subscription at nextdial.com.br
2018-Aug-13 11:54 UTC
[Icecast] Icecast Digest, Vol 170, Issue 8
Thanks for the help Thomas. It worked. Best, Thiago ---------------------------------------- De: icecast-request at xiph.org Enviado: domingo, 12 de agosto de 2018 09:00 Para: icecast at xiph.org Assunto: Icecast Digest, Vol 170, Issue 8 Send Icecast mailing list submissions to icecast at xiph.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.xiph.org/mailman/listinfo/icecast or, via email, send a message with subject or body 'help' to icecast-request at xiph.org You can reach the person managing the list at icecast-owner at xiph.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Icecast digest..." Today's Topics: 1. Help to enable SSL (subscription at nextdial.com.br) 2. Re: Help to enable SSL (Thomas B. Rücker) 3. Re: Help to enable SSL (Thomas B. Rücker) ---------------------------------------------------------------------- Message: 1 Date: Sat, 11 Aug 2018 23:04:12 -0300 From: "subscription at nextdial.com.br" <subscription at nextdial.com.br> To: <icecast at xiph.org> Subject: [Icecast] Help to enable SSL Message-ID: <7bbe79b1db49481eb462ca4d0ce66e13 at nextdial.com.br> Content-Type: text/plain; charset="utf-8" Hello, At a test VPS running Ubuntu 16.04 LTS I did this: sudo apt-get update sudo add-apt-repository ppa:certbot/certbot sudo apt-get install certbot sudo apt-get install icecast2 sudo certbot certonly --standalone -d domain.com cat cert.pem privkey.pem | sudo tee /etc/icecast2/icecast.pem sudo vi /etc/icecast2/icecast.xml <listen-socket> <port>8443</port> <ssl>1</ssl> </listen-socket> <ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate> sudo chown icecast2:icecast /etc/icecast2/icecast.pem sudo /etc/init.d/icecast2 restart After that, I have this at the log: [2018-08-12 01:47:07] INFO stats/_stats_thread stats thread started [2018-08-12 01:47:07] INFO main/main Icecast 2.4.2 server started [2018-08-12 01:47:07] INFO connection/get_ssl_certificate No SSL capability [2018-08-12 01:47:07] INFO yp/yp_update_thread YP update thread started I tried restart the VPS and a lot of things (change the order of the pem creation, etc), all with no success. What I am doing wrong? Best, Thiago -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180811/680c713f/attachment-0001.html> ------------------------------ Message: 2 Date: Sun, 12 Aug 2018 06:55:00 +0000 From: Thomas B. Rücker <thomas at ruecker.fi> To: icecast at xiph.org Subject: Re: [Icecast] Help to enable SSL Message-ID: <30871e4d-d694-719d-d2a2-ea65769b8ad7 at ruecker.fi> Content-Type: text/plain; charset=windows-1252 Hi, On 08/12/2018 02:04 AM, subscription at nextdial.com.br wrote: > Hello, > > At a test VPS running Ubuntu 16.04 LTS I did this: > > 1. sudo apt-get update > 2. sudo add-apt-repository ppa:certbot/certbot > 3. sudo apt-get install certbot > You'll need an additional step at this point, see below. > 1. sudo apt-get install icecast2 > 2. sudo certbot certonly --standalone -d domain.com > 3. cat cert.pem privkey.pem | sudo tee /etc/icecast2/icecast.pem > 4. sudo vi /etc/icecast2/icecast.xml > 5. <listen-socket> > <port>8443</port> > <ssl>1</ssl> > </listen-socket> > <ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate> > 6. sudo chown icecast2:icecast /etc/icecast2/icecast.pem > 7. sudo /etc/init.d/icecast2 restart > > > After that, I have this at the log: > > [2018-08-12 01:47:07] INFO stats/_stats_thread stats thread started > [2018-08-12 01:47:07] INFO main/main Icecast 2.4.2 server started > [2018-08-12 01:47:07] INFO connection/get_ssl_certificate No SSL > capability > [2018-08-12 01:47:07] INFO yp/yp_update_thread YP update thread started > This is because Debian (and Ubuntu, as they recycle the same packaging) refuse to compile Icecast (and other software) with openSSL support for political reasons. > What I am doing wrong > You didn't do anything wrong as such. You just didn't know that there are additional steps if you need TLS support. The official Xiph.org packages are built with openSSL support: https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) $ curl https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key >/tmp/multimedia-obs.key $ gpg /tmp/multimedia-obs.key It should yield: pub rsa2048 2017-11-21 [SC] [expires: 2020-01-30] 0E313DB7936B4E76E720065B77EC2301F23C6AA3 uid multimedia OBS Project $ sudo apt-key add /tmp/multimedia-obs.key $ sudo sh -c "echo deb http://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/ ./ >>/etc/apt/sources.list.d/icecast.list" $ sudo apt-get update $ sudo apt-get install icecast2 Make sure it downloads the package from an OBS address and not from an ubuntu.com or mirror. (Newer versions like 18.04 require an explicit version or other tricks at the moment: sudo apt-get install icecast2/2.4.2-2 ) At this point your server should already be running the Xiph.org build of Icecast and port 8443 should answer to HTTPS. If you would prefer to listen to the standard port of 443, please follow these additional directions: http://lists.xiph.org/pipermail/icecast/2015-February/013198.html Under no circumstances you should try to reverse proxy Icecast 2.4.x - while one can make it mostly work, it is far from trivial to set things up in a way that will avoid most of the corner cases. Most famously, taking down your webserver. Cheers, Thomas ------------------------------ Message: 3 Date: Sun, 12 Aug 2018 07:09:37 +0000 From: Thomas B. Rücker <thomas at ruecker.fi> To: icecast at xiph.org Subject: Re: [Icecast] Help to enable SSL Message-ID: <cb36b5eb-6b3b-beab-79e2-e4f88463d563 at ruecker.fi> Content-Type: text/plain; charset=utf-8 On 08/12/2018 06:55 AM, Thomas B. Rücker wrote: > >> What I am doing wrong >> > You didn't do anything wrong as such. You just didn't know that there > are additional steps if you need TLS support. > The official Xiph.org packages are built with openSSL support: > https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories) This one got munged: > $ curl > https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key >> /tmp/multimedia-obs.key That should be: curl https://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_16.04/Release.key \ -o /tmp/multimedia-obs.key TBR ------------------------------ Subject: Digest Footer _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast ------------------------------ End of Icecast Digest, Vol 170, Issue 8 *************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180813/8afc0796/attachment.html>