Re: [Savonet-users] enabling SSL on Icecast2
on which location will be icecast installing? I cannot find anything under /etc/ how to start icecast in this method? On 11 April 2018 at 20:39, Sven Wayers wrote: > Hi Nanda, > > We are running Icecast on SSL, check out the attached config file. > > And better choose the Karl Heyes branch: > https://github.com/karlheyes/icecast-kh > > Just download, compile and install the latest comit. > No extra config parameters need to be set, ssl is enabled by default. > > Like Nolan said, a crucial part is to get the content ssl-certificate file > right: > /etc/ssl/private/domain.ext/domain_ext.pem > > Good luck! > > Best regards, > > Sven > > Op 11-4-2018 om 13:47 schreef Nanda Kishor: > >> Hi there, >> >> I'm working with Sandeep on this issue. Everything is working fine >> without SSL enabled, not sure what we're missing here. >> >> Does anybody have SSL enabled and would be willing to share his or her >> Icecast config? We should probably also post this on the Icecast mailing >> list 😬 >> >> Best, >> NKd >> >> On 06.04.18 10:12, sandeep krishna wrote: >> >>> >>> i recompiled icecast2 with the open ssl and curl >>> >>> >>> also enabled ssl on port 8000 and given the ssl cert (inclding cert >>> privatekey and bundle in a single file) under path directive >>> >>> these are the main section in icecast2 config file >>> ++ >>> >>> >>> 8000 >>> 1 >>> >>> >>> >>> >>> >>> /c >>> /usr/share/icecast2/icecast.pem >>> /var/log/icecast2 >>> /usr/share/icecast2/web >>> /usr/share/icecast2/admin >>> >>> >>> >>> I get a green padlock on domain:8000/radio >>> >>> But it says file not found, the error log says icecast is looking on the >>> location "/usr/share/icecast2/web" and file is not found there. (I even >>> tried removing the base dire and webroot but still not working ) >>> >>> >>> can you guys shed some lights on this. >>> >>> >>> ~thanks >>> >>> >>> >>> -- >>> sandeep >>> >> >> >> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> ___ >> Savonet-users mailing list >> Savonet-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/savonet-users >> >> > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Savonet-users mailing list > Savonet-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/savonet-users > > -- sandeep -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
there is no web directory. it should not look in any web directory as there is no actual file. On 12 April 2018 at 20:42, Nolan Wagner wrote: > What is the full path showing in your logs? > > If you symlink your ssl cert to the web dir, any change? > On Apr 12, 2018, at 1:02 AM, sandeep krishna > wrote: >> >> >> ssl is currently set to 0 as it wont work in https >> >> >> The ssl location is >> >> >> /usr/share/icecast2/icecast.pem >> >> >> as I mentioned the green padlock is showing but it is looking in the >> "webroot" directives for the file >> >> >> >> ++ >> /usr/share/icecast2 >> /usr/share/icecast2/icecast.pem> certificate> >> >> /var/log/icecast2 >> /usr/share/icecast2/web >> /usr/share/icecast2/admin >> >> ++ >> >> >> >> I have attached the icecast.xml >> >> >> >> On 11 April 2018 at 18:31, Nolan Wagner wrote: >> >>> Post your icecast config and I'll try to help you out. My guess is it's >>> something with your ssl cert file. The cert must contain the x.509 public >>> and private key. >>> >>> Also ensure that you've enabled ssl at build when building icecast. >>> >>> Any errors in the logs? >>> >>> -Nolan >>> On Apr 11, 2018, at 8:17 AM, Nanda Kishor wrote: Right, that's why we're on it. We'll cross-post this on the Icecast mailing list and report back if we find a solution. On 11.04.18 14:12, Peter wrote: > > I don't, but would love to. It's causing any https page in which > there's an embedded player to show as "not secure". > > - pete > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot -- Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users >>> >>> -- >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> ___ >>> Savonet-users mailing list >>> Savonet-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/savonet-users >>> >>> >> >> > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Savonet-users mailing list > Savonet-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/savonet-users > > -- sandeep -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
