Using Stunnel to add ssl to shoutcast

Quags

Administrator
Staff member
A client requested shoutcast over ssl. Shoutcast did not support ssl naively so I decided to use stunnel to allow it. Here is how I got ssl working:

First stunnel must be installed. Many OS’s have stunnel preinstalled: so try running stunnel first. If not install with your OS’s package management tool such as

centos: yum install stunnel
ubuntu: apt-get install stunnel

Once stunnel is installed you can begin. First a config file is needed. In this example shoutcast is installed already and running on port 8000. It is listening on localhost only. Create the file

/etc/stunnel/stunnel.conf

<pre>
client=no
[shoutcast]
accept=8002
connect=localhost:8000
cert = /etc/stunnel/stunnel.pem
</pre>

Now create the PEM file /etc/stunnel/stunnel.pem

The format is

rsa key first
certificate second
cabundle/intermediate third

Set permissions to 600
chmod 600 /etc/stunnel/stunnel.pem

Now stunnel can be started with the command /usr/bin/stunnel and we can connect to port 8002 over ssl.
 

Radiorookie

New Member
A client requested shoutcast over ssl. Shoutcast did not support ssl naively so I decided to use stunnel to allow it. Here is how I got ssl working:

First stunnel must be installed. Many OS’s have stunnel preinstalled: so try running stunnel first. If not install with your OS’s package management tool such as

centos: yum install stunnel
ubuntu: apt-get install stunnel

Once stunnel is installed you can begin. First a config file is needed. In this example shoutcast is installed already and running on port 8000. It is listening on localhost only. Create the file

/etc/stunnel/stunnel.conf

<pre>
client=no
[shoutcast]
accept=8002
connect=localhost:8000
cert = /etc/stunnel/stunnel.pem
</pre>

Now create the PEM file /etc/stunnel/stunnel.pem

The format is

rsa key first
certificate second
cabundle/intermediate third

Set permissions to 600
chmod 600 /etc/stunnel/stunnel.pem

Now stunnel can be started with the command /usr/bin/stunnel and we can connect to port 8002 over ssl.
Hi,

I am trying to encrypt a Shoutcast V2 stream so I can pull metadata from the stream's XML file in HTTPS. I am running into issues with resolving the stream over HTTPS on port 8002. Have you managed to create a live example of an actual audio stream that is encrypted with SSL? Thanks in advance
 
Thanks for sharing this, guys. I know the thread has been dead a long time, but I found it and it helped me solve the same problem. For future generations, I shared this as an AWS image. To use it:

- create a free Amazon Web Services account
- create an instance (I used free tier) of ami-947151f1
- open ports 80 and 443 on your security group
- use the certbot certonly command described here (https://certbot.eff.org/#ubuntutzesty-other) to get a free SSL certificate from letscertify
- edit /etc/stunnel/stunnel.conf to point to your new certificates and the feed you want to proxy (directions in the config file)
- reboot or restart stunnel

thanks to the original author of this thread!
 

Michael Kroon

New Member
Hello,

I am a newbie on the server. We use CentOS 6.8.

We are trying to install Centovacast with Shoutcast 2.0 and Liquidsoap.

I have tried the above code, however I don't know how to save and exit the file(s).

In the code I see 'Shoutcast'. Do I need that to place in the code, or Centovacast because that the software with the Shoutcast plugin.

I have looked over the internet, without any succes.

I hope someone can help me because we are looking for a SSL Shoutcast stream.

Thanks in advance.

Michael.
 

Ricardo

New Member
Hi guys i am a newbie on this subject can somebody tell me if there is a easier way to do this?
 

Quags

Administrator
Staff member
As long as shoutcast has no native ssl support there isn't an easier way. Stunnel helps take programs that don't support ssl and add an ssl layer on top of it.
 

Ricardo

New Member
Thank you im new to this so the steps are not easy for me to follow can you please help me to do it?
 

Jan

New Member
Dear Fora members,
I know it's already a year ago the last post has been made, but i am facing some issues according the shoutcast SSL stunnel service.
I have tried to install all, but i get a error message. On this i am a newbie, so i hope somebody could point me in the right direction..

i have installed the stunnel, and made the config file with the following info:

client=no
[shoutcast]
accept=4443
connect=localhost:8010
cert = C:\ssl\stream1.pem
key = C:\ssl\stream1.key

when i launch the stunnel i get:

] Running on Windows 6.2
[ ] No limit detected for the number of clients
[.] stunnel 5.56 on x64-pc-mingw32-gnu platform
[.] Compiled/running with OpenSSL 1.1.1c 28 May 2019
[.] Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
[ ] errno: (*_errno())
[ ] GUI message loop initialized
[ ] Running on Windows 6.2
[.] Reading configuration from file stunnel.conf
[.] UTF-8 byte order mark detected
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [shoutcast]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] Loading certificate from file: C:\ssl\stream1.pem
[!] error queue: ssl/ssl_rsa.c:615: error:140DC002:SSL routines:use_certificate_chain_file:system lib
[!] error queue: crypto/bio/bss_file.c:293: error:20074002:BIO routines:file_ctrl:system lib
[!] SSL_CTX_use_certificate_chain_file: crypto/bio/bss_file.c:291: error:02001002:system library:fopen:No such file or directory
[!] Service [shoutcast]: Failed to initialize TLS context
[ ] Deallocating section defaults


i hope someone could help me on this...
Manny thanks
Jan
 
Top