mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2025-01-03 14:56:34 -05:00
322 lines
13 KiB
XML
322 lines
13 KiB
XML
<icecast>
|
|
<!-- IMPORTANT!
|
|
Especially for inexperienced users:
|
|
Start out by ONLY changing all passwords and restarting Icecast.
|
|
For detailed setup instructions please refer to the documentation.
|
|
It's also available here: http://icecast.org/docs/
|
|
-->
|
|
|
|
<!-- location and admin are two strings that are e.g. visible
|
|
on the server info page of the icecast web interface -->
|
|
<location>Earth</location>
|
|
<!-- If you are listing streams on a YP, this MUST be a working email! -->
|
|
<admin>icemaster@localhost</admin>
|
|
<!-- This is the hostname other people will use to connect to your server.
|
|
It affects mainly the urls generated by Icecast for playlists and YP
|
|
listings. You MUST configure it properly for YP listings to work!
|
|
This is NOT your homepage address, it's the hostname for THIS server.
|
|
-->
|
|
<hostname>localhost</hostname>
|
|
|
|
<limits>
|
|
<!-- Global maximum number of clients.
|
|
This includes all kinds of clients, not only listeners.
|
|
-->
|
|
<clients>100</clients>
|
|
<sources>2</sources>
|
|
<queue-size>524288</queue-size>
|
|
<client-timeout>30</client-timeout>
|
|
<header-timeout>15</header-timeout>
|
|
<source-timeout>10</source-timeout>
|
|
<!-- This sets the burst size in [bytes]. This is the amount the
|
|
the server sends to a listener that connects to a stream.
|
|
This allows for a significantly reducing in startup time.
|
|
Most people won't need to change from the default 64k.
|
|
Applies to all mountpoints.
|
|
-->
|
|
<burst-size>65535</burst-size>
|
|
</limits>
|
|
|
|
<authentication>
|
|
<!-- Sources log in with username 'source' -->
|
|
<source-password>hackme</source-password>
|
|
<!-- Relays log in with username 'relay' -->
|
|
<relay-password>hackme</relay-password>
|
|
|
|
<!-- Admin logs in with the username given below -->
|
|
<admin-user>admin</admin-user>
|
|
<admin-password>hackme</admin-password>
|
|
</authentication>
|
|
|
|
<!-- set the mountpoint for a shoutcast source to use, the default if not
|
|
specified is to have none.
|
|
<shoutcast-mount>/live.nsv</shoutcast-mount>
|
|
-->
|
|
|
|
<!-- Uncommenting this enables publishing to the streaming directory at:
|
|
https://dir.xiph.org/
|
|
Please read the Icecast documentation about publishing to directories
|
|
very carefully, as it is not enough to just uncomment this.
|
|
-->
|
|
<!--
|
|
<yp-directory url="https://dir.xiph.org/cgi-bin/yp-cgi">
|
|
<option name="timeout" value="15" />
|
|
</yp-directory>
|
|
-->
|
|
|
|
<!-- You may have multiple <listen-socket> elements -->
|
|
<listen-socket>
|
|
<port>8000</port>
|
|
<!-- <bind-address>127.0.0.1</bind-address> -->
|
|
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
|
|
</listen-socket>
|
|
<!--
|
|
<listen-socket>
|
|
<port>8080</port>
|
|
</listen-socket>
|
|
-->
|
|
<!--
|
|
<listen-socket>
|
|
<port>8443</port>
|
|
<tls>auto_no_plain</tls>
|
|
</listen-socket>
|
|
-->
|
|
|
|
|
|
<!-- Global header settings
|
|
Headers defined here will be returned for every HTTP request to Icecast.
|
|
|
|
The ACAO header makes Icecast public content/API by default
|
|
This will make streams easier embeddable (some HTML5 functionality needs it).
|
|
Also it allows direct access to e.g. /status-json.xsl from other sites.
|
|
If you don't want this, comment out the following line or read up on CORS.
|
|
-->
|
|
<http-headers>
|
|
<header type="cors" name="Access-Control-Allow-Origin" />
|
|
<header type="cors" name="Access-Control-Allow-Headers" />
|
|
<header type="cors" name="Access-Control-Expose-Headers" />
|
|
</http-headers>
|
|
|
|
|
|
<!-- Relaying
|
|
You don't need this if you only have one server.
|
|
Please refer to the documentation for a detailed explanation.
|
|
-->
|
|
<!--
|
|
<master-server>127.0.0.1</master-server>
|
|
<master-server-port>8001</master-server-port>
|
|
<master-update-interval>120</master-update-interval>
|
|
<master-password>hackme</master-password>
|
|
-->
|
|
|
|
<!-- Setting this makes all relays on-demand unless overridden, this is
|
|
useful for master relays which do not have <relay> definitions here.
