Enable SSL for icecast steam using nginx
On ubuntu server running icecast, when i try enable SSL as per CentovaCast Enable SSL on icecast, i get following error
1 |
connection/get_ssl_certificate No SSL capability |
I don’t compile my own icecast installation as it use Ubunu version of icecast, that get updated using apt.
Instead of getting icecast serve steam using SSL, i installed Nginx, and proxy traffic from SSL port to icecast.
Install nginx with
1 |
apt install nginx |
remove default server entry
1 |
rm -f /etc/nginx/sites-enabled/default |
Create file
1 |
vi /etc/nginx/sites-enabled/stream.comf |
Add
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
server { listen 9000 ssl; server_name icecast.serverok.in; root /var/www/html; ssl_certificate /etc/letsencrypt/live/icecast.serverok.in/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/icecast.serverok.in/privkey.pem; client_max_body_size 100M; proxy_read_timeout 600s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8000; } } |
In above configuration
1 2 |
ssl_certificate /etc/letsencrypt/live/icecast.serverok.in/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/icecast.serverok.in/privkey.pem; |
is the SSL i already have on server. Replace it with path to SSL certifciate on your server. If you don’t have an SSL, you need to purcahse one or get a free SSL using LetsEncrypt.
Restart Nginx
1 |
systemctl restart nginx |
Now stream on port 8000 will work using HTTPS on port 9000.
Modify ports as required.
If you use Free LetsEncrypt SSL, you may need to add a cronjob to auto reastart nginx when SSL get updated.
1 |
crontab -e |
Add
1 |
@weekly systemctl restart nginx |