On ubuntu server running icecast, when i try enable SSL as per CentovaCast Enable SSL on icecast, i get following error
connection/get_ssl_certificate No SSL capability
I don’t compile my own icecast installation as it use Ubunu version of icecast, that get updated using apt.
Instead of getting icecast serve steam using SSL, i installed Nginx, and proxy traffic from SSL port to icecast.
Install nginx with
apt install nginx
remove default server entry
rm -f /etc/nginx/sites-enabled/default
Create file
vi /etc/nginx/sites-enabled/stream.comf
Add
server { listen 9000 ssl; server_name icecast.serverok.in; root /var/www/html; ssl_certificate /etc/letsencrypt/live/icecast.serverok.in/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/icecast.serverok.in/privkey.pem; client_max_body_size 100M; proxy_read_timeout 600s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8000; } }
In above configuration
ssl_certificate /etc/letsencrypt/live/icecast.serverok.in/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/icecast.serverok.in/privkey.pem;
is the SSL i already have on server. Replace it with path to SSL certifciate on your server. If you don’t have an SSL, you need to purcahse one or get a free SSL using LetsEncrypt.
Restart Nginx
systemctl restart nginx
Now stream on port 8000 will work using HTTPS on port 9000.
Modify ports as required.
If you use Free LetsEncrypt SSL, you may need to add a cronjob to auto reastart nginx when SSL get updated.
crontab -e
Add
@weekly systemctl restart nginx
Leave a Reply