Streaming Service with Icecast

Note: we will be using the  fork that contains some extra stuff and features/fixes/improvements that may eventually land in vanilla.

Software
Note: At time of writing,  suffers from a small compilation problem with OpenSSL.

apt install libxslt1-dev libogg-dev libvorbis-dev libtheora-dev libcurl4-openssl-dev cd /usr/src git clone https://github.com/karlheyes/icecast-kh cd icecast-kh ./configure --with-openssl make make install
 * Install dependencies (Debian)
 * Get the sources
 * Compile and install

Firewall
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
 * Make sure you listen on 8000, adjust your :

You can adjust to your liking, 8000 is the default for Icecast.

Basic Configuration
Simple setup with  accepting 4 sources, changing process ownership to , and running in a.

mkdir /usr/local/share/icecast/log chown nobody:nogroup /usr/local/share/icecast/log 𓅣 top.cool@c_est.super.deluxe 64            unit file: [Unit] Description=Icecast After=network.target
 * log files in chroot:

[Service] Type=simple ExecStart=/usr/local/bin/icecast -c /usr/local/etc/icecast.xml ExecReload=/usr/bin/kill -HUP $MAINPID

[Install] WantedBy=multi-user.target systemctl enable icecast service icecast start service icecast status service icecast stop
 * Enable the service on boot:
 * Manage the service with

MOAR Configuration
With the previous section you will get something up and running, stable and all. It's a good starting point to tweak things further.

NGINX Reverse Proxy
At time of writing, reverse proxying for icecast is not really worth it. Will explain a bit more eventually.

TLS/SSL Support
It's possible to use existing X.509 certificates to provide HTTPS access to both listeners and sources. For this to work the server and intermediate certificates with the private key. cat /etc/letsencrypt/live/domain.tld/fullchain.pem > /usr/local/share/icecast/icecast.pem cat /etc/letsencrypt/live/domain.tld/privkey.pem >> /usr/local/share/icecast/icecast.pem /usr/local/share/icecast /log /web /admin /usr/local/share/icecast/icecast.pem ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM: RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS 
 * merge  with   (example with Let's Encrypt certs)
 * Adjust  config file with   and  :

Note: If you have used the config file of this documentation, then icecast will be reachable both on  and. You may want to keep it like that as some clients (both for listening and emitting) do not support TLS/SSL. If you want enforce TLS/SSL, you can adjust your config file so that:  999            1     

Moar Cores!
In  it's possible to choose how many threads to use for processing clients. This should be based on the number of CPUs or cores. This can be adjusted in  with the following line inside  : 4

Relaying an External Stream (the lazy way)
This can be done simply by just pointing to the stream you want to relay. Careful though, you need to point to the remote server IP, not the domain. If you add, the stream will be relayed only if it is requested. 10.10.10.10        1234         /blabla.mp3 /blabla.mp3 1 0