Install Icecast Server on CentOS 7.7 64bit
------------------------------------------
yum -y groupinstall "Development Tools"
yum install libxslt-devel curl-devel libtheora-devel libvorbis-devel libxslt-devel speex-devel libxslt
yum install wget curl-devel libvorbis-devel libxslt-devel libxslt-devel openssl-devel
yum update
Download icecast-2.4.4.tar.gz to /software:
cd /
mkdir software
cd software
wget http://www.readyformed.com/download/icecast-2.4.4.tar.gz
Extract, configure and compile the Icecast code from the source:
cd /usr/src
tar xf /software/icecast-2.4.4.tar.gz
cd icecast-2.4.4
./configure --prefix=/opt/icecast/2.4.4 --with-curl --with-openssl
make
make install
Make a symbolic link to the folder name "latest":
cd /opt/icecast
ln -s 2.4.4 latest
groupadd -g 200 icecast
useradd -d /var/log/icecast -m -g icecast -s /bin/bash -u 200 icecast
mkdir -p /var/run/icecast
chown -R icecast:icecast /var/run/icecast
Test:
/opt/icecast/latest/bin/icecast -c /opt/icecast/latest/etc/icecast.xml -b
Allow TCP ports 8000 and 8443 through the iptables or any other firewall if required.
Auto start:
vi /etc/rc.d/rc.local
(Add the following to the end of the file to make Icecast auto-start):
# Start Icecast:
/opt/icecast/latest/bin/icecast -c /opt/icecast/latest/etc/icecast.xml -b
Add an SSL certificate
----------------------
Install certbot if it's not already installed, Note: epel repository must be installed:
yum install certbot
The required hostname (for example stream.yourdomain.com) must be setup in Apache and configured for HTTPS with a certificate.
Once this has been done and that works we will have a Letsencrypt certificate to use in the follwing notes.
Note: Certificates can also be generated without apache using the following, however this requires port that 80 is accessible (and any other HTTP server stopped while the script runs). This is NOT needed if the site is setup in Apache and that is probably easier to manage than this:
##service httpd stop
##certbot certonly --standalone --agree-tos --non-interactive --text --rsa-key-size 4096 --email support@yourdomain.com --domains "stream.yourdomain.com"
##service httpd start
Now with a Letsencrypt certificate generated either with Apache or in standalone mode we need to add this to Icecast:
Letsencrypt certificates will now be located in /etc/letsencrypt/live/stream.yourdomain.com/
`privkey.pem` : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
Copy the content from cert.pem(actually fullchain to avoid issues with some clients) and privkey.pem and make a new file
named icecast.pem and past both into one (first cert and then the privkey).
Note: Icecast does not have permission (as the icecast user) to access the /etc/letsencrypt directory so we move the final certificate file to it's config directory:
cd /etc/letsencrypt/live/stream.yourdomain.com
cat fullchain.pem privkey.pem > icecast.pem
mv /etc/letsencrypt/live/stream.yourdomain.com/icecast.pem /opt/icecast/latest/etc/icecast.pem
Edit /opt/icecast/2.4.4/etc/icecast.xml
Ensure the hostname line is correct:
stream.yourdomain.com
Add a mapping for port 8443 with SSL in addition to and under the 8000 section:
8443
1
Add the following in the "paths" section before the line:
/opt/icecast/latest/etc/icecast.pem
Reboot.
Troubleshooting:
Note that if port 8443 only responds to http but is configured correctly, this is probably a permissions issue with the certificate.