feat(playout): allow harbor ssl configuration

2023-03-30 20:39:02 +02:00 · 2023-03-30 20:39:02 +02:00 · b2fc3a5ecf
commit b2fc3a5ecf
parent 8764feded9
17 changed files with 248 additions and 13 deletions
--- a/docs/admin-manual/configuration.md
+++ b/docs/admin-manual/configuration.md
@ -210,6 +210,13 @@ liquidsoap:
  # Input harbor listen address.
  # > default is ["0.0.0.0"]
  harbor_listen_address: ["0.0.0.0"]
+
+  # Input harbor tls certificate path.
+  harbor_ssl_certificate:
+  # Input harbor tls certificate private key path.
+  harbor_ssl_private_key:
+  # Input harbor tls certificate password.
+  harbor_ssl_password:
 ```

 ## Stream
@ -275,6 +282,9 @@ stream:
      # Listen port for the main harbor input.
      # > default is 8001
      port: 8001
+      # Whether the input harbor is secured with the tls certificate.
+      # > default is false
+      secure: false

    # Show harbor input.
    show:
@ -287,6 +297,9 @@ stream:
      # Listen port for the show harbor input.
      # > default is 8002
      port: 8002
+      # Whether the input harbor is secured with the tls certificate.
+      # > default is false
+      secure: false
 ```

 ### Outputs
--- a/docs/admin-manual/install/install-using-the-installer.md
+++ b/docs/admin-manual/install/install-using-the-installer.md
@ -360,6 +360,44 @@ Check that the renewal configuration is valid:
 sudo certbot renew --dry-run
 ```

+### Setup the certificate for Liquidsoap
+
+To stream audio content from an external source to the LibreTime server, Liquidsoap creates input harbors (Icecast mount points) for the clients to connect to. These mount points are insecure by default, so it's recommended secure them.
+
+To enable the secure input streams, edit the [configuration file](../configuration.md) at `/etc/libretime/config.yml` with the following, be sure to replace `libretime.example.com` with the domain name of your installation:
+
+```git title="/etc/libretime/config.yml"
+ liquidsoap:
+-  harbor_ssl_certificate:
+-  harbor_ssl_private_key:
+  harbor_ssl_certificate: /etc/letsencrypt/live/libretime.example.com/fullchain.pem
+  harbor_ssl_private_key: /etc/letsencrypt/live/libretime.example.com/privkey.pem
+```
+
+```git title="/etc/libretime/config.yml"
+ stream:
+   inputs:
+     main:
+       public_url:
+       mount: main
+       port: 8001
+-      secure: false
+      secure: true
+
+     show:
+       public_url:
+       mount: show
+       port: 8002
+-      secure: false
+      secure: true
+```
+
+Restart the LibreTime to apply the changes:
+
+```bash
+sudo systemctl restart libretime.target
+```
+
 ## First login

 Once the setup is completed, log in the interface (with the default user `admin` and password `admin`), and edit the project settings (go to **Settings** > **General**) to match your needs.