What is the full path showing in your logs? If you symlink your ssl cert to the web dir, any change? On Apr 12, 2018, 1:02 AM, at 1:02 AM, sandeep krishna wrote: >ssl is currently set to 0 as it wont work in https > > >The ssl location is > > >/usr/share/icecast2/icecast.pem > > >as I mentioned the green padlock is showing but it is looking in the >"webroot" directives for the file > > > >++ > /usr/share/icecast2 > /usr/share/icecast2/icecast.pem > >/var/log/icecast2 >/usr/share/icecast2/web >/usr/share/icecast2/admin > >++ > > > >I have attached the icecast.xml > > > >On 11 April 2018 at 18:31, Nolan Wagner wrote: > >> Post your icecast config and I'll try to help you out. My guess is >it's >> something with your ssl cert file. The cert must contain the x.509 >public >> and private key. >> >> Also ensure that you've enabled ssl at build when building icecast. >> >> Any errors in the logs? >> >> -Nolan >> On Apr 11, 2018, at 8:17 AM, Nanda Kishor >wrote: >>> >>> Right, that's why we're on it. We'll cross-post this on the Icecast >>> mailing list and report back if we find a solution. >>> >>> On 11.04.18 14:12, Peter wrote: >>> I don't, but would love to. It's causing any https page in which >there's an embedded player to show as "not secure". - pete >>> >>> >>> >>> -- >>> >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> -- >>> >>> Savonet-users mailing list >>> Savonet-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/savonet-users >>> >>> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> ___ >> Savonet-users mailing list >> Savonet-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/savonet-users >> >> > > >-- >sandeep > > > > >-- >Check out the vibrant tech community on one of the world's most >engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > >___ >Savonet-users mailing list >Savonet-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/savonet-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
ssl is currently set to 0 as it wont work in https The ssl location is /usr/share/icecast2/icecast.pem as I mentioned the green padlock is showing but it is looking in the "webroot" directives for the file ++ /usr/share/icecast2 /usr/share/icecast2/icecast.pem /var/log/icecast2 /usr/share/icecast2/web /usr/share/icecast2/admin ++ I have attached the icecast.xml On 11 April 2018 at 18:31, Nolan Wagner wrote: > Post your icecast config and I'll try to help you out. My guess is it's > something with your ssl cert file. The cert must contain the x.509 public > and private key. > > Also ensure that you've enabled ssl at build when building icecast. > > Any errors in the logs? > > -Nolan > On Apr 11, 2018, at 8:17 AM, Nanda Kishor wrote: >> >> Right, that's why we're on it. We'll cross-post this on the Icecast >> mailing list and report back if we find a solution. >> >> On 11.04.18 14:12, Peter wrote: >> >>> >>> I don't, but would love to. It's causing any https page in which there's >>> an embedded player to show as "not secure". >>> >>> - pete >>> >> >> >> >> -- >> >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> -- >> >> Savonet-users mailing list >> Savonet-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/savonet-users >> >> > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Savonet-users mailing list > Savonet-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/savonet-users > > -- sandeep icecast.xml.tar.gz Description: application/gzip -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
Hi Nanda, We are running Icecast on SSL, check out the attached config file. And better choose the Karl Heyes branch: https://github.com/karlheyes/icecast-kh Just download, compile and install the latest comit. No extra config parameters need to be set, ssl is enabled by default. Like Nolan said, a crucial part is to get the content ssl-certificate file right: /etc/ssl/private/domain.ext/domain_ext.pem Good luck! Best regards, Sven Op 11-4-2018 om 13:47 schreef Nanda Kishor: Hi there, I'm working with Sandeep on this issue. Everything is working fine without SSL enabled, not sure what we're missing here. Does anybody have SSL enabled and would be willing to share his or her Icecast config? We should probably also post this on the Icecast mailing list 😬 Best, NKd On 06.04.18 10:12, sandeep krishna wrote: i recompiled icecast2 with the open ssl and curl also enabled ssl on port 8000 and given the ssl cert (inclding cert privatekey and bundle in a single file) under path directive these are the main section in icecast2 config file ++ 8000 1 /c /usr/share/icecast2/icecast.pem /var/log/icecast2 /usr/share/icecast2/web /usr/share/icecast2/admin I get a green padlock on domain:8000/radio But it says file not found, the error log says icecast is looking on the location "/usr/share/icecast2/web" and file is not found there. (I even tried removing the base dire and webroot but still not working ) can you guys shed some lights on this. ~thanks -- sandeep -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users 500 50 1048576 943718 30 15 10 xx yy admin hackme World u...