Categories
Tutorials

How to add SSL to icecast-kh using Cloudflare

Intro

This guide will take you through setting up Nginx as a reverse proxy for icecast-kh for SSL with full IP forwarding support. This means you can see listeners IPs in the icecast-kh admin panel.

In this example, we are using Cloudflare to obtain a free SSL certificate. If your domain is not managed by Cloudflare I highly recommend switching, you can find out how to do this easily online, and it’s free! If you are unable to use Cloudflare, then this guide can be modified to work with LetsEncrypt without much effort, but those details are not going to be covered here.

Requirements

  1. icecast-kh running on an Ubuntu Server (20.04 at the time of this tutorial), a full guide can be found here.
  2. Nginx installed from a PPA.
  3. A server with a public IP address (or port forwarded), there are many guides of this online.
  4. A domain name with DNS controlled via Cloudflare.

Cloudflare setup

We need to set up a subdomain in Cloudflare to begin. So start by logging into your account and heading to the DNS page. Once we’re there we need to add a subdomain, let’s use icecast.example.com in this guide.

Now navigate to the SSL/TLS page, and then to origin server. And then click “Create Certificate”.

Leave all the values as default and click next.

At the next screen, you will have two big lots of text, keep this tab open for the next step, if you accidently lose these details, you can go back to the beginning of the Cloudflare part, “delete” the current set of keys, and start again.

Installation

Make sure our server is up to date.

apt-get update
apt-get dist-upgrade -y

And some requirements.

apt-get install software-properties-common wget cron nano -y

Now let’s install Nginx via the official PPA.

add-apt-repository ppa:nginx/stable -y
apt-get update
apt-get install nginx nginx-extras -y

Setup our SSL certs, change the bold parts below to your own domain.

mkdir -p /etc/nginx/ssl
touch /etc/nginx/ssl/example.com.pem
touch /etc/nginx/ssl/example.com.key

Now we need to copy our keys in from earlier, I’m going to use Nano, see below.

nano /etc/nginx/ssl/example.com.pem
nano /etc/nginx/ssl/example.com.key

Now we need to add Cloudflare’s IP ranges into Nginx, let’s use this great script created by robsonsobral. I’ve made some slight changes so this works better with our setup.

wget "https://gist.githubusercontent.com/ssamjh/55bf1d1253f89e300abbed3377042b53/raw/ace6f104d5d47b8e647fb38ca090ede68b645344/cloudflare-update-ip-ranges.sh" -O /opt/cloudflare-update-ip-ranges.sh

Now let’s open our crontab settings, if promoted select your favourite editor, I recommend nano.

crontab -e

Scroll down to the very bottom and add this line.

0 0 * * * bash /opt/cloudflare-update-ip-ranges.sh >/dev/null 2>&1

Now exit and save (ctrl + x) your crontab file and run the script then enable the config.

bash /opt/cloudflare-update-ip-ranges.sh
ln -s /etc/nginx/sites-available/cloudflare-ips.conf /etc/nginx/sites-enabled/

Get the icecast-kh Nginx script and put it into your config folder. Code can be viewed here. This config will also stop people accessing the admin panel as an extra layer of security.

wget "https://gist.githubusercontent.com/ssamjh/accd512f3f61152bcced871fb7b19646/raw/c15defd0c686383ab66f46af7d6193c3ed661ab6/icecastkh-proxy.conf" -O /etc/nginx/sites-available/icecastkh-proxy.conf
ln -s /etc/nginx/sites-available/icecastkh-proxy.conf /etc/nginx/sites-enabled/

And edit this file for our own domain using nano, update the bold part with your own domain.

