1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2025-01-03 14:56:34 -05:00
icecast-server/conf/icecast.xml.in
2022-03-22 09:28:41 +00:00

350 lines
14 KiB
XML

<?xml version="1.0"?>
<icecast>
<!-- IMPORTANT!
Especially for inexperienced users:
Start out by ONLY changing all passwords and restarting Icecast.
For detailed setup instructions please refer to the documentation.
It's also available here: http://icecast.org/docs/
-->
<!-- location and admin are two strings that are e.g. visible
on the server info page of the icecast web interface -->
<location>Earth</location>
<!-- If you are listing streams on a YP, this MUST be a working email! -->
<admin>icemaster@localhost</admin>
<!-- This is the hostname other people will use to connect to your server.
It affects mainly the urls generated by Icecast for playlists and YP
listings. You MUST configure it properly for YP listings to work!
This is NOT your homepage address, it's the hostname for THIS server.
-->
<hostname>localhost</hostname>
<limits>
<!-- Global maximum number of clients.
This includes all kinds of clients, not only listeners.
-->
<clients>100</clients>
<sources>2</sources>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<!-- This sets the burst size in [bytes]. This is the amount the
the server sends to a listener that connects to a stream.
This allows for a significantly reducing in startup time.
Most people won't need to change from the default 64k.
Applies to all mountpoints.
-->
<burst-size>65535</burst-size>
</limits>
<authentication>
<!-- Sources log in with username 'source' -->
<source-password>hackme</source-password>
<!-- Relays log in with username 'relay' -->
<relay-password>hackme</relay-password>
<!-- Admin logs in with the username given below -->
<admin-user>admin</admin-user>
<admin-password>hackme</admin-password>
</authentication>
<!-- set the mountpoint for a shoutcast source to use, the default if not
specified is to have none.
<shoutcast-mount>/live.nsv</shoutcast-mount>
-->
<!-- Uncommenting this enables publishing to the streaming directory at:
https://dir.xiph.org/
Please read the Icecast documentation about publishing to directories
very carefully, as it is not enough to just uncomment this.
-->
<!--
<yp-directory url="https://dir.xiph.org/cgi-bin/yp-cgi">
<option name="timeout" value="15" />
</yp-directory>
-->
<!-- You may have multiple <listen-socket> elements -->
<listen-socket>
<port>8000</port>
<!-- <bind-address>127.0.0.1</bind-address> -->
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
</listen-socket>
<!--
<listen-socket>
<port>8080</port>
</listen-socket>
-->
<!--
<listen-socket>
<port>8443</port>
<tls>auto_no_plain</tls>
</listen-socket>
-->
<!-- Global header settings
Headers defined here will be returned for every HTTP request to Icecast.
The ACAO header makes Icecast public content/API by default
This will make streams easier embeddable (some HTML5 functionality needs it).
Also it allows direct access to e.g. /status-json.xsl from other sites.
If you don't want this, comment out the following line or read up on CORS.
-->
<http-headers>
<header type="cors" name="Access-Control-Allow-Origin" />
<header type="cors" name="Access-Control-Allow-Headers" />
<header type="cors" name="Access-Control-Expose-Headers" />
</http-headers>
<!-- Relaying
You don't need this if you only have one server.
Please refer to the documentation for a detailed explanation.
-->
<!--
<master-server>127.0.0.1</master-server>
<master-server-port>8001</master-server-port>
<master-update-interval>120</master-update-interval>
<master-password>hackme</master-password>
-->
<!-- Setting this makes all relays on-demand unless overridden, this is
useful for master relays which do not have <relay> definitions here.
The default is false -->
<!--<relays-on-demand>true</relays-on-demand>-->
<!-- Basic relay with one upstream server -->
<!--
<relay>
<local-mount>/different.ogg</local-mount>
<on-demand>false</on-demand>
<upstream type="normal">
<uri>http://localhost:8080/example.ogg</uri>
<relay-shoutcast-metadata>false</relay-shoutcast-metadata>
</upstream>
</relay>
-->
<!-- Relay with multiple upstream servers and default settings -->
<!--
<relay>
<local-mount>/different.ogg</local-mount>
<on-demand>false</on-demand>
<upstream type="normal">
<server>master0.example.org</server>
</upstream>
<upstream type="normal">
<server>master1.example.org</server>
</upstream>
<upstream type="normal">
<server>master2.example.org</server>
<port>8080</port>
</upstream>
<upstream type="default">
<port>8000</port>
<mount>/example.ogg</mount>
</upstream>
</relay>
-->
<!-- Mountpoints
Only define <mount> sections if you want to use advanced options,
like alternative usernames or passwords
All <mount> sections below are disabled by default,
to activate them remove the comment markers around them and reload.
-->
<!-- Default settings for all mounts that don't have a specific <mount type="normal">.
