Hi team,
Please accent my apologies if this is NOT the place/distro list to be
raising this. I had major dramas with the standard forum - registration and
decided this may be a better route.
My current instance icecast server has been built with --with-curl
--with-openssl options as outlined within this post:
https://weekly-geekly.github.io/articles/350236/index.html and the build
version is 2.4.99.2
I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted
by AWS. Icecast recognizes this without issue.
I'm having issues disconnecting my source client from Icecast when the
connections is via SSL. Non SSL source clients work as intended, connecting
and disconnecting without issues and Icecast shuts down the mount points
after client drop-outs as intended. See the logs outlined below for details.
Using an SSL connection and once the client connection drops (for whatever
reason) Icecast does not recognize this and keeps the mount point active
forever - even when there's no data being sent by the client. On a
reconnect try the client gets a 'mount point already in use' message.
To
get over this state I either have to restart the Icecast service OR manually
kill the source from the admin interface. Once done. I can reconnect
again.repeating the process
Frustratingly, this (SSL) works (source>icecast>listener) - just about -
but I'd dearly like to understand the issue with the ssl connection and
mountpoint not being released. I would expect a source timeout to occur, as
defined in the Icecast config file thus releasing the mount point. However,
not to be.
Connecting to unencrypted Icecast port (8000)
Access.log
xx.xx.xx.xxx- - [09/Feb/2020:17:56:50 +0000] "SOURCE /acdc.ogg
HTTP/1.0" 401
777 "-" "libshout/2.4.1" 0
Error.log
[2020-02-09 17:56:50] EROR connection/_handle_authed_client Client
(role=anonymous, username=(null)) not allowed to use this request method on
/acdc.ogg
[2020-02-09 17:56:50] EROR util/util_http_select_best Input string does not
parse as KVA. Selecting first option.
[2020-02-09 17:56:50] WARN reportxml/reportxml_database_build_report No
matching definition for "25387198-0643-4577-9139-7c4f24f59d4a"
[2020-02-09 17:56:50] INFO connection/_handle_source_request Source logging
in at mountpoint "/acdc.ogg" using "SOURCE" from
xx.xx.xx.xxx as role
legacy-global-source
[2020-02-09 17:56:50] INFO source/source_main listener count on /acdc.ogg
now 0
[2020-02-09 17:56:50] INFO format-opus/initial_opus_page seen initial opus
header
Source client disconnects.
Access.log
xx.xx.xx.xxx- source [09/Feb/2020:17:56:57 +0000] "SOURCE /acdc.ogg
HTTP/1.0" 200 324 "-" "libshout/2.4.1" 7
Error.log
[2020-02-09 17:53:12] INFO source/get_next_buffer End of Stream /acdc.ogg
[2020-02-09 17:53:12] INFO source/source_shutdown Source from xx.xx.xx.xxx
at "/acdc.ogg" exiting
Connection by source client Using SSL (port 8444):
Connect:
Access.log
xx.xx.xx.xxx- source [09/Feb/2020:18:00:25 +0000] "GET /admin/metadata
HTTP/1.1" 200 481 "-" "Mozilla/5.0" 0
Error.log
[2020-02-09 18:00:24] INFO connection/_handle_source_request Source logging
in at mountpoint "/acdc.ogg" using "SOURCE" from
xx.xx.xx.xxx as role
legacy-global-source
[2020-02-09 18:00:24] WARN format/format_get_type Unsupported or legacy
stream type: "audio/mpeg". Falling back to generic minimal handler for
best
effort.
[2020-02-09 18:00:25] INFO source/source_main listener count on /acdc.ogg
now 0
[2020-02-09 18:00:25] INFO admin/admin_handle_request Received admin
command metadata on mount '/acdc.ogg'
[2020-02-09 18:00:25] INFO util/util_conv_string converting metadata from
utf-8 to ISO8859-1
[2020-02-09 18:00:25] INFO admin/command_metadata Metadata on mountpoint
/acdc.ogg changed to " - "
Source disconnects here.
. No log entries - no source timeouts.
. Mountpoint (here acdc.ogg) still active and visible in the admin
interface
. Source client cannot reconnect - see message below:
Action: Source client tries to reconnect (port 8000 or 8444)
Access.log
xx.xx.xx.xxx- - [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg
HTTP/1.0" 401
777 "-" "libshout/2.4.1" 1
xx.xx.xx.xxx- source [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg
HTTP/1.0" 409 706 "-" "libshout/2.4.1" 0
Error.log
[2020-02-09 18:03:52] EROR connection/_handle_authed_client Client
(role=anonymous, username=(null)) not allowed to use this request method on
/acdc.ogg
[2020-02-09 18:03:52] EROR util/util_http_select_best Input string does not
parse as KVA. Selecting first option.
[2020-02-09 18:03:52] WARN reportxml/reportxml_database_build_report No
matching definition for "25387198-0643-4577-9139-7c4f24f59d4a"
[2020-02-09 18:03:53] INFO connection/_handle_source_request Source logging
in at mountpoint "/acdc.ogg" using "SOURCE" from
xx.xx.xx.xxx as role
legacy-global-source
[2020-02-09 18:03:53] EROR util/util_http_select_best Input string does not
parse as KVA. Selecting first option.
[2020-02-09 18:03:53] WARN reportxml/reportxml_database_build_report No
matching definition for "c5724467-5f85-48c7-b45a-915c3150c292"
[2020-02-09 18:03:53] WARN connection/source_startup Mountpoint /acdc.ogg
in use
Any pointers very welcome.
Here is the config.xml file for the server used:
<icecast>
<!-- location and admin are two arbitrary strings that are e.g. visible
on the server info page of the icecast web interface
(server_version.xsl). -->
<location>earth</location>
<admin>icemaster at localhost</admin>
<!-- IMPORTANT!
