Generate ssl certificate

Athmane · March 19, 2022, 10:34pm

yes but i want the listener to access the music from https://usdzradio.live
just click on the player

9peppe · March 19, 2022, 10:37pm

I assumed you had the website on a server and the stream on another, not two different radios each with website and stream. (I would try again with the reverse proxy, but you need to find somebody that has already done that)

There probably is some strange icecast behavior that were missing.

Athmane · March 19, 2022, 10:37pm

on the top it says port 8843 is https

nmap -p 80,443,8000,8443 usdzradio.live

Starting Nmap 6.40 ( http://nmap.org ) at 2022-03-19 22:35 GMT
Nmap scan report for usdzradio.live (34.148.79.147)
Host is up (0.013s latency).
rDNS record for 34.148.79.147: 147.79.148.34.bc.googleusercontent.com
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8000/tcp open http-alt
8443/tcp open https-alt

9peppe · March 19, 2022, 10:38pm

No, it says it's usually https.

If you want to know what it actually is you have to add the -A option.

Athmane · March 19, 2022, 10:48pm

it shows 8443 as http like in the other server

]# nmap -A -p 80,443,8000,8443 usdzradio.live

Starting Nmap 6.40 ( http://nmap.org ) at 2022-03-19 22:42 GMT
Stats: 0:00:29 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 92.31% done; ETC: 22:42 (0:00:01 remaining)
Nmap scan report for usdzradio.live (34.148.79.147)
Host is up (0.013s latency).
rDNS record for 34.148.79.147: 147.79.148.34.bc.googleusercontent.com
PORT STATE SERVICE VERSION
80/tcp open http nginx
|_http-generator: WordPress 5.9.2
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-title: USDZ RADIO – Welcome to our community
443/tcp open http nginx
|_http-methods: No Allow or Public header in OPTIONS response (status code 400)
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject: commonName=usdzradio.live
| Not valid before: 2022-03-15T22:31:53+00:00
|_Not valid after: 2022-06-13T22:31:52+00:00
8000/tcp open http Icecast streaming media server
|_http-title: Icecast Streaming Media Server
8443/tcp open http Icecast streaming media server
|_http-title: Icecast Streaming Media Server
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP|media device|storage-misc
Running (JUST GUESSING): Crestron 2-Series (87%), Netgear embedded (87%), Western Digital embedded (87%), HP embedded (85%)
OS CPE: cpe:/o:crestron:2_series cpe:/h:netgear:dg834g cpe:/o:westerndigital:wd_tv cpe:/h:hp:p2000_g3
Aggressive OS guesses: Crestron XPanel control system (87%), Netgear DG834G WAP or Western Digital WD TV media player (87%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops

MikeMcQ · March 20, 2022, 2:36am

I see there is a github for Icecast although it is not very active. You could try asking there.

I saw this article via google which says the Debian Icecast does not have SSL built into it but you can get and build an SSL version from Xiph. Does this make sense? Could that be it?

In the article, you could ignore the parts about using certbot to get a cert since you have a method to get certs. The interesting part was the package of Icecast for SSL support.

Icecast is unusual and while we can make guesses it does not substitute for actually working with it. Perhaps github or this article will help? Or, even search this forum for the other Icecast threads. Cheers

rg305 · March 20, 2022, 3:42am

You should be able to proxy inbound HTTPS connections to the HTTP radio.

Athmane · March 20, 2022, 3:54pm

i tryed it as well never worked.
wonder if Tuzongo on this

have his icecast up and runing and what is his conf

9peppe · March 20, 2022, 4:01pm

This seems to be the case in Debian 10 but not Debian 11.

MikeMcQ · March 20, 2022, 4:42pm

They have some sort of radio live. If you cannot DM them from this forum you could try reaching them at:

MikeMcQ · March 20, 2022, 4:46pm

@9peppe If I understand that correctly, @Athmane needs to upgrade their Debian Buster or get the SSL enabled icecast package as noted in that article I linked. Is that how you understand it?

9peppe · March 20, 2022, 4:51pm

I don't know about that package for Debian 10. But yes, I would upgrade to Debian 11 (that's going to be a problem if it's a bitnami image).

As an alternative, a reverse proxy should work, but if nginx cannot work, maybe I'd look at stunnel (but I have actually never used it).

They're not running the debian version, it looks like a commercial one.

|     Server: Icecast 2.4.4 (MSCP)
|     X-Powered-By: MSCP Pro+ (https://mscp.pro)

9peppe · March 20, 2022, 4:59pm

@Athmane the safer way is, I think, to get a fresh Debian 11 vps and install wordpress and icecast manually on there. If it works, move your content there.

Or maybe you can install Icecast using docker (are there official images? haven't found one).

Athmane · March 20, 2022, 8:31pm

Thanks to @MikeMcQ, @rg305 and @9peppe for your help.
I have a centos 7 VM with icecast already installed, i will get cerbot installed and generate SSL key hopefully it works

system · April 19, 2022, 8:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.