How to Get Icecast to Run on Port 80

How to get icecast to run on port 80

This is a moderately common use-case for Icecast and you are on the right path.
I've previously explained it e.g. here http://lists.xiph.org/pipermail/icecast/2015-February/013198.html

It boils down to (I'm assuming debian/ubuntu/… based on paths):

Edit two lines in /etc/default/icecast2:

USERID=root
GROUPID=root

Edit the following lines in /etc/icecast2/icecast.xml:

this must be the first <listen-socket> entry:

    <listen-socket>
        <port>80</port>
    <listen-socket>

in the security section:

        <changeowner>
            <user>icecast2</user>
            <group>icecast</group>
        </changeowner>

for yp listings, make sure <hostname> resolves to your Icecast server
(not your homepage!) and remove the  around the <directory> section.

start Icecast through its init script / systemd

Icecast Server url only works on :80

It's not normal to run HTTPS on port 80. Normally, it's ran up on port 443. Port 80 is where normal HTTP runs. This is why when you use an HTTPS URL, you have to specify the port... because you're not using the standard port configuration.

Set your <listen-socket> with SSL enabled to use port 443. Change the other that's currently on port 8000 to 80.

Add HTTPS support to Icecast2 using Let's Encrypt

Do you have native SSL support in your icecast2 package?

If you love to use the official package, first check if you have SSL support in your already installed icecast2 package:

ldd /usr/bin/icecast2 | grep ssl

If you don't see anything, you have no native support for SSL. In this case you can choose one of these options:

A: remove the package and install something else
B: setup a frontend webserver using nginx
C: setup a frontend webserver using Apache (← this answer)

How to use Apache to setup a frontend webserver with HTTPs support, and serve Icecast2

If you would like to give https:// support to Icecast, you can install Apache and use it as frontend webserver, listening on standard port 443. It's easy to use Let's Encrypt to create a free certificate. Once it works, you can pass the traffic to Icecast2.

If you use Debian GNU/Linux, here the guide:

https://wiki.debian.org/Icecast2

The core of the solution is to enable an apache VirtualHost like this:

#
# Apache VirtualHost serving my Icecast under HTTPs (:443)
#
# This frontend webserver passes all the traffic to
# the underlying Icecast, listening on port 8000.
#
# The certificate comes from Let's Encrypt.
#
# Credits: https://stackoverflow.com/a/71383133/3451846
<virtualhost *:443>

  ServerName example.com

  # this path is not useful and it's used only for Let's Encrypt's temporary files during the renewal process
  DocumentRoot /var/www/html

  # send all traffic to Icecast in plaintext
  <Location "/">
    ProxyPass        http://localhost:8000/
    ProxyPassReverse http://localhost:8000/
  </Location>

  # these files are served from /var/www/html to serve Let's Encrypt temporary files
  <Location "/.well-known/acme-challenge">
    ProxyPass !
  </Location>

  <IfFile /etc/letsencrypt/live/example.com/cert.pem>
    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
  </IfFile>

</virtualhost>

<VirtualHost *:80>
  ServerName example.com

  Redirect / https://example.com/
</VirtualHost>

And then enable it and issue your certificate:

letsencrypt certonly --domain example.com --webroot --webroot-path /var/www/html

But this is explained maybe better from the above guide.

At the moment the guide does not cover nginx but other answers might give a similar practical example using that technology as well as apache2. The benefit of involving a frontend webserver like apache2 or nginx is that you don't have to touch Icecast. Also, it allows to serve Icecast2 among your already-existing websites, if any.

Other answers might want to talk about an Icecast2's native interface with Let's Encrypt. At the moment I can share just the apache2 method that is the one I use in production since years without any problem. Moreover since I use Debian GNU/Linux, my package has not SSL support.

IceCast stream authentication

Looks like the icecast install process doesn't check for availability of libcurl. Which is needed for this functionality. Check your config.log for messages like "libcurl not found"
If that is the case, then you can run "apt-get install libcurl4-gnutils-dev " to install libcurl. That should fix this error.

Icecast2 running under nginx not able to connect

tl;dr - Don't reverse proxy Icecast.

Icecast for various reasons is better not reverse proxied. It is a purpose built HTTP server and generic HTTP servers tend to have significant issues with the intricacies of continuous HTTP streaming.

This has been repeatedly answered. People like to try anyway and invariably fail in various ways.

If you need it on port 80/443, then run it on those ports directly
If you have already something running on port 80/443, then use another of the remaining 2^64 IPv6 addresses in your /64 and if you are still using legacy IP, get another address, e.g. by spinning up a virtual server in the cloud.
Need HTTPS, Icecast supports TLS (on Debian and Ubuntu make sure to install the official Xiph.org packages as distro packages come without openSSL support)
Make sure to put both private and public key into one file.

How to Get Icecast to Run on Port 80