HLS: Nginx HLS CDN support HTTPS. v5.11.19

ossrs · Nov 12, 2023 · c93a87c · c93a87c
1 parent f3adbe8
commit c93a87c
Show file tree

Hide file tree

Showing 9 changed files with 144 additions and 29 deletions.
diff --git a/.github/workflows/nginx-hls-cdn.yml b/.github/workflows/nginx-hls-cdn.yml
@@ -9,13 +9,16 @@ jobs:
     steps:
       - name: Generate varaiables
         run: |
-          SRS_MAJOR=nginx-hls-cdn
-          SRS_TAG=nginx-hls-cdn-v1.0.0
-          echo "SRS_MAJOR=$SRS_MAJOR" >> $GITHUB_ENV
-          echo "SRS_TAG=$SRS_TAG" >> $GITHUB_ENV
+          SRS_MAJOR_HTTP=nginx-hls-cdn-http
+          SRS_MAJOR_HTTPS=nginx-hls-cdn-https
+          SRS_VERSION=v1.0.1
+          echo "SRS_MAJOR_HTTP=$SRS_MAJOR_HTTP" >> $GITHUB_ENV
+          echo "SRS_MAJOR_HTTPS=$SRS_MAJOR_HTTPS" >> $GITHUB_ENV
+          echo "SRS_VERSION=$SRS_VERSION" >> $GITHUB_ENV
     outputs:
-      SRS_TAG: ${{ env.SRS_TAG }}
-      SRS_MAJOR: ${{ env.SRS_MAJOR }}
+      SRS_VERSION: ${{ env.SRS_VERSION }}
+      SRS_MAJOR_HTTP: ${{ env.SRS_MAJOR_HTTP }}
+      SRS_MAJOR_HTTPS: ${{ env.SRS_MAJOR_HTTPS }}
     runs-on: ubuntu-20.04
 
   docker:
@@ -24,8 +27,9 @@ jobs:
     steps:
       - name: Covert output to env
         run: |
-          echo "SRS_TAG=${{ needs.envs.outputs.SRS_TAG }}" >> $GITHUB_ENV
-          echo "SRS_MAJOR=${{ needs.envs.outputs.SRS_MAJOR }}" >> $GITHUB_ENV
+          echo "SRS_VERSION=${{ needs.envs.outputs.SRS_VERSION }}" >> $GITHUB_ENV
+          echo "SRS_MAJOR_HTTP=${{ needs.envs.outputs.SRS_MAJOR_HTTP }}" >> $GITHUB_ENV
+          echo "SRS_MAJOR_HTTPS=${{ needs.envs.outputs.SRS_MAJOR_HTTPS }}" >> $GITHUB_ENV
       - name: Checkout repository
         uses: actions/checkout@v3
       - name: Set up QEMU
@@ -37,20 +41,36 @@ jobs:
         with:
           username: "${{ secrets.DOCKER_USERNAME }}"
           password: "${{ secrets.DOCKER_PASSWORD }}"
-      - name: Build SRS docker image
+      - name: Build HTTP docker image
         run: |
-          echo "Release ossrs/srs-stack:$SRS_TAG"
+          echo "Release ossrs/srs-stack:$SRS_MAJOR_HTTP-$SRS_VERSION"
           docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 \
             --output "type=image,push=true" \
-            --tag ossrs/srs-stack:$SRS_TAG scripts/nginx-hls-cdn
-      - name: Docker alias images for ossrs/srs-stack
+            --tag ossrs/srs-stack:$SRS_MAJOR_HTTP \
+            -f scripts/nginx-hls-cdn/Dockerfile.http \
+            scripts/nginx-hls-cdn
+      - name: Alias HTTP docker image
         uses: akhilerm/[email protected]
         with:
-          src: ossrs/srs-stack:${{ env.SRS_TAG }}
+          src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}
           dst: |
-            ossrs/srs-cloud:${{ env.SRS_TAG }}
-            ossrs/srs-cloud:${{ env.SRS_MAJOR }}
-            ossrs/srs-stack:${{ env.SRS_MAJOR }}
+            ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}-${{ env.SRS_VERSION }}
+            ossrs/srs-stack:nginx-hls-cdn-${{ env.SRS_VERSION }}
+            ossrs/srs-stack:nginx-hls-cdn
+      - name: Build HTTPS docker image
+        run: |
+          echo "Release ossrs/srs-stack:$SRS_MAJOR_HTTPS-$SRS_VERSION"
+          docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 \
+            --output "type=image,push=true" \
+            --tag ossrs/srs-stack:$SRS_MAJOR_HTTPS \
+            -f scripts/nginx-hls-cdn/Dockerfile.https \
+            scripts/nginx-hls-cdn
+      - name: Alias HTTPS docker image
+        uses: akhilerm/[email protected]
+        with:
+          src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}
+          dst: |
+            ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}-${{ env.SRS_VERSION }}
     runs-on: ubuntu-20.04
 
