Icecast - Apr 2020 - icecast, ssl, windows environment

Hello,
Before writing here I really tried almost everything, reading the archives
here, the FAQ and dozens of more or less well commented online guides and
posts.

My environment is a Windows server, with IIS as web server (I know, blame
and flame on me, but this was available on my hands at the time). The
server is hosting several websites and an icecast 2.4.4 running an online
radio.

The radio on icecast can be listen through its website (on my server too)
with an html5 player.

Of course since end of january I started to have notifications from
listeners that were unable to hear anything due to Chrome browser update
and unsecure content (website is of course under SSL with its cert).

A patch has been forwarded by myself to the Chrome listeners by instructing
them how to allow the unsecure content from the radio's website in the
settings of chrome, then I started to find the solution.

As you of course know, the windows package of icecast 2.4.4 has no SSL
capability so I switched almost immediately into the proxy forward
solution. However no way as I'm not able to bind the SSL certificate to the
icecast streaming port (8002 in my case).

If you have any advice about a possible solution (even temporary) with a
windows and IIS environment, it would be highly appreciated. Otherwise, if
you know that it is literally impossible, simply tell me "no way" so I
simply stop struggling.

I have full access to the server so I can play with settings, install other
softwares and so on.

Thanks a lot, all the best to you.
Federico from Italy
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20200428/57bfb086/attachment.html>

Hi Federico, 

I run Icecast on Windows 10 serving over TLS (port 443).  I just
followed the documentation.  The one thing that was not so clear was how
to configure the PEM file:  It has to have the full chain and private
key in it. 

Justin

On 2020-04-28 15:35, Federico Miniussi wrote:
> Hello, 
> Before writing here I really tried almost everything, reading the archives
here, the FAQ and dozens of more or less well commented online guides and posts.
> 
> My environment is a Windows server, with IIS as web server (I know, blame
and flame on me, but this was available on my hands at the time). The server is
hosting several websites and an icecast 2.4.4 running an online radio.
> 
> The radio on icecast can be listen through its website (on my server too)
with an html5 player.
> 
> Of course since end of january I started to have notifications from
listeners that were unable to hear anything due to Chrome browser update and
unsecure content (website is of course under SSL with its cert).
> 
> A patch has been forwarded by myself to the Chrome listeners by instructing
them how to allow the unsecure content from the radio's website in the
settings of chrome, then I started to find the solution.
> 
> As you of course know, the windows package of icecast 2.4.4 has no SSL
capability so I switched almost immediately into the proxy forward solution.
However no way as I'm not able to bind the SSL certificate to the icecast
streaming port (8002 in my case).
> 
> If you have any advice about a possible solution (even temporary) with a
windows and IIS environment, it would be highly appreciated. Otherwise, if you
know that it is literally impossible, simply tell me "no way" so I
simply stop struggling.
> 
> I have full access to the server so I can play with settings, install other
softwares and so on.
> 
> Thanks a lot, all the best to you. 
> Federico from Italy 
> 
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20200428/73d11109/attachment.html>

Hello,
The icecast 2.4 is compatible with ssl, I use it here (windows server too).
Just set up your icecast to read your certificate (.pem).
you will only have to use a different port than the current one you use 
to hear. (8003)


SEE AN EXAMPLE OF MY CONFIGURATION:

<icecast>
     <location> XXXXXXXXX </location>
     <admin> XXXXX @ XXXXX </admin>
     <hostname> 127.0.0.1 </hostname>

     <limits>
         <clients> 100 </clients>
         <sources> 1 </sources>
         <queue-size> 524288 </queue-size>
         <client-timeout> 30 </client-timeout>
         <header-timeout> 15 </header-timeout>
         <source-timeout> 10 </source-timeout>
         <burst-on-connect> 1 </burst-on-connect>
         <burst-size> 65535 </burst-size>
     </limits>

     <authentication>
         <source-password> XXXXXXXX </source-password>
         <relay-password> XXXXXXXXXX </relay-password>
         <admin-user> XXXXXXXXXXX </admin-user>
         <admin-password> XXXXXXXXX </admin-password>
     </authentication>

     <listen-socket>
         <port> 8002 </port>
         <shoutcast-mount> / 8002 </shoutcast-mount>
     </listen-socket>


     <listen-socket>
         <port> 8003 </port> <--------- THIS WILL BE YOUR SSL
PORT
          <ssl> 1 </ssl>
    </listen-socket>


     <http-headers>
         <header name = "Access-Control-Allow-Origin" value =
"*" />
     </http-headers>


     <fileserve> 1 </fileserve>

     <paths>
         <logdir> .. \ log </logdir>
         <webroot> .. \ web </webroot>
         <adminroot> .. \ admin </adminroot>
         <ssl-certificate> .. \ ssl \ CERTIFICADO.PEM
</ssl-certificate>
         <alias source = "/" destination = "/ status.xsl"
/>
     </paths>

     <logging>
         <accesslog> - </accesslog>
         <errorlog> error.log </errorlog>
         <loglevel> 1 </loglevel> <! - 4 Debug, 3 Info, 2 Warn, 1
Error ->
         <logsize> 10000 </logsize> <! - Max size of a logfile
->
     </logging>
</icecast>


HOPE THIS HELPS

GOOD LUCK!!




Em 28/04/2020 17:35, Federico Miniussi escreveu:
> Hello,
> Before writing here I really tried almost everything, reading the 
> archives here, the FAQ and dozens of more or less well commented 
> online guides and posts.
>
> My environment is a Windows server, with IIS as web server (I know, 
> blame and flame on me, but this was available on my hands at the 
> time). The server is hosting several websites and an icecast 2.4.4 
> running an online radio.
>
> The radio on icecast can be listen through its website (on my server 
> too) with an html5 player.
>
> Of course since end of january I started to have notifications from 
> listeners that were unable to hear anything due to Chrome browser 
> update and unsecure content (website is of course under SSL with its 
> cert).
>
> A patch has been forwarded by myself to the Chrome listeners by 
> instructing them how to allow the unsecure content from the radio's 
> website in the settings of chrome, then I started to find the solution.
>
> As you of course know, the windows package of icecast 2.4.4 has no SSL 
> capability so I switched almost immediately into the proxy forward 
> solution. However no way as I'm not able to bind the SSL certificate 
> to the icecast streaming port (8002 in my case).
>
> If you have any advice about a possible solution (even temporary) with 
> a windows and IIS environment, it would be highly appreciated. 
> Otherwise, if you know that it is literally impossible, simply tell me 
> "no way" so I simply stop struggling.
>
> I have full access to the server so I can play with settings, install 
> other softwares and so on.
>
> Thanks a lot, all the best to you.
> Federico from Italy
>
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast

-- 
Este email foi escaneado pelo Avast antivírus.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20200428/2aa737d4/attachment.html>