Thank you. Secure streaming is required in several scenarios in our customers' environments. This is why we are working on implementing security feature set. Nimble Streamer team has implemented this feature. This is done separately and you can read articles here to see an example of such activity. Usually SSL certificates are purchased by some provider like GoDaddy and these companies provide plenty of information about this process.
You will need to make changes to Nimble Streamer settings to make it work for your media streaming. Follow the steps described below to enable SSL-powered streaming. By default, Nimble Streamer handles connections via the port specified in config at "port" parameter. Usually it's port It requires the list of protocols separated by spaces, e.
Each section may have the following items. Multiple names are separated by spaces. It will match all domains which start with anything before the asterisk with the exact name after it. No comments:. Newer Post Older Post Home. Subscribe to: Post Comments Atom.Install and configure Icecast listenning on Install nginx. Create directory. Install certbot 5. In your icecast virtual hosts file you have specified two separate server blocks for icecast.
You can combine them into a single block or if your goal is actually to redirect all http traffic to https then you can specify a catch all server block for any traffic on port 80 like this:. If you prefer to merge the two server blocks into one you can specify an if directive within the server block but before any location blocks like this to redirect all http traffic to https:.
An unescaped period in regex means match any character and you have not specified a position in the url for this expression to appear, it will match anywhere. In regex the caret specifies the beginning of the string, but in Nginx this actually means something different.
ICECAST WITH HTTPS
Here it is not specifyingn a regex match but a prefix, and the caret tells Nginx to stop evaluating any further possible matches after this one has matched. Finally, and most usefully, instead of having a single location block proxying the request directly to the icecast server you should create another upstream server within Nginx to receive the proxied request and relay it to the icecast server. Would you be so kind as to explain exactly how do you do this? Thanks for this! Nginx and icecast2 both works fine with this config, nginx will serve on port 80, iceacast2 is happy on port but there is no redirection to https happeing when i visit the url in http.
If i type the url with https, no connection. Hello, very good tutorial, but I am under debian 9 Icecast 2. The translation for Apache is possible?
Need urgent help on the subject! Contact me by email if you can. Thanks and best regards, Patrick.
Subscribe to RSS
You are commenting using your WordPress. You are commenting using your Google account. You are commenting using your Twitter account. You are commenting using your Facebook account.
Notify me of new comments via email. Notify me of new posts via email. This site uses Akismet to reduce spam. Learn how your comment data is processed. Skip to content 1. Install nginx 3. Share this: Twitter Facebook. Like this: Like Loading Would you be so kind and help me? I found it! Any hint or links to further documentation that may help? Although this configuration may work it would benefit from several changes.Formulation of the problem. However, a warning about the presence of mixed content appears in the Internet browser when you visit the page of the site, since the broadcast is via the unprotected http protocol.
Required to eliminate mixed content. To this end, it was decided to organize audio broadcasting over the https secure protocol using Icecast2 and IceS2. Despite the fact that the developers of the server Icecast2 claimed SSL support, you must compile the server from the source code.
Here is a procedure for compiling and installing an Icecast2 server using a certificate from OpenSSL. However, at the moment browsers swear certificates generated by openssl.
All the operations described below were performed on the Linux Mint distribution. This is necessary in order to facilitate the task of configuring the server Icecast2. To create the latter, copy the contents of the fullchain. Make sure that icecast. The lines indicating the path to the SSL certificate and the https port must be uncommented. Instead of ssl, tls can be written in the file - I did not see the difference.
It should be clarified that via http-port there is a connection with IceS2 or a similar application that reads audio data and transfers it to Icecast2 server. In the absence of it, this whole construction will not work. This error is found on the Internet very often. Open the ports and in the Internet browser and again make sure that everything works.
I have set these cert files readable by user: richard and of course I am also running the server itself with the richard user. Nothing so far. The problem was the SSL not the configurations.
So instead of using that, I have copied the content from cert. Learn more. Asked 2 years ago. Active 1 year, 5 months ago. Viewed 7k times. Maybe you have any idea what is wrong? Any help appricated. Marcell Marcell 2 2 silver badges 13 13 bronze badges. Active Oldest Votes. Actually, I solved the issue myself. I am a genius!!! RTFM would have saved your day. I did not reach out for a while that we have to compile icecast with SSL support by our selfe.
