| 14 Jul 2025 |
 matthewcroughan - nix.zone | Because the only way to run it properly is on port 80/443, if you want a letsencrypt SSL cert, because you can't proxy it | 14:27:24 |
| matthewcroughan - nix.zone | and you have to gen that cert by hand, and it's not automatable and it's awkward | 14:27:45 |
 @saiko:knifepoint.net | In reply to @n4ch723hr3r:nope.chat
the main problem seems to be the inability to put it behind a reverse proxy oh. well, that’s mostly a http specific thing | 14:27:54 |
| @saiko:knifepoint.net | In reply to @matthewcroughan:defenestrate.it
Because the only way to run it properly is on port 80/443, if you want a letsencrypt SSL cert, because you can't proxy it no absolutely not | 14:27:58 |
| @saiko:knifepoint.net | I run mumble with a LE cert on its own port | 14:28:04 |
 @n4ch723hr3r:nope.chat | icecast has TLS built into it | 14:28:22 |
| @saiko:knifepoint.net | the certs are not bound to a specific port, so you can give it its own domain, get a cert via http on that domain and then use the cert for the other service | 14:29:18 |
| matthewcroughan - nix.zone | with self-signed certs? | 14:30:07 |
| @n4ch723hr3r:nope.chat | that too. you can specify a path to that cert | 14:30:34 |
| @saiko:knifepoint.net | this is what I do for mumble: https://git.dblsaiko.net/systems/tree/configurations/spike/murmur.nix
(sys2x.ssl.acmeCerts just adds an empty nginx virtual host with enableACME=true) | 14:30:53 |
| matthewcroughan - nix.zone | Well either way, the player seems to get confused if I reverse proxy | 14:31:01 |
| matthewcroughan - nix.zone | since the icecast streams are not http | 14:31:07 |
| @n4ch723hr3r:nope.chat | i've also just read somewhere that the maintainer discourages reverse-proxying | 14:31:36 |