nano /etc/nginx/sites-available/icecastkh-proxy.conf
server {

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  ssl_certificate /etc/nginx/ssl/example.com.pem;
  ssl_certificate_key /etc/nginx/ssl/example.com.key;

  server_name icecast.example.com;

  location / {

    proxy_pass http://127.0.0.1:8000/;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    subs_filter_types application/xspf+xml audio/x-mpegurl audio/x-vclt text/css text/xml;
    subs_filter ':8000/' '/' gi;
    subs_filter '@localhost' '@example.com' gi;
    subs_filter 'localhost' $host gi;
    subs_filter 'Mount Point ' $host gi;
  }
  location /admin/ {
  
    deny all;
  }

  location /server_version.xsl {
  
    deny all;
  }
}

Next we need to add a line to our icecast-kh config, assuming you followed my tutorial to set it up, the command would be:

nano /etc/icecast-kh/icecast.xml

And we need to add the line as the last entry above paths, marked in bold.

<icecast>
    <limits>
        <sources>2</sources>
    </limits>
    <authentication>
        <source-password>hackme1</source-password>
        <relay-password>hackme2</relay-password>
        <admin-user>admin</admin-user>
        <admin-password>hackme3</admin-password>
    </authentication>
    <directory>
        <yp-url-timeout>15</yp-url-timeout>
        <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
    </directory>
    <hostname>localhost</hostname>
    <listen-socket>
        <port>8000</port>
    </listen-socket>
    <fileserve>1</fileserve>
    <paths>
        <logdir>/usr/local/var/log/icecast</logdir>
        <webroot>/usr/local/share/icecast/web</webroot>
        <adminroot>/usr/local/share/icecast/admin</adminroot>
        <alias source="/" dest="/index.html"/>
        <x-forwarded-for>127.0.0.1</x-forwarded-for>
    </paths>
    <logging>
        <accesslog>access.log</accesslog>
        <errorlog>error.log</errorlog>
      	<loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
    </logging>
</icecast>

After all of this is done, we need to restart icecast-kh.

systemctl restart icecast-kh

And lastly restart and enable Nginx.

systemctl enable nginx
systemctl start nginx

Final Notes

And we’re finally done, now go to icecast.example.com and you are ready to view the beauty.

Categories
Tutorials

How to install icecast-kh on Ubuntu Server

Intro

icecast2 is a great piece of software, but these days it seems somewhat largely unmaintained.

Well, great news – icecast-kh is here! It’s an updated fork of icecast2 with great new features.

In this guide you will learn how to install your own copy an Ubuntu server!

Video

Requirements

  1. An Ubuntu Server (this guide written using 20.04) and access to the root account
  2. About 5 minutes of your time

Installation

Update our servers repository.

apt-get update
apt-get dist-upgrade -y

Install some icecast-kh requirements.

apt-get install build-essential libxslt-dev libvorbis-dev libxml2 curl -y

Get the latest version of icecast-kh. At the time of writing this is 2.4.0-kh15. Download page here.

wget https://github.com/karlheyes/icecast-kh/archive/icecast-2.4.0-kh15.tar.gz
tar -xvf icecast-*.tar.gz
cd icecast-kh-icecast-2.4.0-kh15

Compile and install. If you run into any issues here, make sure you have all the dependencies installed (listed here).

./configure
make
make install

Move the default config to the /etc directory. Opitionally we may use the more advanced icecast.xml.dist file but for simplicity we are using the minimal.

mkdir -p /etc/icecast-kh
cp /usr/local/share/icecast/doc/icecast_minimal.xml.dist /etc/icecast-kh/icecast.xml

We need to make some changes to our config file, so open it with your favourite text editor – I’m using nano.

nano /etc/icecast-kh/icecast.xml

The config file will look something like this. Update the highlighted lines with your own details. Make sure to set the logdir path to the text shown.

