Thank you for your donation!


Cloudsmith graciously provides open-source package management and distribution for our project.


secure stream http
#1
Hello,

I love the functionnality of http stream and it works great but how would it be complicate to configure nginx to make it https and use ssl certificates ?
I was researching info on how to do so but didn't found any, does anyone can help ? Angel

thanks
Reply
#2
What sensitive information are you intending to protect by doing that?
Reply
#3
no sensitive informations just listening to my music via web stream

you can't mix https and non https content in modern web browser

so if my webpage is showing the name of the song and some visualization when in the backgound streaming from a non-https adress then it is blocked...

it is not about protecting sensitive information but about having things to work to nowadays standard.
Reply
#4
if anyone can advise the configuration to apply in nginx in order to proxy the http stream from moode via a ssl secure adress
Reply
#5
(02-14-2020, 05:21 PM)LeGuiz Wrote: no sensitive informations just listening to my music via web stream

you can't mix https and non https content in modern web browser

so if my webpage is showing the name of the song and some visualization when in the backgound streaming from a non-https adress then it is blocked...

it is not about protecting sensitive information but about having things to work to nowadays standard.

I've known this day was approaching, based on the recent updates to Google Chrome, but I was anticipating a different problem. This specific use case hadn't occurred to me, with moOde streaming music via http to a browser on another host. Sigh.

Regards,
Kent

"Oh, what a tangled web we weave....." - for those who still remember their high school English lit course or their Donald Knuth books on the art of computer programming.
Reply
#6
I don't quite understand... can u clarify this particular usage scenario and/or provide steps to repro?
Enjoy the Music!
moodeaudio.org | Mastodon Feed | GitHub
Reply
#7
sorry if i am not clear, i am gonna try to re-phrase it better now.

After successfully trying the stream option in moode audio, I want to stream my music on a webpage that also show the name of the track as well as play the music.

So I write this little html like below :

<body class="clearfix">
   <audio loop autoplay name="media"><source src="http://myip:mystreamport" type="audio/flac"></audio>
   <div id="song"></div>

</body>

then in order to show the name of the song, I activated last.fm option and then with this little javascript I update it every 15sec.

//every 15sec
window.setInterval(function(){
   fetch('https://ws.audioscrobbler.com/2.0/?method=user.getrecenttracks&user=myuser&api_key=myapikey&format=json')
       .then(function (response) {
           return response.json();
       })
       .then(function (data) {
           appendData(data);
       })
       .catch(function (err) {
           console.log('error: ' + err);
   });
 }, 15000);//every 15sec
 

function appendData(data) {
   var song = document.getElementById("song");
   song.innerHTML = "'"+data.recenttracks.track[0].name+"' in '"+data.recenttracks.track[0].album["#text"]+"' by '"+data.recenttracks.track[0].artist["#text"]+"'";
}



then I got that warning "Mixed Content: The page at 'https://mylittleradio.com/' was loaded over HTTPS, but requested an insecure audio file 'http://myip:myport/'. This content should also be served over HTTPS."

This is a warning but very soon will be blocking since the web is moving forward to be more secure with https by default everywhere nowadays.

So this is my question, is there a way to configure nginx in order to add ssl certificate configuration to my stream url ?
I also looked about icecast2 that does that but I am really keen on mixing to many software together when nginx is already there and shall be able to do the job.

Hope it is more clear and making sense.
Please don't hesitate to ask me specific details if I can provide to bring more clarity to my problematic.

thanks !
Reply
#8
It seems what you doing is probably difficult because it's not really a sensible thing to be attempting.

Multiple things come to mind...
    * I'm guessing you're port forwarding public internet connections to your local private network in order to connect to the mpd stream, this is poor security practice.
    * mpd's internal features/plugins is probably more suitable for the mpd forum.
    * If you get multiple site visitors connecting to mpd's flac-encoded http stream, this might quickly overwhelm your Pi and your internet connection's upstream bandwidth.
    * nginx on your Pi is serving the Moode web application, it doesn't serve mpd's http stream.
    * mpd's http plugin doesn't seem to support https, hence you need to send to something like icecase or shoutcast.
    * autoplaying embedded music & video on websites is generally frowned upon, modern browsers often block that by default.

Disregarding all that you could just provide a link to a hosted pls file that can launch the http stream in a client or browser tab.

Hope that helps though.
Reply
#9
(02-16-2020, 01:55 PM)vinnn Wrote: It seems what you doing is probably difficult because it's not really a sensible thing to be attempting.

Multiple things come to mind...
    * I'm guessing you're port forwarding public internet connections to your local private network in order to connect to the mpd stream, this is poor security practice.
    * mpd's internal features/plugins is probably more suitable for the mpd forum.
    * If you get multiple site visitors connecting to mpd's flac-encoded http stream, this might quickly overwhelm your Pi and your internet connection's upstream bandwidth.
    * nginx on your Pi is serving the Moode web application, it doesn't serve mpd's http stream.
    * mpd's http plugin doesn't seem to support https, hence you need to send to something like icecase or shoutcast.
    * autoplaying embedded music & video on websites is generally frowned upon, modern browsers often block that by default.

Disregarding all that you could just provide a link to a hosted pls file that can launch the http stream in a client or browser tab.

Hope that helps though.


* configuring a DMZ would help that I guess
* yep !
* I need to limit the number of concurent connections
* I was guessing so, thanks for your confirmation
* I was already looking in that solution but I thought it might be a more direct way for doing so
* yes indeed

I am gonna try out differents options, should I keep posting here the results of my trials or not ?

Thanks a lot for your help vinnn !!
Reply
#10
(02-29-2020, 06:11 AM)LeGuiz Wrote: * configuring a DMZ would help that I guess
* I need to limit the number of concurent connections

No worries,

I think you'd be better off setting up some icecast or shoutcast hosting.
Reply


Forum Jump: