Old 2nd March 2020, 04:06   #1
aaronsnet
Member
 
aaronsnet's Avatar
 
Join Date: Mar 2004
Location: Notsville
Posts: 66
Send a message via AIM to aaronsnet
Stunnel and Shoutcast (https/SSL streaming) setup

I just discovered Stunnel and using it with Shoutcast for https (SSL) streaming without having to have a Shoutcast for Business (Premium) account. Basically, Stunnel takes the Shoutcast server and makes it https (SSL) without having to make any changes to the Shoutcast DNAS config itself. It turned out to be a lot easier than I thought it would be. The biggest hurdle I faced was finding up to date directions. This was done on a dedicated server with: CentOS 6. Also, Shoutcast DNAS and Stunnel were already installed and the port I used for https (SSL) streaming was already open and NOT used by another service.

1. Login to the server as root using SSH.

2. Follow the instructions to create a Let's Encrypt SSH key for Stunnel to use (even if you don't have a Shoutcast for Business account). When I did this, I had several dependencies that needed to be installed before I could actually run the certbot-auto command: https://help.shoutcast.com/hc/en-us/...rver-Software-

3. Go to the Stunnel directory (cd /etc/stunnel/)

4. Create stunnel.conf file (nano stunnel.conf). Add the following lines and save (CTRL - X):
accept=port that https (SSL) stream should go out on
connect=current domain and port of where your current Shoutcast server is (mine is on the same server which is why I use localhost
cert and key=replace your domain name used in step #2

code:

client=no
[shoutcast]
accept=8000
connect=localhost:8000
cert = /etc/letsencrypt/live/yourdomainhere.com/fullchain.pem
key = /etc/letsencrypt/live/yourdomainhere.com/privkey.pem



5. Start Stunnel (/usr/bin/stunnel)

6. Go to https://yourdomain.com:<port used for Stunnel> and you should see your Shoutcast v2 page if everything worked correctly.


(PS: I hope that the Shoutcast admins will not remove this post post, especially for us with very limited budgets trying to reach the largest audience possible.)

the detour network - detour MUSIC, detour TALK

Purple Zebra Consulting-http://purplezebra.us
Supporting independent internet radio stations since 2001!
aaronsnet is offline   Reply With Quote
Old 2nd March 2020, 14:20   #2
LStratmann
Senior Member
 
LStratmann's Avatar
 
Join Date: Dec 2019
Location: Germany
Posts: 370
There are many ways to get https without changing the DNAS.
Thank you very much for your tutorial. It certainly helps people.

I myself don't use SHOUTcast anymore, but I use a "proxy".
LStratmann is offline   Reply With Quote
Old 25th June 2020, 03:31   #3
TiaNcl
Junior Member
 
Join Date: Jul 2009
Posts: 4
Quote:
Originally Posted by aaronsnet View Post
I just discovered Stunnel and using it with Shoutcast for https (SSL) streaming without having to have a Shoutcast for Business (Premium) account. Basically, Stunnel takes the Shoutcast server and makes it https (SSL) without having to make any changes to the Shoutcast DNAS config itself. It turned out to be a lot easier than I thought it would be. The biggest hurdle I faced was finding up to date directions. This was done on a dedicated server with: CentOS 6. Also, Shoutcast DNAS and Stunnel were already installed and the port I used for https (SSL) streaming was already open and NOT used by another service.

1. Login to the server as root using SSH.

2. Follow the instructions to create a Let's Encrypt SSH key for Stunnel to use (even if you don't have a Shoutcast for Business account). When I did this, I had several dependencies that needed to be installed before I could actually run the certbot-auto command: https://help.shoutcast.com/hc/en-us/...rver-Software-

3. Go to the Stunnel directory (cd /etc/stunnel/)

4. Create stunnel.conf file (nano stunnel.conf). Add the following lines and save (CTRL - X):
accept=port that https (SSL) stream should go out on
connect=current domain and port of where your current Shoutcast server is (mine is on the same server which is why I use localhost
cert and key=replace your domain name used in step #2

code:

client=no
[shoutcast]
accept=8000
connect=localhost:8000
cert = /etc/letsencrypt/live/yourdomainhere.com/fullchain.pem
key = /etc/letsencrypt/live/yourdomainhere.com/privkey.pem



5. Start Stunnel (/usr/bin/stunnel)

6. Go to https://yourdomain.com:<port used for Stunnel> and you should see your Shoutcast v2 page if everything worked correctly.


(PS: I hope that the Shoutcast admins will not remove this post post, especially for us with very limited budgets trying to reach the largest audience possible.)
Hello.
can you post the sc_serv.conf please?
i do all the steps and shoutcast say can't bind on 443 port...
please help!
TiaNcl is offline   Reply With Quote
Old 28th October 2020, 10:53   #4
neuralnet
Junior Member
 
Join Date: Oct 2012
Posts: 7
If you can't bind to a port, it indicates that port is already in use. You're probably already using port 443 with a webserver or other service. You don't need to change anything in shoutcast's configs, keep all those the same. The HTTPS work here is being done by stunnel. All the info you need is in the original post..

> accept=port that https (SSL) stream should go out on;
I suggest you try port 8443 here instead, i.e.
accept=8443

> connect=current domain and port of where your current Shoutcast server
If you're running default configs and streaming on port 8000, as above put localhost:8000 (or whatever domain is serving your stream; yourradiostation.com:8000), otherwise change the port number to whatever you're using.

Start stunnel.

Open up http://yourradiostation.com:8000 (or wherever your admin pages are located).
Open up https://yourradiostation.com:8443 and you should see your admin pages proxied through SSL/TLS.

Now just change your stream urls from http:// to https:// and the port from 8000 to 8443. Job done
neuralnet is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Discussions

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump