Today I wanted to stream to an input.harbor on liquidsoap from inside a proxied/firewalled WiFi.

I failed, but I have been working on the solution and maybe tomorrow it works.

First things I did was to buy JuiceSSH PRO and rent a small cloud VPS.

I needed an ssh server listening on port 443 in order to get out of the firewall, and I needed

JuiceSSH PRO to set up port forwarding from my mobile phone to the VPS with the ssh server

listening on port 443. Maybe there is some kind of SSH application for your mobile which is

free and can do port forwarding, and maybe you have a computer at home which can be configured

as an ssh server listening on port 443. Anyway I thought I could afford these things

I set up the cloud server, and set sshd to listen to port 443

I also installed stunnel on the VPS and the liquidsoap computer.

After that as root I created the file /etc/stunnel/secrets.txt on BOTH

the VPS and the liquidsoap computer.

Then I changed the reading permissions of the file:

sudo chmod 600 /etc/stunnel/secrets.txt

I did this on both machines.

In the file /etc/stunnel/secrets.txt, I added a line called something like:


Exchange "superdupersecretkey" with the output of:

openssl rand -base64 30

or something similar.

I have really no clue how stunnel works, but I guess the file


Is supposed to look the same way on both the VPS and the liquidsoap machine

In case they are not kidding us, the connection between those machines will

be encrypted

On the VPS, I decided that JuiceSSH on my mobile phone was supposed to connect

port 8081 on my VPS. After that, the VPS was supposed to connect to port 9998 on

the liquidsoap machine

In the end of the stunnel configuration file

(on Debian and Ubuntu /etc/stunnel/stunnel.conf)

NOT the same file as the ones with the secret key

on the VPS I added:


client = yes

accept = localhost:8081

connect =

PSKsecrets = /etc/stunnel/secrets.txt

On the liquidsoap machine, I told stunnel to accept the incoming

connection on port 9998 and connect in to 8081, my liquidsoap

input.harbor port. Thus on the liquidsoap machine, the file

/etc/stunnel/stunnel.conf ended something like this:


accept =

connect =

PSKsecrets = /etc/stunnel/secrets.txt

Then I restarted stunnel on both machines.

Last steps were to create local port forwarding from my mobile phone to

port 8081 on the VPS, and configuring the mobile phone icecast source client

Cool Mic to stream to localhost:8081

Now I did not meantioned all the problems which showed up due to typos and my

problems understanding stunnel