CentovaCast Enable SSL on icecast
Before you can get SSL work, you need to compile icecast with SSL. If icecast is not installed with SSL support, it will ignore
To install Icecast with SSL support, download Icecast from
1 2 3 4 5 |
cd /usr/local/src wget http://downloads.xiph.org/releases/icecast/icecast-2.4.4.tar.gz tar xvf icecast-2.4.4.tar.gz cd icecast-2.4.4 ./configure --prefix=/usr/serverok/icecast --with-curl --with-openssl |
You need to verify SSL supported enabled. If you don’t have SSL support, you will see following error.
1 |
configure: SSL disabled! |
If SSL enabled, you can verify it with
1 |
grep lssl config.status |
You will see something like
1 2 3 |
[root@vmi173436 icecast-2.4.4]# grep lssl config.status S["XIPH_LIBS"]=" -lssl -lcrypto -lcurl -lspeex -ltheora -lvorbis -logg -L/usr/lib64 -lxslt -lxml2 -lz -ldl -lm " [root@vmi173436 icecast-2.4.4]# |
If you get SSL disabled message, you need to install openssl-dev package
1 |
yum install -y openssl-devel |
If SSL enabled, install icecast with
1 2 |
make make install |
Replace icecast provided with CentovaCast with
1 2 |
mv /usr/local/icecast/bin/icecast /usr/local/icecast/bin/icecast-old ln -s /usr/serverok/icecast/bin/icecast /usr/local/icecast/bin/icecast |
Enable SSL for stream
You need to edit icecast config for each user to do this. Config file stored at
1 |
vi /usr/local/centovacast/var/vhosts/USERNAME_HERE/etc/server.conf |
Find
1 |
<port>8005</port> |
Replace with
1 2 3 4 5 6 7 8 |
<listen-socket> <port>8005</port> </listen-socket> <listen-socket> <port>9005</port> <ssl>1</ssl> </listen-socket> |
Here port 8005 is whatever port used by the stram. 9005 can be any unused port. It is better just use a port same format, so you know what port SSL will be running on.
Find
1 |
<pidfile>var/run/server.pid</pidfile> |
Add Below
1 2 |
<ssl-certificate>/usr/local/centovacast/etc/ssl/icecast.pem</ssl-certificate> <ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers> |
Now create a file
1 |
vi /usr/local/centovacast/etc/ssl/icecast.pem |
Paste your SSL in following order
1 2 3 |
1) Your private key 2) Your SSL cert 3) CA Bundle |
Change owner of the SSL cert file
1 |
chown ccuser:ccuser /usr/local/centovacast/etc/ssl/icecast.pem |
Stop and start icecast in CentovaCast.
Here is a server.conf file for a user with SSL enabled.
https://gist.github.com/serverok/57ae398bb94aa61d9945f2405c73e221
See Centova Cast