Hello, sorry for all these questions, but there is a great news, this is the last! ... of the day :-) So: I run nvRadio on port 8000, that is a problem for all people that are at work, behind firewall or protected environment. So, I thought that a proxy can be the solution for streaming on port 80. I enabled the apache2 proxy and, yes, if I type: www.nvapple.it/stream the stream is ok also now that I am on my office, on port80! The problem is that if I look at the IP of people that are connected, visiting icecast's admin panel, I see always the ip of my machine, and it is unfortunately right, because they are listening through apache2 proxy. On my proxy.conf, I put: *** ProxyPass /stream http://www.nvapple.it:8000/stream ProxyPassReverse /stream http://www.nvapple.it:8000/stream *** Do you know other solutions that can show me the ip of people or this is the right one? Thank you!
I use iptables to either redirect the port packages iptables -A PREROUTING -t nat -p tcp -d 192.168.2.32 --dport 80 -j REDIRECT --to-port 8000 Em 2015-02-25 07:49, Simone Dal Maso escreveu:> Hello, > sorry for all these questions, but there is a great news, this is the > last! ... of the day :-) > > So: > I run nvRadio on port 8000, that is a problem for all people that are > at > work, behind firewall or protected environment. > So, I thought that a proxy can be the solution for streaming on port > 80. > I enabled the apache2 proxy and, yes, if I type: > www.nvapple.it/stream > > the stream is ok also now that I am on my office, on port80! > > The problem is that if I look at the IP of people that are connected, > visiting icecast's admin panel, I see always the ip of my machine, and > it is unfortunately right, because they are listening through apache2 > proxy. > > On my proxy.conf, I put: > *** > ProxyPass /stream http://www.nvapple.it:8000/stream > > > > > > ProxyPassReverse /stream http://www.nvapple.it:8000/stream > > > > *** > Do you know other solutions that can show me the ip of people or this > is > the right one? > Thank you! > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast
Hi, On 02/25/2015 10:49 AM, Simone Dal Maso wrote:> Hello, > sorry for all these questions, but there is a great news, this is the > last! ... of the day :-) > > So: > I run nvRadio on port 8000, that is a problem for all people that are at > work, behind firewall or protected environment. > So, I thought that a proxy can be the solution for streaming on port 80. > I enabled the apache2 proxy and, yes, if I type: > www.nvapple.it/streamThe answer is: DO NOT UNLESS YOU FULLY UNDERSTAND THE IMPLICATIONS! If you have to ask yourself "what are the implications?", you don't. You can easily kill your web server and other things can break too. Icecast explicitly does NOT support being reverse proxied! We recommend to bind Icecast directly (start as root, use changowner) to port 80 on a separate IP address.> the stream is ok also now that I am on my office, on port80! > > The problem is that if I look at the IP of people that are connected, > visiting icecast's admin panel, I see always the ip of my machine, and > it is unfortunately right, because they are listening through apache2 > proxy. [...] > Do you know other solutions that can show me the ip of people or this is > the right one?As Icecast does not support being reverse proxied, it will only show and log the IP of the reverse proxy. We are considering to make Icecast more reverse proxy friendly, but the inherent risks of a reverse proxy setup remain. https://trac.xiph.org/ticket/1959 https://trac.xiph.org/ticket/1851 Cheers Thomas
On 02/25/2015 11:07 AM, Rafael Gomes wrote:> I use iptables to either redirect the port packages > > iptables -A PREROUTING -t nat -p tcp -d 192.168.2.32 --dport 80 -j > REDIRECT --to-port 8000I do NOT recommend this. This tends to break in obscure ways, just as reverse-proxies. Icecast will happily listen on port 80 directly. There are people who claim that it isn't possible, but that's because they aren't capable to reverse the distro packaging breakage. All it takes is to start the process as root and use the <changeowner> directive to pass the information to which user to pivot after claiming the privileged port. Cheers Thomas
Il 25/02/2015 12:09, "Thomas B. R?cker" ha scritto:> DO NOT UNLESS YOU FULLY UNDERSTAND THE IMPLICATIONS! > If you have to ask yourself "what are the implications?", you don't. > You can easily kill your web server and other things can break too. > Icecast explicitly does NOT support being reverse proxied!Oh, ok... I'm going to remove all public link from my website and replace with port 8000. But for now I have no will to purchase another linode server that run only for the webradio, also if it is the best solution. I think that I will protect the page with a username and password, so only me and my team can use the port80, because otherwise it is impossible listen it at work. So the access to that resource will be protected. Hope it is better... and thank you!