logo

blog

My little blog can’t be this cute! git clone https://hacktivis.me/git/blog.git
commit: e90a48bd4555df554c00cf7efd207b8c377db340
parent 64d204af0e45c85d4c1fb6df58cf92cacc3728d5
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sun,  7 Oct 2018 18:36:40 +0200

articles/Mise en place d’un relai icecast: Move from HTML to xHTML


Diffstat:


Maccueil.shtml4+---


Darticles/Mise en place d’un relai icecast.html124-------------------------------------------------------------------------------


Marticles/Mise en place d’un relai icecast.shtml6++----


Aarticles/Mise en place d’un relai icecast.xhtml126+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Mflux.atom2+-


5 files changed, 130 insertions(+), 132 deletions(-)

diff --git a/accueil.shtml b/accueil.shtml
@@ -6,9 +6,7 @@
 	</head>
 	<body>
 <!--#set var="transPageUrl" value='home' --><!--#set var="feedURL" value='/flux.atom'--><!--#include file="/templates/fr/nav.shtml" -->
-		<article class="h-entry">
-<!--#include file="/articles/Mise en place d’un relai icecast.html"-->
-		</article>
+<!--#include file="/articles/Mise en place d’un relai icecast.xhtml"-->
 		<article class="h-entry">
 <!--#include file="/articles/J’ai changé de clé OpenPGP.html"-->
 		</article>
diff --git a/articles/Mise en place d’un relai icecast.html b/articles/Mise en place d’un relai icecast.html
@@ -1,124 +0,0 @@
-<h1 class="p-name"><a class="u-url" href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast">Mise en place d’un relai icecast</a></h1>
-<p>Mis en place pour faire relai de <a href="http://zad.nadir.org/spip.php?rubrique71">radio klaxon</a> de la <abbr title="Zone À Défendre">ZAD</abbr> de <abbr title="Notre Dame Des Landes">NDDL</abbr> qui ne tenait apparement plus la charge, et pour un peu de crypto+annonymat. Ci-dessous, la config icecast, puis la config nginx.</p>
-<p>Config pour icecast:</p>
-<pre><code>
-&lt;icecast&gt;
-    &lt;limits&gt;
-        &lt;clients&gt;500&lt;/clients&gt;
-        &lt;sources&gt;2&lt;/sources&gt;
-        &lt;queue-size&gt;524288&lt;/queue-size&gt;
-        &lt;client-timeout&gt;30&lt;/client-timeout&gt;
-        &lt;header-timeout&gt;15&lt;/header-timeout&gt;
-        &lt;source-timeout&gt;10&lt;/source-timeout&gt;
-        &lt;burst-on-connect&gt;1&lt;/burst-on-connect&gt;
-        &lt;burst-size&gt;65535&lt;/burst-size&gt;
-    &lt;/limits&gt;
-    &lt;hostname&gt;pouet.hacktivis.me&lt;/hostname&gt;
-    &lt;listen-socket&gt;
-        &lt;port&gt;8000&lt;/port&gt;
-        &lt;!-- &lt;bind-address&gt;127.0.0.1&lt;/bind-address&gt; --&gt;
-    &lt;/listen-socket&gt;
-    &lt;relay&gt;
-        &lt;server&gt;radio.antirep.net&lt;/server&gt;
-        &lt;port&gt;8000&lt;/port&gt;
-        &lt;mount&gt;/RadioKlaxon&lt;/mount&gt;
-        &lt;local-mount&gt;/RadioKlaxon&lt;/local-mount&gt;
-        &lt;on-demand&gt;0&lt;/on-demand&gt;
-
-        &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt;
-    &lt;/relay&gt;
-    &lt;relay&gt;
-        &lt;server&gt;radio.antirep.net&lt;/server&gt;
-        &lt;port&gt;8000&lt;/port&gt;
-        &lt;mount&gt;/RadioKlaxonOff&lt;/mount&gt;
-        &lt;local-mount&gt;/RadioKlaxonOff&lt;/local-mount&gt;
-        &lt;on-demand&gt;0&lt;/on-demand&gt;
-
-        &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt;
-    &lt;/relay&gt;
-    &lt;fileserve&gt;1&lt;/fileserve&gt;
-    &lt;paths&gt;
-        &lt;basedir&gt;/usr/share/icecast&lt;/basedir&gt;
-        &lt;logdir&gt;/var/log/icecast&lt;/logdir&gt;
-        &lt;webroot&gt;/srv/web/pouet.hacktivis.me&lt;/webroot&gt;
-        &lt;adminroot&gt;/usr/share/icecast/admin&lt;/adminroot&gt;
-        &lt;alias source="/" dest="/status.xsl"/&gt;
-    &lt;/paths&gt;
-
-    &lt;logging&gt;
-        &lt;errorlog&gt;error.log&lt;/errorlog&gt;
-        &lt;loglevel&gt;2&lt;/loglevel&gt; &lt;!-- 4 Debug, 3 Info, 2 Warn, 1 Error --&gt;
-        &lt;logsize&gt;10000&lt;/logsize&gt; &lt;!-- Max size of a logfile --&gt;
-    &lt;/logging&gt;
-
-    &lt;security&gt;
-        &lt;chroot&gt;0&lt;/chroot&gt;
-        &lt;changeowner&gt;
-            &lt;user&gt;icecast&lt;/user&gt;
-            &lt;group&gt;nogroup&lt;/group&gt;
-        &lt;/changeowner&gt;
-    &lt;/security&gt;
-&lt;/icecast&gt;
-</code></pre>
-<p>Config pour nginx:</p>
-<pre><code>
-server {
-        listen 80;
-        listen [::]:80;
-        listen 8000;
-        listen [::]:8000;
-
-        server_name pouet.hacktivis.me;
-
-        location / {
-                return 301 https://$server_name$request_uri;
-        }
-}
-server {
-        listen 443 ssl http2;
-        listen [::]:443 ssl http2;
-
-        server_name pouet.hacktivis.me;
-        large_client_header_buffers 4 16k;
-
-        root /srv/web/pouet.hacktivis.me/;
-
-        ssl_certificate     certificates/pouet.hacktivis.me.pem;
-        ssl_certificate_key certificates/pouet.hacktivis.me.key;
-
-        ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM'; # or EECDH+CHACHA20:EECDH+AES:DHE+CHACHA20:DHE+AES:+SHA
-        ssl_prefer_server_ciphers on; # Parceque les clients on une config TLS toute pouritte
-        ssl_protocols TLSv1.2; # POODLE sur ≤TLS1.1
-        ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
-        ssl_stapling on;
-        ssl_stapling_verify on;
-        ssl_session_cache   shared:SSL:10m;
-        ssl_session_timeout 10m;
-
-        add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; # Garder l’https pendant 6 mois et inclure les sous-domaines
-        #add_header Public-Key-Pins           'pin-sha256="nL2KrUGakuCVVOeO152WRynVeJs+clhS+02EiIbDrPQ="; pin-sha256="9kgt0my3CzTv4sK5TsYJmEw5FzYLLUrFJr86Vmhbb4k="; max-age=5184000';
-        add_header X-Frame-Options           "DENY"; # Deny framing
-        add_header X-Content-Type-Options    "nosniff";
-        add_header X-XSS-Protection          "1; mode=block";
-        #add_header Content-Security-Policy   "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self';";
-        add_header Referrer-Policy           "no-referrer";
-        add_header X-Clacks-Overhead         "GNU Rémi Fraisse";
-
-        location @icecast2 {
-                proxy_buffering           off;
-                proxy_ignore_client_abort off;
-                proxy_intercept_errors    on;
-                proxy_next_upstream       error timeout invalid_header;
-                proxy_redirect            off;
-                proxy_set_header          X-Host $http_host;
-                proxy_set_header          X-Forwarded-For $remote_addr;
-                proxy_connect_timeout     60;
-                proxy_send_timeout        21600;
-                proxy_read_timeout        21600;
-                proxy_pass http://localhost:8000;
