logo

blog

My little blog can’t be this cute!
commit: e90a48bd4555df554c00cf7efd207b8c377db340
parent: 64d204af0e45c85d4c1fb6df58cf92cacc3728d5
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sun,  7 Oct 2018 18:36:40 +0200

articles/Mise en place d’un relai icecast: Move from HTML to xHTML

Diffstat:

Maccueil.shtml4+---
Darticles/Mise en place d’un relai icecast.html124-------------------------------------------------------------------------------
Marticles/Mise en place d’un relai icecast.shtml6++----
Aarticles/Mise en place d’un relai icecast.xhtml126+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mflux.atom2+-
5 files changed, 130 insertions(+), 132 deletions(-)

diff --git a/accueil.shtml b/accueil.shtml @@ -6,9 +6,7 @@ </head> <body> <!--#set var="transPageUrl" value='home' --><!--#set var="feedURL" value='/flux.atom'--><!--#include file="/templates/fr/nav.shtml" --> - <article class="h-entry"> -<!--#include file="/articles/Mise en place d’un relai icecast.html"--> - </article> +<!--#include file="/articles/Mise en place d’un relai icecast.xhtml"--> <article class="h-entry"> <!--#include file="/articles/J’ai changé de clé OpenPGP.html"--> </article> diff --git a/articles/Mise en place d’un relai icecast.html b/articles/Mise en place d’un relai icecast.html @@ -1,124 +0,0 @@ -<h1 class="p-name"><a class="u-url" href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast">Mise en place d’un relai icecast</a></h1> -<p>Mis en place pour faire relai de <a href="http://zad.nadir.org/spip.php?rubrique71">radio klaxon</a> de la <abbr title="Zone À Défendre">ZAD</abbr> de <abbr title="Notre Dame Des Landes">NDDL</abbr> qui ne tenait apparement plus la charge, et pour un peu de crypto+annonymat. Ci-dessous, la config icecast, puis la config nginx.</p> -<p>Config pour icecast:</p> -<pre><code> -&lt;icecast&gt; - &lt;limits&gt; - &lt;clients&gt;500&lt;/clients&gt; - &lt;sources&gt;2&lt;/sources&gt; - &lt;queue-size&gt;524288&lt;/queue-size&gt; - &lt;client-timeout&gt;30&lt;/client-timeout&gt; - &lt;header-timeout&gt;15&lt;/header-timeout&gt; - &lt;source-timeout&gt;10&lt;/source-timeout&gt; - &lt;burst-on-connect&gt;1&lt;/burst-on-connect&gt; - &lt;burst-size&gt;65535&lt;/burst-size&gt; - &lt;/limits&gt; - &lt;hostname&gt;pouet.hacktivis.me&lt;/hostname&gt; - &lt;listen-socket&gt; - &lt;port&gt;8000&lt;/port&gt; - &lt;!-- &lt;bind-address&gt;127.0.0.1&lt;/bind-address&gt; --&gt; - &lt;/listen-socket&gt; - &lt;relay&gt; - &lt;server&gt;radio.antirep.net&lt;/server&gt; - &lt;port&gt;8000&lt;/port&gt; - &lt;mount&gt;/RadioKlaxon&lt;/mount&gt; - &lt;local-mount&gt;/RadioKlaxon&lt;/local-mount&gt; - &lt;on-demand&gt;0&lt;/on-demand&gt; - - &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt; - &lt;/relay&gt; - &lt;relay&gt; - &lt;server&gt;radio.antirep.net&lt;/server&gt; - &lt;port&gt;8000&lt;/port&gt; - &lt;mount&gt;/RadioKlaxonOff&lt;/mount&gt; - &lt;local-mount&gt;/RadioKlaxonOff&lt;/local-mount&gt; - &lt;on-demand&gt;0&lt;/on-demand&gt; - - &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt; - &lt;/relay&gt; - &lt;fileserve&gt;1&lt;/fileserve&gt; - &lt;paths&gt; - &lt;basedir&gt;/usr/share/icecast&lt;/basedir&gt; - &lt;logdir&gt;/var/log/icecast&lt;/logdir&gt; - &lt;webroot&gt;/srv/web/pouet.hacktivis.me&lt;/webroot&gt; - &lt;adminroot&gt;/usr/share/icecast/admin&lt;/adminroot&gt; - &lt;alias source="/" dest="/status.xsl"/&gt; - &lt;/paths&gt; - - &lt;logging&gt; - &lt;errorlog&gt;error.log&lt;/errorlog&gt; - &lt;loglevel&gt;2&lt;/loglevel&gt; &lt;!-- 4 Debug, 3 Info, 2 Warn, 1 Error --&gt; - &lt;logsize&gt;10000&lt;/logsize&gt; &lt;!