Especially for inexperienced users:
Start out by ONLY changing all passwords and restarting Icecast.
For detailed setup instructions please refer to the documentation.
It's also available here: http://icecast.org/docs/
-->
<limits>
<clients>100</clients>
<sources>2</sources>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<!-- If enabled, this will provide a burst of data when a client
first connects, thereby significantly reducing the startup
time for listeners that do substantial buffering. However,
it also significantly increases latency between the source
client and listening client. For low-latency setups, you
might want to disable this. -->
<!-- same as burst-on-connect, but this allows for being more
specific on how much to burst. Most people won't need to
change from the default 64k. Applies to all mountpoints -->
<burst-size>65535</burst-size>
</limits>
<authentication>
<!-- Sources log in with username 'source' -->
<source-password>hackme57</source-password>
<!-- Relays log in with username 'relay' -->
<relay-password>hackme58</relay-password>
<!-- Admin logs in with the username given below -->
<admin-user>admin</admin-user>
<admin-password>ITJShKNE0pRg</admin-password>
</authentication>
<!-- set the mountpoint for a shoutcast source to use, the default if
not
specified is /stream but you can change it here if an
alternative is
wanted or an extension is required
<shoutcast-mount>/live.nsv</shoutcast-mount>
-->
<!-- Uncomment this if you want directory listings -->
<!--
<directory>
<yp-url-timeout>15</yp-url-timeout>
<yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
</directory>
-->
<!-- This is the hostname other people will use to connect to your
server.
It affects mainly the urls generated by Icecast for playlists and
yp
listings. You MUST configure it properly for YP listings to work!
-->
<hostname>localhost</hostname>
<!-- You may have multiple <listener> elements -->
<listen-socket>
<port>8000</port>
<ssl>0</ssl>
<!-- <bind-address>127.0.0.1</bind-address> -->
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
</listen-socket>
<!--
<listen-socket>
<port>8080</port>
</listen-socket>
-->
<listen-socket>
<port>8444</port>
<ssl>1</ssl>
</listen-socket>
<!-- Global header settings
Headers defined here will be returned for every HTTP request to
Icecast.
The ACAO header makes Icecast public content/API by default
This will make streams easier embeddable (some HTML5 functionality
needs it).
Also it allows direct access to e.g. /status-json.xsl from other
sites.
If you don't want this, comment out the following line or read up
on CORS.
-->
<http-headers>
<header name="Access-Control-Allow-Origin"
value="*" />
</http-headers>
<!-- Relaying:
You don't need this if you only have one server.
Please refer to the config for a detailed explanation.
-->
<!--<master-server>127.0.0.1</master-server>-->
<!--<master-server-port>8001</master-server-port>-->
<!--<master-update-interval>120</master-update-interval>-->
<!--<master-password>hackme</master-password>-->
<!-- setting this makes all relays on-demand unless overridden, this is
useful for master relays which do not have <relay> definitions
here.
The default is 0 -->
<!--<relays-on-demand>1</relays-on-demand>-->
<!--
<relay>
<server>127.0.0.1</server>
<port>8080</port>
<mount>/example.ogg</mount>
<local-mount>/different.ogg</local-mount>
<on-demand>0</on-demand>
<relay-shoutcast-metadata>0</relay-shoutcast-metadata>
</relay>
-->
<!-- Mountpoints
Only define <mount> sections if you want to use advanced options,
like alternative usernames or passwords
-->
<!-- Default settings for all mounts that don't have a specific
<mount
type="normal">.
-->
<!--
<mount type="default">
<public>0</public>
<intro>/server-wide-intro.ogg</intro>
<max-listener-duration>3600</max-listener-duration>
<authentication type="url">
<option name="mount_add"
value="http://auth.example.org/stream_start.php"/>
</authentication>
<http-headers>
<header name="foo" value="bar" />
</http-headers>
</mount>
-->
<!-- Normal mounts -->
<mount type="normal">
<mount-name>/acdc.ogg</mount-name>
<!--username>othersource</username>
<password>hackme_1666</password-->
<max-listeners>1</max-listeners>
<!--dump-file>/tmp/dump-example1.ogg</dump-file-->
<burst-size>65536</burst-size>
<!--fallback-mount>/example2.ogg</fallback-mount>
<fallback-override>1</fallback-override>
<fallback-when-full>1</fallback-when-full>
<intro>/example_intro.ogg</intro-->
<hidden>0</hidden>
<public>0</public>
<authentication type="htpasswd">
<option name="filename"
value="/var/log/icecast2/password"/>
<option name="allow_duplicate_users"
value="0"/>
</authentication>
<http-headers>
<header name="Access-Control-Allow-Origin"
value="http://webplayer.example.org" />
</http-headers>
<!--on-connect>/home/icecast/bin/stream-start</on-connect>
<on-disconnect>/home/icecast/bin/stream-stop</on-disconnect-->
</mount>
<fileserve>1</fileserve>
<paths>
<!-- basedir is only used if chroot is enabled -->
<basedir>./</basedir>
<!-- Note that if <chroot> is turned on below, these paths must
both
be relative to the new root, not the original root -->
<logdir>/var/log/icecast2</logdir>
<webroot>/usr/local/share/icecast/web</webroot>
<adminroot>/usr/local/share/icecast/admin</adminroot>
<!-- <pidfile>/usr/share/icecast/icecast.pid</pidfile>
-->
<!-- Aliases: treat requests for 'source' path as being for
'dest'
path
May be made specific to a port or bound address using the
"port"
and "bind-address" attributes.
-->
<!--
<alias source="/foo" destination="/bar"/>
-->
<!-- Aliases: can also be used for simple redirections as well,
this example will redirect all requests for http://server:port/
to
the status page
-->
<alias source="/" destination="/status.xsl"/>
<!-- The certificate file needs to contain both public and private
part.
