Publicaciones

RPI compiling Icecast with support for openssl


In the Raspbian repositories, the Icecast2 package does NOT support encrypted connections via openssl. If you try to use the ssl tags in the /etc/icecast2/icecast.xml configuration file, Icecast will fail to start. You'll see something like this in /var/log/icecast2/error.log:




INFO connection/get_ssl_certificate No SSL capability.
 
To remedy this, you need to compile Icecast with openssl support enabled. I recommend installing Icecast2 from the repositories and then removing it. This builds all the configuration files in /etc/icecast2, creates a daemon user and group called icecast2 and icecast, and provides the init scripts necessary to start Icecast automatically during the boot process.
Make sure your repository cache is up-to-date:

sudo apt-get update
 
Install Icecast2 from the repositories:

sudo apt install icecast2
 
It will ask you three passwords to set. These will be stored as plain text in /etc/icecast2/icecast.xml, so choose your passwords wisely.
Remove Icecast2, but don't purge:

sudo apt remove icecast2
 
Optionally, you can check whether the configuration files are still there:

ls -l /etc/init.d/ /etc/ | grep icecast
 
Install the development tools required to build Icecast from source (I'm not positive this is everything. Leave me a comment if you need help with this.):

sudo apt install git gcc build-essential
 
Now let's get some of the dependencies required to compile Icecast from source. As of Icecast v. 2.4, it requires the following packages: libxml2, libxslt, curl (>= version 7.10 required), and ogg/vorbis (>= version 1.0 required). You'll also need libssl-dev (of course).

sudo apt install libcurl4-openssl-dev libxslt1-dev libxml2-dev libogg-dev libvorbis-dev libflac-dev libtheora-dev libssl-dev

If apt reports you already have these installed, no worries. Let's get compiling!
The development libraries provided above are only the bare minimum necessary to compile Icecast with SSL support. You can also install other libraries to extend the functionality of Icecast. Once you have the Icecast source downloaded, you can run ./configure -h to see some of the extra packages that are supported. For example, you can install the Speex library to provide support for this speech codec:

sudo apt install libspeex-dev
 
Make a folder that we can get dirty.

cd /home/pi/
mkdir src
cd src
 
Clone the latest release of Icecast (See Icecast.org Downloads):

git clone --recursive https://git.xiph.org/icecast-server.git
 
Move into the source directory and prepare the configuration script:

cd icecast-server; ./autogen.sh
 
Configure the source code with SSL support enabled:

./configure --with-curl --with-openssl
 
The configure script will not report that SLL was enabled, it will only report if it's disabled. You can check that the configuration was successful by running this:

grep lssl config.status
 
Grep should output a line similar to this:

S["XIPH_LIBS"]=" -lssl -lcrypto -L/usr/lib/arm-linux-gnueabihf -lcurl -lspeex -ltheora -lvorbis -logg -lm -lxslt -lxml2"
 
If so, then openssl has been successfully enabled for compilation. Alternatively, you can look for "configure: SSL disabled!" near the end of the configure script output.
If the SSL library was successfully enabled, compile Icecast:
If you have a 4-core ARM, let's use all 4 of them:

make -j4

Otherwise, stick with your single core :( 

make
Compiling Icecast only takes about 3 minutes with 4-cores enabled on the RPi 3. This is a breeze compared to FFMPEG, which can take over 90 minutes.
Install Icecast:

make install
 
Create a self-signed SSL certificate to be used for encryption:

sudo mkdir /etc/icecast2/ssl
sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/icecast2/ssl/icecast.pem -out /etc/icecast2/ssl/icecast.pem

This command will provide you with several prompts to answer. Each one is optional, but I recommend filling in at least the Country, State or Province, and Organization.
Configure Icecast to use the newly minted SLL certificate. You need to tell Icecast to only use SSL on a particular port and where the SLL certificate is located:

sudo nano /etc/icecast2/icecast.xml



Since I was streaming with Darkice, I also needed to create another listen socket. This port will allow Darkice to communicate with Icecast. Icecast will stream to the world with the encrypted socket (port 9005), but communicate locally unencrypted with Darkice using port 8005.



 
Create symbolic links to the old repository version of Icecast2, so that we can use the /etc files:

sudo ln -s /usr/local/bin/icecast /usr/bin/icecast2
sudo ln -s /usr/local/share/icecast /usr/share/icecast2
 
Now, let's test it out:

sudo service icecast2 start
 
Test whether Icecast is hosting via a browser:

https://Your_RPi_IP:8443/

Details on centova forum
http://forums.centova.com/index.php?topic=4151 
Share this Article on :
 
d Copyright Blogs Net Andino 2006 | Design by Net Andino | Published by Editor de Templates | Powered by Net Andino .