# Broadcaster Software (icecast and darkice) ## Summary User: grace Hostname: portal.local Password: emergence Running icecast (port 8000) with nginx proxy (port 80) and Cloudflare Tunnel for external access. No port forwarding or static IP required. ## Bill of Materials - Raspberry pi 4b (1 gig ram) - https://www.sparkfun.com/raspberry-pi-4-model-b-1gb.html - 3 x USB to XLR sound card cable - https://www.amazon.com/dp/B089WFYZ5R?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1 - 3 x XLR microphones - - Raspberry pi 4 Power supply - https://www.waveshare.com/pi-psu-us-w.htm - ethernet cable - https://hosatech.com/products/data/network-cable/cat-500/ - micro hdmi to regular hdmi cable- https://www.waveshare.com/pi-official-micro-hdmi-cable-1m.htm ## Hardware setup - Plug the mic into the the usb cable - Plug the usb cable into the pi - Plug the pi into the wall ## Pre work 1. install raspian lite 64 for raspi model 4b 2. configure user and wifi and turn on ssh services when you install 3. boot 4. find the ip address of the pi and ssh to it ## Setup instructions ### Creature comforts 1. sudo apt update && install git vim zsh 2. sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" ### Icecast2 and Darkice installation Loosely following this tutorial: https://dev.to/shilleh/stream-audio-from-raspberry-pi-to-local-computer-1a1c #### Install icecast2 1. sudo apt install icecast2 2. It will ask you for three passwords. Set them all as emergence. #### Install darkice 1. sudo apt install darkice 2. sudo vim /etc/darkice.cfg ``` [general] duration = 0 # Stream indefinitely bufferSecs = 5 # Buffer for the input, in seconds reconnect = yes # Reconnect to the server if disconnected [input] device = plughw:1,0 # Your audio capture device sampleRate = 44100 bitsPerSample = 16 # Bits per sample channel = 1 # 2 = stereo, 1 = mono [icecast2-0] bitrateMode = cbr # Constant bit rate format = mp3 # Audio format bitrate = 128 # Bitrate in kbps server = localhost # Server name or IP port = 80 # Port number password=emergence # Your Icecast password mountPoint = portal # Mount point to stream to name = Black Portal # Name of the stream description = Black Portal Project # Description of the stream url = http://blackportaldetroit.com # URL related to the stream genre = politics # Genre of the stream public = no # Do not list on public lists ``` #### Daemonize darkice 1. sudo vim /lib/systemd/system/darkice.service ``` [Unit] Description=Darkice Service [Service] User=root Type=simple Restart=on-failure RestartSec=5 WorkingDirectory=/home/grace ExecStart=/usr/bin/darkice -c /etc/darkice.cfg [Install] WantedBy=multi-user.target ``` 2. sudo systemctl daemon-reload 3. sudo systemctl enable icecast2 4. sudo systemctl enable darkice ### Cloudflare Tunnel Configuration (Automated) The install script automatically configures Cloudflare Tunnel to make the stream accessible at blackportaldetroit.com. This bypasses CG-NAT, port forwarding, and firewall issues completely. #### What gets installed: - **cloudflared** - Creates secure tunnel to Cloudflare edge servers - **Configuration file** - Pre-configured tunnel settings at `/etc/cloudflared/config.yml` - **Systemd service** - Runs cloudflared as a background service - **Nginx reverse proxy** - Proxies port 80 to icecast port 8000 (no root privileges needed) #### Manual steps required after installation: 1. **Transfer domain**: Move blackportaldetroit.com nameservers to Cloudflare (if not already done) 2. **Authenticate**: Run `cloudflared tunnel login` when prompted 3. **Create tunnel**: Run `cloudflared tunnel create blackportal` 4. **Add DNS record**: Create CNAME record in Cloudflare dashboard pointing to tunnel 5. **Start service**: Tunnel starts automatically via systemd #### Verify Cloudflare Tunnel is working: ```bash # Check tunnel status sudo systemctl status cloudflared # View tunnel logs sudo journalctl -u cloudflared -f # Test DNS resolution nslookup blackportaldetroit.com # Test external access curl -I https://blackportaldetroit.com/portal ``` #### Verify nginx proxy is working: ```bash # Check nginx status sudo systemctl status nginx # Check icecast status sudo systemctl status icecast2 # Check listening ports sudo netstat -tlnp | grep -E ':(80|8000)' # Test local access curl -I http://localhost:80 curl -I http://localhost:8000 ``` ## Troubleshooting Cloudflare Tunnel ### Common Issues and Solutions #### 1. Domain Not on Cloudflare **Problem**: Domain still using Namecheap nameservers **Solution**: Transfer nameservers to Cloudflare 1. Login to Cloudflare, add blackportaldetroit.com 2. Copy Cloudflare nameservers (e.g. `alice.ns.cloudflare.com`) 3. Update nameservers in Namecheap domain settings 4. Wait for DNS propagation (up to 24 hours) #### 2. Authentication Issues **Problem**: `cloudflared tunnel login` fails **Solution**: Manual authentication ```bash # Run authentication manually cloudflared tunnel login # If browser doesn't open automatically, copy the URL and open manually # Complete authentication in browser ``` #### 3. Tunnel Not Connecting **Problem**: Tunnel shows as disconnected **Solution**: Check service and logs ```bash # Check tunnel service status sudo systemctl status cloudflared # View detailed logs sudo journalctl -u cloudflared -f # Restart tunnel service sudo systemctl restart cloudflared ``` #### 4. DNS Record Issues **Problem**: Domain doesn't resolve to tunnel **Solution**: Check CNAME record in Cloudflare 1. Login to Cloudflare dashboard 2. Go to DNS → Records 3. Ensure CNAME record exists: `@` → `tunnel-id.cfargotunnel.com` 4. Ensure Proxy status is enabled (orange cloud) ### Architecture Diagram with Cloudflare Tunnel ``` Internet → Cloudflare Edge → Cloudflare Tunnel → Raspberry Pi 4B ↓ nginx (port 80) → icecast (port 8000) ``` **Key Benefits**: - Bypasses CG-NAT completely - No router configuration needed - Built-in SSL and DDoS protection - Works with any internet connection