Both should be PEM encoded.
-->
<ssl-certificate>/var/log/icecast2/icecast.pem</ssl-certificate>
</paths>
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<!-- <playlistlog>playlist.log</playlistlog> -->
<loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1
Error -->
<logsize>10000</logsize> <!-- Max size of a logfile
-->
<!-- If logarchive is enabled (1), then when logsize is reached
the logfile will be moved to
[error|access|playlist].log.DATESTAMP,
otherwise it will be moved to [error|access|playlist].log.old.
Default is non-archive mode (i.e. overwrite)
-->
<!-- <logarchive>1</logarchive> -->
</logging>
<security>
<chroot>0</chroot>
<changeowner>
<user>icecast</user>
<group>icecast</group>
</changeowner>
</security>
</icecast><?xml version="1.0" encoding="utf-8"?>
Good evening, first of all thank you for the very good report. :) On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:> Hi team, > > Please accent my apologies if this is NOT the place/distro list to be > raising this. I had major dramas with the standard forum - registration and > decided this may be a better route.This is the *perfect* place beside opening a ticket on gitlab. :)> My current instance icecast server has been built with --with-curl > --with-openssl options as outlined within this post: > https://weekly-geekly.github.io/articles/350236/index.html and the build > version is 2.4.99.2I only had a quick look at that link. I think it is better than most but it has some oddities. I would generally recommend to have a look at: https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) If you *really* want to build your own Icecast: https://wiki.xiph.org/Icecast_Server/Git_workflow However those two are "just" the install part, not the setup part.> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted > by AWS. Icecast recognizes this without issue.I wouldn't recommend AWS with Icecast as several of my clients had problems with their border gateways. However if it works for you that sounds fine.> I'm having issues disconnecting my source client from Icecast when the > connections is via SSL. Non SSL source clients work as intended, connecting > and disconnecting without issues and Icecast shuts down the mount points > after client drop-outs as intended. See the logs outlined below for details. > Using an SSL connection and once the client connection drops (for whatever > reason) Icecast does not recognize this and keeps the mount point active > forever - even when there's no data being sent by the client. On a > reconnect try the client gets a 'mount point already in use' message. To > get over this state I either have to restart the Icecast service OR manually > kill the source from the admin interface. Once done. I can reconnect > again.repeating the process > > Frustratingly, this (SSL) works (source>icecast>listener) - just about - > but I'd dearly like to understand the issue with the ssl connection and > mountpoint not being released. I would expect a source timeout to occur, as > defined in the Icecast config file thus releasing the mount point. However, > not to be. > [...]You are totally right here. In fact it's a bug we currently hunt. Had a debugging session yesterday about it. We are currently considering what the best route is to fix this. What would help me is if you could provide your exact OpenSSL version: $ openssl version $ dpkg -l libssl-dev Thank you very much. I expect that we fix this within the next week. With best regards, -- Philipp. (Rah of PH2)
Hi Philipp, Thank you for the prompt reply - really appreciated. Here is the output from the commands you requested: $ openssl version OpenSSL 1.1.1 11 Sep 2018 $ dpkg -l libssl-dev Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-============-============-================================ ii libssl-dev:amd 1.1.1-1ubunt amd64 Secure Sockets Layer toolkit - de If I can help you folks any further in this hunt please say. Kind regards, James -----Original Message----- From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Philipp Schafft Sent: 16 February 2020 20:15 To: Icecast streaming server user discussions <icecast at xiph.org> Subject: Re: [Icecast] Icecast SSL endpoint timeout issue Good evening, first of all thank you for the very good report. :) On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:> Hi team, > > Please accent my apologies if this is NOT the place/distro list to be > raising this. I had major dramas with the standard forum - > registration and decided this may be a better route.This is the *perfect* place beside opening a ticket on gitlab. :)> My current instance icecast server has been built with --with-curl > --with-openssl options as outlined within this post: > https://weekly-geekly.github.io/articles/350236/index.html and the > build version is 2.4.99.2I only had a quick look at that link. I think it is better than most but it has some oddities. I would generally recommend to have a look at: https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) If you *really* want to build your own Icecast: https://wiki.xiph.org/Icecast_Server/Git_workflow However those two are "just" the install part, not the setup part.> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server > hosted by AWS. Icecast recognizes this without issue.I wouldn't recommend AWS with Icecast as several of my clients had problems with their border gateways. However if it works for you that sounds fine.> I'm having issues disconnecting my source client from Icecast when > the connections is via SSL. Non SSL source clients work as intended, > connecting and disconnecting without issues and Icecast shuts down the > mount points after client drop-outs as intended. See the logs outlined below for details. > Using an SSL connection and once the client connection drops (for > whatever > reason) Icecast does not recognize this and keeps the mount point > active forever - even when there's no data being sent by the client. > On a reconnect try the client gets a 'mount point already in use' > message. To get over this state I either have to restart the Icecast > service OR manually kill the source from the admin interface. Once > done. I can reconnect again.repeating the process > > Frustratingly, this (SSL) works (source>icecast>listener) - just about > - but I'd dearly like to understand the issue with the ssl connection > and mountpoint not being released. I would expect a source timeout to > occur, as defined in the Icecast config file thus releasing the mount > point. However, not to be. > [...]You are totally right here. In fact it's a bug we currently hunt. Had a debugging session yesterday about it. We are currently considering what the best route is to fix this. What would help me is if you could provide your exact OpenSSL version: $ openssl version $ dpkg -l libssl-dev Thank you very much. I expect that we fix this within the next week. With best regards, -- Philipp. (Rah of PH2) _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast
