Using Stunnel to add ssl to shoutcast in godaddy VPS [help]

Hello,

i have similar issue from the post LINK-of _post . However I’m not experienced in network and routing topics, therefore kindly request support here.

  • I use centova-cast (3.2.4) running with shoutcast where I have 2 servers connected providing different streams.Godaddy is my VPS.
  • Currently i use in my website i use the source such as IP:port of each of the streams in order to add in my music player the respective music.
  • I have currently an issue where google crome is not allowing stream music from non-secure sources such as http://IP:port
  • I have seen the approach of using stunnel in order to achieve such.
  • My doubt are the overall steps i need to take…with the current setup i have, i assume i need to :
  1. Assign a domain to the both IPs i have of centova servers.
  2. So server1 s1.domain.xx and server2 s2.domain.xx.
  3. Then a certificate to each of the subdmains.
  4. then apply the stunnel configuration in each of the servers
  5. then allow each of the streams.
  6. I assume that in centova i’ll see all traffic coming from 2 ips only, which are the servers in questions.
  7. …is that the steps i should take?

Let’s Encrypt currently can indeed only issue certificates for hostnames, so yes, those are fine steps to take.

I think you’re missing a verb here. I assume you wanted to say something like “Then get a certificate (…)” or something? Have you thought about which client you’re going to use?

I have no idea what stunnel is doing here. Do note: daily there are multiple new threads and I don’t think people are enclined to read the “LINK-of_post” thread in the beginning of your post before they are going to try to help you. In my opinion, it’s your job (if you want our help) to lay all the facts out here as clearly as you can for us to understand the problem(s). So, again, no idea and as such, no advice about the stunnel step.

Always a good idea :grin:

Isn’t Centova running on those servers? Again, please lay out all the facts/configuration/et cetera as clearly as you can. So Centova is running somewhere else?

As there are multiple steps with open questions which probably aren’t even about a TLS certificate/Let’s Encrypt, I have no clue. Perhaps you need less steps. Perhaps you need 10 more.

Please either condense your questions/steps to only the TLS certificate/Let’s Encrypt part or (which I don’t prefer) explain a lot more.

let me describe in more details…apologies if it was not clear and referring to other links.

As recently google chrome is blocking non secure sources of streaming in secure website, my end mission is to have a secure source of my shoutcast streams in order to add into music player in my website. With that said, as I know centovacast(shoutcast) dont have a native SSL approach for the streams, i have to implement some sort of proxy or reverse-proxy for it. The idea of the Stunnel is to create a secure output per port of the streams (so, instead of http://IP:port to https://ip:port ).

As i never assigned a domain to my IPs, the initial steps i showed was to first have a domain referring to the IPs. After that, i need to assign a certificate for each of the domains and then, I assume, configure the stunnel.

for the context my setup is the following:

  • website running on heroku with a certificate from letsencrypt
  • 2 servers for shoutcast running godaddy - which im trying to make this source secure.

Let me know if there are doubts of the overall process that im trying to achieve.

thanks in advance.

The overall process as I understand is to get 2 Let’s Encrypt certificates and use them to set up two stunnel processes to have HTTPS streams. Sounds good.

but is the process correct that im trying to achieve?

Using Let’s Encrypt certificates in combination with stunnel to provide a TLS endpoint for a service which doesn’t provide TLS capabilities on its own seems to be a correct process, yes.

If you’d like to know more or get other advice, I’d suggest asking specific questions.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.