Why Icecast2 does not want to give the stream through https?

后端 未结 3 1184
情歌与酒
情歌与酒 2021-02-04 14:51

On a server with Ubuntu 14.04 LTS installed Icecast2 2.4.1 with SSL support. Also on this server work HTTPS website. I want insert on the page HTML5-player that will also take

3条回答
  •  挽巷
    挽巷 (楼主)
    2021-02-04 15:12

    I ran into this issue recently and didn't have a lot of time to solve it, nor did I see see much documentation for doing so. I assume it's not the most widely used icecast config, so I just proxied mine with nginx and it works fine.

    Here's an example nginx vhost. Be sure to change domain, check your paths and think about the location you want the mount proxied to and how you want to handle ports.

    Please note this will make your stream available on port 443 instead of 8000. Certain clients (such as facebookexternalhit/1.1) may try to hang onto the stream as thought it's a https url waiting to connect. This may not be the behavior you expect or desire.

    Also, if you want no http available at all, be sure to change bind-address back to the local host. eg:

     127.0.0.1
    

    www.example.com.nginx.conf

    server {
      listen 80;
      server_name www.example.com;
      location /listen {
        if ($ssl_protocol = "") {
          rewrite ^   https://$server_name$request_uri? permanent;
        }
      }
    }
    
    #### SSL
    
    server {
      ssl on;
      ssl_certificate_key /etc/sslmate/www.example.com.key;
      ssl_certificate /etc/sslmate/www.example.com.chained.crt;
    
      # Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:
    ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA
    -AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES2
    56-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
      ssl_prefer_server_ciphers on;
      ssl_dhparam /usr/share/sslmate/dhparams/dh2048-group14.pem;
      ssl_session_timeout 5m;
      ssl_session_cache shared:SSL:5m;
    
      # Enable this if you want HSTS (recommended)
      add_header Strict-Transport-Security max-age=15768000;
      listen 443 ssl;
      server_name www.example.com;
    
      location / {
        proxy_pass         http://127.0.0.1:8000/;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
      }
    
    }
    

提交回复
热议问题