Good afternoon, On Wed, 2021-06-16 at 09:27 +0800, kit wrote:> Hi Jordan, > > So does it matter if all authenticated mountpoints use the same port > eg 8000? >there is no need to build a second road when you got a second car. ;) Mountpoints are fully independent. If you need to ensure your friends do can not log into your mount point, then give them another password. That is what Jordan suggested. Using the default username of "source" is a good idea if you don't know the client, that is true. Authentication happens per-mount. So also no problem to have the same username for different mounts. (But using a username per user is surely nicer, e.g. when manually reading logs. :) With best regards,> > On 16/6/21 8:45 am, Jordan Erickson wrote: > > Hey Chris, > > > > That's not really how Icecast mountpoints work. You'd be much > > better > > off doing source level authentication per-mountpoint. Using > > different > > ports doesn't help your situation unless you're doing some fancy > > firewalling but if you have a username/password pair entered > > per-mountpoint in the config you can separate any number of > > mountpoints securely. Just note that some source clients (not sure > > about Mixxx, I use Cool Mic) only allow a 'source' username for > > connecting to Icecast. I believe you can still specify a password > > per-mountpoint without username. > > > > > > Cheers, > > Jordan Erickson > > > > > > On 6/15/21 5:19 PM, kit wrote: > > > Hi Geoff, > > > > > > My use case is that I have put an icecast server in the cloud. I > > > want > > > to stream my stuff on one port and let my friend stream their > > > stuff > > > on a different port. I would worry that if they accidentally > > > entered > > > the same port as mine in the source client (eg Mixxx) - eg > > > http://serverip:8000/mystream8000 and > > > http://serverip:8000/friendsstream8001- it would screw up both > > > our > > > streams. > > > > > > Basically I'm looking at this like a safety mechanism, > > > particularly > > > if I want to add a 3rd stream for another friend. > > > > > > Regards, > > > > > > Chris. > > > > > > On 14/6/21 6:00 pm, Geoff Shang wrote: > > > > On Mon, 14 Jun 2021, kit wrote: > > > > > > > > > Is it possible to assign specific ports to mountpoints in > > > > > such a > > > > > way that stream8001 can't use port 8000 but only work on port > > > > > 8001? > > > > > > > > I don't think so. > > > > > > > > YOu can set up mount aliases that are port-specific but I don't > > > > know > > > > of a way of preventing access to other mounts. > > > > > > > > So for example, you could put your streams on stream1 and > > > > stream2 > > > > and set up an alias called stream8000 which specifies port > > > > 8000 to point to stream1, and an alias stream8001 which is > > > > specific > > > > to port 8001 which points to stream2. > > > > > > > > Then you could publicise the aliases and hide the original > > > > mounts so > > > > in theory no-one should find them. But I don't think that > > > > you'd be > > > > able to prevent access to stream1 or stream2 on either port if > > > > someone actually did find them. > > > > > > > > I'm curious to know what your use case is. > > > >-- Philipp Schafft (CEO/Gesch?ftsf?hrer) Telephon: +49.3535 490 17 92 L?wenfelsen UG (haftungsbeschr?nkt) Registration number: Bickinger Stra?e 21 HRB 12308 CB 04916 Herzberg (Elster) VATIN/USt-ID: Germany DE305133015 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 523 bytes Desc: This is a digitally signed message part URL: <http://lists.xiph.org/pipermail/icecast/attachments/20210616/6792f152/attachment.sig>
Hi Philipp, So I can use several password secured mountpoints all on the single port 8000. Sounds easy. Thanks, Chris. On 16/6/21 7:03 pm, Philipp Schafft wrote:> Good afternoon, > > On Wed, 2021-06-16 at 09:27 +0800, kit wrote: >> Hi Jordan, >> >> So does it matter if all authenticated mountpoints use the same port >> eg 8000? >> > there is no need to build a second road when you got a second car. ;) > > Mountpoints are fully independent. If you need to ensure your friends > do can not log into your mount point, then give them another password. > That is what Jordan suggested. Using the default username of "source" > is a good idea if you don't know the client, that is true. > Authentication happens per-mount. So also no problem to have the same > username for different mounts. (But using a username per user is surely > nicer, e.g. when manually reading logs. :) > > With best regards, > > >> On 16/6/21 8:45 am, Jordan Erickson wrote: >>> Hey Chris, >>> >>> That's not really how Icecast mountpoints work. You'd be much >>> better >>> off doing source level authentication per-mountpoint. Using >>> different >>> ports doesn't help your situation unless you're doing some fancy >>> firewalling but if you have a username/password pair entered >>> per-mountpoint in the config you can separate any number of >>> mountpoints securely. Just note that some source clients (not sure >>> about Mixxx, I use Cool Mic) only allow a 'source' username for >>> connecting to Icecast. I believe you can still specify a password >>> per-mountpoint without username. >>> >>> >>> Cheers, >>> Jordan Erickson >>> >>> >>> On 6/15/21 5:19 PM, kit wrote: >>>> Hi Geoff, >>>> >>>> My use case is that I have put an icecast server in the cloud. I >>>> want >>>> to stream my stuff on one port and let my friend stream their >>>> stuff >>>> on a different port. I would worry that if they accidentally >>>> entered >>>> the same port as mine in the source client (eg Mixxx) - eg >>>> http://serverip:8000/mystream8000 and >>>> http://serverip:8000/friendsstream8001- it would screw up both >>>> our >>>> streams. >>>> >>>> Basically I'm looking at this like a safety mechanism, >>>> particularly >>>> if I want to add a 3rd stream for another friend. >>>> >>>> Regards, >>>> >>>> Chris. >>>> >>>> On 14/6/21 6:00 pm, Geoff Shang wrote: >>>>> On Mon, 14 Jun 2021, kit wrote: >>>>> >>>>>> Is it possible to assign specific ports to mountpoints in >>>>>> such a >>>>>> way that stream8001 can't use port 8000 but only work on port >>>>>> 8001? >>>>> I don't think so. >>>>> >>>>> YOu can set up mount aliases that are port-specific but I don't >>>>> know >>>>> of a way of preventing access to other mounts. >>>>> >>>>> So for example, you could put your streams on stream1 and >>>>> stream2 >>>>> and set up an alias called stream8000 which specifies port >>>>> 8000 to point to stream1, and an alias stream8001 which is >>>>> specific >>>>> to port 8001 which points to stream2. >>>>> >>>>> Then you could publicise the aliases and hide the original >>>>> mounts so >>>>> in theory no-one should find them. But I don't think that >>>>> you'd be >>>>> able to prevent access to stream1 or stream2 on either port if >>>>> someone actually did find them. >>>>> >>>>> I'm curious to know what your use case is. >>>>> > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20210617/9721acf5/attachment.htm>