|
|
The default is false -->
|
|
<!--<relays-on-demand>true</relays-on-demand>-->
|
|
|
|
<!-- Basic relay with one upstream server -->
|
|
<!--
|
|
<relay>
|
|
<local-mount>/different.ogg</local-mount>
|
|
<on-demand>false</on-demand>
|
|
|
|
<upstream type="normal">
|
|
<uri>http://localhost:8080/example.ogg</uri>
|
|
<relay-shoutcast-metadata>false</relay-shoutcast-metadata>
|
|
</upstream>
|
|
</relay>
|
|
-->
|
|
|
|
<!-- Relay with multiple upstream servers and default settings -->
|
|
<!--
|
|
<relay>
|
|
<local-mount>/different.ogg</local-mount>
|
|
<on-demand>false</on-demand>
|
|
|
|
<upstream type="normal">
|
|
<server>master0.example.org</server>
|
|
</upstream>
|
|
<upstream type="normal">
|
|
<server>master1.example.org</server>
|
|
</upstream>
|
|
<upstream type="normal">
|
|
<server>master2.example.org</server>
|
|
<port>8080</port>
|
|
</upstream>
|
|
<upstream type="default">
|
|
<port>8000</port>
|
|
<mount>/example.ogg</mount>
|
|
</upstream>
|
|
</relay>
|
|
-->
|
|
|
|
<!-- Mountpoints
|
|
Only define <mount> sections if you want to use advanced options,
|
|
like alternative usernames or passwords
|
|
All <mount> sections below are disabled by default,
|
|
to activate them remove the comment markers around them and reload.
|
|
-->
|
|
|
|
<!-- Default settings for all mounts that don't have a specific <mount type="normal">.
|
|
-->
|
|
<!--
|
|
<mount type="default">
|
|
<public>false</public>
|
|
<intro>/server-wide-intro.ogg</intro>
|
|
<max-listener-duration>3600</max-listener-duration>
|
|
<authentication>
|
|
<role type="url" match-method="source,put" allow-web="*" allow-admin="*">
|
|
<option name="client_add" value="http://auth.example.org/stream_start.php"/>
|
|
</role>
|
|
<role type="anonymous" match-method="source,put" deny-all="*" />
|
|
</authentication>
|
|
<http-headers>
|
|
<header name="foo" value="bar" />
|
|
</http-headers>
|
|
</mount>
|
|
-->
|
|
|
|
<!-- Normal mounts -->
|
|
<!--
|
|
<mount type="normal">
|
|
<mount-name>/example-complex.ogg</mount-name>
|
|
|
|
<max-listeners>1</max-listeners>
|
|
<dump-file>/tmp/dump-example1.ogg</dump-file>
|
|
<burst-size>65536</burst-size>
|
|
<fallback-mount>/example2.ogg</fallback-mount>
|
|
<fallback-override>true</fallback-override>
|
|
<fallback-when-full>true</fallback-when-full>
|
|
<intro>/example_intro.ogg</intro>
|
|
<hidden>true</hidden>
|
|
<public>true</public>
|
|
<authentication>
|
|
<role type="htpasswd" connections-per-user="1">
|
|
<option name="filename" value="myauth" />
|
|
</role>
|
|
<role type="static" allow-method="source,put,get,post,options" deny-web="*" allow-admin="*">
|
|
<option name="username" value="othersource" />
|
|
<option name="passwod" value="hackmemore" />
|
|
</role>
|
|
<role type="anonymous" deny-all="*" />
|
|
</authentication>
|
|
<http-headers>
|
|
<header type="cors" name="Access-Control-Allow-Origin" value="http://webplayer.example.org" />
|
|
<header name="baz" value="quux" />
|
|
</http-headers>
|
|
|
|
<event-bindings>
|
|
<event type="exec" trigger="source-connect">
|
|
<option name="executable" value="/home/icecast/bin/stream-start" />
|
|
</event>
|
|
<event type="exec" trigger="source-disconnect">
|
|
<option name="executable" value="/home/icecast/bin/stream-stop" />
|
|
</event>
|
|
</event-bindings>
|
|
</mount>
|
|
-->
|
|
|
|
<!--
|
|
<mount type="normal">
|
|
<mount-name>/auth_example.ogg</mount-name>
|
|
<authentication>
|
|
<role type="url" match-method="get,post,head,options" allow-web="*" deny-admin="*" may-alter="send_error,redirect">
|
|
<option name="client_add" value="http://myauthserver.net/notify_listener.php"/>
|
|
<option name="client_remove" value="http://myauthserver.net/notify_listener.php"/>
