1. 首页
  2. 问答
  3. 为什么Icecast2不想通过https提供流?

为什么Icecast2不想通过https提供流?

2015-05-14 32 views
3

在安装了Ubuntu 14.04 LTS的服务器上安装Icecast2 2.4.1,并提供SSL支持。也在这台服务器上工作HTTPS网站。 我想在页面上插入HTML5播放器,它也会通过SSL流(否则 - 混合内容错误)。 该网站有一个商业SSL证书Icecast - 一个自签名的。 的Icecast配置文件:为什么Icecast2不想通过https提供流?

<icecast> 
<location>****</location> 
<admin>[email protected]*************</admin> 
<limits> 
    <clients>1000</clients> 
    <sources>2</sources> 
    <threadpool>5</threadpool> 
    <queue-size>524288</queue-size> 
    <source-timeout>10</source-timeout> 
    <burst-on-connect>0</burst-on-connect> 
    <burst-size>65535</burst-size> 
</limits> 
<authentication> 
    <source-password>*****</source-password> 
    <relay-password>*****</relay-password> 
    <admin-user>*****</admin-user> 
    <admin-password>*****</admin-password> 
</authentication> 
<hostname>************</hostname> 
<listen-socket> 
    <port>8000</port> 
    <ssl>1</ssl> 
</listen-socket> 
<mount> 
    <mount-name>/stream</mount-name> 
    <charset>utf-8</charset> 
</mount> 
<mount> 
    <mount-name>/ogg</mount-name> 
    <charset>utf-8</charset> 
</mount> 
<fileserve>1</fileserve> 
<paths> 
    <basedir>/usr/share/icecast2</basedir> 
    <logdir>/var/log/icecast2</logdir> 
    <webroot>/usr/share/icecast2/web</webroot> 
    <adminroot>/usr/share/icecast2/admin</adminroot> 
    <alias source="/" dest="/status.xsl"/> 
    <ssl-certificate>/etc/icecast2/icecast2.pem</ssl-certificate> 
</paths> 
<logging> 
    <accesslog>access.log</accesslog> 
    <errorlog>error.log</errorlog> 
    <loglevel>4</loglevel> 
</logging> 
<security> 
    <chroot>0</chroot> 
    <changeowner> 
     <user>icecast2</user> 
     <group>icecast</group> 
    </changeowner> 
</security> 
</icecast>

证书所生成的Icecast(/etc/icecast2/icecast2.pem):

OpenSSL的REQ -new -newkey RSA:2048 -days 365 -nodes -x509 -keyout icecast2.pem退房手续icecast2.pem

我希望从地址https://domain.name:8000/streamhttps://domain.name:8000/ogg插入到通过标签音频播放器,但在应对获取输出流 - 沉默。因此,一个简单的http地址的一切工作正常。 我不明白什么都是相同的错误... 在此先感谢您的帮助!

来源

2015-05-14 Alexander

回答

5

我最近遇到了这个问题,没有很多时间来解决它,我也没有看到这么做的文档。我认为这不是最广泛使用的icecast配置,所以我只是用nginx代理我的,它工作正常。

下面是一个nginx虚拟主机的例子。一定要更改域名,检查你的路径,并考虑你想要代理的位置以及你想要如何处理端口。

请注意,这将提供443端口上,而不是8000的某些客户端(如facebookexternalhit/1.1)的流可能会尝试挂到流中认为这是一个HTTPS URL等待连接。这可能不是你期望或期望的行为。

此外,如果您根本不想使用http,请务必将bind-address更改回本地主机。例如:

<bind-address>127.0.0.1</bind-address>

www.example.com.nginx.conf

##### NO SSL REDIRECT ######################################### 

server 
    { 
    listen 80; 
    server_name www.example.com; 
    location /listen 
    { 
    if ($ssl_protocol = "") 
     { 
     rewrite^ https://$server_name$request_uri? permanent; 
     } 

    } 

    } 

#### SSL ###################################################### 

server 
{ 
ssl on; 
ssl_certificate_key /etc/sslmate/www.example.com.key; 
ssl_certificate /etc/sslmate/www.example.com.chained.crt; 
# Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 
ssl_prefer_server_ciphers on; 
ssl_dhparam /usr/share/sslmate/dhparams/dh2048-group14.pem; 
ssl_session_timeout 5m; 
ssl_session_cache shared:SSL:5m; 
# Enable this if you want HSTS (recommended) 
add_header Strict-Transport-Security max-age=15768000; 
listen 443 ssl; 
server_name www.example.com; 

location/
    { 
    proxy_pass   http://127.0.0.1:8000/; 
    proxy_redirect  off; 
    proxy_set_header Host    $host; 
    proxy_set_header X-Real-IP  $remote_addr; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    } 

    }

来源

2015-07-16 23:12:22

相关问题

 相关问题