Ale*_*der 5 streaming ssl audio-streaming icecast ubuntu-14.04
在使用Ubuntu 14.04 LTS的服务器上安装了支持SSL的Icecast2 2.4.1.此外,在此服务器上工作的HTTPS网站.我想在页面上插入HTML5播放器,它也会通过SSL获取流(否则 - 混合内容错误).该网站有一个商业SSL证书,Icecast - 一个自签名的.Icecast配置文件:
<icecast>
<location>****</location>
<admin>admin@*************</admin>
<limits>
<clients>1000</clients>
<sources>2</sources>
<threadpool>5</threadpool>
<queue-size>524288</queue-size>
<source-timeout>10</source-timeout>
<burst-on-connect>0</burst-on-connect>
<burst-size>65535</burst-size>
</limits>
<authentication>
<source-password>*****</source-password>
<relay-password>*****</relay-password>
<admin-user>*****</admin-user>
<admin-password>*****</admin-password>
</authentication>
<hostname>************</hostname>
<listen-socket>
<port>8000</port>
<ssl>1</ssl>
</listen-socket>
<mount>
<mount-name>/stream</mount-name>
<charset>utf-8</charset>
</mount>
<mount>
<mount-name>/ogg</mount-name>
<charset>utf-8</charset>
</mount>
<fileserve>1</fileserve>
<paths>
<basedir>/usr/share/icecast2</basedir>
<logdir>/var/log/icecast2</logdir>
<webroot>/usr/share/icecast2/web</webroot>
<adminroot>/usr/share/icecast2/admin</adminroot>
<alias source="/" dest="/status.xsl"/>
<ssl-certificate>/etc/icecast2/icecast2.pem</ssl-certificate>
</paths>
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<loglevel>4</loglevel>
</logging>
<security>
<chroot>0</chroot>
<changeowner>
<user>icecast2</user>
<group>icecast</group>
</changeowner>
</security>
</icecast>
Icecast证书(/etc/icecast2/icecast2.pem)由以下人员生成:
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout icecast2.pem -out icecast2.pem
我希望从地址https://domain.name:8000/stream https://domain.name:8000/ogg获取输出流,以便通过标签音频插入播放器,但作为回应 - 沉默.因此,具有简单http的地址一切正常.我不明白所有的错误...提前感谢您的帮助!
我最近遇到了这个问题并且没有太多时间来解决它,也没有看到这么做的文档.我认为它不是最广泛使用的icecast配置,所以我只用nginx代理我的,它工作正常.
这是一个nginx vhost示例.请务必更改域,检查路径并考虑您希望mount代理的位置以及您希望如何处理端口.
请注意,这将使您的流在端口443而不是8000上可用.某些客户端(例如facebookexternalhit/1.1)可能会尝试挂起到流,因为它是一个等待连接的https URL.这可能不是您期望或期望的行为.
此外,如果您根本不想使用http,请确保将bind-address更改回本地主机.例如:
<bind-address>127.0.0.1</bind-address>
www.example.com.nginx.conf
##### NO SSL REDIRECT #########################################
server
{
listen 80;
server_name www.example.com;
location /listen
{
if ($ssl_protocol = "")
{
rewrite ^ https://$server_name$request_uri? permanent;
}
}
}
#### SSL ######################################################
server
{
ssl on;
ssl_certificate_key /etc/sslmate/www.example.com.key;
ssl_certificate /etc/sslmate/www.example.com.chained.crt;
# Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/share/sslmate/dhparams/dh2048-group14.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Enable this if you want HSTS (recommended)
add_header Strict-Transport-Security max-age=15768000;
listen 443 ssl;
server_name www.example.com;
location /
{
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
| 归档时间: |
|
| 查看次数: |
7127 次 |
| 最近记录: |