Playback Failed. Failed to play (stream: ID 1)

[gCurtisCT]

I'm trying to play back a video hosted on S3, through cloudfront, using a signed URL

I'm using pretty much the exact code from your example.

I send it: rtmp://xxxxxxxxxxxxx.cloudfront.net/cfx/st/vid_test001 and I get back

rtmp://xxxxxxxxxxxxx.cloudfront.net/cfx/st/vid_test001?Signature=SseYBRTNBTBEeQFA15o467er7EegaZwe6OM3w2AZap8Bla1WU~zXJxzUJqigyAECpbMEGHyPIEGmkFdLoU~gKgEoGUufy9TAGCkei-hjiVfMtcw2-iDVDKX~NyFScJc-fMrLD~67nWmkNAlUAZJKJV5WOqV~jgCMlQVgDbUsnLWQ0llST9qWvQp2dOqWVcvnQI1QfYzZOQxdaqZ8FY-gOzPmu8swGL95aeQQkz2VUkRTPI569ktA5rorVWmHyKbXT0jUJSBy1nEgNTDZIZSzEloTPH48RI6RpZ70qm0ahN~TrMzriEJpf4hDE2HR1DboQSxjS4JyYTr5Hdg__&Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&Expires=1386356652

Which seems like an acceptable url.

However, when I try to play it back, I get Failed to play (stream ID:1) from the SMP player.

My permissions for Cloudfront are this:

Restrict Bucket Access : Yes
Grant Read Permissions on Bucket : No, I will Update Permissions
Restrict Viewer Access (Use Signed URLs) : Yes
Trusted Signers : Self
Distribution State: Enabled

The "Grant Read Permissions on Bucket" option might be causing problems, but I can't seem to change this to "Yes" instead of "No". If I change it, save, and come back and view the settings, it changes back to "no"

My bucket policy is

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EF5LIV7LW3XE4"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::ct.recorder/*"
        }
    ]
}

[maxnachlinger]

I wish I could be of more help, but sadly your issue could be due to several causes. The way I often debug issues like this is to create an s3 bucket and cloudfront distro with few restrictions and then tighten down until it stops working.

Here are a few links that might help: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WorkingWithStreamingDistributions.html#Streaming_Troubleshooting

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-creating-policy-procedure

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-creating-signature

[gCurtisCT]

I looked through the official documentation and looked through all your links, but I still can't get a signed url, generated by this package, to work. I'm pretty sure my cloudfront implementation is correct. I've even ruled out the player by using rtmpdump.

[maxnachlinger]

Does Amazon's tool provide any additional info? http://d1k5ny0m6d4zlj.cloudfront.net/diag/CFStreamingDiag.html . By the way, you'll want to put the first bit of your URL into the "Streaming distribution" blank, e.g. rtmp://someDistroName.cloudfront.net/

[gCurtisCT]

That tool doesn't allow for signed urls, does it?

Anyway, I get this:

54727 - Connecting to rtmp://s161ki0ys7euuz.cloudfront.net:1935/cfx/st 54931 - Event: NetConnection.Connect.Success 54931 - Connect time: 204ms 55062 - StreamLen Response: 9.585 55062 - Playing: vid_test001 55096 - Event: NetStream.Failed 57229 - Bandwidth: 2028 Kbps.

At this point, my distro settings don't allow for unsigned urls. I'm able to access my videos as long as I don't need to sign them.

[maxnachlinger]

I had a look at the aws docs briefly and for signed rtmp urls, it seems as if the resource to be signed is simply everything after the hostname but excluding the video's file extension. So a url like: rtmp://someCfDistro.cloudfront.net/someKey/video.mp3 would only sign someKey/video.mp3. At any rate, I've some work to do to support rtmp it seems.

[gCurtisCT]

Thanks

You're saying that this plugin currently does not support the signing of rtmp urls?

[maxnachlinger]

Link to the docs: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html , scroll down to the section "RTMP distributions: Include only the stream name". As I mentioned above, I'll need to do more work to add signed rtmp urls in. The change should be minor and I'll be happy to review a pull request if you have one.

[maxnachlinger]

Although I don't have an rtmp distro to test on, I've just added a few fixes for rtmp. Hopefully this works for your urls.

[gCurtisCT]

Yep, everything works fine. Thanks.

One slight annoyance though, it requires the string to begin with "rtmp:...", but then, when it returns the signed url, it's cropped out, which means you have to add it back in before you can use it.

Also, if you include "cfx/st" in the url, it'll think of that as part of the resource, and try to sign it.

[maxnachlinger]

Thanks, this is great feedback and although I lack an RTMP distro, I can atleast write tests for the above issues and fix them.

[maxnachlinger]

These issues should be fixed in 1.0.45, please let me know if they're not.

[gCurtisCT]

Thanks!

I sent it "rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/videoname" and I get back "rtmp://s161ki0ys7euuz.cloudfront.net/videoname+signiature" The only thing missing is the "cfx/st". It still produces a valid signature, though.

[maxnachlinger]

Thanks for the feedback, I've just put in some tests covering the above case. Please give 1.0.46 a try.

[gCurtisCT]

I send it "rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/videoname" and I got back "rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/"+signiature

the "videoname", the value between "/cfx/st/" and the signature missing now.

[maxnachlinger]

Dear God. Ok try it now (v. 1.0.47)

[gCurtisCT]

Everything is perfect now. Thank you