Install Icecast Server on CentOS 7.7 64bit

Install Icecast Server on CentOS 7.7 64bit
------------------------------------------

yum -y groupinstall "Development Tools"
yum install libxslt-devel curl-devel libtheora-devel libvorbis-devel libxslt-devel speex-devel libxslt
yum install wget curl-devel libvorbis-devel libxslt-devel libxslt-devel openssl-devel
yum update


Download icecast-2.4.4.tar.gz to /software:
cd /
mkdir software
cd software
wget http://www.baluna.ro/soft/icecast-2.4.4.tar.gz

Extract, configure and compile the Icecast code from the source:

cd /usr/src
tar xf /software/icecast-2.4.4.tar.gz
cd icecast-2.4.4
./configure --prefix=/opt/icecast/2.4.4 --with-curl --with-openssl
make
make install

Make a symbolic link to the folder name "latest":
cd /opt/icecast
ln -s 2.4.4 latest

groupadd -g 200 icecast
useradd -d /var/log/icecast -m -g icecast -s /bin/bash -u 200 icecast
mkdir -p /var/run/icecast
chown -R icecast:icecast /var/run/icecast

Test:
/opt/icecast/latest/bin/icecast -c /opt/icecast/latest/etc/icecast.xml -b

Allow TCP ports 8000 and 8443 through the iptables or any other firewall if required.

Auto start:

vi /etc/rc.d/rc.local
(Add the following to the end of the file to make Icecast auto-start):
# Start Icecast:
/opt/icecast/latest/bin/icecast -c /opt/icecast/latest/etc/icecast.xml -b




Add an SSL certificate
----------------------

Install certbot if it's not already installed, Note: epel repository must be installed:
yum install epel-release
yum install certbot


The required hostname (for example stream.yourdomain.com) must be setup in Apache and configured for HTTPS with a certificate.
Once this has been done and that works we will have a Letsencrypt certificate to use in the follwing notes.


Note: Certificates can also be generated without apache using the following, however this requires port that 80 is accessible (and any other HTTP server stopped  while the script runs). This is NOT needed if the site is setup in Apache and that is probably easier to manage than this:
##service httpd stop
##certbot certonly --standalone --agree-tos --non-interactive --text --rsa-key-size 4096 --email [email protected] --domains "stream.yourdomain.com"
##service httpd start



Now with a Letsencrypt certificate generated either with Apache or in standalone mode we need to add this to Icecast:

Letsencrypt certificates will now be located in /etc/letsencrypt/live/stream.yourdomain.com/

`privkey.pem`  : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem`     : will break many server configurations, and should not be used
                 without reading further documentation (see link below).

Copy the content from cert.pem(actually fullchain to avoid issues with some clients) and privkey.pem and make a new file
named icecast.pem and past both into one (first cert and then the privkey).

Note: Icecast does not have permission (as the icecast user) to access the /etc/letsencrypt directory so we move the final certificate file to it's config directory:

cd /etc/letsencrypt/live/stream.yourdomain.com
cat fullchain.pem privkey.pem > icecast.pem
mv /etc/letsencrypt/live/stream.yourdomain.com/icecast.pem /opt/icecast/latest/etc/icecast.pem


Edit /opt/icecast/2.4.4/etc/icecast.xml

Ensure the hostname line is correct:
<hostname>stream.yourdomain.com</hostname>

Add a mapping for port 8443 with SSL in addition to and under the 8000 section:
     <listen-socket>
       <port>8443</port>
       <ssl>1</ssl>
     </listen-socket>

Add the following in the "paths" section before the </paths> line:
       <ssl-certificate>/opt/icecast/latest/etc/icecast.pem</ssl-certificate>



Reboot.


Troubleshooting:
Note that if port 8443 only responds to http but is configured correctly, this is probably a permissions issue with the certificate.