How to set SSL on Shoutcast2 radio streaming for a single CentOS server using Nginx?

Portal Home
Knowledgebase
SHOUTcast
Centova Cast
How to set SSL on Shoutcast2 radio streaming for a single CentOS server using Nginx?

With the below-mentioned steps, you can easily configure a secured streaming account. And it works perfectly on both Centovcast v6.9 and v7.7.

Prerequisites:

1. Obtain UserID and License from Shoutcast
2. Obtain and install Valid SSL certificate
3. You'll need 2 (or more) public IP addresses (centova [SRCIP] and nginx [NGINX-IP] each needs their own)
4. Shoutcast2 config:
- srcip and dstip dedicated for ports in use on centovacast.

Steps:

1. First of all, add the following to the server.conf file for each stream:

sslcertificatefile=/path/to/certifcate.pem
sslcertificatekeyfile=/path/to/private.key
userid=[shoutcast user id]
licenceid=[shoutcast licence]

2. Enable port 80 proxy:

§ /usr/local/centovacast/sbin/setproxy on
§ vim /usr/local/centovacast/etc/web.d/cc-proxy.conf

3. Now add SRCIP to line:

listen 80; --> listen [SRCIP]:80;

4. Later add the following under "server {" outside location directives:


#Nginx Proxy setup
set_real_ip_from [NGINX-IP];
real_ip_header X-Real-IP;
real_ip_recursive on;

Note: As modified the location directives for a specific stream, you have to duplicate them for each stream. Leaving the defaults works with all my streams.

5. Once done, Restart centovacast.
§ Restart centovacast

6. Each stream needs proxy.conf

§ Each stream needs proxy.conf
□ /usr/local/centovacast/var/vhosts/ 
[STREAMNAME]/etc/proxy.conf
□ With: http://[SRCIP]:[PORT#]%MOUNT%


7. Now Stop and start the stream in Centovacast.

8. Point Audio encoder to Centovacast FQDM: PORT# as normal (unsecured stream can still be heard there)

9. Install Nginx.

10. Nginx config.

11. Edit /etc/nginx/conf.d/default.conf (or add your own filename.conf)

12.For each stream:

server {
          listen [NGINX-IP]:[PORT#] ssl;
          server_name         [Centovacast FQDN];
          ssl_certificate     /path/to/certificate.crt;
          ssl_certificate_key /path/to/private.key;
          ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers         HIGH:!aNULL:!MD5;
      
          location = /[MOUNTPOINT] {
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-Proto https;
                  proxy_set_header X-Forwarded-For $remote_addr;
                  proxy_set_header X-Forwarded-Host $remote_addr;
                  proxy_set_header Pragma no-cache;
                  proxy_set_header Cache-Control no-cache;
                  proxy_set_header Accept-Encoding */*;
                  proxy_set_header Accept */*;
                  proxy_buffering off;
                  tcp_nodelay on;
                  proxy_pass http://[SRCIP]:[PORT#];
              }
      }

13. Once completed, Start or restart nginx.

14. Listen on https://[NGINX-FQDN]:[PORT#]/[MOUNTPOINT]

Done!!

How to set SSL on Shoutcast2 radio streaming for a single CentOS server using Nginx?

Support

Most Popular Articles

How to set SSL on Shoutcast2 radio streaming for a single CentOS server using Nginx?

Support

Most Popular Articles

Generate Password