-- Max size of a logfile --&gt; - &lt;/logging&gt; - - &lt;security&gt; - &lt;chroot&gt;0&lt;/chroot&gt; - &lt;changeowner&gt; - &lt;user&gt;icecast&lt;/user&gt; - &lt;group&gt;nogroup&lt;/group&gt; - &lt;/changeowner&gt; - &lt;/security&gt; -&lt;/icecast&gt; -</code></pre> -<p>Config pour nginx:</p> -<pre><code> -server { - listen 80; - listen [::]:80; - listen 8000; - listen [::]:8000; - - server_name pouet.hacktivis.me; - - location / { - return 301 https://$server_name$request_uri; - } -} -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name pouet.hacktivis.me; - large_client_header_buffers 4 16k; - - root /srv/web/pouet.hacktivis.me/; - - ssl_certificate certificates/pouet.hacktivis.me.pem; - ssl_certificate_key certificates/pouet.hacktivis.me.key; - - ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM'; # or EECDH+CHACHA20:EECDH+AES:DHE+CHACHA20:DHE+AES:+SHA - ssl_prefer_server_ciphers on; # Parceque les clients on une config TLS toute pouritte - ssl_protocols TLSv1.2; # POODLE sur ≤TLS1.1 - ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1; - ssl_stapling on; - ssl_stapling_verify on; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; # Garder l’https pendant 6 mois et inclure les sous-domaines - #add_header Public-Key-Pins 'pin-sha256="nL2KrUGakuCVVOeO152WRynVeJs+clhS+02EiIbDrPQ="; pin-sha256="9kgt0my3CzTv4sK5TsYJmEw5FzYLLUrFJr86Vmhbb4k="; max-age=5184000'; - add_header X-Frame-Options "DENY"; # Deny framing - add_header X-Content-Type-Options "nosniff"; - add_header X-XSS-Protection "1; mode=block"; - #add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self';"; - add_header Referrer-Policy "no-referrer"; - add_header X-Clacks-Overhead "GNU Rémi Fraisse"; - - location @icecast2 { - proxy_buffering off; - proxy_ignore_client_abort off; - proxy_intercept_errors on; - proxy_next_upstream error timeout invalid_header; - proxy_redirect off; - proxy_set_header X-Host $http_host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 60; - proxy_send_timeout 21600; - proxy_read_timeout 21600; - proxy_pass http://localhost:8000; - } - location / { - try_files $uri @icecast2; - } -} -</code></pre> diff --git a/articles/Mise en place d’un relai icecast.shtml b/articles/Mise en place d’un relai icecast.shtml @@ -7,10 +7,8 @@ </head> <body> <!--#include file="/templates/fr/nav.shtml" --> - <article class="h-entry"> -<!--#include file="/articles/Mise en place d’un relai icecast.html"--> - </article> - <a href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast">article seul(HTML-brut)</a> +<!--#include file="/articles/Mise en place d’un relai icecast.xhtml"--> + <a href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast.xhtml">article seul(HTML-brut)</a> <!--#include file="/templates/fr/footer.html" --> </body> </html> diff --git a/articles/Mise en place d’un relai icecast.xhtml b/articles/Mise en place d’un relai icecast.xhtml @@ -0,0 +1,126 @@ +<article xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr"> +<h1 class="p-name"><a class="u-url" href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast">Mise en place d’un relai icecast</a></h1> +<p>Mis en place pour faire relai de <a href="http://zad.nadir.org/spip.php?rubrique71">radio klaxon</a> de la <abbr title="Zone À Défendre">ZAD</abbr> de <abbr title="Notre Dame Des Landes">NDDL</abbr> qui ne tenait apparement plus la charge, et pour un peu de crypto+annonymat. Ci-dessous, la config icecast, puis la config nginx.</p> +<p>Config pour icecast:</p> +<pre><code> +&lt;icecast&gt; + &lt;limits&gt; + &lt;clients&gt;500&lt;/clients&gt; + &lt;sources&gt;2&lt;/sources&gt; + &lt;queue-size&gt;524288&lt;/queue-size&gt; + &lt;client-timeout&gt;30&lt;/client-timeout&gt; + &lt;header-timeout&gt;15&lt;/header-timeout&gt; + &lt;source-timeout&gt;10&lt;/source-timeout&gt; + &lt;burst-on-connect&gt;1&lt;/burst-on-connect&gt; + &lt;burst-size&gt;65535&lt;/burst-size&gt; + &lt;/limits&gt; + &lt;hostname&gt;pouet.hacktivis.me&lt;/hostname&gt; + &lt;listen-socket&gt; + &lt;port&gt;8000&lt;/port&gt; + &lt;!