Installing icecast2 server with SSL support for translation via https protocol

Formulation of the problem. Audio broadcasting from the organization’s local network is carried out through a site with a free SSL certificate from Let`s Encrypt installed. However, in the Internet browser when you visit the page of the site, a warning about the presence of mixed content appears, since the broadcast is via the unprotected http protocol. Requires elimination of mixed content. To do this, it was decided to organize audio broadcasting via the https secure protocol through Icecast2 and IceS2.

The result of a long search for a solution to this problem was the installation of an Icecast2 server with SSL support using a free certificate from Let`s Encrypt. Despite the fact that the developers of the Icecast2 server have declared SSL support, you must compile the server from the source code. HereThe procedure for compiling and installing the Icecast2 server using a certificate from OpenSSL is described. However, at the moment browsers are swearing at certificates generated through openssl. Therefore, instead of the OpenSSL certificate, we use a free certificate from Let`s Encrypt generated on a domain name that is tied to the external IP address from which the network is broadcasting.

All of the operations described below were performed on the Linux Mint distribution.


So, first we update the system and install Icecast2 in the most usual way in order to remove it right away. This is to make it easier for you to configure the Icecast2 server.

Delete icecast2:

sudo apt remove icecast2

We make sure the presence of icecast2 configuration files in the system (optional):

ls -l /etc/init.d/ /etc/ | grep icecast

Install the tools for building icecast2 from the sources:

sudo apt install git gcc build-essential automake autoconf libtool checkinstall

We satisfy the dependencies for the subsequent compilation of the icecast2 server:

sudo apt install libcurl4-openssl-dev libxslt1-dev libxml2-dev libogg-dev libvorbis-dev libflac-dev libtheora-dev libssl-dev libspeex-dev

Create a directory to host temporary source files:

mkdir src
cd src

Clone the latest release of icecast2:

git clone --recursive https://git.xiph.org/icecast-server.git

Create a configuration script:

cd icecast-server; ./autogen.sh

Configuring the source code for SSL support:

./configure --with-curl --with-openssl

We make sure that SSL support is present in the configuration (the presence of lssl):

grep lssl config.status

We compile:

make

Install icecast2:

sudo checkinstall

In the process of testing the command, the checkinstall utility will ask us to add a description of the package. Also, be sure to indicate the version of the package, otherwise the command will throw an error "the package version does not start with a number."

Next, create the access.log and error.log files (if icecast2 has already been installed on the system, then you can use the existing ones):

sudo mkdir /var/log/icecast2
cd /var/log/icecast2
sudo touch access.log
sudo touch error.log

We put the SSL certificate from Let`s Encrypt, renamed icecast.pem, into one directory with the access.log and error.log files and register the rights to the directory and files in it:

sudo chown -R icecast2:icecast /var/log/icecast2
cd /var/log/icecast2
sudo chmod -R 777 *

We edit the icecast.xml file from the / usr / local / etc / directory (you can probably use the existing file), adjusting the path to the directories with the access.log and error.log files, as well as the icecast.pem certificate. (To create the latter, you need to copy the contents of the fullchain.pem and privkey.pem files from the / etc / letsencrypt / live / domain_name directory, open them with a text editor in one file and save it under the name icecast.pem.) Make sure that the file icecast.xml two ports are registered: one for http-connection (8000), another for secure https-connection (8443). Lines with the path to the SSL certificate and the https port must be uncommented. Instead of ssl, tls may be written in the file - I did not see the difference.

It should be clarified that through the http port 8000 there is a connection with IceS2 or a similar application that reads audio data and transfers it to the Icecast2 server. In its absence, this entire design will not work. This error is very common on the Internet.

We start the icecast2 server:

/usr/local/bin/icecast -c /usr/local/etc/icecast.xml

We look at the error.log file and make sure that icecast2 saw and ate our certificate. Open ports 8000 and 8443 in an Internet browser and again make sure that everything works.

We set up automatic launch of icecast2 when the operating system is booted through the "Options" - "Startup" service, setting the start command from the previous paragraph there.

Here's a solution to this problem with an SSL certificate from Let`s Encrypt without compiling Icecast2 from source. However, this did not work for me.

Also popular now: