Debian - No SSL for now (No SSL for Icecast on official package and others brakes)

After install tests of Libretime last Saturday, I tried to have a full support of SSL. For information, I’m behind an Haproxy LB / proxy. SSL use is forced on the LB side.

Right now, it’s doesn’t work for several reasons:

  • Debian Icecast official package doesn’t support SSL (for licenses reasons, if I understood). I used the Xiph version compiled hosted on suse repo Index of /repositories/multimedia:/xiph/Debian_10/amd64 for my tests
  • need to comment “throw new Zend_Controller_Action_Exception(‘Forbidden’, 403);” in /usr/share/airtime/php/airtime_mvc/application/common/CORSHelper.php to use libretime without SSL behind Haproxy with SSL forced (login failed if not). Don’t need this workaround if I use SSL on libretime and Haproxy, but liquidsoap, Celery and so many elements don’t work :frowning:
  • can’t change “http” to “https” in Web GUI settings ?

I’m ready to make other tests behind my HAproxy load balancer to find a solution (even manual with some ugly hacks lol). If someone want to participate…

You must compile icecast with ssl, so you already have half the way done.
Notice that in Libretime stream settings you must use the non ssl port, then in the website you have to refer to the ssl port configured in icecast. check this url as an example:


    <!-- This port in libretime stream settings -->
    <!-- <bind-address></bind-address> -->
    <!-- <shoutcast-mount>/stream</shoutcast-mount> -->

    <!-- This port in the website -->

Hello, I don’t need to compile Icecast 'cause the link I spoke above propose the deb package of Icecast supporting SSL. I configured Icecast, it’s not the problem here. The problem will be rather to include this package download in the installer, if it’s not the offcial Debian package which is used :wink:

The problem is actually that Liquidsoap, doesn’t work and others elements don’t work too for this reason I think:

  • libretime-liquidsoap: “urllib.error.HTTPError: HTTP Error 400: Bad Request”
  • libretime-playout: “Unable to get Airtime API version number”
    libretime analyser: [message_listener] [INFO ] “Retrying in 5 seconds…”

That is what I was trying to tell you. sorry if I did not make myself understood, english is not my mother tongue.

What I was trying to tell you in the message above is that you’ve already done the compilation part. So now, liquidsoap itself can be configured to use ssl, but nowadays not with libretime (this is something that will have to be modified in a short future, but it is not critical). What you can do for now, until that has been solved, is to configure libretime to use port 8000 without ssl (or the port that you configured for non ssl in icecast) and on the web, not to have the mixed content problem, use the same url but with the SSL port you configured in icecast.

Hello, I’m sorry too, I didn’t want you interpret my answer as I was in a bad mood :frowning: Excuse-me. It’s not my native language either (I’m a frog), and I lack vocabulary, hence the sometimes direct side :wink:

I haven’t so many time this week to continue my tests, but I’m very motivated to help to debug the total SSL config support in LibreTime, and I will resume work next week-end.

During this time, if you have hacks I can test to configure liquidsoap url schemes with SSL, I would interested.

Stay safe, good evening.