > > > > So if I added a listening port on 80 for this, then took it > > > > > > away,? > > > > > > since I don't use that for Icecast... Icecast is on its own > > > > > > server > > > > > > which? > > > > > > does not have Apache... web stuff for other things is on > > > > > > its > > > > > > own > > > > > > box. I? > > > > > > never have used the Icecast to server up anything other > > > > > > than > > > > > > the > > > > > > default? > > > > > > admin etc. stuff it does by default... > > > > > > > > > > To avoid the need to run Icecast as privileged user in oder > > > > > to > > > > > bind > > > > > to > > > > > low ports (if Comodo really insists in using port 80) you can > > > > > use > > > > > your > > > > > firewall to do a local redirect. > > > > > > > > > > > > > > > Hope this is of help to you, > > > > > > > > > > with best regards, > > > > > > > > > > > > > > > _______________________________________________ > > > > > Icecast mailing list > > > > > Icecast at xiph.org > > > > > http://lists.xiph.org/mailman/listinfo/icecast > > > > > > > > _______________________________________________ > > > > Icecast mailing list > > > > Icecast at xiph.org > > > > http://lists.xiph.org/mailman/listinfo/icecast > > > > > > _______________________________________________ > > > Icecast mailing list > > > Icecast at xiph.org > > > http://lists.xiph.org/mailman/listinfo/icecast > > > > _______________________________________________ > > Icecast mailing list > > Icecast at xiph.org > > http://lists.xiph.org/mailman/listinfo/icecast > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast
It is a server message indicator. It is used to distinguish server messages. Sent from my iPhone> On Aug 11, 2017, at 13:28, Jos? Luis Artuch <artuch at speedy.com.ar> wrote: > > Hi ! > Still fighting here :) > > /var/log/icecast2/error.log > ... > [2017-08-08 03:05:34] INFO main/main Icecast 2.4.2 server started > [2017-08-08 03:05:34] INFO connection/get_ssl_certificate No SSL > capability *** > [2017-08-08 03:05:34] INFO yp/yp_update_thread YP update thread > started > ... > > What exactly does *** mean ?. > > Thanks ! > Jos? Luis > >> El vie, 21-07-2017 a las 19:44 +0200, Marvin Scholz escribi?: >> >>> On 21 Jul 2017, at 19:27, Jos? Luis Artuch wrote: >>> >>>> El vie, 21-07-2017 a las 19:07 +0200, Marvin Scholz escribi?: >>>> >>>>> On 21 Jul 2017, at 18:41, Jos? Luis Artuch wrote: >>>>> >>>>> Hello ! >>>>> >>>>>> El lun, 10-07-2017 a las 09:31 +0000, Philipp Schafft escribi?: >>>>>> Good morning, >>>>>> >>>>>> >>>>>>> On Mon, 2017-07-10 at 01:25 +0000, ScanCaster wrote: >>>>>>> IceCast is one of the last services I have that doesn't >>>>>>> connect >>>>>>> securely, >>>>>>> and I am looking to close that hole.... >>>>>>> [...] >>>>>>> OK... add a port for SSL for IceCast in icecast.xml...path >>>>>>> for >>>>>>> cert >>>>>>> file >>>>>>> in same.... no biggie >>>>>> >>>>>> The <ssl-certificate> belongs in the <paths> section of the >>>>>> config >>>>>> file. >>>>>> (I'm not sure what you mean with 'in same', just wanted to >>>>>> make >>>>>> it >>>>>> clear.) >>>>>> >>>>>> >>>>>>> The key/cert needs to be in a dir and file with applicable >>>>>>> permissions >>>>>>> for the IceCast user... no biggie.. >>>>>>> >>>>>>> chown icecastusergroup:icecastusergroup certfile >>>>>> >>>>>> >>>>>>> What I am looking to confirm is that the cert file needs to >>>>>>> contain: >>>>>>> >>>>>>> -----BEGIN RSA PRIVATE KEY----- >>>>>>> MII >>>>>>> -----END RSA PRIVATE KEY----- >>>>>>> >>>>>>> -----BEGIN CERTIFICATE----- >>>>>>> MI >>>>>>> -----END CERTIFICATE----- >>>>>>> >>>>>>> Where the Cert is the file/text Comodo sends me, and the >>>>>>> key is >>>>>>> the >>>>>>> one >>>>>>> openssl spit out earlier, >>>>>>> >>>>>>> Combine them up in certfile, Correct? Special order?? KEY >>>>>>> then >>>>>>> Cert, or v- >>>>>>> v? Line separating them? >>>>>> >>>>>> The format is the OpenSSL format: key, blank line, cert >>>>>> (chain). >>>>>> echo | cat key.pem - cert.pem > combo.pem >>>>>> >>>>>> >>>>>>> kill -HUP pidOfIcecast >>>>>> >>>>>> As of Icecast2 2.4.x you need to restart Icecast to reload >>>>>> the >>>>>> cert. >>>>>> There is however a fix in 2.5.x (development) which is >>>>>> hopefully >>>>>> released with the next development update. >>>>>> >>>>>> >>>>>>> And good???? >>>>>>> >>>>>>> One thing can the web server spit out just a text file that >>>>>>> is >>>>>>> used >>>>>>> by >>>>>>> Comodo to verify ownership of the domain? The DNS method >>>>>>> normally >>>>>>> fails.... >>>>>> >>>>>> Sure. Just put it into the webroot (<webroot> in <paths>). >>>>>> Icecast >>>>>> handles files in webroot according to your operating system's >>>>>> mine- >>>>>> type >>>>>> table. >>>>>> >>>>> >>>>> On Debian 9, in the configuration file it says: >>>>> >>>>> <webroot>/usr/share/icecast2/web</webroot> >>>>> <ssl-certificate>/usr/share/icecast2/icecast.pem</ssl- >>>>> certificate> >>>>> >>>>> What should be the correct path of the icecast.pem file ?. >>>>> Should it be /usr/share/icecast2/web/icecast.pem ?. >>>> >>>> You certainly do not want to put your private key in your public >>>> webroot... >>>> >>> >>> Thanks Marvin. Is ok into any other directory, for example >>> /etc/icecast2/ssl ?. >> >> I think so, yes. >> >>>>> >>>>> Thanks. >>>>>> >>>>>>> ie: http://icecast.domain.invalid/somestringofletersnumbers >>>>>>> .txt >>>>>>> That they >>>>>>> request if its dumped in the webroot stuff of Icecast? With >>>>>>> out >>>>>>> any >>>>>>> XSLT >>>>>>> markup? >>>>>> >>>>>> Icecast only processes XSLT files as XSLT. >>>>>> >>>>>> >>>>>>> So if I added a listening port on 80 for this, then took it >>>>>>> away, >>>>>>> since I don't use that for Icecast... Icecast is on its own >>>>>>> server >>>>>>> which >>>>>>> does not have Apache... web stuff for other things is on >>>>>>> its >>>>>>> own >>>>>>> box. I >>>>>>> never have used the Icecast to server up anything other >>>>>>> than >>>>>>> the >>>>>>> default >>>>>>> admin etc. stuff it does by default... >>>>>> >>>>>> To avoid the need to run Icecast as privileged user in oder >>>>>> to >>>>>> bind >>>>>> to >>>>>> low ports (if Comodo really insists in using port 80) you can >>>>>> use >>>>>> your >>>>>> firewall to do a local redirect. >>>>>> >>>>>> >>>>>> Hope this is of help to you, >>>>>> >>>>>> with best regards, >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Icecast mailing list >>>>>> Icecast at xiph.org >>>>>> http://lists.xiph.org/mailman/listinfo/icecast >>>>> >>>>> _______________________________________________ >>>>> Icecast mailing list >>>>> Icecast at xiph.org >>>>> http://lists.xiph.org/mailman/listinfo/icecast >>>> >>>> _______________________________________________ >>>> Icecast mailing list >>>> Icecast at xiph.org >>>> http://lists.xiph.org/mailman/listinfo/icecast >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast