Icecast - Aug 2018 - Icecast Digest, Vol 170, Issue 8

Thanks for the help Thomas.
  
 It worked.
  
  
 Best,
 Thiago
  
  
  

----------------------------------------
 De: icecast-request at xiph.org
Enviado: domingo, 12 de agosto de 2018 09:00
Para: icecast at xiph.org
Assunto: Icecast Digest, Vol 170, Issue 8   
Send Icecast mailing list submissions to icecast at xiph.org To subscribe or
unsubscribe via the World Wide Web, visit
http://lists.xiph.org/mailman/listinfo/icecast or, via email, send a message
with subject or body 'help' to icecast-request at xiph.org You can reach
the person managing the list at icecast-owner at xiph.org When replying, please
edit your Subject line so it is more specific than "Re: Contents of Icecast
digest..." Today's Topics: 1. Help to enable SSL (subscription at
nextdial.com.br) 2. Re: Help to enable SSL (Thomas B. Rücker) 3. Re: Help to
enable SSL (Thomas B. Rücker)
---------------------------------------------------------------------- Message:
1 Date: Sat, 11 Aug 2018 23:04:12 -0300 From: "subscription at
nextdial.com.br" <subscription at nextdial.com.br> To: <icecast at
xiph.org> Subject: [Icecast] Help to enable SSL Message-ID:
<7bbe79b1db49481eb462ca4d0ce66e13 at nextdial.com.br> Content-Type:
text/plain; charset="utf-8" Hello, At a test VPS running Ubuntu 16.04
LTS I did this: sudo apt-get update sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot sudo apt-get install icecast2 sudo certbot certonly
--standalone -d domain.com cat cert.pem privkey.pem | sudo tee
/etc/icecast2/icecast.pem sudo vi /etc/icecast2/icecast.xml
<listen-socket> <port>8443</port> <ssl>1</ssl>
</listen-socket>
<ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate> sudo
chown icecast2:icecast /etc/icecast2/icecast.pem sudo /etc/init.d/icecast2
restart After that, I have this at the log: [2018-08-12 01:47:07] INFO
stats/_stats_thread stats thread started [2018-08-12 01:47:07] INFO main/main
Icecast 2.4.2 server started [2018-08-12 01:47:07] INFO
connection/get_ssl_certificate No SSL capability [2018-08-12 01:47:07] INFO
yp/yp_update_thread YP update thread started I tried restart the VPS and a lot
of things (change the order of the pem creation, etc), all with no success. What
I am doing wrong? Best, Thiago -------------- next part -------------- An HTML
attachment was scrubbed... URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180811/680c713f/attachment-0001.html>
------------------------------ Message: 2 Date: Sun, 12 Aug 2018 06:55:00 +0000
From: Thomas B. Rücker <thomas at ruecker.fi> To: icecast at xiph.org
Subject: Re: [Icecast] Help to enable SSL Message-ID:
<30871e4d-d694-719d-d2a2-ea65769b8ad7 at ruecker.fi> Content-Type:
text/plain; charset=windows-1252 Hi, On 08/12/2018 02:04 AM, subscription at
nextdial.com.br wrote: > Hello, >   > At a test VPS running Ubuntu
16.04 LTS I did this: > > 1. sudo apt-get update > 2. sudo
add-apt-repository ppa:certbot/certbot > 3. sudo apt-get install certbot >
You'll need an additional step at this point, see below. > 1. sudo
apt-get install icecast2 > 2. sudo certbot certonly --standalone -d
domain.com > 3. cat cert.pem privkey.pem | sudo tee /etc/icecast2/icecast.pem
> 4. sudo vi /etc/icecast2/icecast.xml > 5. <listen-socket> >    
<port>8443</port> >     <ssl>1</ssl> >
</listen-socket> >
<ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate> > 6.
sudo chown icecast2:icecast /etc/icecast2/icecast.pem > 7. sudo
/etc/init.d/icecast2 restart > >   > After that, I have this at the
log: >   > [2018-08-12  01:47:07] INFO stats/_stats_thread stats thread
started > [2018-08-12  01:47:07] INFO main/main Icecast 2.4.2 server started
> [2018-08-12  01:47:07] INFO connection/get_ssl_certificate No SSL >
capability > [2018-08-12  01:47:07] INFO yp/yp_update_thread YP update thread
started >   This is because Debian (and Ubuntu, as they recycle the same
packaging) refuse to compile Icecast (and other software) with openSSL support
for political reasons. > What I am doing wrong > You didn't do
anything wrong as such. You just didn't know that there are additional steps
if you need TLS support. The official Xiph.org packages are built with openSSL
support:
https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
$ curl
https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key
>/tmp/multimedia-obs.key $ gpg /tmp/multimedia-obs.key It should yield: pub
rsa2048 2017-11-21 [SC] [expires: 2020-01-30]
0E313DB7936B4E76E720065B77EC2301F23C6AA3 uid multimedia OBS Project $ sudo
apt-key add /tmp/multimedia-obs.key $ sudo sh -c "echo deb
http://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/ ./
>>/etc/apt/sources.list.d/icecast.list" $ sudo apt-get update $ sudo
apt-get install icecast2 Make sure it downloads the package from an OBS address
and not from an ubuntu.com or mirror. (Newer versions like 18.04 require an
explicit version or other tricks at the moment: sudo apt-get install
icecast2/2.4.2-2 ) At this point your server should already be running the
Xiph.org build of Icecast and port 8443 should answer to HTTPS. If you would
prefer to listen to the standard port of 443, please follow these additional
directions: http://lists.xiph.org/pipermail/icecast/2015-February/013198.html
Under no circumstances you should try to reverse proxy Icecast 2.4.x - while one
can make it mostly work, it is far from trivial to set things up in a way that
will avoid most of the corner cases. Most famously, taking down your webserver.
Cheers, Thomas ------------------------------ Message: 3 Date: Sun, 12 Aug 2018
07:09:37 +0000 From: Thomas B. Rücker <thomas at ruecker.fi> To: icecast
at xiph.org Subject: Re: [Icecast] Help to enable SSL Message-ID:
<cb36b5eb-6b3b-beab-79e2-e4f88463d563 at ruecker.fi> Content-Type:
text/plain; charset=utf-8 On 08/12/2018 06:55 AM, Thomas B. Rücker wrote: >
>> What I am doing wrong >> > You didn't do anything wrong as
such. You just didn't know that there > are additional steps if you need
TLS support. > The official Xiph.org packages are built with openSSL support:
>
https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
This one got munged: > $ curl >
https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key
>> /tmp/multimedia-obs.key That should be: curl
https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key
\ -o /tmp/multimedia-obs.key TBR ------------------------------ Subject: Digest
Footer _______________________________________________ Icecast mailing list
Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast
------------------------------ End of Icecast Digest, Vol 170, Issue 8
***************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180813/8afc0796/attachment.html>