Always wanted to set up your own radio station? Well, with the Icecast broadcasting system, you can set up a multi-channel radio station on your home or office network. The best part? You get to pick the tracks.
Both icecast and iceS are configured by means of XML configuration files, samples of which are placed in the installation's etc/ directory by the installation process. I'll begin by configuring the icecast server; pop open the /usr/local/icecast/etc/icecast.xml file in your favourite text editor, and take a look at it. You should see something like this:
<authentication> <!-- Sources log in with username 'source' --> <source-password>hackme</source-password> <!-- Relays log in username 'relay' --> <relay-password>hackme</relay-password> <!-- Admin logs in with the username given below --> <admin-user>admin</admin-user> <admin-password>hackme</admin-password> </authentication>
<!-- Uncomment this if you want directory listings --> <!-- <directory> <yp-url-timeout>15</yp-url-timeout> <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url> </directory> <directory> <yp-url-timeout>15</yp-url-timeout> <yp-url>http://www.oddsock.org/cgi-bin/yp-cgi</yp-url> </directory> <directory> <yp-url-timeout>15</yp-url-timeout> <yp-url>http://yp.icecast.net/cgi-bin/yp.cgi</yp-url> </directory> --> <hostname>localhost</hostname>
<!-- You can use these two if you only want a single listener --> <!--<port>8000</port> --> <!--<bind-address>127.0.0.1</bind-address>-->
<!-- You may have multiple <listener> elements --> <listen-socket> <port>8000</port> <!-- <bind-address>127.0.0.1</bind-address> --> </listen-socket> <!-- <listen-socket> <port>8001</port> </listen-socket> -->
<!-- Note that if <chroot> is turned on below, these paths must both be relative to the new root, not the original root --> <logdir>/usr/local/icecast/var/log/icecast</logdir> <webroot>/usr/local/icecast/share/icecast/web</webroot> <adminroot>/usr/local/icecast/share/icecast/admin</adminroot>
<!-- Aliases: treat requests for 'source' path as being for 'dest' path May be made specific to a port or bound address using the "port" and "bind-address" attributes. --> <!-- <alias source="/foo" dest="/bar"/> --> </paths>
A number of configuration variables are present in this file - these allow you a fair degree of control over the server, and can be used to optimize it for your specific requirements. Here's a list of the important sections and variables:
The <limits> section allows you to control the maximum number of listeners and source clients that can connect to the server. Within this section, the <clients> element controls the maximum number of concurrent listeners, the <sources> element controls the maximum number of concurrent source clients, the <queue-size> element controls how long to hold lagging clients for, and the <header-timeout>, <client-timeout> and <source-timeout> elements specify how long the server should wait in the event of non-response from the respective client type.
If you're optimizing the server for use on low-bandwidth networks or high-traffic servers, this <limits> section is very useful -- experiment with different combinations of the settings above until the server behaves in the manner you want it to.
The <authentication> section holds information on the passwords required to connect to the server. Listeners don't need a password to connect to the server and listen to streams; however, source clients do, and this password can be set via the <source-password> element. Similarly, in order to use the Web-based administration module, administrative users must provide the correct user name and password -- these values are controlled by the <admin-user> and <admin-password> elements respectively.
You must change the default values in this configuration file before you start the server, so as to increase the security of your installation.
The <paths> section of the file tells icecast where to find its files. The most important element here is the <logdir> value, which specifies which directory to use for the icecast log files. The installation script sets this to /var/log/icecast/, which is usually fine -- change it to something else if you need to, and flip forward to read about how this directory is to be set up. The <adminroot> and <webroot> directories specify the location to the Web-based interfaces to the server, and can usually be left as is.
Within this section, you can improve the security of your installation by adding a <basedir> element -- this specifies the location of the chroot() jail the server automatically goes into when it starts up, and is only active if the <chroot> element in the <security> section holds a value of
NOTEFor our local server, I didn't bother setting this up since it was already heavily protected; however, if you're setting up a public server, this is recommended.
Also related to logging is the <logging> section, which specifies the names for the various log files. The <acccesslog> element specifies the name of the access log file, which logs all connections to the server (together with IP address and timestamp), while the <errorlog> element specifies the name of the file to which all errors are logged. The <loglevel> element specifies the logging level; 4 is the highest and generates debug messages as well as warnings and fatal errors, while 1 is the lowest, only logging fatal errors.
The <directory> section specifies the list of public directory servers icecast should tell about your stream. This is only useful if you're running a public icecast server, like an online radio station, and you want users to be able to find your streams through public YP servers. Most often, the default values are just fine here, and you can even remove them if you're running on a private network.
Finally, the <security> section specifies the user and group the server should run as. I'd recommend that you always run the server as nobody, the least privileged user on the system, to avoid someone breaking in and gaining a high level of access to the system. Note that the user and group specified in this section must actually exist on the system, or the server will generate an error.
You can also use the <chroot> element to turn on the chroot() jail -- if this is on, the server will automatically make its root directory the location specified in the <basedir> element, thereby restricting unauthorized break-ins to a limited area.
Most often, you won't need to change too many things in this file -- it's generated by the installation script, so that paths and settings in it are mostly correct. However, you will need to make *some* changes, primarily to the <limits> section to allow more clients to use the server, the <authentication> section to change the default passwords, and the <security> section to ensure that the server runs as a non-privileged user.
Take a look at my revised version of the file above, which incorporates these changes (I've added comments so that it's clearer):
<icecast> <!-- set hard limits for server usage --> <limits>
<!-- max number of clients at a time --> <clients>100</clients>
<!-- max number of sources at a time --> <sources>25</sources>
<!-- number of threads available to handle clients --> <threadpool>5</threadpool>
<!-- size of internal queue maintained for each client --> <queue-size>102400</queue-size>
<!-- timeout for clients --> <client-timeout>60</client-timeout>
<!-- timeout for clients to send headers --> <header-timeout>15</header-timeout>
<!-- timeout for sources to start sending content --> <source-timeout>10</source-timeout> </limits>
<authentication> <!-- password for source clients --> <source-password>abcdef</source-password>
<!-- username/password for admin --> <admin-user>admin</admin-user> <admin-password>1q2w3e4r</admin-password> </authentication>
<!-- hostname of the server --> <hostname>olympus.local.net</hostname>
<!-- port for server to listen to for incoming connections --> <listen-socket> <port>8000</port> </listen-socket>
<!-- file locations --> <paths> <!-- chroot jail for server --> <basedir>/usr/local/icecast/share/icecast</basedir>
<!-- security settings --> <security> <!-- run server as this user/group --> <changeowner> <user>nobody</user> <group>nogroup</group> </changeowner> </security> </icecast>
Before you can start up the server, there's one more thing you need to do -- set up the logging directory /var/log/icecast/. This task is something you must do manually, as the installation script does not handle it for you. Here's how:
$ mkdir /var/log/icecast
You must also change the permissions for this directory so that the "nobody" user can write files to it. Here's how: