Got it working with the following docker compose:
networks:
traefik:
external: true
services:
icecast:
image: ice:dev
build: .
restart: unless-stopped
labels:
- 'traefik.enable=true'
# TCP router, handle streaming to Icecast
# !! Works only with HostSNI(*) and TLS off !!
- 'traefik.tcp.routers.icecast-tcp.rule=HostSNI(`*`)'
- 'traefik.tcp.routers.icecast-tcp.entrypoints=http'
- 'traefik.tcp.routers.icecast-tcp.tls=false'
- 'traefik.tcp.routers.icecast-tcp.service=icecast-tcp'
- 'traefik.tcp.services.icecast-tcp.loadbalancer.server.port=8000'
# HTTP router, redirect to HTTPS
- "traefik.http.routers.icecast-insecure.rule=Host(`ice.example.com`)"
- 'traefik.http.routers.icecast-insecure.entrypoints=http'
- 'traefik.http.routers.icecast-insecure.middlewares=redirect-secure'
# HTTPS router
- "traefik.http.routers.icecast.rule=Host(`ice.example.com`)"
- 'traefik.http.routers.icecast.entrypoints=https'
- 'traefik.http.routers.icecast.tls.certresolver=le'
- 'traefik.http.routers.icecast.service=icecast'
- 'traefik.http.services.icecast.loadbalancer.server.port=8000'
networks:
- traefik
volumes:
- ./icecast.xml:/etc/icecast.xml
This is my Dockerfile:
FROM alpine:3.16
RUN apk add --no-cache icecast
EXPOSE 8000
ENTRYPOINT ["icecast", "-c", "/etc/icecast.xml"]
Traefik is configured with only http/s entrypoints:
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
Icecast2 is configured with ice.example.com hostname.
Streaming works on ice.example.com:80 (no TLS), while listening works on https://ice.example.com.