search

kaltura / nginx-vod-module

NGINX-based MP4 Repackager
GNU Affero General Public License v3.0
2k stars 439 forks source link

Getting 502 while trying to request for resources #1065

Open panteparak opened 5 years ago

panteparak commented 5 years ago

The following configuration below, are able to make request to files directly using /files/..... but was unsucessful for/hls/..... and dash, I received 502 Bad Gateway

I am using Minio as my storage service with kaltura/nginx-aws-auth-module as s3 connector and can confirm that object is accessible bucket: faroseacademy key: media/6e/9a/6e9a77615e67f4e3769d2cd84512815e.mp4

so to access the files directly the url would be /files/faroseacademy/media/6e/9a/6e9a77615e67f4e3769d2cd84512815e.mp4

however this does not work for hls

this is the url i've tried /hls/faroseacademy/media/6e/9a/6e9a77615e67f4e3769d2cd84512815e.mp4/master.m3u8

This is the nginx server log PasteBin

conf.d/s3.conf

aws_auth $aws_token {
    access_key                  ${AWS_ACCESS_KEY};
    secret_key                  ${AWS_SECRET_KEY};
    service                     ${AWS_SERVICE};
    region                      ${AWS_REGION};
}

upstream s3 {
    server                      minio:9000;
}

server {
    listen 80;
    server_name _;

    include                     /etc/nginx/vhost.d/vod.conf;
    include                     /etc/nginx/vhost.d/hls.conf;
    include                     /etc/nginx/vhost.d/dash.conf;
    include                     /etc/nginx/vhost.d/authentication.conf;

    location ~ ^/media(?:/(.*))?$ {  # ^/media/
        internal;
        rewrite ^/media(?:/(.*))?$ /$1 break;

        proxy_set_header        X-Amz-Date $aws_auth_date;
        proxy_set_header        X-Amz-Content-SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855;
        proxy_set_header        Authorization $aws_token;

        proxy_set_header        Host $http_host;
        proxy_pass              http://s3;
    }

    location ~ ^/files(?:/(.*))?$ {
        auth_request            /auth/lesson/video;
        rewrite                 ^/files(?:/(.*))?$ /$1 break;

        proxy_set_header        X-Amz-Date $aws_auth_date;
        proxy_set_header        X-Amz-Content-SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855;
        proxy_set_header        Authorization $aws_token;
        proxy_set_header        Host $http_host;
        proxy_pass              http://s3;
    }

    include                     /etc/nginx/vhost.d/healthcheck.conf;
}

vhost.d/vod.conf

vod_mode                            remote;
vod_upstream_location               /media;
vod_last_modified                   'Sun, 19 Nov 2000 08:52:00 GMT';
vod_last_modified_types             *;

# vod caches
vod_metadata_cache metadata_cache   512m;
vod_response_cache response_cache   128m;

# gzip manifests
gzip                                on;
gzip_types                          application/vnd.apple.mpegurl;

vhost.d/dash.conf

location ~ ^/dash/ {
    auth_request    /auth/lesson/video;
    vod             dash;

    add_header      Access-Control-Allow-Headers '*';
    add_header      Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range,Authorization';
    add_header      Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
    add_header      Access-Control-Allow-Origin '*';
    expires         7d;
}

vhost.d/hls.conf

location ~ ^/hls/ {
    auth_request            /auth/lesson/video;
    vod             hls;

    add_header      Access-Control-Allow-Headers '*';
    add_header      Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range,Authorization';
    add_header      Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
    add_header      Access-Control-Allow-Origin '*';
    expires         7d;
}
erankor commented 5 years ago

You can see in the log the HTTP call that the module performed against the upstream:

GET /hls/faroseacademy/media/6e/9a/6e9a77615e67f4e3769d2cd84512815e.mp4 HTTP/1.1
X-Amz-Date: 20191104T041943Z
X-Amz-Content-SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Authorization: AWS4-HMAC-SHA256 Credential=admin/20191104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=226a34e60d6264f2d43a391b8e12ce5d2ab8c5d1ca94e9f34a34edb8711df7b0
Host: localhost:8088
Connection: close
User-Agent: curl/7.54.0
Range: bytes=0-4095

This is clearly wrong... I don't think rewrite works on subrequests, you can probably just use proxy_pass http://s3/$1 instead. The host header also seems off, don't know if Minio cares about it.