Perfect (SSL) Shoutcast Server

HG2S replied

23 March 2023, 05:22
This might be of interest to future readers:

SHOUTcast DNAS Server 2.5.5

https://sc-mirror.shoutca.st/docs/DNAS_Server.html#Networking

alternateports : Specify additional ports which listeners will be able to connect to the server [Default = <no value>]

This is specified as a comma separated string e.g. alternateports=80,8080 and will only provide listener responses i.e. none of the admin or /index.html pages will respond on these ports, just the audio stream.

This is provided as a way to help improve connectivity to any of the streams provided from the server for cases where external firewalls are blocking listener access to the stream on the main port.
Leave a comment:
HubuFM replied

23 March 2023, 00:31
Originally Posted by HG2S View Post

From what you're saying the port assignment is either 8000 or 443 (for https). Does the server automatically re-direct http requests to https?

No, you can use nginx/apache for port 80 to redirect to 443 with '301'. nginx/apache should run on port 80 and reachable for certbot/LetsEncrypt.
Leave a comment:
HG2S replied

17 March 2023, 04:48
portbase = XXXX # Port to stream, can be 8000 or 443 for direct SSL connect without additional port.

From what you're saying the port assignment is either 8000 or 443 (for https). Does the server automatically re-direct http requests to https?
Leave a comment:
HubuFM replied

16 March 2023, 21:47
ulimits should be increased if you expect more than 1,000 listeners at the same time. But most stations are below it, so you safe time.
Leave a comment:
HG2S replied

14 March 2023, 15:16
I updated first post, because it is now much easier.

In the original post you referred to:

Sometimes DNAS crying and need holidays.

Is that still the case with the newer version of Shoutcast? Any idea there?

Also:

If you expect more than 300 listeners it's highly recommend to increase your open file limits

Do you still recommend upping the ulimits?

Last edited by HG2S; 17 March 2023, 04:42.
Leave a comment:
HG2S replied

14 March 2023, 15:09
SSL certificates from LetsEncrypt are only valid for 3 months. So it need to be renewed.

OK, you're referring to certificate renewal. That's fine. -Thanks
Leave a comment:
HubuFM replied

13 March 2023, 01:07
Originally Posted by HG2S View Post

What is meant by "Renew-SSL Hooks" and why is that needed or recommended? -Thank you

Hi,

I updated first post, because it is now much easier.
SSL certificates from LetsEncrypt are only valid for 3 months. So it need to be renewed.
Leave a comment:
HG2S replied

10 March 2023, 13:40
What is meant by "Renew-SSL Hooks" and why is that needed or recommended? -Thank you
Leave a comment:
Techno.RS replied

7 December 2022, 11:45
Exactly what I need just a little problem and question:
Can this all be done also with Ubuntu 20.04.5 LTS or must be Debian only?
Leave a comment:
LStratmann replied

25 January 2022, 08:15
In the meantime SHOUTcast offers this, at that time it was chargeable.
Leave a comment:
nitromix replied

24 January 2022, 18:13
So much effort when SHOUTcast have to support native and free SSL
Leave a comment:
HubuFM replied

19 November 2021, 22:57
Originally Posted by thinktink View Post

You can also do SSL enabled reverse proxy to SHOUTcast with Apache if you already have it installed. Did it on my Windows machine.

Yes, but in my test nginx was faster (micro caching) and need less resources. But both methods will work.
Leave a comment:
thinktink replied

19 November 2021, 17:25
You can also do SSL enabled reverse proxy to SHOUTcast with Apache if you already have it installed. Did it on my Windows machine.
Leave a comment:
HubuFM started a topic Perfect (SSL) Shoutcast Server

18 November 2021, 16:59
Perfect (SSL) Shoutcast Server
UPDATE:

SINCE DNAS 2.6.1 external SSL proxy (nginx/apache) isn't required anymore!

Now:
- Create SSL certificates with Letsencrypt/Certbot
- Enter Certificates in "sc_serv.conf" as below
- Start/Restart DNAS.
- Done!

HTML Code:

portbase = XXXX # Port to stream, can be 8000 or 443 for direct SSL connect without additional port. sslcertificatekeyfile = /etc/letsencrypt/live/MYWEBSITE.COM/privkey.pem sslcertificatefile = /etc/letsencrypt/live/MYWEBSITE.COM/fullchain.pem
Last edited by HubuFM; 13 March 2023, 01:06.
Tags: crash, dnas, freemium, shoutcast, ssl