Using Stunnel to add ssl to shoutcast

Discussion in 'Tutorials' started by Quags, Jan 14, 2016.

Thread Status:
This thread is more than 60 days old.
  1. Quags

    Quags Administrator Staff Member

    A client requested shoutcast over ssl. Shoutcast did not support ssl naively so I decided to use stunnel to allow it. Here is how I got ssl working:

    First stunnel must be installed. Many OS’s have stunnel preinstalled: so try running stunnel first. If not install with your OS’s package management tool such as

    centos: yum install stunnel
    ubuntu: apt-get install stunnel

    Once stunnel is installed you can begin. First a config file is needed. In this example shoutcast is installed already and running on port 8000. It is listening on localhost only. Create the file


    cert = /etc/stunnel/stunnel.pem

    Now create the PEM file /etc/stunnel/stunnel.pem

    The format is

    rsa key first
    certificate second
    cabundle/intermediate third

    Set permissions to 600
    chmod 600 /etc/stunnel/stunnel.pem

    Now stunnel can be started with the command /usr/bin/stunnel and we can connect to port 8002 over ssl.
  2. Radiorookie

    Radiorookie New Member


    I am trying to encrypt a Shoutcast V2 stream so I can pull metadata from the stream's XML file in HTTPS. I am running into issues with resolving the stream over HTTPS on port 8002. Have you managed to create a live example of an actual audio stream that is encrypted with SSL? Thanks in advance
  3. Probably Not Groot

    Probably Not Groot New Member

    Thanks for sharing this, guys. I know the thread has been dead a long time, but I found it and it helped me solve the same problem. For future generations, I shared this as an AWS image. To use it:

    - create a free Amazon Web Services account
    - create an instance (I used free tier) of ami-947151f1
    - open ports 80 and 443 on your security group
    - use the certbot certonly command described here ( to get a free SSL certificate from letscertify
    - edit /etc/stunnel/stunnel.conf to point to your new certificates and the feed you want to proxy (directions in the config file)
    - reboot or restart stunnel

    thanks to the original author of this thread!
Thread Status:
This thread is more than 60 days old.

Share This Page