<icecast>
    <limits>
        <sources>2</sources>
    </limits>
    <authentication>
        <source-password>hackme1</source-password>
        <relay-password>hackme2</relay-password>
        <admin-user>admin</admin-user>
        <admin-password>hackme3</admin-password>
    </authentication>
    <directory>
        <yp-url-timeout>15</yp-url-timeout>
        <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
    </directory>
    <hostname>localhost</hostname>
    <listen-socket>
        <port>8000</port>
    </listen-socket>
    <fileserve>1</fileserve>
    <paths>
        <logdir>/var/log/icecast-kh</logdir>
        <webroot>/usr/local/share/icecast/web</webroot>
        <adminroot>/usr/local/share/icecast/admin</adminroot>
        <alias source="/" dest="/index.html"/>
    </paths>
    <logging>
        <accesslog>access.log</accesslog>
        <errorlog>error.log</errorlog>
      	<loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
    </logging>
</icecast>

Add a user for icecast-kh. Leave all the fields blank.

adduser icecast --disabled-login

Create a log directory and change permissions.

mkdir -p /var/log/icecast-kh
chown -R icecast:icecast /var/log/icecast-kh/

Install the init.d script. View the code here.

wget https://gist.githubusercontent.com/ssamjh/500aa158cb77a8eff79c8d1763eef339/raw/cc90940a5c69c0f41750e7042838fff502c57c72/icecast-kh -O /etc/init.d/icecast-kh
chmod 777 /etc/init.d/icecast-kh
update-rc.d icecast-kh defaults

And finally start the server.

systemctl start icecast-kh
systemctl enable icecast-kh

Final Notes

And that’s it! Your new icecast-kh server is up and running on port 8000.

Categories
Tutorials

How to install MongoDB on Ubuntu 16.04

Hey all

I haven’t found any rock solid guides for doing so, so I thought I’d make my own. Follow these steps and I will explain as best as I can.

 

To start off let’s install some dependencies to make sure everything will work (sort of mundane but just do it for the memes).

sudo apt-get install sudo nano -y

 

Now, we need to add MongoDB to our apt.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6

echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

 

Next, we update and install it.

sudo apt-get update 
sudo apt-get install mongodb-org -y

 

To make sure Mongo can work properly we need a systemd service setup.

sudo nano /etc/systemd/system/mongodb.service

 

And in that file paste the following

[Unit]
Description=High-performance, schema-free document-oriented database
After=network.target

[Service]
User=mongodb
ExecStart=/usr/bin/mongod --quiet --config /etc/mongod.conf

[Install]
WantedBy=multi-user.target

 

Okay, now we need to start MongoDB like so.

sudo systemctl start mongod

sudo systemctl enable mongod

and you should see something like this

Created symlink from /etc/systemd/system/multi-user.target.wants/mongod.service
to /lib/systemd/system/mongod.service.

 

Now we need to add an admin user and set the password, replace admin123 with your own password.

mongo

use admin

db.createUser({user:"admin", pwd:"admin123", roles:[{role:"root", db:"admin"}]})

 

This step is optional, but if you want to enable security and allow database access from remote locations do this.

nano /etc/mongod.conf

 

And edit the following lines (see bold parts):

net:
port: 27017
bindIp: 0.0.0.0

 

#security:
   authorization: "enabled"

 

 

And that’s it! Now restart Mongo for good measures and you’re done!

sudo systemctl restart mongod
Categories
Tutorials

SinusBot Bootscript Installation Guide

This tutorial will explain how to install the SinusBot automatic starting script on Debian and  Ubuntu 15.04 and lower servers.

Lets get straight into it!

 

First, we need to install the dependencies.

apt-get update && apt-get install curl screen -y

 

Next, we need to download the script and change its permissions. The script I have used can be found here. Full credit to its author.

curl https://ssamjh.nz/scripts/sinusbot -o /etc/init.d/sinusbot
chmod 777 /etc/init.d/sinusbot

 

If you followed my installation tutorial you can skip this step. Otherwise, if you didn’t you can use this command and edit the script to your linking.

nano /etc/init.d/sinusbot

 

Now that is done we just need to tell the server to use the file with the following command.

update-rc.d sinusbot defaults

 

UPDATE: The following commands may not display any text when typed on Ubuntu 16.04 or higher. I am aware of this issue and am going to release a short video explaining a workaround soon.

