Installing the icecast2 server with SSL support for broadcasting over https protocol
Formulation of the problem. Through the site with the free SSL certificate from Let`s Encrypt is installed, audio transmission is provided from the organization’s local network. However, a warning about the presence of mixed content appears in the Internet browser when you visit the page of the site, since the broadcast is via the unprotected http protocol. Required to eliminate mixed content. To this end, it was decided to organize audio broadcasting over the https secure protocol using Icecast2 and IceS2.
The result of a long search for a solution to this problem was the installation of the Icecast2 server with SSL support when using the free certificate from Let`s Encrypt. Despite the fact that the developers of the server Icecast2 claimed SSL support, you must compile the server from the source code. Here is a procedure for compiling and installing an Icecast2 server using a certificate from OpenSSL. However, at the moment browsers swear certificates generated by openssl. Therefore, instead of an OpenSSL certificate, we use a free certificate from Let`s Encrypt, generated for a domain name tied to an external IP address from which we are broadcasting to the network.
All the operations described below were performed on the Linux Mint distribution.
')
So, first update the system and install Icecast2 in the most usual way so that you can immediately remove it. This is necessary in order to facilitate the task of configuring the server Icecast2.
Remove icecast2:
We are convinced of the presence of icecast2 configuration files in the system (optional):
Install tools to build icecast2 from sources:
We satisfy dependencies for the subsequent compilation of the icecast2 server:
Create a directory to host temporary source files:
Clone the latest release of icecast2:
Create a configuration script:
Configure the source code to support SSL:
Make sure that SSL support is present in the configuration (presence of lssl):
Compile:
Install icecast2:
In the process of working out the command, the checkinstall utility will ask us to add a description of the package. Also, we must indicate the version of the package, otherwise the command will issue an error “the package version does not begin with a number”
Next, create the access.log and error.log files (if icecast2 has already been installed on the system, then you can use the existing ones):
We place the SSL certificate from Let`s Encrypt, renamed icecast.pem, in the same directory as the access.log and error.log files and set the permissions for the directory and the files in it:
We edit the icecast.xml file from the / usr / local / etc / directory (you can probably use an existing file), correcting the path to the directories with the access.log and error.log files, as well as the icecast.pem certificate. (To create the latter, copy the contents of the fullchain.pem and privkey.pem files from the / etc / letsencrypt / live / domain_name directory, opening them with a text editor, into one file and save it as icecast.pem.) Make sure that icecast.xml spelled two ports: one for the http connection (8000), the other for the secure https connection (8443). The lines indicating the path to the SSL certificate and the https port must be uncommented. Instead of ssl, tls can be written in the file - I did not see the difference.
It should be clarified that via http-port 8000 there is a connection with IceS2 or a similar application that reads audio data and transfers it to Icecast2 server. In the absence of it, this whole construction will not work. This error is found on the Internet very often.
We start the icecast2 server:
We look at the error.log file and make sure that icecast2 saw and ate our certificate. Open the ports 8000 and 8443 in the Internet browser and again make sure that everything works.
We configure the automatic launch of icecast2 when the operating system is loaded via the “Parameters” - “Startup” service, setting the start command from the previous item there.
Here is stated the solution to this problem with an SSL certificate from Let`s Encrypt without compiling Icecast2 from sources. However, it did not work for me.
The result of a long search for a solution to this problem was the installation of the Icecast2 server with SSL support when using the free certificate from Let`s Encrypt. Despite the fact that the developers of the server Icecast2 claimed SSL support, you must compile the server from the source code. Here is a procedure for compiling and installing an Icecast2 server using a certificate from OpenSSL. However, at the moment browsers swear certificates generated by openssl. Therefore, instead of an OpenSSL certificate, we use a free certificate from Let`s Encrypt, generated for a domain name tied to an external IP address from which we are broadcasting to the network.
All the operations described below were performed on the Linux Mint distribution.
')
So, first update the system and install Icecast2 in the most usual way so that you can immediately remove it. This is necessary in order to facilitate the task of configuring the server Icecast2.
Remove icecast2:
sudo apt remove icecast2 We are convinced of the presence of icecast2 configuration files in the system (optional):
ls -l /etc/init.d/ /etc/ | grep icecast Install tools to build icecast2 from sources:
sudo apt install git gcc build-essential automake autoconf libtool checkinstall We satisfy dependencies for the subsequent compilation of the icecast2 server:
sudo apt install libcurl4-openssl-dev libxslt1-dev libxml2-dev libogg-dev libvorbis-dev libflac-dev libtheora-dev libssl-dev libspeex-dev Create a directory to host temporary source files:
mkdir src cd src Clone the latest release of icecast2:
git clone --recursive https://git.xiph.org/icecast-server.git Create a configuration script:
cd icecast-server; ./autogen.sh Configure the source code to support SSL:
./configure --with-curl --with-openssl Make sure that SSL support is present in the configuration (presence of lssl):
grep lssl config.status Compile:
make Install icecast2:
sudo checkinstall In the process of working out the command, the checkinstall utility will ask us to add a description of the package. Also, we must indicate the version of the package, otherwise the command will issue an error “the package version does not begin with a number”
Next, create the access.log and error.log files (if icecast2 has already been installed on the system, then you can use the existing ones):
sudo mkdir /var/log/icecast2 cd /var/log/icecast2 sudo touch access.log sudo touch error.log We place the SSL certificate from Let`s Encrypt, renamed icecast.pem, in the same directory as the access.log and error.log files and set the permissions for the directory and the files in it:
sudo chown -R icecast2:icecast /var/log/icecast2 cd /var/log/icecast2 sudo chmod -R 777 * We edit the icecast.xml file from the / usr / local / etc / directory (you can probably use an existing file), correcting the path to the directories with the access.log and error.log files, as well as the icecast.pem certificate. (To create the latter, copy the contents of the fullchain.pem and privkey.pem files from the / etc / letsencrypt / live / domain_name directory, opening them with a text editor, into one file and save it as icecast.pem.) Make sure that icecast.xml spelled two ports: one for the http connection (8000), the other for the secure https connection (8443). The lines indicating the path to the SSL certificate and the https port must be uncommented. Instead of ssl, tls can be written in the file - I did not see the difference.
It should be clarified that via http-port 8000 there is a connection with IceS2 or a similar application that reads audio data and transfers it to Icecast2 server. In the absence of it, this whole construction will not work. This error is found on the Internet very often.
We start the icecast2 server:
/usr/local/bin/icecast -c /usr/local/etc/icecast.xml We look at the error.log file and make sure that icecast2 saw and ate our certificate. Open the ports 8000 and 8443 in the Internet browser and again make sure that everything works.
We configure the automatic launch of icecast2 when the operating system is loaded via the “Parameters” - “Startup” service, setting the start command from the previous item there.
Here is stated the solution to this problem with an SSL certificate from Let`s Encrypt without compiling Icecast2 from sources. However, it did not work for me.
Source: https://habr.com/ru/post/350236/
All Articles