-->
<!--
<mount type="default">
<public>false</public>
<intro>/server-wide-intro.ogg</intro>
<max-listener-duration>3600</max-listener-duration>
<authentication>
<role type="url" match-method="source,put" allow-web="*" allow-admin="*">
<option name="client_add" value="http://auth.example.org/stream_start.php"/>
</role>
<role type="anonymous" match-method="source,put" deny-all="*" />
</authentication>
<http-headers>
<header name="foo" value="bar" />
</http-headers>
</mount>
-->
<!-- Normal mounts -->
<!--
<mount type="normal">
<mount-name>/example-complex.ogg</mount-name>
<max-listeners>1</max-listeners>
<dump-file>/tmp/dump-example1.ogg</dump-file>
<burst-size>65536</burst-size>
<fallback-mount>/example2.ogg</fallback-mount>
<fallback-override>true</fallback-override>
<fallback-when-full>true</fallback-when-full>
<intro>/example_intro.ogg</intro>
<hidden>true</hidden>
<public>true</public>
<authentication>
<role type="htpasswd" connections-per-user="1">
<option name="filename" value="myauth" />
</role>
<role type="static" allow-method="source,put,get,post,options" deny-web="*" allow-admin="*">
<option name="username" value="othersource" />
<option name="passwod" value="hackmemore" />
</role>
<role type="anonymous" deny-all="*" />
</authentication>
<http-headers>
<header type="cors" name="Access-Control-Allow-Origin" value="http://webplayer.example.org" />
<header name="baz" value="quux" />
</http-headers>
<event-bindings>
<event type="exec" trigger="source-connect">
<option name="executable" value="/home/icecast/bin/stream-start" />
</event>
<event type="exec" trigger="source-disconnect">
<option name="executable" value="/home/icecast/bin/stream-stop" />
</event>
</event-bindings>
</mount>
-->
<!--
<mount type="normal">
<mount-name>/auth_example.ogg</mount-name>
<authentication>
<role type="url" match-method="get,post,head,options" allow-web="*" deny-admin="*" may-alter="send_error,redirect">
<option name="client_add" value="http://myauthserver.net/notify_listener.php"/>
<option name="client_remove" value="http://myauthserver.net/notify_listener.php"/>
<option name="action_add" value="listener_add"/>
<option name="action_remove" value="listener_remove"/>
<option name="headers" value="app-pragma,cdn-token"/>
<option name="header_prefix" value="ClientHeader."/>
</role>
<role type="anonymous" match-method="get,post,head,options" deny-all="*" />
</authentication>
<event-bindings>
<event type="url" trigger="source-connect">
<option name="url" value="http://myauthserver.net/notify_mount.php" />
<option name="action" value="mount_add" />
</event>
<event type="url" trigger="source-disconnect">
<option name="url" value="http://myauthserver.net/notify_mount.php" />
<option name="action" value="mount_remove" />
</event>
</event-bindings>
</mount>
-->
<!-- Relays can also go into a <mount type="normal"> section -->
<!--
<mount type="normal">
<mount-name>/relay_example.ogg</mount-name>
<relay>
<upstream type="normal">
<uri>http://master0.example.org:8000/example.ogg</uri>
</upstream>
</relay>
</mount>
-->
<paths>
<!-- basedir is only used if chroot is enabled -->
<basedir>@pkgdatadir@</basedir>
<!-- Note that if <chroot> is turned on below, these paths must all
be relative to the new root, not the original root -->
<logdir>@localstatedir@/log/@PACKAGE@</logdir>
<webroot>@pkgdatadir@/web</webroot>
<adminroot>@pkgdatadir@/admin</adminroot>
<reportxmldb>@pkgdatadir@/report-db.xml</reportxmldb>
<!-- <pidfile>@pkgdatadir@/icecast.pid</pidfile> -->
<!-- Aliases: treat requests for 'source' path as being for 'dest' path
May be made specific to a port or bound address using the "port"
and "bind-address" attributes.
-->
<!--
<alias source="/foo" destination="/bar"/>
-->
<!-- Aliases: can also be used for simple redirections as well,
this example will redirect all requests for http://server:port/ to
the status page
-->
<alias source="/" destination="/status.xsl"/>
</paths>
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<!-- <playlistlog>playlist.log</playlistlog> -->
<loglevel>information</loglevel> <!-- "debug", "information", "warning", or "error" -->
<logsize>10000</logsize> <!-- Max size of a logfile -->
<!-- If logarchive is enabled (1), then when logsize is reached
the logfile will be moved to [error|access|playlist].log.DATESTAMP,
otherwise it will be moved to [error|access|playlist].log.old.
Default is non-archive mode (i.e. overwrite)
-->
<!-- <logarchive>true</logarchive> -->
</logging>
<security>
<chroot>false</chroot>
<!--
<changeowner>
<user>nobody</user>
<group>nogroup</group>
</changeowner>
-->
<tls-context>
<!-- The certificate file containng public and optionally private key.
Must be PEM encoded.
<tls-certificate>@pkgdatadir@/icecast.pem</tls-certificate>
-->
<!-- The private key if not contained in <tls-certificate>.
Must be PEM encoded.
<tls-key>@pkgdatadir@/icecast.key</tls-key>
-->
</tls-context>
<!-- It is generally helpful to set a PRNG seed, what seed to set depends on your OS. -->
<!-- Useful on all operating systems is a seed file for Icecast to update.
This should be at some location that is (semi-)permanent such as /var/lib or /var/cache
A size of 1024 [byte] is suggested.
The file can be shared with trusted applications (other instances of Icecast).
But should be protected against read and write access by untrusted applications.
<prng-seed type="read-write" size="1024">/path/to/storage/icecast.prng-seed</prng-seed>
-->
<!-- A profile includes common sources of entropy therefore provides a good way to
seed the PRNG.
Currently defined profiles are: bsd, linux.
The bsd profile expects /dev/urandom to be readable.
The linux profile includes the bsd profile but adds linux specific interfaces (such as /proc).
<prng-seed type="profile">linux</prng-seed>
-->
<!-- If your OS provides a urandom style device and there is no profile for your OS you can
provide a custom device name.
The size parameter defines how many bytes are read per (re)seeding. The optimal setting
depends on the quality of your device, a general good default is 32 [byte].
<prng-seed type="device" size="32">/dev/urandom</prng-seed>
-->
<!-- If none of above is available on your OS you can add a static seed.
This is by far not as secure as the above.
The value should be at least 64 characters long if from [a-zA-Z0-9].
You MUST keep this parameter secret. It MUST NOT be shared with other instances.
You SHOULD change this parameter often.
<prng-seed type="static">U4V5etZF...</prng-seed>
-->
</security>
</icecast>