   aliyun:
@@ -60,21 +80,29 @@ jobs:
     steps:
       - name: Covert output to env
         run: |
-          echo "SRS_TAG=${{ needs.envs.outputs.SRS_TAG }}" >> $GITHUB_ENV
-          echo "SRS_MAJOR=${{ needs.envs.outputs.SRS_MAJOR }}" >> $GITHUB_ENV
+          echo "SRS_VERSION=${{ needs.envs.outputs.SRS_VERSION }}" >> $GITHUB_ENV
+          echo "SRS_MAJOR_HTTP=${{ needs.envs.outputs.SRS_MAJOR_HTTP }}" >> $GITHUB_ENV
+          echo "SRS_MAJOR_HTTPS=${{ needs.envs.outputs.SRS_MAJOR_HTTPS }}" >> $GITHUB_ENV
       - name: Login Aliyun docker hub
         uses: docker/login-action@v2
         with:
           registry: registry.cn-hangzhou.aliyuncs.com
           username: "${{ secrets.ACR_USERNAME }}"
           password: "${{ secrets.ACR_PASSWORD }}"
-      - name: Docker alias images for ossrs/srs-stack
+      - name: Alias HTTP docker images
+        uses: akhilerm/[email protected]
+        with:
+          src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}
+          dst: |
+            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}
+            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}-${{ env.SRS_VERSION }}
+            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:nginx-hls-cdn-${{ env.SRS_VERSION }}
+            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:nginx-hls-cdn
+      - name: Alias HTTPS docker images
         uses: akhilerm/[email protected]
         with:
-          src: ossrs/srs-stack:${{ env.SRS_TAG }}
+          src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}
           dst: |
-            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_TAG }}
-            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR }}
-            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-cloud:${{ env.SRS_TAG }}
-            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-cloud:${{ env.SRS_MAJOR }}
+            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}
+            registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}-${{ env.SRS_VERSION }}
     runs-on: ubuntu-20.04
diff --git a/DEVELOPER.md b/DEVELOPER.md
@@ -1028,6 +1028,7 @@ The following are the update records for the SRS Stack server.
     * Use upx to make binary smaller. v5.11.16
     * Refine transcode test case. [v5.11.17](https://github.com/ossrs/srs-stack/releases/tag/v5.11.17)
     * HTTPS: Enable self-signed certificate by default. v5.11.18
+    * HLS: Nginx HLS CDN support HTTPS. v5.11.19
 * v5.10
     * Refine README. v5.10.1
     * Refine DO and droplet release script. v5.10.2

diff --git a/scripts/nginx-hls-cdn/Dockerfile → scripts/nginx-hls-cdn/Dockerfile.http b/scripts/nginx-hls-cdn/Dockerfile → scripts/nginx-hls-cdn/Dockerfile.http
@@ -4,7 +4,7 @@ FROM ${ARCH}nginx:latest AS dist
 
 # The environment variables for template.
 ENV SRS_STACK_SERVER=127.0.0.1:2022
-ADD nginx.edge.conf.template /etc/nginx/templates/default.conf.template
+ADD nginx.edge.http.conf.template /etc/nginx/templates/default.conf.template
 
 # Create the proxy cache directory for NGINX.
 RUN mkdir -p /data/nginx-cache
diff --git a/scripts/nginx-hls-cdn/Dockerfile.https b/scripts/nginx-hls-cdn/Dockerfile.https
@@ -0,0 +1,12 @@
+ARG ARCH
+
+FROM ${ARCH}nginx:latest AS dist
+
+# The environment variables for template.
+ENV SRS_STACK_SERVER=127.0.0.1:2022 \
+    SRS_STACK_SSL_KEY=/data/config/nginx.key \
+    SRS_STACK_SSL_CRT=/data/config/nginx.crt
+ADD nginx.edge.https.conf.template /etc/nginx/templates/default.conf.template
+
+# Create the proxy cache directory for NGINX.
+RUN mkdir -p /data/nginx-cache
diff --git a/scripts/nginx-hls-cdn/README.md b/scripts/nginx-hls-cdn/README.md
@@ -25,7 +25,6 @@ You will receive an internet IP address, for example, `128.199.114.145`. Log in
 
 ```bash
 apt-get update -y && apt-get install -y docker.io curl net-tools ffmpeg pcp &&
-docker rm -f srs-stack || echo OK &&
 docker run --rm --name srs-stack -d -v $HOME/data:/data \
   -p 2022:2022 -p 2443:2443 -p 1935:1935/tcp -p 8000:8000/udp -p 10080:10080/udp \
   ossrs/srs-stack:5
@@ -68,10 +67,9 @@ You will receive an internet IP address, for example, `128.199.93.163`. Log in a
 
