Announcement

Collapse
No announcement yet.

Stunnel and Shoutcast (https/SSL streaming) setup

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Stunnel and Shoutcast (https/SSL streaming) setup

    I just discovered Stunnel and using it with Shoutcast for https (SSL) streaming without having to have a Shoutcast for Business (Premium) account. Basically, Stunnel takes the Shoutcast server and makes it https (SSL) without having to make any changes to the Shoutcast DNAS config itself. It turned out to be a lot easier than I thought it would be. The biggest hurdle I faced was finding up to date directions. This was done on a dedicated server with: CentOS 6. Also, Shoutcast DNAS and Stunnel were already installed and the port I used for https (SSL) streaming was already open and NOT used by another service.

    1. Login to the server as root using SSH.

    2. Follow the instructions to create a Let's Encrypt SSH key for Stunnel to use (even if you don't have a Shoutcast for Business account). When I did this, I had several dependencies that needed to be installed before I could actually run the certbot-auto command: https://help.shoutcast.com/hc/en-us/...rver-Software-

    3. Go to the Stunnel directory (cd /etc/stunnel/)

    4. Create stunnel.conf file (nano stunnel.conf). Add the following lines and save (CTRL - X):
    accept=port that https (SSL) stream should go out on
    connect=current domain and port of where your current Shoutcast server is (mine is on the same server which is why I use localhost
    cert and key=replace your domain name used in step #2

    code:

    
client=no
    
[shoutcast]
    
accept=8000
    
connect=localhost:8000
    
cert = /etc/letsencrypt/live/yourdomainhere.com/fullchain.pem
    
key = /etc/letsencrypt/live/yourdomainhere.com/privkey.pem
    5. Start Stunnel (/usr/bin/stunnel)

    6. Go to https://yourdomain.com:<port used for Stunnel> and you should see your Shoutcast v2 page if everything worked correctly.


    (PS: I hope that the Shoutcast admins will not remove this post post, especially for us with very limited budgets trying to reach the largest audience possible.)
    the detour network - detour MUSIC, detour TALK

    Purple Zebra Consulting-http://purplezebra.us
    Supporting independent internet radio stations since 2001!
    Tags: None
  • #2
    There are many ways to get https without changing the DNAS.
    Thank you very much for your tutorial. It certainly helps people.

    I myself don't use SHOUTcast anymore, but I use a "proxy".

    Comment

    • #3
      Originally Posted by aaronsnet View Post
      I just discovered Stunnel and using it with Shoutcast for https (SSL) streaming without having to have a Shoutcast for Business (Premium) account. Basically, Stunnel takes the Shoutcast server and makes it https (SSL) without having to make any changes to the Shoutcast DNAS config itself. It turned out to be a lot easier than I thought it would be. The biggest hurdle I faced was finding up to date directions. This was done on a dedicated server with: CentOS 6. Also, Shoutcast DNAS and Stunnel were already installed and the port I used for https (SSL) streaming was already open and NOT used by another service.

      1. Login to the server as root using SSH.

      2. Follow the instructions to create a Let's Encrypt SSH key for Stunnel to use (even if you don't have a Shoutcast for Business account). When I did this, I had several dependencies that needed to be installed before I could actually run the certbot-auto command: https://help.shoutcast.com/hc/en-us/...rver-Software-

      3. Go to the Stunnel directory (cd /etc/stunnel/)

      4. Create stunnel.conf file (nano stunnel.conf). Add the following lines and save (CTRL - X):
      accept=port that https (SSL) stream should go out on
      connect=current domain and port of where your current Shoutcast server is (mine is on the same server which is why I use localhost
      cert and key=replace your domain name used in step #2

      code:

      
client=no
      
[shoutcast]
      
accept=8000
      
connect=localhost:8000
      
cert = /etc/letsencrypt/live/yourdomainhere.com/fullchain.pem
      
key = /etc/letsencrypt/live/yourdomainhere.com/privkey.pem
      5. Start Stunnel (/usr/bin/stunnel)

      6. Go to https://yourdomain.com:<port used for Stunnel> and you should see your Shoutcast v2 page if everything worked correctly.


      (PS: I hope that the Shoutcast admins will not remove this post post, especially for us with very limited budgets trying to reach the largest audience possible.)
      Hello.
      can you post the sc_serv.conf please?
      i do all the steps and shoutcast say can't bind on 443 port...
      please help!

      Comment

      • #4
        If you can't bind to a port, it indicates that port is already in use. You're probably already using port 443 with a webserver or other service. You don't need to change anything in shoutcast's configs, keep all those the same. The HTTPS work here is being done by stunnel. All the info you need is in the original post..

        > accept=port that https (SSL) stream should go out on;
        I suggest you try port 8443 here instead, i.e.
        accept=8443

        > connect=current domain and port of where your current Shoutcast server
        If you're running default configs and streaming on port 8000, as above put localhost:8000 (or whatever domain is serving your stream; yourradiostation.com:8000), otherwise change the port number to whatever you're using.

        Start stunnel.

        Open up http://yourradiostation.com:8000 (or wherever your admin pages are located).
        Open up https://yourradiostation.com:8443 and you should see your admin pages proxied through SSL/TLS.

        Now just change your stream urls from http:// to https:// and the port from 8000 to 8443. Job done

        Comment

        Previous template Next
        Working...
        X
        😀
        🥰
        🤢
        😎
        😡
        👍
        👎