Https://myradio:8000/_a

The port 8000 used by icecast allows listening only with http and not with https - This is a big problem! I made several attempts but I could not solve it. How to do? Thanks

You can either configure icecast to broadcast over SSL enabled ports;

e.g. https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/

or you can wrap your non-SSL enabled stream using stunnel or similar reverse proxy. Here are some instuctions for setting up stunnel I wrote up previously;

Instructions given here are for linux based hosts (Ubuntu/Debian, other distro’s may vary). Stunnel works on windows too, but the instructions will not be exactly the same.

  1. Install stunnel;

sudo apt install stunnel

  1. Setup letsencrypt and get your SSL/TLS certificates. Instructions here.

  2. Create your stunnel config;

sudo nano /etc/stunnel/stunnel.conf

Copy/paste the following;

[shoutcast]
accept=8443
connect=localhost:8000
cert=/etc/letsencrypt/live/yourdomainhere.com/fullchain.pem
key=/etc/letsencrypt/live/yourdomainhere.com/privkey.pem

and save the file (CTRL-O, Enter, CTRL-X). You will need to edit the config as per your setup. accept= the port you want the SSL enabled connection to access. connect= where your HTTP shoutcast admin pages and stream are served from. Change localhost to your domain name if your shoutcast isn’t on the same server that you’re install stunnel on. Change the port from 8000 to whatever you’re using. Cert and Key are SSL certificates that you generated in step 2 (change yourdomainhere.com to your own domain name).

  1. Edit the following;

nano /etc/default/stunnel4

and change ENABLED=0 to ENABLED=1 , so that it starts automatically.

  1. Start stunnel;

sudo service stunnel4 start

  1. Open up the HTTPS url, i.e.

https://yourdomainname:8443/

and you should see your shoutcast pages, served up through the SSL/TLS proxy. You can now use your existing HTTP urls that you’re using for your streams by changing http:// to https:// and the port from 8000 (or whatever you’re using) to 8443 (or whatever you set in stunnel).

  1. Do a little happy dance.
1 Like

I used the mediarealm instructions on a clean Ubuntu 18 VPS and got it working. So that was good. I then installed LT using git but when I went to the domain name for the VPS (stream.website.com) LT did not load or show.

For a clean install, what would be the best procedure ? eg install LT and then do the mediarealm https set up ? And if so are there other actions I need to know about to get it to work ?

Also, how to get AAC and OPUS streams running on https on LT would be v useful.

So you have icecast broadcasting over SSL/TLS from the VPS you just set up ? In that case you should be good to go. It shouldn’t make any difference what order you set things up, you can compile icecast yourself and install LT in whatever order you desire. They don’t conflict and won’t interfere with eachother… unless you’re trying to run both on the same port :wink: It sounds like there are problems with your LT setup.

What webserver are you running ? Can you post up your configs so we can take a look ? This sounds like a straight up issue with installation.

Also, if you need support for streaming in formats other than MP3/OGG, that again is going to depend on whatever is serving your stream to the public… Icecast doesn’t natively support AAC (Icecast v2 does support Opus though), you might need shoutcast if you want to serve AAC streams to your listeners…