If it helps someone in future, i followed this steps to solve this. You should concat fullchain. Otherwise you will have problems with some clients. Sign up or log in Sign up using Google. Sign up using Facebook.
Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. The Overflow How many jobs can be done at home? Featured on Meta. Community and Moderator guidelines for escalating issues via new response….Register Login Username:. Forgot password? Topic Print. July 08,pm icecast and ssl. I am having problems enabling SSL for the Icecast pages I have SSL properly configured on my website.
My problem is the Icecast pages do not serve SSL. I made the same changes here. I am unable to see the encrypted page, I can only see the encrypted domain and the IP.
The icecast instructions say it should be one file the private and public key. I took the private key pasted it into a pem text file and then pasted the public key in after it.
July 17,pm, 1 Re: icecast and ssl. So I was able to get this to work I now have 2 Icecast ports active on the same stream For some reason, Icecast does not consider these SSL packages as dependencies to the install so it will not automatically add them. I don't remember if Centovacast installs these dependencies I think they do??
I highly recommend using the Xiph repository. Setting up SSL with Icecast 1. This works with Icecast2 and icescc or liquidsoap 2. Get your certificate, format the certificate in PEM format, include the private key and entire trust chain. Pay very close attention to how you create this file.
If you do not copy and paste things properly, you will have problems. Copy your certificate into a directory that can be accessed by the service running icecast 4. Enable editing of your raw configuration files within Centovacast. This is under limits, Raw configuration, "Permitted" 6. Modify your IceCast config by clicking on the "raw configuration" button on bottom right from the settings page.
Select IceCast and you should now be in the configuration editor. Comment out the bind address and port. Note if you make any GUI changes to your config, Centovacast will automatically add bind settings. Bind settings restrict only one port thus making your additional ssl port useless. It may also stop your server from streaming till you remove ssl settings or remove bind settings.To be sure that your stream works, you can open it in Chrome.
If a download action starts or a music player appears, then your stream is publically accessible. For example, this is a valid radio stream URL http protocol omitted to avoid wordpress embedding :. If you are not sure of what your direct mp3 stream URL is, you have to ask to your radio streaming provider.
This is how a valid radio stream appear when accessed directly from Chrome, but it may also try to download a file. In both cases it will work with this theme:. This theme only provides an access from the browser to the radio stream. It means that if your stream is valid and working it will always work on the theme.
Shoutcast streams prior to 2.
Be sure that your Shoutcast version is updated. Important: this feature requires you to have a normal MP3 stream url, such as Shoutcast, Icecast, Radio. Note: not any mp3 stream URL allows data access. Compile the Radio Channel Details when you create a new radio channel. For Wavestream users, you find this url in the integration tools:.
Download one of the files for integration. It is a simple text file, masked as a different format. Rename the file in player. You have to try them manually. To be sure that your mp3 stream is valid, open it in the browser, with a modern browser it should render as a music player, and play the radio stream: if the radio stream works correctly, you can integrate it in your site.
Important: this function is very simple: the music will start whenever you enter in the site, whatever page you go. It can only be actived or deactived no further options will be added. You can add Host and Port to the radio settings, and check if it works. You cannot display titles in an https website reading from a non-https provider link. Since OnAir2 version 3.
Download the. It will contain the URL of your stream mountpount:. There are 3 types of Icecast feed: with and without mountpoint, and with or without channel ID.
The default channel ID is 0 but some providers can group radio streaming within the same URL and put them in different channels You need to check your data directly to understand which type is yours.Dear Winamp fans, As you might have heard, Winamp recently changed ownership.
I have never seen such requirement I mean I have not yet I think the max you can do is to make your website not the stream itself with SSL If this is ment to get it on Facebook your embedded stream playerthat is the only time i have ever seen a SSL requirement. Oh wait DNAS-pages are normally only for you yourself to look at i supposeI got your point about no need for SSL but these days everything is moving toward being secure.
Visitors are much more happy to see "This site is secure" vs "This site is not secure" and they don't know background behind it and all the technical details. If it wasn't that important why did Icecast implemented SSL?
Thank you. Find More Posts by djSpinnerCee. So, do you have any ideas for solving this problem? The rooter maybe cause this.