Hi team, Have you folks made any progress with the below by chance? Kind regards, James -----Original Message----- From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Philipp Schafft Sent: 16 February 2020 20:15 To: Icecast streaming server user discussions <icecast at xiph.org> Subject: Re: [Icecast] Icecast SSL endpoint timeout issue Good evening, first of all thank you for the very good report. :) On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:> Hi team, > > Please accent my apologies if this is NOT the place/distro list to be > raising this. I had major dramas with the standard forum - > registration and decided this may be a better route.This is the *perfect* place beside opening a ticket on gitlab. :)> My current instance icecast server has been built with --with-curl > --with-openssl options as outlined within this post: > https://weekly-geekly.github.io/articles/350236/index.html and the > build version is 2.4.99.2I only had a quick look at that link. I think it is better than most but it has some oddities. I would generally recommend to have a look at: https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) If you *really* want to build your own Icecast: https://wiki.xiph.org/Icecast_Server/Git_workflow However those two are "just" the install part, not the setup part.> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server > hosted by AWS. Icecast recognizes this without issue.I wouldn't recommend AWS with Icecast as several of my clients had problems with their border gateways. However if it works for you that sounds fine.> I'm having issues disconnecting my source client from Icecast when > the connections is via SSL. Non SSL source clients work as intended, > connecting and disconnecting without issues and Icecast shuts down the > mount points after client drop-outs as intended. See the logs outlined below for details. > Using an SSL connection and once the client connection drops (for > whatever > reason) Icecast does not recognize this and keeps the mount point > active forever - even when there's no data being sent by the client. > On a reconnect try the client gets a 'mount point already in use' > message. To get over this state I either have to restart the Icecast > service OR manually kill the source from the admin interface. Once > done. I can reconnect again.repeating the process > > Frustratingly, this (SSL) works (source>icecast>listener) - just about > - but I'd dearly like to understand the issue with the ssl connection > and mountpoint not being released. I would expect a source timeout to > occur, as defined in the Icecast config file thus releasing the mount > point. However, not to be. > [...]You are totally right here. In fact it's a bug we currently hunt. Had a debugging session yesterday about it. We are currently considering what the best route is to fix this. What would help me is if you could provide your exact OpenSSL version: $ openssl version $ dpkg -l libssl-dev Thank you very much. I expect that we fix this within the next week. With best regards, -- Philipp. (Rah of PH2) _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast
does anyone know how i can setup my own icecast server? On Sun, Feb 16, 2020 at 9:57 AM James Turner <james at switchbladeuk.com> wrote:> Hi team, > > Please accent my apologies if this is NOT the place/distro list to be > raising this. I had major dramas with the standard forum - registration and > decided this may be a better route. > > My current instance icecast server has been built with --with-curl > --with-openssl options as outlined within this post: > https://weekly-geekly.github.io/articles/350236/index.html and the build > version is 2.4.99.2 > > I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted > by AWS. Icecast recognizes this without issue. > > I'm having issues disconnecting my source client from Icecast when the > connections is via SSL. Non SSL source clients work as intended, connecting > and disconnecting without issues and Icecast shuts down the mount points > after client drop-outs as intended. See the logs outlined below for > details. > Using an SSL connection and once the client connection drops (for whatever > reason) Icecast does not recognize this and keeps the mount point active > forever - even when there's no data being sent by the client. On a > reconnect try the client gets a 'mount point already in use' message. To > get over this state I either have to restart the Icecast service OR > manually > kill the source from the admin interface. Once done. I can reconnect > again.repeating the process > > Frustratingly, this (SSL) works (source>icecast>listener) - just about - > but I'd dearly like to understand the issue with the ssl connection and > mountpoint not being released. I would expect a source timeout to occur, as > defined in the Icecast config file thus releasing the mount point. However, > not to be. > > Connecting to unencrypted Icecast port (8000) > > Access.log > xx.xx.xx.xxx- - [09/Feb/2020:17:56:50 +0000] "SOURCE /acdc.ogg HTTP/1.0" > 401 > 777 "-" "libshout/2.4.1" 0 > Error.log > [2020-02-09 17:56:50] EROR connection/_handle_authed_client Client > (role=anonymous, username=(null)) not