Since I started hosting my own instance of Azuracast a year or two ago, I've tried a wide variety of setups, attempting to get things configured just like I want them. In doing this, I've learned quite a lot about networking and reverse proxies in particular. I've created this post to share some of that knowledge with you in a simple and to the point manner.
Docker With Only Azuracast Itself (EASIEST METHOD)
If you have a machine specifically for hosting your Azuracast instance, this is the easiest method and there is likely no point in configuring a reverse proxy. This is also true if you're fine with Azuracast being the only service on ports 80 and 443.
This setup consists of:
- Your Server, having at least the minimum requirements for hosting an Azuracast instance, with Azuracast installed, using the default ports of 80 for HTTP, 443 for HTTPS, etc.
- A domain name, such as example.com, or a subdomain, like azuracast.example.com. If you don't have one, sites like Namecheap and CloudFlare are good places to get them.
This is the easiest method. After you've set up your DNS records in your domain's hosting panel and finished running the Azuracast install script, connect to your server in your browser. You will automatically be redirected to the setup page. Use whatever settings you like until you reach the "Azuracast System Settings" page. Here are my recommended settings for this specific type of setup.
In the Settings tab:
- Site Base URL: This is the URL you will be accessing Azuracast on. For example, https://radio.example.com. It won't let you submit without the "http" or "https" extension
- Prefer Browser URL (If Available): Off
- Use Web Proxy for Radio: On
In the Security & Privacy tab:
- Always Use HTTPS: On
- IP Address Source: Local IP (Default)
In the Services tab:
Note that you will only need the letsencrypt section.
- Domains: Type in any domains you want to use for HTTPS that will direct you to your Azuracast installation. Do not include the extension this time. Azuracast will automatically manage the SSL certificates for you. Note that you will have to save the changes and go back into the settings tab manually to make the generate certificate button clickable.
Once that's all done, reload the page and you're finished!
Using Nginx As A Reverse Proxy
This method is primarily useful if your server that is hosting Azuracast also hosts other websites, and you are not worried about the IP address of your server getting out to anyone who listens to your station.
This setup consists of:
- Your Server, having at least the minimum requirements for hosting an Azuracast instance, with Azuracast installed.
- A domain name, such as example.com, or a subdomain, like azuracast.example.com. If you don't have one, sites like Namecheap and CloudFlare are good places to get them.
- Nginx and certbot/letsencrypt. I recommend using this guide of mine if you want a more detailed guide on how to set up and configure Nginx. This guide will not go into detail about all of the steps provided in that guide, only the relevant ones to this particular situation.
After installing and setting up Nginx as described in the guide, you should have configured one site that is not your Azuracast installation. The process for this site is mainly the same. The only difference is in the location block. You can create a new site, named radio.example.com, by typing
nano /etc/nginx/sites-enabled/radio.example.comUse the example server block file included in the Nginx guide, and replace the location block (starts with location / {) with the following.
location / {
proxy_pass http://azuracast;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_request_buffering off;
}It's also important to replace the port of the proxy_pass line in the location block with the location of your Azuracast instance. If your installation is located on the same machine as Nginx, you should use 127.0.0.1, followed by a colon then the port where your instance can be reached. Like this.
proxy_pass http://127.0.0.1:10080;After this is done, save the file, and type
nginx -tto test your Nginx configuration. If it is successful, make sure you've updated your DNS records in your domain provider and issue the certbot command to apply SSL to your site.
certbot --nginx -d radio.example.comYou may want to apply a firewall restriction that stops other computers from connecting directly to Azuracast's own web interface, forcing them to use your new Nginx site, however this is difficult as Azuracast's install script does not currently provide for this.
When you visit your proxied site, you will automatically be redirected to the setup page. Use whatever settings you like until you reach the "Azuracast System Settings" page. Here are my recommended settings for this specific type of setup.
In the Settings tab:
- Site Base URL: This is the URL you will be accessing Azuracast on. For example, https://radio.example.com. It won't let you submit without the "http" or "https" extension
- Prefer Browser URL (If Available): Off
- Use Web Proxy for Radio: On
In the Security & Privacy tab:
- Always Use HTTPS: On
- IP Address Source: Reverse Proxy (X-Forwarded-For)
Save your settings and you should be all done!