@domain.com 1 /usr/local/share/icecast /var/log/icecast /usr/local/share/icecast/web /usr/local/share/icecast/admin /etc/ssl/private/domain.ext/domain_ext.pem 0 icecast2 icecast /myname.mp3 xx myhost.com 80 1.222.333.444 8000 1.222.333.444 443 1.222.333.444 1 15 http://dir.xiph.org/cgi-bin/yp-cgi access.log error.log playlist.log 2 1 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
Post your icecast config and I'll try to help you out. My guess is it's something with your ssl cert file. The cert must contain the x.509 public and private key. Also ensure that you've enabled ssl at build when building icecast. Any errors in the logs? -Nolan On Apr 11, 2018, 8:17 AM, at 8:17 AM, Nanda Kishor wrote: >Right, that's why we're on it. We'll cross-post this on the Icecast >mailing list and report back if we find a solution. > >On 11.04.18 14:12, Peter wrote: >> >> I don't, but would love to. It's causing any https page in which >there's an embedded player to show as "not secure". >> >> - pete > > > >-- >Check out the vibrant tech community on one of the world's most >engaging tech sites, Slashdot.org! http://sdm.link/slashdot >___ >Savonet-users mailing list >Savonet-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/savonet-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
as an alternative you could proxy the https using nginx or apache. I've used this method for years and it works fine (you just loose the real client IP on the icecast side unless you use kh's icecast fork or apply a light patch. On 04/06/2018 10:12, sandeep krishna wrote: > i recompiled icecast2 with the open ssl and curl > > > also enabled ssl on port 8000 and given the ssl cert (inclding cert > privatekey and bundle in a single file) under path directive > > these are the main section in icecast2 config file > ++ > > > 8000 > 1 > > > > > > /c > /usr/share/icecast2/icecast.pem > /var/log/icecast2 > /usr/share/icecast2/web > /usr/share/icecast2/admin > > > > I get a green padlock on domain:8000/radio > > But it says file not found, the error log says icecast is looking on the > location "/usr/share/icecast2/web" and file is not found there. (I even > tried removing the base dire and webroot but still not working ) > > > can you guys shed some lights on this. > > > ~thanks > > > > -- > sandeep > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > ___ > Savonet-users mailing list > Savonet-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/savonet-users > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
I don't, but would love to. It's causing any https page in which there's an embedded player to show as "not secure". - pete ++ -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users
Re: [Savonet-users] enabling SSL on Icecast2
Hi there, I'm working with Sandeep on this issue. Everything is working fine without SSL enabled, not sure what we're missing here. Does anybody have SSL enabled and would be willing to share his or her Icecast config? We should probably also post this on the Icecast mailing list 😬 Best, NKd On 06.04.18 10:12, sandeep krishna wrote: > > i recompiled icecast2 with the open ssl and curl > > > also enabled ssl on port 8000 and given the ssl cert (inclding cert > privatekey and bundle in a single file) under path directive > > these are the main section in icecast2 config file > ++ > > > 8000 > 1 > > > > > > /c > /usr/share/icecast2/icecast.pem > /var/log/icecast2 > /usr/share/icecast2/web > /usr/share/icecast2/admin > > > > I get a green padlock on domain:8000/radio > > But it says file not found, the error log says icecast is looking on > the location "/usr/share/icecast2/web" and file is not found there. (I > even tried removing the base dire and webroot but still not working ) > > > can you guys shed some lights on this. > > > ~thanks > > > > -- > sandeep signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Savonet-users mailing list Savonet-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/savonet-users