Mcaster1StreamProxy
High-performance HTTPS streaming proxy for internet radio. Wraps HTTP Icecast and SHOUTcast streams in TLS, strips inline ICY metadata, and forwards clean audio to browser clients over secure transport. Go-based, 5,000+ concurrent listeners per instance.
The Problem It Solves
Modern browsers block HTTP audio streams loaded inside HTTPS pages (mixed-content policy). That means 90% of legacy Icecast and SHOUTcast streams — the entire internet radio long-tail — can’t play in browser players on HTTPS sites without modification. StreamProxy fixes that without touching the upstream servers.
Key Features
Built for scale and operational simplicity.
HTTPS Transparent Relay
Wraps any HTTP Icecast, SHOUTcast, or Steamcast stream in TLS. Listener sees an https:// URL, upstream sees a clean media-player request. No mixed-content warnings, no broken players.
ICY Metadata Strip FSM
3-state finite state machine cleanly extracts ICY 1.x in-stream metadata blocks from the audio bytestream. Audio frames forwarded untouched; track titles routed to a side-channel.
SSE Metadata Side-Channel
Live track title updates via Server-Sent Events at /stream?meta=1. Browser players get real-time “Now Playing” without polling, without WebSocket complexity.
4-Tier Adaptive Buffering
Configurable pre-buffer: small (16 KB), medium (32 KB), large (56 KB), high (64 KB). Pick instant-to-rock-solid tradeoff per stream. Backed by Go channels with bounded memory.
5,000+ Concurrent Listeners
Goroutine-per-connection at ~8 KB stack overhead each — vs. PHP-FPM workers at ~50 MB each. Concurrency semaphore with graceful rejection beyond the configured cap.
SSRF Protection
Blocks proxy requests to private, loopback, link-local, and reserved IP ranges. No accidental internal-network exfiltration. Allowlist mode available for trusted upstream pools.
MariaDB Session Logging
Every proxy session logs to ypman_proxy_stats with listener IP, upstream URL, byte counts, duration, and termination reason. Powers analytics dashboards and abuse detection.
Health & Stats Endpoints
/health for liveness, /stats for runtime telemetry — concurrent streams, peak count, bytes proxied, rejection rate. Prometheus-friendly exposition format.
Systemd Native
Production-ready systemd service unit with auto-restart, raised file descriptor limits, graceful shutdown, and structured journald logging.
Technical Specifications
Engineering details for evaluators.
| Language | Go 1.23+ |
|---|---|
| Build | Single static binary, make → build/mcaster1-stream-proxy |
| TLS | Standard library crypto/tls with TLS 1.2 / 1.3, ECDHE ciphers |
| Certificates | Any x509 cert; production uses wildcard *.casterclub.com (Sectigo) and *.mcaster1.com (SSL2BUY EMEA) |
| Concurrency Model | Goroutine-per-connection, ~8 KB stack overhead |
| Memory Footprint | ~20 MB resident at idle; ~80 MB at 1,000 concurrent listeners |
| Default Port | 9877 (HTTPS) |
| Database | MariaDB / MySQL via database/sql + go-sql-driver |
| Configuration | YAML at etc/config.yaml |
| Logging | Structured (slog), journald-friendly |
| License | Proprietary — MCaster1 LLC |
| Production Deployments | yp.casterclub.com, audiorealm.net |
| Repository | https://github.com/davestj/Mcaster1StreamProxy |
Part of the Mcaster1 Ecosystem
StreamProxy sits at the listener edge of the Mcaster1 broadcast chain. Upstream: Mcaster1DNAS or any Icecast/SHOUTcast server. Downstream: browser players on audiorealm.net and yp.casterclub.com. Session logs feed back into Mcaster1YPMan for station analytics.