-        }
-        location / {
-                try_files $uri @icecast2;
-        }
-}
-</code></pre>
diff --git a/articles/Mise en place d’un relai icecast.shtml b/articles/Mise en place d’un relai icecast.shtml
@@ -7,10 +7,8 @@
 	</head>
 	<body>
 <!--#include file="/templates/fr/nav.shtml" -->
-		<article class="h-entry">
-<!--#include file="/articles/Mise en place d’un relai icecast.html"-->
-		</article>
-		<a href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast">article seul(HTML-brut)</a>
+<!--#include file="/articles/Mise en place d’un relai icecast.xhtml"-->
+		<a href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast.xhtml">article seul(HTML-brut)</a>
 <!--#include file="/templates/fr/footer.html" -->
 	</body>
 </html>
diff --git a/articles/Mise en place d’un relai icecast.xhtml b/articles/Mise en place d’un relai icecast.xhtml
@@ -0,0 +1,126 @@
+<article xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
+<h1 class="p-name"><a class="u-url" href="/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast">Mise en place d’un relai icecast</a></h1>
+<p>Mis en place pour faire relai de <a href="http://zad.nadir.org/spip.php?rubrique71">radio klaxon</a> de la <abbr title="Zone À Défendre">ZAD</abbr> de <abbr title="Notre Dame Des Landes">NDDL</abbr> qui ne tenait apparement plus la charge, et pour un peu de crypto+annonymat. Ci-dessous, la config icecast, puis la config nginx.</p>
+<p>Config pour icecast:</p>
+<pre><code>
+&lt;icecast&gt;
+    &lt;limits&gt;
+        &lt;clients&gt;500&lt;/clients&gt;
+        &lt;sources&gt;2&lt;/sources&gt;
+        &lt;queue-size&gt;524288&lt;/queue-size&gt;
+        &lt;client-timeout&gt;30&lt;/client-timeout&gt;
+        &lt;header-timeout&gt;15&lt;/header-timeout&gt;
+        &lt;source-timeout&gt;10&lt;/source-timeout&gt;
+        &lt;burst-on-connect&gt;1&lt;/burst-on-connect&gt;
+        &lt;burst-size&gt;65535&lt;/burst-size&gt;
+    &lt;/limits&gt;
+    &lt;hostname&gt;pouet.hacktivis.me&lt;/hostname&gt;
+    &lt;listen-socket&gt;
+        &lt;port&gt;8000&lt;/port&gt;
+        &lt;!-- &lt;bind-address&gt;127.0.0.1&lt;/bind-address&gt; --&gt;
+    &lt;/listen-socket&gt;
+    &lt;relay&gt;
+        &lt;server&gt;radio.antirep.net&lt;/server&gt;
+        &lt;port&gt;8000&lt;/port&gt;
+        &lt;mount&gt;/RadioKlaxon&lt;/mount&gt;
+        &lt;local-mount&gt;/RadioKlaxon&lt;/local-mount&gt;
+        &lt;on-demand&gt;0&lt;/on-demand&gt;
+
+        &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt;
+    &lt;/relay&gt;
+    &lt;relay&gt;
+        &lt;server&gt;radio.antirep.net&lt;/server&gt;
+        &lt;port&gt;8000&lt;/port&gt;
+        &lt;mount&gt;/RadioKlaxonOff&lt;/mount&gt;
+        &lt;local-mount&gt;/RadioKlaxonOff&lt;/local-mount&gt;
+        &lt;on-demand&gt;0&lt;/on-demand&gt;
+
+        &lt;relay-shoutcast-metadata&gt;1&lt;/relay-shoutcast-metadata&gt;
+    &lt;/relay&gt;
+    &lt;fileserve&gt;1&lt;/fileserve&gt;
+    &lt;paths&gt;
+        &lt;basedir&gt;/usr/share/icecast&lt;/basedir&gt;
+        &lt;logdir&gt;/var/log/icecast&lt;/logdir&gt;
+        &lt;webroot&gt;/srv/web/pouet.hacktivis.me&lt;/webroot&gt;
+        &lt;adminroot&gt;/usr/share/icecast/admin&lt;/adminroot&gt;
+        &lt;alias source="/" dest="/status.xsl"/&gt;
+    &lt;/paths&gt;
+
+    &lt;logging&gt;
+        &lt;errorlog&gt;error.log&lt;/errorlog&gt;
