WWBN / AVideo

Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP
https://avideo.tube/AVideo_OpenSource
Other
1.91k stars 971 forks source link

SSL Https. Can't get SSL /https to work on live stream #4903

Closed Lordblanca closed 3 years ago

Lordblanca commented 3 years ago

I"m using OBS. I can live stream to regular page http: no problem. I can't live stream to my https. I get a connection but no video or audio to my https. Can you please direct me to and updated page with instructions for https. thank you

swimitup commented 3 years ago

Did you configure your server to work with SSL/https?

https://github.com/WWBN/AVideo/wiki/Set-up-my-own-Stream-Server

from step 10.

Lordblanca commented 3 years ago

The server is already set up https https://lbcomsvr.com. this is a test server to make sure every thing is right and I can reproduce it if I have to on my main server. There is http://www.lbcomsvr.com which all comes up well. And https://lbcomsvr.com where the live stream does not come up at all. Thank you in advance Robert Jean-Louis

On Sat, Apr 10, 2021, 11:35 AM Julian Romero @.***> wrote:

Did you configure your server to work with SSL/https?

https://github.com/WWBN/AVideo/wiki/Set-up-my-own-Stream-Server

from step 10.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/WWBN/AVideo/issues/4903#issuecomment-817154633, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJBOGMDF7UWR6IKLTJDI2ODTIBV2VANCNFSM42WRBHOQ .

swimitup commented 3 years ago

It is not enough. You need to configure the http section of nginx.conf file :

(...)
    http {
            include       mime.types;
            default_type  application/octet-stream;
            server {
                    listen 8443 ssl;
                    #you need to change the following 2 lines to the ssl certificate and key path in your server                    
                    ssl_certificate /etc/letsencrypt/live/your-site/fullchain.pem;
                    ssl_certificate_key /etc/letsencrypt/live/your-ste/privkey.pem;                    
(...)

Also, FOR ME, the lines below worked once inserted into the apache2 conf file:

RewriteEngine on
# Go to https if not on /plugin/Live/
RewriteCond %{SERVER_PORT} =80
RewriteCond %{THE_REQUEST} !/plugin/Live/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Go to http if on /for on_connect.php, on_done.php, on_play.php , on_publish.php , on_record_done.php /
RewriteCond %{SERVER_PORT} !=80
RewriteCond %{THE_REQUEST} /plugin/Live/* [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

So basically you are configuring your server to accept https when rtmp is accessed via nginx and to no use https when the Live plugin directory is accessed.

Lordblanca commented 3 years ago

I did what you sent me. I have a connection. Like I did before. but now I have an online green light. but no video or audio for live streaming. I am running a test server before I go live with the main server. attached is a copy of my nginx conf and the apache2 conf files. Please let me know what else to do. I'm almost there. Thank You in advance Robert Jean-Louis Blessings

On Sat, Apr 10, 2021 at 10:50 PM Julian Romero @.***> wrote:

It is not enough. You need to configure the http section of nginx.conf file :

(...) http { include mime.types; default_type application/octet-stream; server { listen 8443 ssl;

you need to change the following 2 lines to the ssl certificate and key path in your server

                ssl_certificate /etc/letsencrypt/live/your-site/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/your-ste/privkey.pem;

(...)

Also, FOR ME, the lines below worked once inserted into the apache2 conf file:

RewriteEngine on

Go to https if not on /plugin/Live/

RewriteCond %{SERVER_PORT} =80 RewriteCond %{THE_REQUEST} !/plugin/Live/ [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Go to http if on /for on_connect.php, on_done.php, on_play.php , on_publish.php , on_record_done.php /

RewriteCond %{SERVER_PORT} !=80 RewriteCond %{THE_REQUEST} /plugin/Live/ [NC] RewriteRule ^(.)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

So basically you are configuring your server to accept https when rtmp is accessed via nginx and to no use https when the Live plugin directory is accessed.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/WWBN/AVideo/issues/4903#issuecomment-817238069, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJBOGMHWRWIOKR4PCEW5LWLTIEE65ANCNFSM42WRBHOQ .

swimitup commented 3 years ago

I'm sorry but there's no attached files in your comment...

