Author: Kenn Carlo Gutierrez
Last Updated: Thu, Sep 1, 2022Shoutcast is a media streaming service that lets you create your own media streaming platform. It supports digital audio content in MP3 and Advanced Audio Coding (AAC) formats. This guide explains how to set up a Shoutcast server on Ubuntu and secure it with a Let's Encrypt SSL using Certbot.
Download Shoutcast Distributed Network Audio Server (DNAS) for Linux.
$ wget https://download.nullsoft.com/shoutcast/tools/sc_serv2_linux_x64-latest.tar.gz
Please see the Shoutcast DNAS download page for the latest Shoutcast DNAS version.
Create a new folder for your Shoutcast server.
$ mkdir ~/shoutcast_server
Extract the downloaded Shoutcast DNAS to the new folder.
$ tar -xzf sc_serv2_linux_x64-latest.tar.gz -C ~/shoutcast_server
Change the directory to the new folder.
$ cd ~/shoutcast_server
By default, Shoutcast uses port 8000 for source and client connections and port 8001 for legacy source connections, so you need to allow ports 8000 and 8001 on the firewall.
$ sudo ufw allow 8000 && sudo ufw allow 8001
When you run Shoutcast on a normal SSH session, the Shoutcast process closes when you exit the SSH Session. To continuously run Shoutcast even when you leave the SSH session, use tmux, a terminal multiplexer. To create a tmux session, run:
$ tmux new -s shoutcast
You can change shoutcast with any session name you prefer. Please see How to Install and Use Tmux for more information.
Run the setup.sh script to start the server and proceed with the setup.
$ sudo bash setup.sh
Log in to your Shoutcast account and navigate to your radio station's Advanced Settings, then save your radio station's Authhash. You will need this later when you configure your stream.
http://192.0.1.2:80008000. Set the maximum number of listeners allowed to connect to your server, then click Continue to proceed with the setup.http://127.0.0.1:8000/admin.cgi?sid=0&pass=YourAdminPass. Replace 127.0.0.1 with your server's IP address and YourAdminPass with the Admin Password you entered on Stage 1 - Core Settings.Install Nginx.
$ sudo apt install nginx -y
Create a new Nginx configuration file for your Shoutcast server.
$ sudo nano /etc/nginx/conf.d/shoutcast.conf
Paste this to your shoutcast.conf file. Replace example.com with your domain name.
server {
listen 80;
listen [::]:80;
server_name example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
location / {
proxy_set_header Accept-Encoding "";
proxy_set_header Accept "";
proxy_pass http://127.0.0.1:8000/;
sub_filter ':8000/' '/';
sub_filter '@localhost' '@example.com';
sub_filter 'localhost' $host;
}
}
Save and exit the file.
Test the Nginx configuration.
$ sudo nginx -t
Restart Nginx.
$ sudo systemctl restart nginx
Allow the HTTP Port 80 and the HTTPS Port 443 on the firewall.
$ sudo ufw allow 'Nginx Full'
Install Certbot.
$ sudo apt install certbot python3-certbot-nginx -y
Request a new Let's Encrypt SSL Certificate using Certbot. Replace example.com with your domain name.
$ sudo certbot --agree-tos -d example.com
Let's Encrypt Certificates are only valid for 90 days. To automatically renew the SSL certificates, add a new cron job.
$ sudo crontab -e
Select your preferred editor, then paste this into the crontab file.
0 0 1 * * certbot renew --quiet --post-hook="systemctl reload nginx"
This command runs at midnight on every first day of the month. It checks if the certificate expires within the next 30 days and renews it if so.
Save and exit the crontab file.
admin as the username and the Admin Password you entered at Stage 1 - Core Settings as the password.8000 on the Port field. Leave the Mount and Login fields blank, and enter your Stream's Source Password on the Password field.To learn more about Shoutcast, please see these resources: