Difference between revisions of "Streaming Service with Icecast"

From Run Your Own
Jump to: navigation, search
(Basic Configuration)
(Basic Configuration)
Line 25: Line 25:
 
Simple setup with <code>icecast</code> changing process ownership to <code>nobody:nogroup</code> and running in a <code>chroot</code>.
 
Simple setup with <code>icecast</code> changing process ownership to <code>nobody:nogroup</code> and running in a <code>chroot</code>.
  
<code>/usr/local/etc/icecast.xml</code>:
+
* log files in chroot:
 +
mkdir /usr/local/share/icecast/log
 +
chown nobody:nogroup /usr/local/share/icecast/log
 +
* <code>/usr/local/etc/icecast.xml</code>:
 +
 
 +
  <icecast>
 +
      <location>𓅣</location>
 +
      <admin>top.cool@c_est.super.deluxe</admin>
 +
 
 +
      <limits>
 +
          <clients>64</clients>
 +
          <sources>2</sources>
 +
          <queue-size>524288</queue-size>
 +
          <client-timeout>30</client-timeout>
 +
          <header-timeout>15</header-timeout>
 +
          <source-timeout>10</source-timeout>
 +
          <burst-size>65535</burst-size>
 +
      </limits>
 +
 
 +
      <authentication>
 +
          <source-password>hackme2</source-password>
 +
          <relay-password>hackme2</relay-password>
 +
          <admin-user>admin</admin-user>
 +
          <admin-password>hackme3</admin-password>
 +
      </authentication>
 +
 
 +
      <hostname>echo.lurk.org</hostname>
 +
 
 +
      <listen-socket>
 +
          <port>8000</port>
 +
      </listen-socket>
 +
 
 +
      <fileserve>1</fileserve>
 +
 
 +
      <paths>
 +
          <basedir>/usr/local/share/icecast</basedir>
 +
          <logdir>/log</logdir>
 +
          <webroot>/web</webroot>
 +
          <adminroot>/admin</adminroot>
 +
          <!-- <ssl-certificate>/usr/local/share/icecast/icecast.pem</ssl-certificate> -->
 +
          <alias source="/" dest="/index.html"/>
 +
      </paths>
 +
 
 +
      <logging>
 +
          <accesslog>access.log</accesslog>
 +
          <errorlog>error.log</errorlog>
 +
          <!-- <accesslog_ip>0<accesslog_ip> -->
 +
          <!-- <playlistlog>playlist.log</playlistlog> -->
 +
          <loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
 +
          <logsize>10000</logsize> <!-- Max size of a logfile -->
 +
      </logging>
 +
 
 +
      <security>
 +
          <chroot>1</chroot>
 +
          <changeowner>
 +
              <user>nobody</user>
 +
              <group>nogroup</group>
 +
          </changeowner>
 +
      </security>
 +
  </icecast>
  
 
=== Service file and autostart (systemd) ===
 
=== Service file and autostart (systemd) ===

Revision as of 00:10, 17 December 2019

Note: we will be using the icecast-kh fork that contains some extra stuff (FIXME: unpack stuff).

Installation

Software

Note: At time of writing, icecast-kh suffers from a small compilation problem with OpenSSL.

  • Install dependencies (Debian)
apt install libxslt1-dev libogg-dev libvorbis-dev libtheora-dev libcurl4-openssl-dev
  • Get the sources
cd /usr/src
git clone https://github.com/karlheyes/icecast-kh
  • Compile and install
cd icecast-kh
./configure --with-openssl
make
make install

Firewall

  • Make sure you listen on 8000, adjust your iptables:
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT

You can adjust to your liking, 8000 is the default for Icecast.

Basic Configuration

Simple setup with icecast changing process ownership to nobody:nogroup and running in a chroot.

  • log files in chroot:
mkdir /usr/local/share/icecast/log
chown nobody:nogroup /usr/local/share/icecast/log
  • /usr/local/etc/icecast.xml:
 <icecast>
     <location>𓅣</location>
     <admin>top.cool@c_est.super.deluxe</admin>
 
     <limits>
         <clients>64</clients>
         <sources>2</sources>
         <queue-size>524288</queue-size>
         <client-timeout>30</client-timeout>
         <header-timeout>15</header-timeout>
         <source-timeout>10</source-timeout>
         <burst-size>65535</burst-size>
     </limits>
 
     <authentication>
         <source-password>hackme2</source-password>
         <relay-password>hackme2</relay-password>
         <admin-user>admin</admin-user>
         <admin-password>hackme3</admin-password>
     </authentication>
 
     <hostname>echo.lurk.org</hostname>
 
     <listen-socket>
         <port>8000</port>
     </listen-socket>
 
     <fileserve>1</fileserve>
 
     <paths>
         <basedir>/usr/local/share/icecast</basedir>
         <logdir>/log</logdir>
         <webroot>/web</webroot>
         <adminroot>/admin</adminroot>
         <alias source="/" dest="/index.html"/>
     </paths>
 
     <logging>
         <accesslog>access.log</accesslog>
         <errorlog>error.log</errorlog>
         <loglevel>3</loglevel> 
         <logsize>10000</logsize> 
      </logging>
 
     <security>
         <chroot>1</chroot>
         <changeowner>
             <user>nobody</user>
             <group>nogroup</group>
         </changeowner>
     </security>
 </icecast>

Service file and autostart (systemd)

  • Create a systemd service file:
[Unit]
Description=Icecast
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/icecast -c /usr/local/etc/icecast.xml
ExecReload=/usr/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
  • Enable the service on boot:
systemctl enable icecast
  • Manage the service with
service icecast start
service icecast status
service icecast stop

Configuration