Lordblanca commented 3 years ago

Attached are apache2 conf and nginx conf

On Tue, Apr 13, 2021 at 6:39 PM Julian Romero @.***> wrote:

I'm sorry but there's no attached files in your comment...

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/WWBN/AVideo/issues/4903#issuecomment-819097644, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJBOGMER634FN53KZVMH4ZLTITBZRANCNFSM42WRBHOQ .

swimitup commented 3 years ago

Sorry again but there are no files attached. if you are replying the email notification, please be aware that email attachments are not sent to github. you must upload any file throught github.com

Lordblanca commented 3 years ago

Here is my nginx conf file. I'm using OBS. I have a connection green light on OBS studio. But no audio and no video. This is a test server. Main server goes up once I can reproduce the server without error ... user www-data; worker_processes 1; error_log logs/error.log debug; events { worker_connections 1024; } rtmp { server { listen 1935; buflen 2s; allow play all;

creates our "live" full-resolution HLS videostream

from our incoming encoder stream and tells where to put the HLS video manifest and video fragments application live { allow play all; live on; hls on; hls_nested on; hls_path /HLS/live; hls_playlist_length 60m; hls_fragment 4s; hls_base_url https://******.com:444/live; on_publish http:// **/plugin/Live/on_publish.php; on_publish_done http:// **/plugin/Live/on_publish_done.php; on_play http://******//plugin/Live/on_play.php; on_record_done http:// **//plugin/Live/on_record_done.php;

                        #exec ffmpeg -re -i rtmp://localhost/live/$name
                        #    -c:a aac -strict -2 -b:a 96k -c:v libx264

-vf scale=-2:240 -re 20 -g 40 -keyint_min 40 -sc_threshold 0 -bf 3 -b_strategy 2 -b:v 400k -maxrate 700k -bufsize 1400k -b:a 96k -f hls -hls_time 2 -hls_list_size 0 -f flv rtmp://localhost/adaptive/$name_low

-c:a aac -strict -2 -b:a 128k -c:v libx264

-vf scale=-2:480 -re 30 -g 60 -keyint_min 48 -sc_threshold 0 -bf 3 -b_strategy 2 -b:v 1200k -maxrate 2100k -bufsize 4200k -b:a 128k -f hls -hls_time 2 -hls_list_size 0 -f flv rtmp://localhost/adaptive/$name_mid

-c:a aac -strict -2 -b:a 128k -c:v libx264

-vf scale=-2:720 -re 30 -g 60 -keyint_min 48 -sc_threshold 0 -bf 3 -b_strategy 2 -b:v 2400k -maxrate 3000k -bufsize 6000k -b:a 128k -f hls -hls_time 2 -hls_list_size 0 -f flv rtmp://localhost/adaptive/$name_hi;

                        #recorder video{
                        #    record all;
                        #    record_path /var/www/tmp;
                        #    record_notify on;
                        #    record_max_size 2048M;
                        #    record_suffix -%d-%b-%y-%T.flv;
                        #}
                }

                #application adaptive {
                #    live on;
                #    hls on;

                #    hls_path /HLS/live;
                #    hls_nested on;
                #    hls_playlist_length 10m;
                #    allow play all;
                #    allow publish 127.0.0.1;
                #    deny publish all;

                #    hls_variant _low BANDWIDTH=900000;
                #    hls_variant _mid BANDWIDTH=2400000;
                #    hls_variant _hi  BANDWIDTH=3500000;
                #}
        }
}
http {
        include       mime.types;
        default_type  application/octet-stream;
        server {
                listen 8443 ssl;
                #listen [::]:8443 ssl;
                #include /usr/local/nginx/snippets/self-signed.conf;
                #include /usr/local/nginx/snippets/ssl-params.conf;
                listen 8080;
                listen 444 ssl;

server_name www.**.com; ssl_certificate /etc/ssl/certs/**combinerootintermediate.cer; ssl_certificatekey /etc/ssl/private/.**.com_private_key.key;

creates the http-location for our full-resolution

(desktop) HLS stream - "http://my-ip/live/my-stream-key/index.m3u8" location /live {

Disable cache

                        add_header 'Cache-Control' 'no-cache';

                        # CORS setup
                        add_header 'Access-Control-Allow-Origin' '*'

always; add_header 'Access-Control-Expose-Headers' 'Content-Length';

                        # allow CORS preflight requests
                        if ($request_method = 'OPTIONS') {
                                add_header

'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } types { application/vnd.apple.mpegurl m3u8; } alias /HLS/live; }

allows us to see how stats on viewers on our Nginx

site using a URL like: "http://my-ip/stats"

location /stats {

                #        stub_status;
                #}
                location /stat {
                        rtmp_stat all;
                        rtmp_stat_stylesheet stat.xsl;
                }
                location /stat.xsl {
                        root html;
                }
                location /control {
                        # replace this with the IP of your AVideo site
                        allow My Ip Address;
                        deny all;
                        rtmp_control all;
                }
                #allows us to host some webpages which can show our

videos: "http://my-ip/my-page.html" location / { root /var/www/html/**/; index index.html index.htm; }

                #location ~ \.php$ {
                #       include /etc/nginx/snippets/fastcgi-php.conf;
                #       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
                #}

        }
}

Here is my Apache2 conf. Added code that you gave me to the bottom of the page.

This is the main Apache server configuration file. It contains the

configuration directives that give the server its instructions.

See http://httpd.apache.org/docs/2.4/ for detailed information about

the directives and /usr/share/doc/apache2/README.Debian about Debian

specific

hints.

# #

Summary of how the Apache 2 configuration works in Debian:

The Apache 2 web server configuration in Debian is quite different to

upstream's suggested way to configure the web server. This is because

Debian's

default Apache2 installation attempts to make adding and removing modules,

virtual hosts, and extra configuration directives as flexible as

possible, in

order to make automating the changes and administering the server as easy

as

possible.

It is split into several files forming the configuration hierarchy

outlined

below, all located in the /etc/apache2/ directory:

#

/etc/apache2/

|-- apache2.conf

| `-- ports.conf

|-- mods-enabled

| |-- *.load

| `-- *.conf

|-- conf-enabled

| `-- *.conf

`-- sites-enabled

`-- *.conf

# #

* apache2.conf is the main configuration file (this file). It puts the

pieces

together by including all remaining configuration files when starting

up the

web server.

#

* ports.conf is always included from the main configuration file. It is

supposed to determine listening ports for incoming connections which

can be

customized anytime.

#

* Configuration files in the mods-enabled/, conf-enabled/ and

sites-enabled/

directories contain particular configuration snippets which manage

modules,

global configuration fragments, or virtual host configurations,

respectively.

#

They are activated by symlinking available configuration files from

their

respective *-available/ counterparts. These should be managed by using

our

helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See

their respective man pages for detailed information.

#

* The binary is called apache2. Due to the use of environment variables,

in

the default configuration, apache2 needs to be started/stopped with

/etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly

will not

work with the default configuration.

Global configuration

#

#

ServerRoot: The top of the directory tree under which the server's

configuration, error, and log files are kept.

#

NOTE! If you intend to place this on an NFS (or otherwise network)

mounted filesystem then please read the Mutex documentation (available

at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);

you will save yourself a lot of trouble.

#

Do NOT add a slash at the end of the directory path.

#

ServerRoot "/etc/apache2"

#

The accept serialization lock file MUST BE STORED ON A LOCAL DISK.

#

Mutex file:${APACHE_LOCK_DIR} default

#

The directory where shm and other runtime files will be stored.

#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#

PidFile: The file in which the server should record its process

identification number when it starts.

This needs to be set in /etc/apache2/envvars

# PidFile ${APACHE_PID_FILE}

#

Timeout: The number of seconds before receives and sends time out.

# Timeout 300

#

KeepAlive: Whether or not to allow persistent connections (more than

one request per connection). Set to "Off" to deactivate.

# KeepAlive On

#

MaxKeepAliveRequests: The maximum number of requests to allow

during a persistent connection. Set to 0 to allow an unlimited amount.

We recommend you leave this number high, for maximum performance.

# MaxKeepAliveRequests 100

#

KeepAliveTimeout: Number of seconds to wait for the next request from the

same client on the same connection.