allowed to use this request method on > /acdc.ogg > [2020-02-09 17:56:50] EROR util/util_http_select_best Input string does > not > parse as KVA. Selecting first option. > [2020-02-09 17:56:50] WARN reportxml/reportxml_database_build_report No > matching definition for "25387198-0643-4577-9139-7c4f24f59d4a" > [2020-02-09 17:56:50] INFO connection/_handle_source_request Source > logging > in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role > legacy-global-source > [2020-02-09 17:56:50] INFO source/source_main listener count on /acdc.ogg > now 0 > [2020-02-09 17:56:50] INFO format-opus/initial_opus_page seen initial opus > header > > Source client disconnects. > Access.log > xx.xx.xx.xxx- source [09/Feb/2020:17:56:57 +0000] "SOURCE /acdc.ogg > HTTP/1.0" 200 324 "-" "libshout/2.4.1" 7 > > Error.log > [2020-02-09 17:53:12] INFO source/get_next_buffer End of Stream /acdc.ogg > [2020-02-09 17:53:12] INFO source/source_shutdown Source from xx.xx.xx.xxx > at "/acdc.ogg" exiting > > > Connection by source client Using SSL (port 8444): > Connect: > Access.log > xx.xx.xx.xxx- source [09/Feb/2020:18:00:25 +0000] "GET /admin/metadata > HTTP/1.1" 200 481 "-" "Mozilla/5.0" 0 > Error.log > > [2020-02-09 18:00:24] INFO connection/_handle_source_request Source > logging > in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role > legacy-global-source > [2020-02-09 18:00:24] WARN format/format_get_type Unsupported or legacy > stream type: "audio/mpeg". Falling back to generic minimal handler for best > effort. > [2020-02-09 18:00:25] INFO source/source_main listener count on /acdc.ogg > now 0 > [2020-02-09 18:00:25] INFO admin/admin_handle_request Received admin > command metadata on mount '/acdc.ogg' > [2020-02-09 18:00:25] INFO util/util_conv_string converting metadata from > utf-8 to ISO8859-1 > [2020-02-09 18:00:25] INFO admin/command_metadata Metadata on mountpoint > /acdc.ogg changed to " - " > > Source disconnects here. > . No log entries - no source timeouts. > . Mountpoint (here acdc.ogg) still active and visible in the admin > interface > . Source client cannot reconnect - see message below: > > > Action: Source client tries to reconnect (port 8000 or 8444) > > Access.log > xx.xx.xx.xxx- - [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg HTTP/1.0" > 401 > 777 "-" "libshout/2.4.1" 1 > xx.xx.xx.xxx- source [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg > HTTP/1.0" 409 706 "-" "libshout/2.4.1" 0 > > Error.log > > [2020-02-09 18:03:52] EROR connection/_handle_authed_client Client > (role=anonymous, username=(null)) not allowed to use this request method on > /acdc.ogg > [2020-02-09 18:03:52] EROR util/util_http_select_best Input string does > not > parse as KVA. Selecting first option. > [2020-02-09 18:03:52] WARN reportxml/reportxml_database_build_report No > matching definition for "25387198-0643-4577-9139-7c4f24f59d4a" > [2020-02-09 18:03:53] INFO connection/_handle_source_request Source > logging > in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role > legacy-global-source > [2020-02-09 18:03:53] EROR util/util_http_select_best Input string does > not > parse as KVA. Selecting first option. > [2020-02-09 18:03:53] WARN reportxml/reportxml_database_build_report No > matching definition for "c5724467-5f85-48c7-b45a-915c3150c292" > [2020-02-09 18:03:53] WARN connection/source_startup Mountpoint /acdc.ogg > in use > > > Any pointers very welcome. > > Here is the config.xml file for the server used: > > <icecast> > <!-- location and admin are two arbitrary strings that are e.g. visible > on the server info page of the icecast web interface > (server_version.xsl). --> > <location>earth</location> > <admin>icemaster at localhost</admin> > > <!-- IMPORTANT! > Especially for inexperienced users: > Start out by ONLY changing all passwords and restarting Icecast. > For detailed setup instructions please refer to the documentation. > It's also available here: http://icecast.org/docs/ > --> > > <limits> > <clients>100</clients> > <sources>2</sources> > <queue-size>524288</queue-size> > <client-timeout>30</client-timeout> > <header-timeout>15</header-timeout> > <source-timeout>10</source-timeout> > <!-- If enabled, this will provide a burst of data when a client > first connects, thereby significantly reducing the startup > time for listeners that do substantial buffering. However, > it also significantly increases latency between the source > client and listening client. For low-latency setups, you > might want to disable this. --> > > <!-- same as burst-on-connect, but this allows for being more > specific on how much to burst. Most people won't need to > change from the default 64k. Applies to all mountpoints --> > <burst-size>65535</burst-size> > </limits> > > <authentication> > <!-- Sources log in with username 'source' --> > <source-password>hackme57</source-password> > <!-- Relays log in with username 'relay' --> > <relay-password>hackme58</relay-password> > > <!-- Admin logs in with the username given below --> > <admin-user>admin</admin-user> > <admin-password>ITJShKNE0pRg</admin-password> > </authentication> > > <!-- set the mountpoint for a shoutcast source to use, the default if > not > specified is /stream but you can change it here if an > alternative is > wanted or an extension is required > <shoutcast-mount>/live.nsv</shoutcast-mount> > --> > > <!-- Uncomment this if you want directory listings --> > <!-- > <directory> > <yp-url-timeout>15</yp-url-timeout> > <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url> > </directory> > --> > > <!-- This is the hostname other people will use to connect to your > server. > It affects mainly the urls generated by Icecast for playlists and > yp > listings. You MUST configure it properly for YP listings to work! > --> > <hostname>localhost</hostname> > > <!-- You may have multiple <listener> elements --> > <listen-socket> > <port>8000</port> > <ssl>0</ssl> > <!-- <bind-address>127.0.0.1</bind-address> --> > <!-- <shoutcast-mount>/stream</shoutcast-mount> --> > </listen-socket> > <!