The Media Control Panel provides 100% support for SSL in the control panel and all streaming services including Shoutcast 198, Shoutcast 2.5, Shoutcast 2.6, Icecast 2, Icecast 2 KH, Wowza Streaming Engine and Flussonic Media Server.
You can configure either your own custom SSL certificate or an automatic SSL certificate from Lets Encrypt.
- SSL Configuration is currently only supported on CentOS and Debian operating systems.
- If using Wowza Streaming Engine, you will need to configure Wowza Secure HTTPS Streaming.
Media Service SSL Support Information
Please note that not all audio streaming servers support native HTTPS. In these cases, the MediaCP can provide a HTTPS proxy, however HTTPS Proxy will use a lot of CPU. We recommend using Native HTTPS where available.
|Wowza Streaming Engine||-|
|Flussonic Media Server||-|
|Shoutcast 198||Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.|
|Shoutcast 2.5||Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.|
|Shoutcast 2.6||Shoutcast 2.6 requires a Premium Shoutcast license purchased separately from www.shoutcast.com to use SSL.|
|Icecast 2||Icecast 2.4 does not support SSL and non-SSL on the same port. Many encoders do not provide SSL support and therefore the MediaCP will provide an alternate non-SSL port for encoders to connect. By default, if your service is on port 8000; the port 8000 will be SSL and another port 18000 will be created that is unsecured.|
|Icecast 2 KH||RECOMMENDED
Icecast 2 KH provides 100% support for SSL and non-SSL on the same port. This is our recommended server for audio streaming.
AutoSSL / Free HTTPS Certificate Installation
AutoSSL requires that port 80 is available to your server and is also not in use. MediaCP provides compatibility already with the following applications that use port 80 and you can use AutoSSL in combination without making any changes: cPanel, Plesk, CentOS Web Panel, DirectAdmin. It is also compatible with any standard Apache 2 or Nginx installation. AutoSSL certificates should be automatically renewed within 30 days of expiry.
Simply run the following command to install autossl with the MediaCP:
cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl
The following utility will automatically configure Wowza Streaming Engine SSL on port 1936 and Wowza Streaming Engine Manager SSL on port 8089.
- Run the following to automatically configure WSE SSL/HTTPS:
cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-wse
Flussonic SSL is automatically configured by running the above “MediaCP Web Panel AutoSSL”.
Custom HTTPS Certificate Installation
A Custom SSL Certificate might be required in cases where opening port 80 is not possible, a longer duration before renewal is desired, or AutoSSL is otherwise not suitable.
It is important to remember to renew your certificate before it expires. The MediaCP will not tell if the certificate is to expire soon. You should setup your own 3rd party monitoring.
MediaCP staff can install and renew a custom certificate for a professional services fee if required.
Configure HTTPS for MediaCP.
Before configuring a Custom SSL Certificate you should ensure that AutoSSL is disabled, otherwise the upgrade process may overwrite or break your configurations.
- Firstly disable any existing LetsEncrypt / SSL configurations:
cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-disable
- Update the MediaCP to the latest version:
cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
- Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
- Add the following to /usr/local/mediacp/nginx/conf.d/ssl.conf, replacing yourdomain with your actual domain name:
ssl on; ssl_certificate /usr/local/mediacp/nginx/fullchain.pem; ssl_certificate_key /usr/local/mediacp/nginx/server.key; ssl_session_cache shared:le_nginx_SSL:1m; ssl_session_timeout 1440m; error_page 497 301 =307 https://yourdomain:2020$request_uri;
- Install your certificate file in /usr/local/mediacp/nginx/server.pem
- Install your fullchain certificate file in /usr/local/mediacp/nginx/fullchain.pem
- Install your private key file in /usr/local/mediacp/nginx/server.key
- Create a certificate for icecast 2 & icecast 2 kh services to use:
cat /usr/local/mediacp/nginx/server.key > /usr/local/mediacp/icecast2/icecast.cert; echo "" >> /usr/local/mediacp/icecast2/icecast.cert; cat /usr/local/mediacp/nginx/fullchain.pem >> /usr/local/mediacp/icecast2/icecast.cert;
- Ensure these files have appropriate permissions:
chown mediacp:mediacp /usr/local/mediacp/icecast2/icecast.cert; chown mediacp:mediacp /usr/local/mediacp/nginx/fullchain.pem; chown mediacp:mediacp /usr/local/mediacp/nginx/server.pem; chown mediacp:mediacp /usr/local/mediacp/nginx/server.key;
- Restart the MediaCP service:
WSE provide a free near-instant SSL certificate called a Stream Lock Certificate with all licenses.
Run the following command to automatically convert and install your SSL certificate to Wowza Streaming Engine.
/root/init beta autossl-wse