Icecast Listener IP Behind Reverse Proxy
Users of Icecast streaming server have long struggled to pass through the true client IP for statistics and client status pages when behind a reverse proxy. Icecast 2.5 finally allows this but it doesn’t seem to be documented anywhere.
Firstly if you’re using Apache 2.4 you’ll need to be passing through the header to Icecast otherwise you’re not going to get very far. In your site config file these are our recommended settings:
ProxyRequests Off
ProxyPreserveHost On
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1
RemoteIPTrustedProxy 127.0.0.0/8
RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR}
ProxyAddHeaders Off
ProxyTimeout 3600
ProxyBadHeader Ignore
RequestHeader set X-Forwarded-Proto "https"
You should be running the latest stable version of Icecast 2.5 with the new admin web pages. The top of the page will look like this:
It is best to get a new icecast.xml sample file for 2.5 and build out your configuration from scratch. If you had any x-forwarded-for statements for example they are not needed to get the client IPs to show.
You need to create a pair of listen sockets, the main socket which then references a virtual socket:
<!-- The real listening socket - trusts the virtual proxy socket -->
<listen-socket id="main">
<port>8000</port>
<trusted-proxy>#apache</trusted-proxy>
</listen-socket>
<!-- Virtual socket representing Apache - no port, just declares the proxy IP -->
<listen-socket id="apache" type="virtual">
<client-address>127.0.0.1</client-address>
</listen-socket>