Now just do

service sinusbot

and it will list all the options you have! For example

service sinusbot start

and

service sinusbot stop

 

That will be all <3

Categories
Tutorials

SinusBot youtube-dl Installation Guide

This is just a short guide on how to install youtube-dl and set it up to work with SinusBot.

You may also want to read my SinusBot Installation Guide or my SinusBot Bootscript Installation Guide.
But anyway enough blah blah lets get into it!

 

First install curl so we can download youtube-dl

apt-get update && apt-get install curl python -y

 

Next we need to download youtube-dl and change it’s permissions. You can install it anywhere you want, but if you use the commands below you can run youtube-dl from anywhere on your server and it will work.

curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
chmod a+rx /usr/local/bin/youtube-dl

Done, you just installed youtube-dl! If you need to upgrade it, just re-run the commands above. And if SinusBot stops playing videos, youtube-dl probably needs upgrading 😛

 

Now time to tell SinusBot where the file is. So change to the directory that you installed it in, if you followed my installation guide it will be in /home/sinusbot.

cd /home/sinusbot

 

Next, open the config.ini file in your favorite editor, I use nano.

nano config.ini

 

And change the line

YoutubeDLPath = ""

to (this is where we installed it to if you installed youtube-dl to a different directory just change it below)

YoutubeDLPath = "/usr/local/bin/youtube-dl"

and then exit and save the file (press Ctrl+x, then enter and then y).

 

And then restart SinusBot, if you followed my Bootscript guide, just type

service sinusbot restart

 

If you run into issues with youtube-dl not working at all, you might find that YouTube has blocked your IP. I have noticed this happens on mainly OVH servers or people who re-sell OVH etc. You can solve this issue by running this single command below.

echo '--force-ipv4' > /etc/youtube-dl.conf

 

And that is it! Good luck with your SinusBotting 😉

Categories
Tutorials

SinusBot Installation Guide

Hello there, this is my guide on how to install SinusBot on a Debian based operating system.

You may also want to check out my youtube-dl guide or my bootscript guide (which automatically starts sinusbot for you).

You will need to start by installing some dependencies. So let’s run the commands to install those now.

apt-get update
apt-get install nano x11vnc xvfb xinit libxcursor1 ca-certificates bzip2 curl -y
update-ca-certificates

If you run into some issues on your server, try the following command as it can sometimes help.

apt-get install libglib2.0-0

 

We are now going to add a user for the bot. It can be anything but for this tutorial, I am going to use the username “sinusbot”.

adduser sinusbot

After you have typed this command it will then prompt you for a password, set it as whatever you’d like, but make sure you remember what it is! It will then prompt for some information, fill it out as you like and the finally create the user.

 

Next, we are going to extract the bot to a location on the server. I am going to install it in /opt but you can choose where you’d like to install it if you want.

su - sinusbot
curl https://www.sinusbot.com/dl/sinusbot-beta.tar.bz2 -o sinusbot.tar.bz2
tar -xjf sinusbot.tar.bz2

 

Now that is done we need to set the default config SinusBot will use

cp config.ini.dist config.ini

 

The next step is to install the TeamSpeak3 client for SinusBot. If you want a custom TeamSpeak3 version just change 3.0.19.4 in both places to the version you want!

curl http://dl.4players.de/ts/releases/3.0.19.4/TeamSpeak3-Client-linux_amd64-3.0.19.4.run -o teamspeak.run
chmod 777 teamspeak.run
./teamspeak.run

 

After TeamSpeak is installed we need to tell SinusBot where it is. So we need to edit the config.ini file in the Sinusbot directory like so.

nano config.ini

 

And then find this line:

TS3Path = "/opt/ts3soundboard/TeamSpeak3-Client-linux_amd64/ts3client_linux_amd64"

and if you have used the directory like I used in this tutorial change it to

TS3Path = "/home/sinusbot/TeamSpeak3-Client-linux_amd64/ts3client_linux_amd64"

 

Now we have to copy the SinusBot TeamSpeak plugin to the TeamSpeak clients directory. The bot WILL NOT WORK PROPERLY if you don’t do this command.

cp plugin/libsoundbot_plugin.so /home/sinusbot/TeamSpeak3-Client-linux_amd64/plugins

 

After that just chmod the sinusbot executable to 755 like so.

chmod 755 sinusbot

 

If you want to be tidy you can remove the files you used to install it with the following commands.

rm /home/sinusbot/sinusbot.tar.bz2
rm /home/sinusbot/teamspeak.run

 

And you are done! If you want you can just run it in a screen or tmux. Other than that you can check out my other tutorial that explains how to make it part of the init.d scripts in Ubuntu 14.04 or older.

Categories
Tutorials

TeamSpeak3 Server Ubuntu/Debian Installation Guide

Hi, all! I like all things TeamSpeak. So I thought I could write an article on how you would install it on your Ubuntu or Debian server. A thing to keep in mind is I will try to keep the download link updated as much as I can but if I forget you will just need to grab the latest server download from the TeamSpeak downloads page.

Anyway, enough chit-chat! Let’s get into it! 😀

 

Run this command to install the depends.

apt-get install curl bzip2 -y

 

If your server is 32-bit you will need to run this command:

curl http://dl.4players.de/ts/releases/3.0.13.6/teamspeak3-server_linux_x86-3.0.13.6.tar.bz2 -o teamspeak.tar.bz2

If your server is 64-bit you will need to run this command:

curl http://dl.4players.de/ts/releases/3.0.13.6/teamspeak3-server_linux_amd64-3.0.13.6.tar.bz2 -o teamspeak.tar.bz2

It is VERY important that you download the correct file for your operating system. So make sure you get it right 😛

 

Next, we need to extract the file you downloaded like so.

tar -xjf teamspeak.tar.bz2

 

Now we need to set up the user that TeamSpeak will run as. I will use the user TeamSpeak in this tutorial.

adduser --disabled-login teamspeak

 

Now we want to move TeamSpeak to the user’s directory we just created. If you didn’t use TeamSpeak as the username just replace the part in bold with the username you used.

mv teamspeak3-server_linux_* /home/teamspeak/teamspeak3

 

Next up we need to make sure we change the permissions of the teamspeak3 folder to allow the user we created to access it. Again if you didn’t use the username TeamSpeak just replace the bit in bold.

chown -R teamspeak /home/teamspeak/teamspeak3

 

Now we need to add the TeamSpeak3 startup script to the init.d files.

ln -s /home/teamspeak/teamspeak3/ts3server_startscript.sh /etc/init.d/teamspeak

 

Now we need to tell the server to update the init.d scripts.

update-rc.d teamspeak defaults

 

Now you can use commands like.

service teamspeak start
service teamspeak stop
service teamspeak restart

 

Please note the first time you start the server it will spit out some information like this. PLEASE save it as you will need it!

 

------------------------------------------------------------------
                  I M P O R T A N T
------------------------------------------------------------------
Server Query Admin Account created
loginname= "serveradmin", password= "qp8UdSH7"
------------------------------------------------------------------


------------------------------------------------------------------
                  I M P O R T A N T
------------------------------------------------------------------
ServerAdmin privilege key created, please use it to gain
serveradmin rights for your virtualserver. please
also check the doc/privilegekey_guide.txt for details.

token=Ux881tdg7A9WQVleJeKLtg6Fi+oO5hgFpIxGQ3j8
------------------------------------------------------------------

 

And now you are done. Every time you restart your server, TeamSpeak will automatically start with it.

Good luck and happy TeamSpeaking! 😀