| 14 Jul 2025 |
 matthewcroughan - nix.zone | yeah, http streaming | 14:14:50 |
| matthewcroughan - nix.zone | But I need to convince someone else who wants to run icecast in my space that they don't need icecast | 14:15:05 |
 emily | FFmpeg supports most of this stuff also | 14:15:06 |
 n4ch723hr3r | FFMPeg can convert m3u8 <-> audio files so you could just do that | 14:15:54 |
| matthewcroughan - nix.zone | Why are there so many production systems still using Icecast? | 14:16:34 |
 toonn | Why mess with something that works? | 14:16:49 |
| n4ch723hr3r | because its good enough | 14:16:49 |
| matthewcroughan - nix.zone | Only if you have a spare IP to dedicate it to | 14:17:16 |
| matthewcroughan - nix.zone | IPs aren't that easy to come by | 14:17:21 |
| n4ch723hr3r | icecast doesnt support tls, does it? | 14:18:11 |
| n4ch723hr3r | <listen-socket>
<port>8000</port>
<bind-address>127.0.0.1</bind-address>
</listen-socket>
<listen-socket>
<port>8443</port>
<tls>1</tls>
</listen-socket>
<listen-socket>
<port>8004</port>
<shoutcast-mount>/live.mp3</shoutcast-mount>
</listen-socket>
| 14:20:14 |
| n4ch723hr3r | so it seems you can split some things apart | 14:20:24 |
 @saiko:knifepoint.net | In reply to @matthewcroughan:defenestrate.it
Only if you have a spare IP to dedicate it to why do you need a spare IP for icecast to work? I used to run it fine without one | 14:24:35 |
| n4ch723hr3r | the main problem seems to be the inability to put it behind a reverse proxy | 14:25:42 |
| matthewcroughan - nix.zone | Because the only way to run it properly is on port 80/443, if you want a letsencrypt SSL cert, because you can't proxy it | 14:27:24 |
| matthewcroughan - nix.zone | and you have to gen that cert by hand, and it's not automatable and it's awkward | 14:27:45 |
| @saiko:knifepoint.net | In reply to @n4ch723hr3r:nope.chat
the main problem seems to be the inability to put it behind a reverse proxy oh. well, that’s mostly a http specific thing | 14:27:54 |
| @saiko:knifepoint.net | In reply to @matthewcroughan:defenestrate.it
Because the only way to run it properly is on port 80/443, if you want a letsencrypt SSL cert, because you can't proxy it no absolutely not | 14:27:58 |
| @saiko:knifepoint.net | I run mumble with a LE cert on its own port | 14:28:04 |
| n4ch723hr3r | icecast has TLS built into it | 14:28:22 |
| @saiko:knifepoint.net | the certs are not bound to a specific port, so you can give it its own domain, get a cert via http on that domain and then use the cert for the other service | 14:29:18 |
| matthewcroughan - nix.zone | with self-signed certs? | 14:30:07 |
| n4ch723hr3r | that too. you can specify a path to that cert | 14:30:34 |
| @saiko:knifepoint.net | this is what I do for mumble: https://git.dblsaiko.net/systems/tree/configurations/spike/murmur.nix
(sys2x.ssl.acmeCerts just adds an empty nginx virtual host with enableACME=true) | 14:30:53 |
| matthewcroughan - nix.zone | Well either way, the player seems to get confused if I reverse proxy | 14:31:01 |
| matthewcroughan - nix.zone | since the icecast streams are not http | 14:31:07 |
| n4ch723hr3r | i've also just read somewhere that the maintainer discourages reverse-proxying | 14:31:36 |
| @saiko:knifepoint.net | how are you reverse-proxying it if it’s not http? | 14:31:37 |
| matthewcroughan - nix.zone | It is a combination of http and tcp | 14:31:49 |
| matthewcroughan - nix.zone | I wish I knew how this person set up this | 14:32:19 |
