Join Log in
Score:0
avatar Server

Icecast2 not working well with Azure Containers SSL terminator

va flag
usr-local-ΕΨΗΕΛΩΝ

I want to run an instance of Icecast on Azure, leveraging containers and SSL termination features provided by Azure.

For those who don't know, Icecast is an HTTP media server comprised of a web server, providing UI/UX, and a streaming service on the same endpoint.

I can configure multimedia software, such as Traktor Studio, to broadcast live to an Icecast server.

What I have done in the past days (I can recreate the example and export the ARM template on request) was to create an Azure Web App instance based on containers, for which the container is the one linked in the post. By setting env variables, I could get the container up and running via HTTP and HTTPS. UX worked.

However, streaming was another thing. I didn't, and probably won't have, a detailed log by the source broadcast, but Traktor miserably failed to start the live, so music fails to play from Icecast. If I run the same container locally on Docker, I can broadcast to localhost like a charm.

I tried with Wireshark, disabling HTTPS to look for the actual data, and I found that Traktor (and other Icecast-compatible sources) interacts with Icecast with an unusual HTTP method

SOURCE /thestream.ogg HTTP/1.1
Host: icecasthostexample.azureapp.net
User-Agent: Traktor and version UA
//Some multimedia headers including bitrate
Connection: close

[the ogg stream with music]

What I found is that Azure responds with a 200 OK, Connection: Close and no music is sent to Icecast. Icecast displays the presence of a stream, but trying to play it results in no content.

I believe from my findings that Azure container apps aren't the best choice for HTTP SOURCE method, because Web App embedded http endpoint (also working as SSL terminator) probably wants to interpret the HTTP call, so doesn't work well with that. To clarify, at this stage I couldn't run Icecast neither over HTTP or HTTPS, becuase Web Apps for Containers behave like this on HTTP (and I tried HTTP to sniff what was happening on the wire)

In the end, I must deploy Icecast over HTTPS, because the listening clients must run over HTTPS. I can however broadcast over the protocol I prefer. Icecast, as a media server, can receive inbound music from http and serve outbound over https.

So my question is split in two:

  1. Is the documented behaviour normal? What are the limitation of the http(s) terminator on Web Apps PaaS? Can't they handle multimedia conversations? Do they need to work only with core HTTP methods? (Yea, that's one question)
  2. With the exception of Virtual Machines, where I install Icecast or deploy Docker the IaaS way, what is the proper way to terminate* HTTP/SSL traffic and route the raw TCP traffic to an Azure PaaS Docker service?

I can provide info to replicate the scenario on request.

  • That means I either strip the encryption and route the TCP, or just route the TCP untouched
20
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.