-- > <listen-socket> > <port>8080</port> > </listen-socket> > --> > > <listen-socket> > <port>8444</port> > <ssl>1</ssl> > </listen-socket> > > > <!-- Global header settings > Headers defined here will be returned for every HTTP request to > Icecast. > > The ACAO header makes Icecast public content/API by default > This will make streams easier embeddable (some HTML5 functionality > needs it). > Also it allows direct access to e.g. /status-json.xsl from other > sites. > If you don't want this, comment out the following line or read up > on CORS. > --> > <http-headers> > <header name="Access-Control-Allow-Origin" value="*" /> > </http-headers> > > > <!-- Relaying: > You don't need this if you only have one server. > Please refer to the config for a detailed explanation. > --> > <!--<master-server>127.0.0.1</master-server>--> > <!--<master-server-port>8001</master-server-port>--> > <!--<master-update-interval>120</master-update-interval>--> > <!--<master-password>hackme</master-password>--> > > <!-- setting this makes all relays on-demand unless overridden, this is > useful for master relays which do not have <relay> definitions > here. > The default is 0 --> > <!--<relays-on-demand>1</relays-on-demand>--> > > <!-- > <relay> > <server>127.0.0.1</server> > <port>8080</port> > <mount>/example.ogg</mount> > <local-mount>/different.ogg</local-mount> > <on-demand>0</on-demand> > > <relay-shoutcast-metadata>0</relay-shoutcast-metadata> > </relay> > --> > > > <!-- Mountpoints > Only define <mount> sections if you want to use advanced options, > like alternative usernames or passwords > --> > > <!-- Default settings for all mounts that don't have a specific <mount > type="normal">. > --> > <!-- > <mount type="default"> > <public>0</public> > <intro>/server-wide-intro.ogg</intro> > <max-listener-duration>3600</max-listener-duration> > <authentication type="url"> > <option name="mount_add" > value="http://auth.example.org/stream_start.php"/> > </authentication> > <http-headers> > <header name="foo" value="bar" /> > </http-headers> > </mount> > --> > > <!-- Normal mounts --> > > <mount type="normal"> > <mount-name>/acdc.ogg</mount-name> > > <!--username>othersource</username> > <password>hackme_1666</password--> > > <max-listeners>1</max-listeners> > <!--dump-file>/tmp/dump-example1.ogg</dump-file--> > <burst-size>65536</burst-size> > <!--fallback-mount>/example2.ogg</fallback-mount> > <fallback-override>1</fallback-override> > <fallback-when-full>1</fallback-when-full> > <intro>/example_intro.ogg</intro--> > <hidden>0</hidden> > <public>0</public> > <authentication type="htpasswd"> > <option name="filename" value="/var/log/icecast2/password"/> > <option name="allow_duplicate_users" value="0"/> > </authentication> > <http-headers> > <header name="Access-Control-Allow-Origin" > value="http://webplayer.example.org" /> > </http-headers> > <!--on-connect>/home/icecast/bin/stream-start</on-connect> > <on-disconnect>/home/icecast/bin/stream-stop</on-disconnect--> > </mount> > > > <fileserve>1</fileserve> > > <paths> > <!-- basedir is only used if chroot is enabled --> > <basedir>./</basedir> > > <!-- Note that if <chroot> is turned on below, these paths must > both > be relative to the new root, not the original root --> > <logdir>/var/log/icecast2</logdir> > <webroot>/usr/local/share/icecast/web</webroot> > <adminroot>/usr/local/share/icecast/admin</adminroot> > <!-- <pidfile>/usr/share/icecast/icecast.pid</pidfile> --> > > <!-- Aliases: treat requests for 'source' path as being for 'dest' > path > May be made specific to a port or bound address using the > "port" > and "bind-address" attributes. > --> > <!-- > <alias source="/foo" destination="/bar"/> > --> > <!-- Aliases: can also be used for simple redirections as well, > this example will redirect all requests for http://server:port > / > to > the status page > --> > <alias source="/" destination="/status.xsl"/> > <!-- The certificate file needs to contain both public and private > part. > Both should be PEM encoded. > --> > <ssl-certificate>/var/log/icecast2/icecast.pem</ssl-certificate> > </paths> > > <logging> > <accesslog>access.log</accesslog> > <errorlog>error.log</errorlog> > <!-- <playlistlog>playlist.log</playlistlog> --> > <loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error --> > <logsize>10000</logsize> <!-- Max size of a logfile --> > <!-- If logarchive is enabled (1), then when logsize is reached > the logfile will be moved to > [error|access|playlist].log.DATESTAMP, > otherwise it will be moved to [error|access|playlist].log.old. > Default is non-archive mode (i.e. overwrite) > --> > <!-- <logarchive>1</logarchive> --> > </logging> > > <security> > <chroot>0</chroot> > > <changeowner> > <user>icecast</user> > <group>icecast</group> > </changeowner> > > </security> > </icecast><?xml version="1.0" encoding="utf-8"?> > > > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20200328/f71e1766/attachment.html>
Hi Jay, Check out the very well written docs: http://icecast.org/docs/icecast-2.4.1/ Cheers, Jordan On 3/28/20 12:36 PM, Jay George wrote:> does anyone know how i can setup my own icecast server? > > > On Sun, Feb 16, 2020 at 9:57 AM James Turner <james at switchbladeuk.com > <mailto:james at switchbladeuk.com>> wrote: > > Hi team, > > Please accent my apologies if this is NOT the place/distro list to be > raising this. I had major dramas with the standard forum - > registration and > decided this may be a better route. > > My current instance icecast server has been built with --with-curl > --with-openssl options as outlined within this post: > https://weekly-geekly.github.io/articles/350236/index.html and the build > version is 2.4.99.2 > > I'm using a valid certificate from letsencrypt on a Ubuntu 18 server > hosted > by AWS. Icecast recognizes this without issue. > > I'm having issues disconnecting my source client from Icecast when the > connections is via SSL. Non SSL source clients work as intended, > connecting > and disconnecting without issues and Icecast shuts down the mount points > after client drop-outs as intended. See the logs outlined below for > details. > Using an SSL connection and once