Centova Technologies Forum

Centova Cast v3 => Feature requests => Topic started by: RadioMedia on September 09, 2019, 01:19:22 am

Title: Icecast SSL Default
Post by: RadioMedia on September 09, 2019, 01:19:22 am
So I have tried to set this up manually with no success and following every guide on here.

I really need SSL for icecast and shoutcast since our website is SSL by default and us playinf the stream via our website automatically is making our website through an SSL error saying that not all the content is SSL.

Can someone please do a youtube video on setting this up as the written docs are not working.
Or can centova just make this default so that its an option in the admin panel to make the stream SSL.

Here is my icecast.xml

<icecast>
  <location>Earth</location>
  <admin>icemaster@localhost</admin>
  <limits>
    <clients>1000</clients>
    <sources>3</sources>
    <threadpool>5</threadpool>
    <queue-size>524288</queue-size>
    <client-timeout>30</client-timeout>
    <header-timeout>15</header-timeout>
    <source-timeout>10</source-timeout>
    <!-- If enabled, this will provide a burst of data when a client
          first connects, thereby significantly reducing the startup
          time for listeners that do substantial buffering. However,
          it also significantly increases latency between the source
          client and listening client.  For low-latency setups, you
          might want to disable this. -->
          <burst-on-connect>1</burst-on-connect>
    <!-- same as burst-on-connect, but this allows for being more
          specific on how much to burst. Most people won't need to
          change from the default 64k. Applies to all mountpoints  -->
          <burst-size>65535</burst-size>
  </limits>

  <authentication>
    <!-- Sources log in with username 'source' -->
          <source-password>XXXXXXX</source-password>
    <!-- Relays log in username 'relay' -->
          <relay-password>XXXXXXXX</relay-password>
    <!-- Admin logs in with the username given below -->
          <admin-user>admin</admin-user>
    <admin-password>XXXXXXX</admin-password>
  </authentication>

  <!-- Uncomment this if you want directory listings -->
     <!--
   <directory>
      <yp-url-timeout>15</yp-url-timeout>
      <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
   </directory>
   <directory>
      <yp-url-timeout>15</yp-url-timeout>
      <yp-url>http://www.oddsock.org/cgi-bin/yp-cgi</yp-url>
   </directory>
    -->

     <!-- {%comment-open-if:icecast.directory.yp-url==""%} -->
  <directory>
    <yp-url-timeout>15</yp-url-timeout>
    <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
  </directory>
  <!-- {%comment-close-if:icecast.directory.yp-url==""%} -->

  <!-- This is the hostname other people will use to connect to your server.
   It affects mainly the urls generated by Icecast for playlists and yp
   listings. -->
     <hostname>stream.radiomedia.com.au</hostname>
  <!-- You can use these two if you only want a single listener -->
<!--     <port>8003</port>
<!--     <bind-address>139.59.108.222</bind-address>
  <!-- You may have multiple <listener> elements -->
   
  <listen-socket>
    <port>8003</port>
    <ssl>0</ssl>
  </listen-socket>
   
  <listen-socket>
    <port>8050</port>
    <ssl>1</ssl>
  </listen-socket>
  <!--
   <listen-socket>
      <port>8001</port>
   </listen-socket>
   -->

     <!-- {%comment-open-if:icecast.master-server==""%} --> <!--
  <relays-on-demand>0</relays-on-demand>
  <master-server></master-server>
  <master-server-port></master-server-port>
  <master-update-interval></master-update-interval>
  <master-password></master-password>
  --> <!-- {%comment-close-if:icecast.master-server==""%} -->

  <!-- {%comment-open-if:icecast.relay.server==""%} --> <!--
  <relay>
    <server></server>
    <port></port>
    <mount></mount>
    <local-mount></local-mount>
    <username></username>
    <password></password>
    <relay-shoutcast-metadata>0</relay-shoutcast-metadata>
    <on-demand>0</on-demand>
  </relay>
  --> <!-- {%comment-close-if:icecast.relay.server==""%} -->

  <!-- Only define a <mount> section if you want to use advanced options,
       like alternative usernames or passwords -->
     <mount cc="main">
    <bitrate>128</bitrate>
    <mount-name>/stream</mount-name>
    <fallback-mount>/live</fallback-mount>
    <fallback-override>1</fallback-override>
    <fallback-when-full>0</fallback-when-full>
    <public>0</public>
  </mount>

  <mount cc="live">
    <mount-name>/live</mount-name>
    <intro></intro>
    <fallback-mount>/autodj</fallback-mount>
    <fallback-override>1</fallback-override>
    <fallback-when-full>0</fallback-when-full>
    <public>0</public>
    <bitrate>128</bitrate>
  </mount>

  <mount cc="autodj">
    <mount-name>/autodj</mount-name>
    <intro></intro>
    <fallback-mount></fallback-mount>
    <fallback-override>1</fallback-override>
    <fallback-when-full>0</fallback-when-full>
    <charset>UTF-8</charset>
    <public>0</public>
    <bitrate>128</bitrate>
  </mount>

  <fileserve>1</fileserve>
  <!-- set the mountpoint for a shoutcast source to use, the default if not
       specified is /stream but you can change it here if an alternative is
       wanted or an extension is required
   <shoutcast-mount>/live.nsv</shoutcast-mount>
   -->

     <paths>
    <!-- basedir is only used if chroot is enabled -->
          <basedir>/usr/local/centovacast/var/vhosts/drn1/</basedir>
    <!-- Note that if <chroot> is turned on below, these paths must both
          be relative to the new root, not the original root -->
          <logdir>var/log/</logdir>
    <webroot>web/</webroot>
    <adminroot>admin/</adminroot>
    <pidfile>var/run/server.pid</pidfile>
    <ssl-certificate>/usr/local/icecast/stream.radiomedia.com.au/fullchain.pem</ssl-certificate>
    <ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers>
    <!-- Aliases: treat requests for 'source' path as being for 'dest' path
          May be made specific to a port or bound address using the "port"
          and "bind-address" attributes.
        -->
          <!--
      <alias source="/foo" dest="/bar"/>
        -->
          <!-- Aliases: can also be used for simple redirections as well,
          this example will redirect all requests for http://server:port/ to
          the status page
        -->
          <alias source="/" dest="/status.xsl"></alias>
  </paths>

  <logging>
    <accesslog>access.log</accesslog>
    <errorlog>error.log</errorlog>
    <playlistlog>playlist.log</playlistlog>
    <loglevel>3</loglevel>
    <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
     </logging>

  <security>
    <chroot>0</chroot>
    <!--
      <changeowner>
         <user>nobody</user>
         <group>nogroup</group>
      </changeowner>
      -->
     </security>

</icecast>