Last active
February 3, 2023 13:06
-
-
Save highgain86j/b7c281f685ad474841446c3b06d598b6 to your computer and use it in GitHub Desktop.
nginx configuration for reverse-proxying icecast2 streaming server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
listen [::]:80; | |
server_name radio.example.com; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
location / { | |
proxy_pass http://127.0.0.1:8000/; | |
subs_filter_types application/xspf+xml audio/x-mpegurl audio/x-vclt text/css text/html text/xml; | |
subs_filter ':8000/' '/' gi; | |
subs_filter '@localhost' '@example.com' gi; | |
subs_filter 'localhost' $host gi; | |
subs_filter 'Mount Point ' $host gi; | |
subs_filter '<h1 id="header">Icecast2 Status</h1><div id="menu"><ul><li><a href="admin/">Administration</a></li><li><a href="status.xsl">Server Status</a></li><li><a href="server_version.xsl">Version</a></li></ul></div>' '<!--<div id="menu"><ul><li><a href="admin/">Administration</a></li><li><a href="status.xsl">Server Status</a></li><li><a href="server_version.xsl">Version</a></li></ul></div>-->' gi; | |
location /admin/ { | |
deny all; | |
} | |
location /server_version.xsl { | |
deny all; | |
} | |
} | |
} | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name radio.internal.example.com; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
location / { | |
proxy_pass http://127.0.0.1:8000/; | |
subs_filter_types application/xspf+xml audio/x-mpegurl audio/x-vclt text/css text/html text/xml; | |
subs_filter ':8000/' '/' gi; | |
subs_filter '@localhost' '@example.com' gi; | |
subs_filter 'localhost' $host gi; | |
subs_filter 'Mount Point ' $host gi; | |
} | |
} |
How would you apply this to force the connection to be SSL.
Some Ideas how to get the Real visitor IP? With your Example I getting only the Proxy IP on Icecast Logs.
you can use icecast-kh with
<paths>
<x-forwarded-for>x.x.x.x</x-forwarded-for>
(...)
</paths>
in config (x.x.x.x = ip of your proxy)
You don't need text/html
in the subs_filter_types
list as it's always filtered. In fact, if you do included it, nginx will complain to you about [warn] duplicate MIME type "text/html"
.
Otherwise, great config!
can we send audio stream from client (butt) through this nginx config?
No. And you should not do it either. See this note from the icecast maintainer: https://stackoverflow.com/questions/51786404/icecast2-running-under-nginx-not-able-to-connect/51786791#51786791
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@scysys see https://gitlab.xiph.org/xiph/icecast-server/issues/1959
For now just use nginx logs