Why doesn't Icecast2 want to stream via https?

A

Alexander2015-05-14 14:37:05

ubuntu

Alexander, 2015-05-14 14:37:05

Question for Icecast experts.
A server running Ubuntu 14.04 is running Icecast2 version 2.4.1 with OpenSSL support.
Also on this server lives a radio site configured strictly on HTTPS.
You need to insert an HTML5 player into the site, which will also receive the stream via SSL (otherwise - mixed content).
The site has a purchased certificate, Icecast has a self-signed one.
Icecast config:

<icecast>
    <location>****</location>
    <admin>[email protected]*************</admin>
    <limits>
        <clients>1000</clients>
        <sources>2</sources>
        <threadpool>5</threadpool>
        <queue-size>524288</queue-size>
        <source-timeout>10</source-timeout>
        <burst-on-connect>0</burst-on-connect>
        <burst-size>65535</burst-size>
    </limits>
    <authentication>
        <source-password>*****</source-password>
        <relay-password>*****</relay-password>
        <admin-user>*****</admin-user>
        <admin-password>*****</admin-password>
    </authentication>
    <hostname>************</hostname> 
    <listen-socket>
        <port>8000</port>
        <ssl>1</ssl>
    </listen-socket>
    <mount>
        <mount-name>/stream</mount-name>
        <charset>utf-8</charset>
    </mount>
    <mount> 
        <mount-name>/ogg</mount-name>
        <charset>utf-8</charset>
    </mount>
    <fileserve>1</fileserve>
    <paths>
        <basedir>/usr/share/icecast2</basedir>
        <logdir>/var/log/icecast2</logdir>
        <webroot>/usr/share/icecast2/web</webroot>
        <adminroot>/usr/share/icecast2/admin</adminroot>
        <alias source="/" dest="/status.xsl"/>
  <ssl-certificate>/etc/icecast2/icecast2.pem</ssl-certificate>
    </paths>
    <logging>
        <accesslog>access.log</accesslog>
        <errorlog>error.log</errorlog>
        <loglevel>4</loglevel>
    </logging>
    <security>
        <chroot>0</chroot>
        <changeowner>
            <user>icecast2</user>
            <group>icecast</group>
        </changeowner>
    </security>
</icecast>

The certificate for Icecast (/etc/icecast2/icecast2.pem) was generated with:

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout icecast2.pem -out icecast2.pem

I expect to receive a stream at https://domain.name:8000/stream and https://domain.name:8000/ogg for insertion into the player via the audio tag, but the response is silence.
At the same time, everything works fine at domain.name:8000/stream and domain.name:8000/ogg .
What am I doing wrong?
Thank you all in advance for your help!
UPD: from the discussion on ru.stackoverflow.com:
1. I tried to attach the certificate of the site itself (it requires a combined one (on the site and on the CA) - the result is the same. Browsers do not write errors. If you feed the link to a regular player like AIMP, it also does not works.
2. In the logs /var/log/icecast2/error.log and /var/log/icecast2/access.log there is only a mention that the certificate /etc/icecast2/icecast2.pem was successfully found. There is an interesting line in access.log (Firefox was trying to download a stream): "HEAD /stream HTTP/1.1" 400 304