-- &lt;bind-address&gt;127.0.0.1&lt;/bind-address&gt; --&gt; + &lt;/listen-socket&gt; + &lt;relay&gt; + &lt;server&gt;radio.antirep.net&lt;/server&gt; + &lt;port&gt;8000&lt;/port&gt; + &lt;mount&gt;/RadioKlaxon&lt;/mount&gt; + &lt;local-mount&gt;/RadioKlaxon&lt;/local-mount&gt; + &lt;on-demand&gt;0&lt;/on-demand&gt; + + &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt; + &lt;/relay&gt; + &lt;relay&gt; + &lt;server&gt;radio.antirep.net&lt;/server&gt; + &lt;port&gt;8000&lt;/port&gt; + &lt;mount&gt;/RadioKlaxonOff&lt;/mount&gt; + &lt;local-mount&gt;/RadioKlaxonOff&lt;/local-mount&gt; + &lt;on-demand&gt;0&lt;/on-demand&gt; + + &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt; + &lt;/relay&gt; + &lt;fileserve&gt;1&lt;/fileserve&gt; + &lt;paths&gt; + &lt;basedir&gt;/usr/share/icecast&lt;/basedir&gt; + &lt;logdir&gt;/var/log/icecast&lt;/logdir&gt; + &lt;webroot&gt;/srv/web/pouet.hacktivis.me&lt;/webroot&gt; + &lt;adminroot&gt;/usr/share/icecast/admin&lt;/adminroot&gt; + &lt;alias source="/" dest="/status.xsl"/&gt; + &lt;/paths&gt; + + &lt;logging&gt; + &lt;errorlog&gt;error.log&lt;/errorlog&gt; + &lt;loglevel&gt;2&lt;/loglevel&gt; &lt;!-- 4 Debug, 3 Info, 2 Warn, 1 Error --&gt; + &lt;logsize&gt;10000&lt;/logsize&gt; &lt;!-- Max size of a logfile --&gt; + &lt;/logging&gt; + + &lt;security&gt; + &lt;chroot&gt;0&lt;/chroot&gt; + &lt;changeowner&gt; + &lt;user&gt;icecast&lt;/user&gt; + &lt;group&gt;nogroup&lt;/group&gt; + &lt;/changeowner&gt; + &lt;/security&gt; +&lt;/icecast&gt; +</code></pre> +<p>Config pour nginx:</p> +<pre><code> +server { + listen 80; + listen [::]:80; + listen 8000; + listen [::]:8000; + + server_name pouet.hacktivis.me; + + location / { + return 301 https://$server_name$request_uri; + } +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name pouet.hacktivis.me; + large_client_header_buffers 4 16k; + + root /srv/web/pouet.hacktivis.me/; + + ssl_certificate certificates/pouet.hacktivis.me.pem; + ssl_certificate_key certificates/pouet.hacktivis.me.key; + + ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM'; # or EECDH+CHACHA20:EECDH+AES:DHE+CHACHA20:DHE+AES:+SHA + ssl_prefer_server_ciphers on; # Parceque les clients on une config TLS toute pouritte + ssl_protocols TLSv1.2; # POODLE sur ≤TLS1.1 + ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1; + ssl_stapling on; + ssl_stapling_verify on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; # Garder l’https pendant 6 mois et inclure les sous-domaines + #add_header Public-Key-Pins 'pin-sha256="nL2KrUGakuCVVOeO152WRynVeJs+clhS+02EiIbDrPQ="; pin-sha256="9kgt0my3CzTv4sK5TsYJmEw5FzYLLUrFJr86Vmhbb4k="; max-age=5184000'; + add_header X-Frame-Options "DENY"; # Deny framing + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + #add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self';"; + add_header Referrer-Policy "no-referrer"; + add_header X-Clacks-Overhead "GNU Rémi Fraisse"; + + location @icecast2 { + proxy_buffering off; + proxy_ignore_client_abort off; + proxy_intercept_errors on; + proxy_next_upstream error timeout invalid_header; + proxy_redirect off; + proxy_set_header X-Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 60; + proxy_send_timeout 21600; + proxy_read_timeout 21600; + proxy_pass http://localhost:8000; + } + location / { + try_files $uri @icecast2; + } +} +</code></pre> +</article> diff --git a/flux.atom b/flux.atom @@ -15,7 +15,7 @@ <id>https://hacktivis.me/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast</id> <updated>2018-06-02T11:33:19Z</updated> <content type="xhtml"><div> -<!--#include file="/articles/Mise en place d’un relai icecast.html"--> +<!--#include file="/articles/Mise en place d’un relai icecast.xhtml"--> </div></content> </entry> </feed>