# KeepAliveTimeout 5

These need to be set in /etc/apache2/envvars

User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP}

#

HostnameLookups: Log the names of clients or just their IP addresses

e.g., www.apache.org (on) or 204.62.129.132 (off).

The default is off because it'd be overall better for the net if people

had to knowingly turn this feature on, since enabling it means that

each client request will result in AT LEAST one lookup request to the

nameserver.

# HostnameLookups Off

ErrorLog: The location of the error log file.

If you do not specify an ErrorLog directive within a

container, error messages relating to that virtual host will be

logged here. If you do define an error logfile for a

container, that host's errors will be logged there and not here.

# ErrorLog ${APACHE_LOG_DIR}/error.log

#

LogLevel: Control the severity of messages logged to the error_log.

Available values: trace8, ..., trace1, debug, info, notice, warn,

error, crit, alert, emerg.

It is also possible to configure the log level for particular modules,

e.g.

"LogLevel info ssl:warn"

# LogLevel warn

Include module configuration:

IncludeOptional mods-enabled/.load IncludeOptional mods-enabled/.conf

Include list of ports to listen on

Include ports.conf

Sets the default security model of the Apache2 HTTPD server. It does

not allow access to the root filesystem outside of /usr/share and

/var/www.

The former is used by web applications packaged in Debian,

the latter may be used for local directories served by the web server. If

your system is serving content from a sub-directory in /srv you must allow

access here, or in any related virtual host.

Options FollowSymLinks AllowOverride None Require all denied

<Directory /usr/share> AllowOverride None Require all granted

<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride All Require all granted

<Directory /srv/>

Options Indexes FollowSymLinks

AllowOverride None

Require all granted

AccessFileName: The name of the file to look for in each directory

for additional configuration directives. See also the AllowOverride

directive.

# AccessFileName .htaccess

#

The following lines prevent .htaccess and .htpasswd files from being

viewed by Web clients.

# <FilesMatch "^.ht"> Require all denied

#

The following directives define some format nicknames for use with

a CustomLog directive.

#

These deviate from the Common Log Format definitions in that they use %O

(the actual bytes sent including headers) instead of %b (the size of the

requested file), because the latter makes it impossible to detect partial

requests.

#

Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.

Use mod_remoteip instead.

# LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent

Include of directories ignores editors' and dpkg's backup files,

see README.Debian for details.

Include generic snippets of statements

IncludeOptional conf-enabled/*.conf

Include the virtual host configurations:

IncludeOptional sites-enabled/*.conf

RewriteEngine on

Go to https if not on /plugin/Live/

RewriteCond %{SERVER_PORT} =80 RewriteCond %{THE_REQUEST} !/plugin/Live/ [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Go to http if on /for on_connect.php, on_done.php, on_play.php ,

on_publish.php , on_record_done.php / RewriteCond %{SERVER_PORT} !=80 RewriteCond %{THE_REQUEST} /plugin/Live/ [NC] RewriteRule ^(.)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

On Tue, Apr 13, 2021 at 9:03 PM Julian Romero @.***> wrote:

Sorry again but there are no files attached. if you are replying the email notification, please be aware that email attachments are not sent to github. you must upload any file throught github.com

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/WWBN/AVideo/issues/4903#issuecomment-819148155, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJBOGMB5LNBY6UIPUAJXOL3TITSWBANCNFSM42WRBHOQ .

milehighkaraoke commented 3 years ago

Configure live plugin these 2 need port 444 Screenshot_20210413-224943_Chrome

milehighkaraoke commented 3 years ago

Nginx needs to also be configured to listen to port 444 and you need to add your certificates under your listen 444

milehighkaraoke commented 3 years ago

Screenshot_20210413-225536_Chrome Screenshot_20210413-225546_Chrome Screenshot_20210413-225554_Chrome

milehighkaraoke commented 3 years ago

Skip 8

swimitup commented 3 years ago

It seems you have little clue on how conf files work. I would recommend a help from @DanielnetoDotCom service support at https://youphp.tube/marketplace/#ServicesT

milehighkaraoke commented 3 years ago

The idea is to teach him so he will be able to teach others so Dan can be free to work on Developing

akhilleusuggo commented 3 years ago

your issue is the https over rtmp . Before you change anything post here a screenshot of your stats page .

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.