CentovaCast Enable SSL on icecast

Before you can get SSL work, you need to compile icecast with SSL. If icecast is not installed with SSL support, it will ignore settings and just serve the stream using non HTTPS.

To install Icecast with SSL support, download Icecast from

https://icecast.org/download/

cd /usr/local/src
wget http://downloads.xiph.org/releases/icecast/icecast-2.4.4.tar.gz
tar xvf icecast-2.4.4.tar.gz
cd icecast-2.4.4
./configure --prefix=/usr/serverok/icecast --with-curl --with-openssl

cd /usr/local/src

wget http://downloads.xiph.org/releases/icecast/icecast-2.4.4.tar.gz

tar xvf icecast-2.4.4.tar.gz

cd icecast-2.4.4

./configure --prefix=/usr/serverok/icecast --with-curl --with-openssl

You need to verify SSL supported enabled. If you don’t have SSL support, you will see following error.

configure: SSL disabled!

1	configure: SSL disabled!

If SSL enabled, you can verify it with

grep lssl config.status

1	grep lssl config.status

You will see something like

[root@vmi173436 icecast-2.4.4]# grep lssl config.status
S["XIPH_LIBS"]=" -lssl -lcrypto  -lcurl   -lspeex  -ltheora  -lvorbis -logg  -L/usr/lib64 -lxslt -lxml2 -lz -ldl -lm "
[root@vmi173436 icecast-2.4.4]#

[root@vmi173436 icecast-2.4.4]# grep lssl config.status

S["XIPH_LIBS"]=" -lssl -lcrypto -lcurl -lspeex -ltheora -lvorbis -logg -L/usr/lib64 -lxslt -lxml2 -lz -ldl -lm "

[root@vmi173436 icecast-2.4.4]#

If you get SSL disabled message, you need to install openssl-dev package

yum install -y openssl-devel

1	yum install -y openssl-devel

If SSL enabled, install icecast with

make
make install

1 2	make make install

Replace icecast provided with CentovaCast with

mv /usr/local/icecast/bin/icecast /usr/local/icecast/bin/icecast-old
ln -s /usr/serverok/icecast/bin/icecast /usr/local/icecast/bin/icecast

1 2	mv /usr/local/icecast/bin/icecast /usr/local/icecast/bin/icecast-old ln -s /usr/serverok/icecast/bin/icecast /usr/local/icecast/bin/icecast

Enable SSL for stream

You need to edit icecast config for each user to do this. Config file stored at

vi /usr/local/centovacast/var/vhosts/USERNAME_HERE/etc/server.conf

1	vi /usr/local/centovacast/var/vhosts/USERNAME_HERE/etc/server.conf

Find

        <port>8005</port>

1	<port>8005</port>

Replace with

	<listen-socket>
		<port>8005</port>
	</listen-socket>

	<listen-socket>  
		<port>9005</port>   
		<ssl>1</ssl>
	</listen-socket>

<listen-socket>

</listen-socket>

<listen-socket>

</listen-socket>

Here port 8005 is whatever port used by the stram. 9005 can be any unused port. It is better just use a port same format, so you know what port SSL will be running on.

Find

<pidfile>var/run/server.pid</pidfile>

1	<pidfile>var/run/server.pid</pidfile>

Add Below

    <ssl-certificate>/usr/local/centovacast/etc/ssl/icecast.pem</ssl-certificate>
    <ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers>

1 2	<ssl-certificate>/usr/local/centovacast/etc/ssl/icecast.pem</ssl-certificate> <ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers>

Now create a file

vi /usr/local/centovacast/etc/ssl/icecast.pem

1	vi /usr/local/centovacast/etc/ssl/icecast.pem

Paste your SSL in following order

1) Your private key
2) Your SSL cert
3) CA Bundle

1) Your private key

2) Your SSL cert

3) CA Bundle

Change owner of the SSL cert file

chown ccuser:ccuser /usr/local/centovacast/etc/ssl/icecast.pem

1	chown ccuser:ccuser /usr/local/centovacast/etc/ssl/icecast.pem

Stop and start icecast in CentovaCast.

Here is a server.conf file for a user with SSL enabled.

https://gist.github.com/serverok/57ae398bb94aa61d9945f2405c73e221

See Centova Cast

Leave a Reply Cancel reply