|
|
<option name="action_add" value="listener_add"/>
|
|
<option name="action_remove" value="listener_remove"/>
|
|
<option name="headers" value="app-pragma,cdn-token"/>
|
|
<option name="header_prefix" value="ClientHeader."/>
|
|
</role>
|
|
<role type="anonymous" match-method="get,post,head,options" deny-all="*" />
|
|
</authentication>
|
|
<event-bindings>
|
|
<event type="url" trigger="source-connect">
|
|
<option name="url" value="http://myauthserver.net/notify_mount.php" />
|
|
<option name="action" value="mount_add" />
|
|
</event>
|
|
<event type="url" trigger="source-disconnect">
|
|
<option name="url" value="http://myauthserver.net/notify_mount.php" />
|
|
<option name="action" value="mount_remove" />
|
|
</event>
|
|
</event-bindings>
|
|
</mount>
|
|
-->
|
|
|
|
<!-- Relays can also go into a <mount type="normal"> section -->
|
|
<!--
|
|
<mount type="normal">
|
|
<mount-name>/relay_example.ogg</mount-name>
|
|
<relay>
|
|
<upstream type="normal">
|
|
<uri>http://master0.example.org:8000/example.ogg</uri>
|
|
</upstream>
|
|
</relay>
|
|
</mount>
|
|
-->
|
|
|
|
<paths>
|
|
<logdir>./log</logdir>
|
|
<webroot>./web</webroot>
|
|
<adminroot>./admin</adminroot>
|
|
<reportxmldb>./report-db.xml</reportxmldb>
|
|
|
|
<!-- Aliases: treat requests for 'source' path as being for 'dest' path
|
|
May be made specific to a port or bound address using the "port"
|
|
and "bind-address" attributes.
|
|
-->
|
|
<!--
|
|
<alias source="/foo" destination="/bar"/>
|
|
-->
|
|
<!-- Aliases: can also be used for simple redirections as well,
|
|
this example will redirect all requests for http://server:port/ to
|
|
the status page
|
|
-->
|
|
<alias source="/" destination="/status.xsl"/>
|
|
</paths>
|
|
|
|
<logging>
|
|
<accesslog>access.log</accesslog>
|
|
<errorlog>error.log</errorlog>
|
|
<!-- <playlistlog>playlist.log</playlistlog> -->
|
|
<loglevel>information</loglevel> <!-- "debug", "information", "warning", or "error" -->
|
|
<logsize>10000</logsize> <!-- Max size of a logfile -->
|
|
<!-- If logarchive is enabled (1), then when logsize is reached
|
|
the logfile will be moved to [error|access|playlist].log.DATESTAMP,
|
|
otherwise it will be moved to [error|access|playlist].log.old.
|
|
Default is non-archive mode (i.e. overwrite)
|
|
-->
|
|
<!-- <logarchive>true</logarchive> -->
|
|
</logging>
|
|
|
|
<security>
|
|
<tls-context>
|
|
<!-- The certificate file containng public and optionally private key.
|
|
Must be PEM encoded.
|
|
<tls-certificate>./icecast.pem</tls-certificate>
|
|
-->
|
|
<!-- The private key if not contained in <tls-certificate>.
|
|
Must be PEM encoded.
|
|
<tls-key>./icecast.key</tls-key>
|
|
-->
|
|
</tls-context>
|
|
|
|
<!-- It is generally helpful to set a PRNG seed, what seed to set depends on your OS. -->
|
|
<!-- Useful on all operating systems is a seed file for Icecast to update.
|
|
This should be at some location that is (semi-)permanent such as /var/lib or /var/cache
|
|
A size of 1024 [byte] is suggested.
|
|
The file can be shared with trusted applications (other instances of Icecast).
|
|
But should be protected against read and write access by untrusted applications.
|
|
<prng-seed type="read-write" size="1024">/path/to/storage/icecast.prng-seed</prng-seed>
|
|
-->
|
|
<!-- If none of above is available on your OS you can add a static seed.
|
|
This is by far not as secure as the above.
|
|
The value should be at least 64 characters long if from [a-zA-Z0-9].
|
|
You MUST keep this parameter secret. It MUST NOT be shared with other instances.
|
|
You SHOULD change this parameter often.
|
|
<prng-seed type="static">U4V5etZF...</prng-seed>
|
|
-->
|
|
|
|
</security>
|
|
</icecast>
|