Enable SSL for icecast steam using nginx

On ubuntu server running icecast, when i try enable SSL as per CentovaCast Enable SSL on icecast, i get following error

connection/get_ssl_certificate No SSL capability

I don’t compile my own icecast installation as it use Ubunu version of icecast, that get updated using apt.

Instead of getting icecast serve steam using SSL, i installed Nginx, and proxy traffic from SSL port to icecast.

Install nginx with

apt install nginx

remove default server entry

rm -f /etc/nginx/sites-enabled/default

Create file

vi /etc/nginx/sites-enabled/stream.comf

Add

server {
    listen       9000 ssl;
    server_name  icecast.serverok.in;
    root         /var/www/html;
    ssl_certificate /etc/letsencrypt/live/icecast.serverok.in/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/icecast.serverok.in/privkey.pem;

    client_max_body_size 100M;
    proxy_read_timeout 600s;
    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8000;
    }
}

In above configuration

    ssl_certificate /etc/letsencrypt/live/icecast.serverok.in/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/icecast.serverok.in/privkey.pem;

is the SSL i already have on server. Replace it with path to SSL certifciate on your server. If you don’t have an SSL, you need to purcahse one or get a free SSL using LetsEncrypt.

Restart Nginx

systemctl restart nginx

Now stream on port 8000 will work using HTTPS on port 9000.

Modify ports as required.

If you use Free LetsEncrypt SSL, you may need to add a cronjob to auto reastart nginx when SSL get updated.

crontab -e

Add

@weekly systemctl restart nginx

See Icecast, Nginx

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *