Using Stunnel to add ssl to shoutcast (or any service that does not have ssl)
Posted on January 14th, 2016
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code.
First stunnel must be installed. Many OS’s have stunnel preinstalled: so try running stunnel first. If not install with your OS’s package management tool such as
centos: yum install stunnel
ubuntu: apt-get install stunnel
Once stunnel is installed you can begin. First a config file is needed. In this example shoutcast is installed already and running on port 8000. It is listening on localhost only. Create the file
/etc/stunnel/stunnel.conf
client=no
[shoutcast]
accept=8002
connect=localhost:8000
cert = /etc/stunnel/stunnel.pem
Now create the PEM file /etc/stunnel/stunnel.pem
The format is
rsa key first
certificate second
cabundle/intermediate third
Set permissions to 600
chmod 600 /etc/stunnel/stunnel.pem
Now stunnel can be started with the command /usr/bin/stunnel and we can connect to port 8002 over ssl.
There is any chance that you can help me to configure Stunnel for SHOUTcast in windows server 2012 r2?
Our support staff is not able to help with shoutcast.
Hi, does this work if I have centova on a dedicated server?
Do I need to install certbot before installing stunnel?
Nice guide.
Please explain how to generate content of /etc/stunnel/stunnel.pem
with certibot?