Using CloudFlare Tunnels (MOST COMPLEX AND MOST SECURE)
This setup is best if you're running Azuracast on something like a Home Server, when you don't want your WAN IP Address getting out. Crosstalk Solutions made a very clear guide on setting up CloudFlare Tunnels, and if you're planning on running it in Docker that will work fine. The only changes will be that if you're not running a Synology NAS, you'll need to paste the docker command in. Also, if you're not using Docker for the tunnels installation, CloudFlare provides a command that you can copy and paste into your terminal that will download and start the CloudFlare Connector for you.
This setup consists of:
- Your Server, having at least the minimum requirements for hosting an Azuracast instance, with Azuracast installed.
- A domain name, such as example.com, or a subdomain, like azuracast.example.com. If you don't have one, sites like Namecheap and CloudFlare are good places to get them.
- A CloudFlare account and a credit card that you will use to enter the Zero Trust Dashboard. The card will not be charged.
- Tailscale (Optional): If you want to keep things as private and locked down as possible, not forwarding any firewall ports on your server. For further information on Tailscale and configuring it, see What is Tailscale?, Tailscale Quickstart, and Sharing your nodes with other users. The last article will only be useful to you if you intend on giving access to your Azuracast installation's SFTP service and DJ connections to other users. CloudFlare also provides a similar but not identical service to Tailscale, but I do not personally have experience with that end of CloudFlare Tunnels, so I'm not exactly qualified to discuss it.
After installing Azuracast, head over to the CloudFlare dashboard and go into the Zero Trust page. Under the Networks section, find Tunnels and create a tunnel. Name your tunnel, choose the operating system on which it's going to run, and copy the given command to your clipboard. Paste the command into the terminal and run it. At this point, the connection between CloudFlare and your server is complete, assuming there were no errors.
Now, head over to the Public Hostname Page and create a new one. Type in the subdomain you'd like to use for Azuracast (Leave blank if you're not planning on using a subdomain at all) and select the domain this is connected to. You can select a path if you want, but for Azuracast this is not recommended.
Select HTTP for the service, and type the location where your installation of Azuracast is located. Mine is located at 127.0.0.1:10080, as an example.
In the more settings dropdown, head into the HTTP Settings section. Set the HTTP Host Header as the location of your Azuracast installation, like radio.example.com, and click Save Hostname.
At this point, you're done in the CloudFlare dashboard. Head over to the site you've just configured and go through the Azuracast settings.
Here are my recommended settings for this specific type of setup.
In the Settings tab:
- Site Base URL: This is the URL you will be accessing Azuracast on. For example, https://radio.example.com. It won't let you submit without the "http" or "https" extension
- Prefer Browser URL (If Available): Off
- Use Web Proxy for Radio: On
In the Security & Privacy tab:
- Always Use HTTPS: On
- IP Address Source: CloudFlare
More Information On Tailscale
The guides I've linked above should be pretty much all you need for this, but I'll give you some more information that may be helpful. If you want to be able to connect directly to your server remotely to manage it without any forwarded ports in your firewall, you want to use Tailscale. CloudFlare does not allow all of the necessary ports for Azuracast, so you'll need to find another way to share your DJ connection ports and SFTP service access with other people that may be using your instance. If it'll only be you accessing it, you'll only need to connect your server and computer, but if other people are also going to be running stations on your Azuracast instance, you'll want to give them access to your server via Tailscale.
Tailscale offers a very convenient way to give other people access to individual machines on your Tailnet. All you'll need to do is tell your client to make an account and provide them with the invite link. Once they accept it, they'll be able to connect to your server from anywhere in the world.
Thank you for reading! If you have any questions, or would like me to make any edits, please let me know in the comments.
Hope this helps!
By the way! If you’re looking for a simple (And kinda old) encoder for Icecast that runs on Windows… https://storage.matthewsmithyt.me/stuff/edcast-and-lame.zip