portal/docs/broadcaster.md

# Broadcaster Software (icecast and darkice)

## Summary

User: grace
Hostname: portal.local
Password: emergence
Running icecast (port 8000) with nginx proxy (port 80) and Cloudflare Tunnel for external access. No port forwarding or static IP required.

## Bill of Materials

- Raspberry pi 4b (1 gig ram) - https://www.sparkfun.com/raspberry-pi-4-model-b-1gb.html
- 3 x USB to XLR sound card cable - https://www.amazon.com/dp/B089WFYZ5R?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1
- 3 x XLR microphones -
- Raspberry pi 4 Power supply - https://www.waveshare.com/pi-psu-us-w.htm
- ethernet cable - https://hosatech.com/products/data/network-cable/cat-500/
- micro hdmi to regular hdmi cable- https://www.waveshare.com/pi-official-micro-hdmi-cable-1m.htm

## Hardware setup

- Plug the mic into the the usb cable
- Plug the usb cable into the pi
- Plug the pi into the wall

## Pre work

1. install raspian lite 64 for raspi model 4b
2. configure user and wifi and turn on ssh services when you install
3. boot
4. find the ip address of the pi and ssh to it

## Setup instructions

### Creature comforts

1. sudo apt update && install git vim zsh
2. sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

### Icecast2 and Darkice installation

Loosely following this tutorial: https://dev.to/shilleh/stream-audio-from-raspberry-pi-to-local-computer-1a1c

#### Install icecast2

1. sudo apt install icecast2
2. It will ask you for three passwords. Set them all as emergence.

#### Install darkice

1. sudo apt install darkice
2. sudo vim /etc/darkice.cfg

```
[general]
duration = 0 # Stream indefinitely
bufferSecs = 5 # Buffer for the input, in seconds
reconnect = yes # Reconnect to the server if disconnected

[input]
device = plughw:1,0 # Your audio capture device
sampleRate = 44100
bitsPerSample = 16 # Bits per sample
channel = 1 # 2 = stereo, 1 = mono

[icecast2-0]
bitrateMode = cbr # Constant bit rate
format = mp3 # Audio format
bitrate = 128 # Bitrate in kbps
server = localhost # Server name or IP
port = 80 # Port number
password=emergence # Your Icecast password
mountPoint = portal # Mount point to stream to
name = Black Portal # Name of the stream
description = Black Portal Project # Description of the stream
url = http://blackportaldetroit.com # URL related to the stream
genre = politics # Genre of the stream
public = no # Do not list on public lists
```

#### Daemonize darkice

1. sudo vim /lib/systemd/system/darkice.service

```
[Unit]
Description=Darkice Service
[Service]
User=root
Type=simple
Restart=on-failure
RestartSec=5
WorkingDirectory=/home/grace
ExecStart=/usr/bin/darkice -c /etc/darkice.cfg
[Install]
WantedBy=multi-user.target
```

2. sudo systemctl daemon-reload
3. sudo systemctl enable icecast2
4. sudo systemctl enable darkice

### Cloudflare Tunnel Configuration (Automated)

The install script automatically configures Cloudflare Tunnel to make the stream accessible at blackportaldetroit.com. This bypasses CG-NAT, port forwarding, and firewall issues completely.

#### What gets installed:

- **cloudflared** - Creates secure tunnel to Cloudflare edge servers
- **Configuration file** - Pre-configured tunnel settings at `/etc/cloudflared/config.yml`
- **Systemd service** - Runs cloudflared as a background service
- **Nginx reverse proxy** - Proxies port 80 to icecast port 8000 (no root privileges needed)

#### Manual steps required after installation:

1. **Transfer domain**: Move blackportaldetroit.com nameservers to Cloudflare (if not already done)
2. **Authenticate**: Run `cloudflared tunnel login` when prompted
3. **Create tunnel**: Run `cloudflared tunnel create blackportal`
4. **Add DNS record**: Create CNAME record in Cloudflare dashboard pointing to tunnel
5. **Start service**: Tunnel starts automatically via systemd

#### Verify Cloudflare Tunnel is working:

```bash
# Check tunnel status
sudo systemctl status cloudflared

# View tunnel logs
sudo journalctl -u cloudflared -f

# Test DNS resolution
nslookup blackportaldetroit.com

# Test external access
curl -I https://blackportaldetroit.com/portal
```

#### Verify nginx proxy is working:

```bash
# Check nginx status
sudo systemctl status nginx

# Check icecast status
sudo systemctl status icecast2

# Check listening ports
sudo netstat -tlnp | grep -E ':(80|8000)'

# Test local access
curl -I http://localhost:80
curl -I http://localhost:8000
```

## Troubleshooting Cloudflare Tunnel

### Common Issues and Solutions

#### 1. Domain Not on Cloudflare

**Problem**: Domain still using Namecheap nameservers
**Solution**: Transfer nameservers to Cloudflare

1. Login to Cloudflare, add blackportaldetroit.com
2. Copy Cloudflare nameservers (e.g. `alice.ns.cloudflare.com`)
3. Update nameservers in Namecheap domain settings
4. Wait for DNS propagation (up to 24 hours)

#### 2. Authentication Issues

**Problem**: `cloudflared tunnel login` fails
**Solution**: Manual authentication

```bash
# Run authentication manually
cloudflared tunnel login

# If browser doesn't open automatically, copy the URL and open manually
# Complete authentication in browser
```

#### 3. Tunnel Not Connecting

**Problem**: Tunnel shows as disconnected
**Solution**: Check service and logs

```bash
# Check tunnel service status
sudo systemctl status cloudflared

# View detailed logs
sudo journalctl -u cloudflared -f

# Restart tunnel service
sudo systemctl restart cloudflared
```

#### 4. DNS Record Issues

**Problem**: Domain doesn't resolve to tunnel
**Solution**: Check CNAME record in Cloudflare

1. Login to Cloudflare dashboard
2. Go to DNS → Records
3. Ensure CNAME record exists: `@` → `tunnel-id.cfargotunnel.com`
4. Ensure Proxy status is enabled (orange cloud)

### Architecture Diagram with Cloudflare Tunnel

```
Internet → Cloudflare Edge → Cloudflare Tunnel → Raspberry Pi 4B
                                     ↓
                               nginx (port 80) → icecast (port 8000)
```

**Key Benefits**:

- Bypasses CG-NAT completely
- No router configuration needed
- Built-in SSL and DDoS protection
- Works with any internet connection