With the below-mentioned steps, you can easily configure a secured streaming account. And it works perfectly on both Centovcast v6.9 and v7.7.




1. Obtain UserID and License from Shoutcast
2. Obtain and install Valid SSL certificate
3. You'll need 2 (or more) public IP addresses (centova [SRCIP] and nginx [NGINX-IP] each needs their own)
4. Shoutcast2 config:
- srcip and dstip dedicated for ports in use on centovacast.




1. First of all, add the following to the server.conf file for each stream:

userid=[shoutcast user id]
licenceid=[shoutcast licence]


2. Enable port 80 proxy:

§ /usr/local/centovacast/sbin/setproxy on
§ vim /usr/local/centovacast/etc/web.d/cc-proxy.conf


3. Now add SRCIP to line:

listen 80; --> listen [SRCIP]:80;


4. Later add the following under "server {" outside location directives:

#Nginx Proxy setup
set_real_ip_from [NGINX-IP];
real_ip_header X-Real-IP;
real_ip_recursive on;

Note: As modified the location directives for a specific stream, you have to duplicate them for each stream. Leaving the defaults works with all my streams.


5. Once done, Restart centovacast.
§ Restart centovacast


6. Each stream needs proxy.conf

§ Each stream needs proxy.conf
□ /usr/local/centovacast/var/vhosts/
□ With: http://[SRCIP]:[PORT#]%MOUNT%

7. Now Stop and start the stream in Centovacast.


8. Point Audio encoder to Centovacast FQDM: PORT# as normal (unsecured stream can still be heard there)


9. Install Nginx.


10. Nginx config.


11. Edit /etc/nginx/conf.d/default.conf (or add your own filename.conf)


12.For each stream:

server {
          listen [NGINX-IP]:[PORT#] ssl;
          server_name         [Centovacast FQDN];
          ssl_certificate     /path/to/certificate.crt;
          ssl_certificate_key /path/to/private.key;
          ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers         HIGH:!aNULL:!MD5;
          location = /[MOUNTPOINT] {
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-Proto https;
                  proxy_set_header X-Forwarded-For $remote_addr;
                  proxy_set_header X-Forwarded-Host $remote_addr;
                  proxy_set_header Pragma no-cache;
                  proxy_set_header Cache-Control no-cache;
                  proxy_set_header Accept-Encoding */*;
                  proxy_set_header Accept */*;
                  proxy_buffering off;
                  tcp_nodelay on;
                  proxy_pass http://[SRCIP]:[PORT#];

13. Once completed, Start or restart nginx.

14. Listen on https://[NGINX-FQDN]:[PORT#]/[MOUNTPOINT]



Was this answer helpful? 0 Users Found This Useful (0 Votes)