à l'adresse https://radio.yapyap.life/live
j'ai 502 Bad Gateway
j'ai essayé de mettre un proxy avec nginx mais ça ne semble pas fonction, un coups de mains serai bienvenu
Code : Tout sélectionner
<icecast>
<location>On the Matrix</location>
<admin>contact@yapyap.life</admin>
<authentication>
<source-password>*****</source-password>
<admin-user>admin</admin-user>
<admin-password>*****</admin-password>
</authentication>
<fileserv>0</fileserv>
<web>0</web> <!-- Ajoutez cette ligne -->
<paths>
<basedir>/usr/share/icecast2</basedir>
<logdir>/var/log/</logdir>
<alias source="/live" dest="/dummy.ogg"/> <!-- Redirection vers un fichier factice -->
<alias source="/" dest="/status.xsl"/> <!-- Conservez cette ligne -->
</paths>
<logging>
<accesslog>icecast2/access.log</accesslog>
<errorlog>icecast2/error.log</errorlog>
<loglevel>4</loglevel> <!-- Niveau de log : 4 = Info -->
</logging>
<hostname>radio.yapyap.life</hostname>
<ssl-certificate>/etc/letsencrypt/live/radio.yapyap.life/fullchain.pem</ssl-certificate>
<ssl-private-key>/etc/letsencrypt/live/radio.yapyap.life/privkey.pem</ssl-private-key>
<listen-socket>
<port>8433</port>
<shoutcast-mount>/live</shoutcast-mount>
<bind-address>127.0.0.1</bind-address>
<ssl>1</ssl>
</listen-socket>
<changeowner>
<user>icecast</user>
<group>icecast</group>
</changeowner>
<http-headers>
<header name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload"/>
</http-headers>
<mount>
<mount-name>/live</mount-name>
<password>********</password>
<stream-name>yAp yAp Radio</stream-name>
<stream-description>La meilleure radio indépendante</stream-description>
<stream-url>https://radio.yapyap.life/live</stream-url>
<mimetype>audio/ogg</mimetype> <!-- Type MIME explicite -->
<public>1</public>
<max-listeners>1000</max-listeners>
<genre>Various</genre>
</mount>
<security>
<chroot>0</chroot>
</security>
</icecast>
Code : Tout sélectionner
server {
listen 443 ssl http2;
server_name radio.yapyap.life;
# Activation maintenance
set $maintenance on;
error_page 503 @maintenance;
location @maintenance {
root /var/www/maintenance;
try_files /index.html =503;
add_header Cache-Control "no-store, no-cache, must-revalidate";
expires 0;
}
ssl_certificate /etc/letsencrypt/live/radio.yapyap.life/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/radio.yapyap.life/privkey.pem;
root /var/www/radio-yapyap;
index index.html;
# Paramètres SSL améliorés
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify off;
# En-têtes de sécurité
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://radio.yapyap.life https://http.jabber.at; media-src https://radio.yapyap.life; frame-src 'none'; object-src 'none';" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-DNS-Prefetch-Control "on";
# Compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 256;
gzip_vary on;
# Paramètres proxy globaux
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
# Flux Icecast - EXCLU de la maintenance
location /live {
proxy_pass https://127.0.0.1:8433/live;
proxy_ssl_verify off;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_buffering off;
proxy_read_timeout 6h;
}
# Toutes les autres URLs
location / {
if ($maintenance = "on") {
return 503;
}
try_files $uri $uri/ /index.html;
}
# Fichiers statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico)$ {
if ($maintenance = "on") {
return 503;
}
expires 30d;
add_header Cache-Control "public, no-transform";
try_files $uri =404;
}
location = /favicon.ico {
if ($maintenance = "on") {
return 503;
}
access_log off;
log_not_found off;
}
location = /robots.txt {
if ($maintenance = "on") {
return 503;
}
log_not_found off;
access_log off;
}
}
# Redirection HTTP vers HTTPS
server {
listen 80;
server_name radio.yapyap.life;
return 301 https://$host$request_uri;
}MrWhite
