CentovaCast Enable SSL on icecast

Before you can get SSL work, you need to compile icecast with SSL. If icecast is not installed with SSL support, it will ignore settings and just serve the stream using non HTTPS.

To install Icecast with SSL support, download Icecast from

https://icecast.org/download/

cd /usr/local/src
wget http://downloads.xiph.org/releases/icecast/icecast-2.4.4.tar.gz
tar xvf icecast-2.4.4.tar.gz
cd icecast-2.4.4
./configure --prefix=/usr/serverok/icecast --with-curl --with-openssl

You need to verify SSL supported enabled. If you don’t have SSL support, you will see following error.

configure: SSL disabled!

If SSL enabled, you can verify it with

grep lssl config.status

You will see something like

[root@vmi173436 icecast-2.4.4]# grep lssl config.status
S["XIPH_LIBS"]=" -lssl -lcrypto  -lcurl   -lspeex  -ltheora  -lvorbis -logg  -L/usr/lib64 -lxslt -lxml2 -lz -ldl -lm "
[root@vmi173436 icecast-2.4.4]# 

If you get SSL disabled message, you need to install openssl-dev package

yum install -y openssl-devel

If SSL enabled, install icecast with

make
make install

Replace icecast provided with CentovaCast with

mv /usr/local/icecast/bin/icecast /usr/local/icecast/bin/icecast-old
ln -s /usr/serverok/icecast/bin/icecast /usr/local/icecast/bin/icecast

Enable SSL for stream

You need to edit icecast config for each user to do this. Config file stored at

vi /usr/local/centovacast/var/vhosts/USERNAME_HERE/etc/server.conf

Find

        8005

Replace with

	
		8005
	

	  
		9005   
		1
	

Here port 8005 is whatever port used by the stram. 9005 can be any unused port. It is better just use a port same format, so you know what port SSL will be running on.

Find

var/run/server.pid

Add Below

    /usr/local/centovacast/etc/ssl/icecast.pem
    ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

Now create a file

vi /usr/local/centovacast/etc/ssl/icecast.pem

Paste your SSL in following order

1) Your private key
2) Your SSL cert
3) CA Bundle

Change owner of the SSL cert file

chown ccuser:ccuser /usr/local/centovacast/etc/ssl/icecast.pem

Stop and start icecast in CentovaCast.

Here is a server.conf file for a user with SSL enabled.

https://gist.github.com/serverok/57ae398bb94aa61d9945f2405c73e221

See Centova Cast

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *