482 links
265 private links
  • When 140 characters is not enough!
  • Home
  • Login
  • RSS Feed
  • ATOM Feed
  • Tag cloud
  • Picture wall
  • Daily
Links per page: 20 50 100
  • Add HTTPS support to Icecast2 using Let's Encrypt

    Add HTTPS support to Icecast2 using Let's Encrypt

    Do you have native SSL support in your icecast2 package?

    If you love to use the official package, first check if you have SSL support in your already installed icecast2 package:

    ldd /usr/bin/icecast2 | grep ssl

    If you don't see anything, you have no native support for SSL. In this case you can choose one of these options:

    • Option A: remove the package and install something else
    • Option B: setup a frontend webserver using nginx
    • Option C: setup a frontend webserver using Apache (← this answer)

    How to use Apache to setup a frontend webserver with HTTPs support, to serve Icecast2

    To visit Icecast over https://, you can install Apache and use it as frontend webserver, listening on standard port 443. It's easy to use Let's Encrypt to create a free certificate for Apache. Once it works, you can pass the traffic to Icecast2.

     Browser
     │
     │ https://example.com/radio.mp3
     ▼
    ┌───────────┐
    │           │
    │ Apache    │:443
    │           │
    └┬──────────┘
     │
     │ http://localhost:8080/radio.mp3
     ▼
    ┌───────────┐
    │           │
    │ Icecast   │:8080
    │           │
    └───────────┘

    If you use Debian GNU/Linux, here the guide:

    https://wiki.debian.org/Icecast2

    The core of the solution is to enable an apache VirtualHost like this:

    #
    # Apache VirtualHost serving my Icecast under HTTPs (:443)
    #
    # This frontend webserver passes all the traffic to
    # the underlying Icecast, listening on port 8000.
    #
    # The certificate comes from Let's Encrypt.
    #
    # Credits: https://stackoverflow.com/a/71383133/3451846
    <virtualhost *:443>
    
      ServerName example.com
    
      # this path is not useful and it's used only for Let's Encrypt's temporary files during the renewal process
      DocumentRoot /var/www/html
    
      # send all traffic to Icecast in plaintext
      <Location "/">
        ProxyPass        http://localhost:8000/
        ProxyPassReverse http://localhost:8000/
      </Location>
    
      # these files are served from /var/www/html to serve Let's Encrypt temporary files
      <Location "/.well-known/acme-challenge">
        ProxyPass !
      </Location>
    
      <IfFile /etc/letsencrypt/live/example.com/cert.pem>
        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/example.com/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
      </IfFile>
    
    </virtualhost>
    
    <VirtualHost *:80>
      ServerName example.com
    
      Redirect / https://example.com/
    </VirtualHost>

    And then enable it and issue your certificate:

    letsencrypt certonly --domain example.com --webroot --webroot-path /var/www/html

    But this is explained maybe better from the above guide.

    At the moment the guide does not cover nginx but other answers might give a similar practical example using that technology as well as apache2. The benefit of involving a frontend webserver like apache2 or nginx is that you don't have to touch Icecast. Also, it allows to serve Icecast2 among your already-existing websites, if any.


    Other answers might want to talk about an Icecast2's native interface with Let's Encrypt. At the moment I can share just the apache2 method that is the one I use in production since years without any problem. Moreover since I use Debian GNU/Linux, my package has not SSL support.

    June 30, 2025 at 15:01:24 GMT+2 * - permalink -
    QRCode
    - https://stackoverflow.com/questions/71383132/add-https-support-to-icecast2-using-lets-encrypt
    icecast lets-encrypt apache proxy reverse-proxy
Links per page: 20 50 100
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Help/documentation