 ```bash
 apt-get update -y && apt-get install -y docker.io curl net-tools ffmpeg pcp &&
-docker rm -f srs-stack-nginx01 || echo OK &&
 docker run --rm -it --name srs-stack-nginx01 -d \
   -p 80:80 -e SRS_STACK_SERVER=128.199.114.145:2022 \
-  ossrs/srs-stack:nginx-hls-cdn
+  ossrs/srs-stack:nginx-hls-cdn-http
 ```
 
 > Note: Please replace the IP `128.199.114.145` with your SRS Stack.
@@ -115,4 +113,26 @@ allows for the expansion and addition of more NGINX servers to accommodate more
 supporting thousands or even millions. Since the SRS Stack only needs to serve the NGINX servers, the 
 load will consistently remain low.
 
-
+## (Optional) Step 4: Setup HTTPS for Nginx Edge Server
+
+You can configure HTTPS for the Nginx Edge server if you have an SSL certificate file, or you can create
+a self-signed SSL certificate file by:
+
+```bash
+openssl genrsa -out nginx.key 2048
+openssl req -new -x509 -key nginx.key -out nginx.crt -days 3650 -subj "/CN=your-domain.com"
+```
+
+Start Nginx with SSL certificate file:
+
+```bash
+docker run --rm -it --name srs-stack-nginx01 -d \
+  -p 80:80 -e SRS_STACK_SERVER=128.199.114.145:2022 \
+  -p 443:443 -v $(pwd)/nginx.key:/data/config/nginx.key -v $(pwd)/nginx.crt:/data/config/nginx.crt \
+  ossrs/srs-stack:nginx-hls-cdn-https
+```
+
+> Note: Please replace the IP `128.199.114.145` with your SRS Stack.
+
+A HTTPS HLS stream should be available at [https://your-domain.com/live/livestream.m3u8](http://128.199.114.145:2022/tools/player.html?url=https://your-domain.com/live/livestream.m3u8),
+and in the following steps, you can create more NGINX servers to deliver HLS stream.
diff --git a/scripts/nginx-hls-cdn/index.html b/scripts/nginx-hls-cdn/index.html
@@ -0,0 +1 @@
+It works!
diff --git a/...ts/nginx-hls-cdn/nginx.edge.conf.template → ...inx-hls-cdn/nginx.edge.http.conf.template b/...ts/nginx-hls-cdn/nginx.edge.conf.template → ...inx-hls-cdn/nginx.edge.http.conf.template
@@ -21,6 +21,7 @@ server {
         proxy_cache_valid  200 302  10s;
         add_header X-Cache-Status $upstream_cache_status;
     }
+
     location ~ /.+/.*\.(ts)$ {
         proxy_set_header Host $host;
         proxy_pass http://${SRS_STACK_SERVER}$request_uri;

diff --git a/scripts/nginx-hls-cdn/nginx.edge.https.conf.template b/scripts/nginx-hls-cdn/nginx.edge.https.conf.template
@@ -0,0 +1,43 @@
+
+proxy_cache_path  /data/nginx-cache levels=1:2 keys_zone=srs_cache:8m max_size=1000m inactive=600m;
+proxy_temp_path /data/nginx-cache/tmp;
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    ssl_certificate ${SRS_STACK_SSL_CRT};
+    ssl_certificate_key ${SRS_STACK_SSL_KEY};
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    add_header Strict-Transport-Security "max-age=0";
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    proxy_cache_valid  404      10s;
+    proxy_cache_lock on;
+    proxy_cache_lock_age 300s;
+    proxy_cache_lock_timeout 300s;
+    proxy_cache_min_uses 1;
+
+    location ~ /.+/.*\.(m3u8)$ {
+        proxy_set_header Host $host;
+        proxy_pass http://${SRS_STACK_SERVER}$request_uri;
+
+        proxy_cache srs_cache;
+        proxy_cache_key $scheme$proxy_host$uri$args;
+        proxy_cache_valid  200 302  10s;
+        add_header X-Cache-Status $upstream_cache_status;
+    }
+
+    location ~ /.+/.*\.(ts)$ {
+        proxy_set_header Host $host;
+        proxy_pass http://${SRS_STACK_SERVER}$request_uri;
+
+        proxy_cache srs_cache;
+        proxy_cache_key $scheme$proxy_host$uri;
+        proxy_cache_valid  200 302  60m;
+        add_header X-Cache-Status $upstream_cache_status;
+    }
+}
diff --git a/scripts/nginx-hls-cdn/nginx.root.conf.template b/scripts/nginx-hls-cdn/nginx.root.conf.template
@@ -0,0 +1,9 @@
+
+server {
+    listen       80;
+    server_name  localhost;
+    location / {
+        root   ${ROOT};
+        index  index.html;
+    }
+}