the client connection drops (for > whatever > reason) Icecast does not recognize this and keeps the mount point active > forever - even when there's no data being sent by the client. On a > reconnect try the client gets a 'mount point already in use' > message. To > get over this state I either have to restart the Icecast service OR > manually > kill the source from the admin interface. Once done. I can reconnect > again.repeating the process > > Frustratingly, this (SSL) works (source>icecast>listener) - just about - > but I'd dearly like to understand the issue with the ssl connection and > mountpoint not being released. I would expect a source timeout to > occur, as > defined in the Icecast config file thus releasing the mount point. > However, > not to be. > > Connecting to unencrypted Icecast port (8000) > > Access.log > xx.xx.xx.xxx- - [09/Feb/2020:17:56:50 +0000] "SOURCE /acdc.ogg > HTTP/1.0" 401 > 777 "-" "libshout/2.4.1" 0 > Error.log > [2020-02-09 17:56:50] EROR connection/_handle_authed_client Client > (role=anonymous, username=(null)) not allowed to use this request > method on > /acdc.ogg > [2020-02-09 17:56:50] EROR util/util_http_select_best Input string > does not > parse as KVA. Selecting first option. > [2020-02-09 17:56:50] WARN reportxml/reportxml_database_build_report No > matching definition for "25387198-0643-4577-9139-7c4f24f59d4a" > [2020-02-09 17:56:50] INFO connection/_handle_source_request Source > logging > in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role > legacy-global-source > [2020-02-09 17:56:50] INFO source/source_main listener count on > /acdc.ogg > now 0 > [2020-02-09 17:56:50] INFO format-opus/initial_opus_page seen > initial opus > header > > Source client disconnects. > Access.log > xx.xx.xx.xxx- source [09/Feb/2020:17:56:57 +0000] "SOURCE /acdc.ogg > HTTP/1.0" 200 324 "-" "libshout/2.4.1" 7 > > Error.log > [2020-02-09 17:53:12] INFO source/get_next_buffer End of Stream > /acdc.ogg > [2020-02-09 17:53:12] INFO source/source_shutdown Source from > xx.xx.xx.xxx > at "/acdc.ogg" exiting > > > Connection by source client Using SSL (port 8444): > Connect: > Access.log > xx.xx.xx.xxx- source [09/Feb/2020:18:00:25 +0000] "GET /admin/metadata > HTTP/1.1" 200 481 "-" "Mozilla/5.0" 0 > Error.log > > [2020-02-09 18:00:24] INFO connection/_handle_source_request Source > logging > in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role > legacy-global-source > [2020-02-09 18:00:24] WARN format/format_get_type Unsupported or legacy > stream type: "audio/mpeg". Falling back to generic minimal handler > for best > effort. > [2020-02-09 18:00:25] INFO source/source_main listener count on > /acdc.ogg > now 0 > [2020-02-09 18:00:25] INFO admin/admin_handle_request Received admin > command metadata on mount '/acdc.ogg' > [2020-02-09 18:00:25] INFO util/util_conv_string converting > metadata from > utf-8 to ISO8859-1 > [2020-02-09 18:00:25] INFO admin/command_metadata Metadata on > mountpoint > /acdc.ogg changed to " - " > > Source disconnects here. > . No log entries - no source timeouts. > . Mountpoint (here acdc.ogg) still active and visible in the admin > interface > . Source client cannot reconnect - see message below: > > > Action: Source client tries to reconnect (port 8000 or 8444) > > Access.log > xx.xx.xx.xxx- - [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg > HTTP/1.0" 401 > 777 "-" "libshout/2.4.1" 1 > xx.xx.xx.xxx- source [09/Feb/2020:18:03:53 +0000] "SOURCE /acdc.ogg > HTTP/1.0" 409 706 "-" "libshout/2.4.1" 0 > > Error.log > > [2020-02-09 18:03:52] EROR connection/_handle_authed_client Client > (role=anonymous, username=(null)) not allowed to use this request > method on > /acdc.ogg > [2020-02-09 18:03:52] EROR util/util_http_select_best Input string > does not > parse as KVA. Selecting first option. > [2020-02-09 18:03:52] WARN reportxml/reportxml_database_build_report No > matching definition for "25387198-0643-4577-9139-7c4f24f59d4a" > [2020-02-09 18:03:53] INFO connection/_handle_source_request Source > logging > in at mountpoint "/acdc.ogg" using "SOURCE" from xx.xx.xx.xxx as role > legacy-global-source > [2020-02-09 18:03:53] EROR util/util_http_select_best Input string > does not > parse as KVA. Selecting first option. > [2020-02-09 18:03:53] WARN reportxml/reportxml_database_build_report No > matching definition for "c5724467-5f85-48c7-b45a-915c3150c292" > [2020-02-09 18:03:53] WARN connection/source_startup Mountpoint > /acdc.ogg > in use > > > Any pointers very welcome. > > Here is the config.xml file for the server used: > > <icecast> > <!-- location and admin are two arbitrary strings that are e.g. > visible > on the server info page of the icecast web interface > (server_version.xsl). --> > <location>earth</location> > <admin>icemaster at localhost</admin> > > <!-- IMPORTANT! > Especially for inexperienced users: > Start out by ONLY changing all passwords and restarting > Icecast. > For detailed setup instructions please refer to the > documentation. > It's also available here: http://icecast.org/docs/ > --> > > <limits> > <clients>100</clients> > <sources>2</sources> > <queue-size>524288</queue-size> > <client-timeout>30</client-timeout> > <header-timeout>15</header-timeout> > <source-timeout>10</source-timeout> > <!-- If enabled, this will provide a burst of data when a > client > first connects, thereby significantly reducing the startup > time for listeners that do substantial buffering. However, > it also significantly increases latency between the source > client and listening client. For low-latency setups, you > might want to disable this. --> > > <!-- same as burst-on-connect, but this allows for being more > specific on how much to burst. Most people won't need to > change from the default 64k. Applies to all > mountpoints --> > <burst-size>65535</burst-size> > </limits> > > <authentication> > <!-- Sources log in with username 'source' --> > <source-password>hackme57</source-password> > <!-- Relays log in with username 'relay' --> > <relay-password>hackme58</relay-password> > > <!