As easilok correctly pointed out in IRC:
- Inside container: Liquidsoap must bind to 0.0.0.0 (all interfaces)
- Security is enforced by Docker port mapping: 127.0.0.1🔢1234
- This prevents external access while allowing container functionality
The docker-compose.yml mapping is what provides security, not the
bind address inside the container.
Credit: easilok for the explanation and fix approach
SECURITY IMPROVEMENTS:
- Liquidsoap telnet now binds to 127.0.0.1 (was 0.0.0.0)
- Only accessible from within the container itself
- Defense in depth: even if another container is compromised
- Liquidsoap now uses ICECAST_SOURCE_PASSWORD environment variable
- Reads from environment.get("ICECAST_SOURCE_PASSWORD")
- Falls back to default for development
- All three streams (MP3, AAC, Low-quality) use same variable
DOCUMENTATION:
- Added comment to icecast.xml explaining environment variable override
- Clarifies that docker-compose.yml environment variables take precedence
This completes the password externalization for all Docker services:
- Icecast: Uses env vars (already done)
- Liquidsoap: Now uses env vars ✅
- PostgreSQL: Uses env vars (already done)
Ref: TODO.org security improvements
- Add pop-out player window (400x300px) with auto-reconnect on stream errors
- Add queue reordering with up/down buttons in admin panel
- Add 'Load Queue from M3U' functionality
- Remove Play/Stream buttons from track management
- Fix Liquidsoap audio quality issues:
- Remove ReplayGain and compression to prevent pulsing
- Change reload_mode to 'seconds' to prevent playlist exhaustion
- Reduce crossfade to 3 seconds
- Add audio buffering settings for stability
- Add auto-reconnect logic for both front page and pop-out players
- Add 5-second crossfades between tracks
- Use ReplayGain for consistent volume (removed normalize())
- Add audio compression to prevent clipping
- Liquidsoap watches playlist file and reloads every 5 seconds
- Fallback to random playback when queue is empty
- Fix playlist to play all tracks in order
- Add AAC 96kbps stream via %fdkaac encoder in Liquidsoap
- Update Docker image to savonet/liquidsoap:v2.2.5 for AAC support
- Add stream quality selector to front page and player page
- Enable real-time switching between AAC/MP3 formats
- Set AAC as recommended default for better quality/bandwidth ratio
- Add comprehensive documentation in AAC-STREAMING.md
Stream URLs:
- http://localhost:8000/asteroid.aac (96kbps AAC - recommended)
- http://localhost:8000/asteroid.mp3 (128kbps MP3 - compatible)
- http://localhost:8000/asteroid-low.mp3 (64kbps MP3 - low bandwidth)
Benefits:
- 25% bandwidth reduction vs equivalent MP3 quality
- Better audio quality at same bitrate
- Modern streaming standard used by major platforms
- Add complete Docker Compose setup with official Liquidsoap image (savonet/liquidsoap:v2.2.5)
- Add Icecast2 streaming server configuration
- Create dual quality streams (128kbps and 64kbps MP3)
- Add comprehensive documentation in Org format
- Add simple start/stop scripts for easy management
- Update .gitignore to exclude music files and Docker artifacts
- Remove old shell scripts (moved to ~/asteroid-scripts/)
- System-agnostic solution works on any Docker-capable system
This provides a complete streaming solution that works consistently across
all platforms, including Arch Linux where Liquidsoap packages may not be available.
glenneth