+        &lt;loglevel&gt;2&lt;/loglevel&gt; &lt;!-- 4 Debug, 3 Info, 2 Warn, 1 Error --&gt;
+        &lt;logsize&gt;10000&lt;/logsize&gt; &lt;!-- Max size of a logfile --&gt;
+    &lt;/logging&gt;
+
+    &lt;security&gt;
+        &lt;chroot&gt;0&lt;/chroot&gt;
+        &lt;changeowner&gt;
+            &lt;user&gt;icecast&lt;/user&gt;
+            &lt;group&gt;nogroup&lt;/group&gt;
+        &lt;/changeowner&gt;
+    &lt;/security&gt;
+&lt;/icecast&gt;
+</code></pre>
+<p>Config pour nginx:</p>
+<pre><code>
+server {
+        listen 80;
+        listen [::]:80;
+        listen 8000;
+        listen [::]:8000;
+
+        server_name pouet.hacktivis.me;
+
+        location / {
+                return 301 https://$server_name$request_uri;
+        }
+}
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name pouet.hacktivis.me;
+        large_client_header_buffers 4 16k;
+
+        root /srv/web/pouet.hacktivis.me/;
+
+        ssl_certificate     certificates/pouet.hacktivis.me.pem;
+        ssl_certificate_key certificates/pouet.hacktivis.me.key;
+
+        ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM'; # or EECDH+CHACHA20:EECDH+AES:DHE+CHACHA20:DHE+AES:+SHA
+        ssl_prefer_server_ciphers on; # Parceque les clients on une config TLS toute pouritte
+        ssl_protocols TLSv1.2; # POODLE sur ≤TLS1.1
+        ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        ssl_session_cache   shared:SSL:10m;
+        ssl_session_timeout 10m;
+
+        add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; # Garder l’https pendant 6 mois et inclure les sous-domaines
+        #add_header Public-Key-Pins           'pin-sha256="nL2KrUGakuCVVOeO152WRynVeJs+clhS+02EiIbDrPQ="; pin-sha256="9kgt0my3CzTv4sK5TsYJmEw5FzYLLUrFJr86Vmhbb4k="; max-age=5184000';
+        add_header X-Frame-Options           "DENY"; # Deny framing
+        add_header X-Content-Type-Options    "nosniff";
+        add_header X-XSS-Protection          "1; mode=block";
+        #add_header Content-Security-Policy   "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self';";
+        add_header Referrer-Policy           "no-referrer";
+        add_header X-Clacks-Overhead         "GNU Rémi Fraisse";
+
+        location @icecast2 {
+                proxy_buffering           off;
+                proxy_ignore_client_abort off;
+                proxy_intercept_errors    on;
+                proxy_next_upstream       error timeout invalid_header;
+                proxy_redirect            off;
+                proxy_set_header          X-Host $http_host;
+                proxy_set_header          X-Forwarded-For $remote_addr;
+                proxy_connect_timeout     60;
+                proxy_send_timeout        21600;
+                proxy_read_timeout        21600;
+                proxy_pass http://localhost:8000;
+        }
+        location / {
+                try_files $uri @icecast2;
+        }
+}
+</code></pre>
+</article>
diff --git a/flux.atom b/flux.atom
@@ -15,7 +15,7 @@
 		<id>https://hacktivis.me/articles/Mise%20en%20place%20d%E2%80%99un%20relai%20icecast</id>
 		<updated>2018-06-02T11:33:19Z</updated>
 		<content type="xhtml"><div>
-<!--#include file="/articles/Mise en place d’un relai icecast.html"-->
+<!--#include file="/articles/Mise en place d’un relai icecast.xhtml"-->
 		</div></content>
 	</entry>
 </feed>