-- Admin logs in with the username given below --> > <admin-user>admin</admin-user> > <admin-password>ITJShKNE0pRg</admin-password> > </authentication> > > <!-- set the mountpoint for a shoutcast source to use, the > default if > not > specified is /stream but you can change it here if an > alternative is > wanted or an extension is required > <shoutcast-mount>/live.nsv</shoutcast-mount> > --> > > <!-- Uncomment this if you want directory listings --> > <!-- > <directory> > <yp-url-timeout>15</yp-url-timeout> > <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url> > </directory> > --> > > <!-- This is the hostname other people will use to connect to your > server. > It affects mainly the urls generated by Icecast for > playlists and > yp > listings. You MUST configure it properly for YP listings to > work! > --> > <hostname>localhost</hostname> > > <!-- You may have multiple <listener> elements --> > <listen-socket> > <port>8000</port> > <ssl>0</ssl> > <!-- <bind-address>127.0.0.1</bind-address> --> > <!-- <shoutcast-mount>/stream</shoutcast-mount> --> > </listen-socket> > <!-- > <listen-socket> > <port>8080</port> > </listen-socket> > --> > > <listen-socket> > <port>8444</port> > <ssl>1</ssl> > </listen-socket> > > > <!-- Global header settings > Headers defined here will be returned for every HTTP request to > Icecast. > > The ACAO header makes Icecast public content/API by default > This will make streams easier embeddable (some HTML5 > functionality > needs it). > Also it allows direct access to e.g. /status-json.xsl from > other > sites. > If you don't want this, comment out the following line or > read up > on CORS. > --> > <http-headers> > <header name="Access-Control-Allow-Origin" value="*" /> > </http-headers> > > > <!-- Relaying: > You don't need this if you only have one server. > Please refer to the config for a detailed explanation. > --> > <!--<master-server>127.0.0.1</master-server>--> > <!--<master-server-port>8001</master-server-port>--> > <!--<master-update-interval>120</master-update-interval>--> > <!--<master-password>hackme</master-password>--> > > <!-- setting this makes all relays on-demand unless overridden, > this is > useful for master relays which do not have <relay> definitions > here. > The default is 0 --> > <!--<relays-on-demand>1</relays-on-demand>--> > > <!-- > <relay> > <server>127.0.0.1</server> > <port>8080</port> > <mount>/example.ogg</mount> > <local-mount>/different.ogg</local-mount> > <on-demand>0</on-demand> > > <relay-shoutcast-metadata>0</relay-shoutcast-metadata> > </relay> > --> > > > <!-- Mountpoints > Only define <mount> sections if you want to use advanced > options, > like alternative usernames or passwords > --> > > <!-- Default settings for all mounts that don't have a specific > <mount > type="normal">. > --> > <!-- > <mount type="default"> > <public>0</public> > <intro>/server-wide-intro.ogg</intro> > <max-listener-duration>3600</max-listener-duration> > <authentication type="url"> > <option name="mount_add" > value="http://auth.example.org/stream_start.php"/> > </authentication> > <http-headers> > <header name="foo" value="bar" /> > </http-headers> > </mount> > --> > > <!-- Normal mounts --> > > <mount type="normal"> > <mount-name>/acdc.ogg</mount-name> > > <!--username>othersource</username> > <password>hackme_1666</password--> > > <max-listeners>1</max-listeners> > <!--dump-file>/tmp/dump-example1.ogg</dump-file--> > <burst-size>65536</burst-size> > <!--fallback-mount>/example2.ogg</fallback-mount> > <fallback-override>1</fallback-override> > <fallback-when-full>1</fallback-when-full> > <intro>/example_intro.ogg</intro--> > <hidden>0</hidden> > <public>0</public> > <authentication type="htpasswd"> > <option name="filename" > value="/var/log/icecast2/password"/> > <option name="allow_duplicate_users" value="0"/> > </authentication> > <http-headers> > <header name="Access-Control-Allow-Origin" > value="http://webplayer.example.org" /> > </http-headers> > <!--on-connect>/home/icecast/bin/stream-start</on-connect> > <on-disconnect>/home/icecast/bin/stream-stop</on-disconnect--> > </mount> > > > <fileserve>1</fileserve> > > <paths> > <!-- basedir is only used if chroot is enabled --> > <basedir>./</basedir> > > <!-- Note that if <chroot> is turned on below, these paths > must both > be relative to the new root, not the original root --> > <logdir>/var/log/icecast2</logdir> > <webroot>/usr/local/share/icecast/web</webroot> > <adminroot>/usr/local/share/icecast/admin</adminroot> > <!-- <pidfile>/usr/share/icecast/icecast.pid</pidfile> --> > > <!-- Aliases: treat requests for 'source' path as being for > 'dest' > path > May be made specific to a port or bound address using the > "port" > and "bind-address" attributes. > --> > <!-- > <alias source="/foo" destination="/bar"/> > --> > <!-- Aliases: can also be used for simple redirections as well, > this example will redirect all requests for > http://server:port/ > to > the status page > --> > <alias source="/" destination="/status.xsl"/> > <!-- The certificate file needs to contain both public and > private > part. > Both should be PEM encoded. > --> > <ssl-certificate>/var/log/icecast2/icecast.pem</ssl-certificate> > </paths> > > <logging> > <accesslog>access.log</accesslog> > <errorlog>error.log</errorlog> > <!-- <playlistlog>playlist.log</playlistlog> --> > <loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error --> > <logsize>10000</logsize> <!-- Max size of a logfile --> > <!-- If logarchive is enabled (1), then when logsize is reached > the logfile will be moved to > [error|access|playlist].log.DATESTAMP, > otherwise it will be moved to > [error|access|playlist].log.old. > Default is non-archive mode (i.e. overwrite) > --> > <!-- <logarchive>1</logarchive> --> > </logging> > > <security> > <chroot>0</chroot> > > <changeowner> > <user>icecast</user> > <group>icecast</group> > </changeowner> > > </security> > </icecast><?xml version="1.0" encoding="utf-8"?> > > > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org <mailto:Icecast at xiph.org> > http://lists.xiph.org/mailman/listinfo/icecast > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >