diff --git a/.github/workflows/nginx-hls-cdn.yml b/.github/workflows/nginx-hls-cdn.yml index cd595e57..62547234 100644 --- a/.github/workflows/nginx-hls-cdn.yml +++ b/.github/workflows/nginx-hls-cdn.yml @@ -9,13 +9,16 @@ jobs: steps: - name: Generate varaiables run: | - SRS_MAJOR=nginx-hls-cdn - SRS_TAG=nginx-hls-cdn-v1.0.0 - echo "SRS_MAJOR=$SRS_MAJOR" >> $GITHUB_ENV - echo "SRS_TAG=$SRS_TAG" >> $GITHUB_ENV + SRS_MAJOR_HTTP=nginx-hls-cdn-http + SRS_MAJOR_HTTPS=nginx-hls-cdn-https + SRS_VERSION=v1.0.1 + echo "SRS_MAJOR_HTTP=$SRS_MAJOR_HTTP" >> $GITHUB_ENV + echo "SRS_MAJOR_HTTPS=$SRS_MAJOR_HTTPS" >> $GITHUB_ENV + echo "SRS_VERSION=$SRS_VERSION" >> $GITHUB_ENV outputs: - SRS_TAG: ${{ env.SRS_TAG }} - SRS_MAJOR: ${{ env.SRS_MAJOR }} + SRS_VERSION: ${{ env.SRS_VERSION }} + SRS_MAJOR_HTTP: ${{ env.SRS_MAJOR_HTTP }} + SRS_MAJOR_HTTPS: ${{ env.SRS_MAJOR_HTTPS }} runs-on: ubuntu-20.04 docker: @@ -24,8 +27,9 @@ jobs: steps: - name: Covert output to env run: | - echo "SRS_TAG=${{ needs.envs.outputs.SRS_TAG }}" >> $GITHUB_ENV - echo "SRS_MAJOR=${{ needs.envs.outputs.SRS_MAJOR }}" >> $GITHUB_ENV + echo "SRS_VERSION=${{ needs.envs.outputs.SRS_VERSION }}" >> $GITHUB_ENV + echo "SRS_MAJOR_HTTP=${{ needs.envs.outputs.SRS_MAJOR_HTTP }}" >> $GITHUB_ENV + echo "SRS_MAJOR_HTTPS=${{ needs.envs.outputs.SRS_MAJOR_HTTPS }}" >> $GITHUB_ENV - name: Checkout repository uses: actions/checkout@v3 - name: Set up QEMU @@ -37,20 +41,36 @@ jobs: with: username: "${{ secrets.DOCKER_USERNAME }}" password: "${{ secrets.DOCKER_PASSWORD }}" - - name: Build SRS docker image + - name: Build HTTP docker image run: | - echo "Release ossrs/srs-stack:$SRS_TAG" + echo "Release ossrs/srs-stack:$SRS_MAJOR_HTTP-$SRS_VERSION" docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 \ --output "type=image,push=true" \ - --tag ossrs/srs-stack:$SRS_TAG scripts/nginx-hls-cdn - - name: Docker alias images for ossrs/srs-stack + --tag ossrs/srs-stack:$SRS_MAJOR_HTTP \ + -f scripts/nginx-hls-cdn/Dockerfile.http \ + scripts/nginx-hls-cdn + - name: Alias HTTP docker image uses: akhilerm/tag-push-action@v2.1.0 with: - src: ossrs/srs-stack:${{ env.SRS_TAG }} + src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }} dst: | - ossrs/srs-cloud:${{ env.SRS_TAG }} - ossrs/srs-cloud:${{ env.SRS_MAJOR }} - ossrs/srs-stack:${{ env.SRS_MAJOR }} + ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}-${{ env.SRS_VERSION }} + ossrs/srs-stack:nginx-hls-cdn-${{ env.SRS_VERSION }} + ossrs/srs-stack:nginx-hls-cdn + - name: Build HTTPS docker image + run: | + echo "Release ossrs/srs-stack:$SRS_MAJOR_HTTPS-$SRS_VERSION" + docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 \ + --output "type=image,push=true" \ + --tag ossrs/srs-stack:$SRS_MAJOR_HTTPS \ + -f scripts/nginx-hls-cdn/Dockerfile.https \ + scripts/nginx-hls-cdn + - name: Alias HTTPS docker image + uses: akhilerm/tag-push-action@v2.1.0 + with: + src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }} + dst: | + ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}-${{ env.SRS_VERSION }} runs-on: ubuntu-20.04 aliyun: @@ -60,21 +80,29 @@ jobs: steps: - name: Covert output to env run: | - echo "SRS_TAG=${{ needs.envs.outputs.SRS_TAG }}" >> $GITHUB_ENV - echo "SRS_MAJOR=${{ needs.envs.outputs.SRS_MAJOR }}" >> $GITHUB_ENV + echo "SRS_VERSION=${{ needs.envs.outputs.SRS_VERSION }}" >> $GITHUB_ENV + echo "SRS_MAJOR_HTTP=${{ needs.envs.outputs.SRS_MAJOR_HTTP }}" >> $GITHUB_ENV + echo "SRS_MAJOR_HTTPS=${{ needs.envs.outputs.SRS_MAJOR_HTTPS }}" >> $GITHUB_ENV - name: Login Aliyun docker hub uses: docker/login-action@v2 with: registry: registry.cn-hangzhou.aliyuncs.com username: "${{ secrets.ACR_USERNAME }}" password: "${{ secrets.ACR_PASSWORD }}" - - name: Docker alias images for ossrs/srs-stack + - name: Alias HTTP docker images + uses: akhilerm/tag-push-action@v2.1.0 + with: + src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }} + dst: | + registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }} + registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTP }}-${{ env.SRS_VERSION }} + registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:nginx-hls-cdn-${{ env.SRS_VERSION }} + registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:nginx-hls-cdn + - name: Alias HTTPS docker images uses: akhilerm/tag-push-action@v2.1.0 with: - src: ossrs/srs-stack:${{ env.SRS_TAG }} + src: ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }} dst: | - registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_TAG }} - registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR }} - registry.cn-hangzhou.aliyuncs.com/ossrs/srs-cloud:${{ env.SRS_TAG }} - registry.cn-hangzhou.aliyuncs.com/ossrs/srs-cloud:${{ env.SRS_MAJOR }} + registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }} + registry.cn-hangzhou.aliyuncs.com/ossrs/srs-stack:${{ env.SRS_MAJOR_HTTPS }}-${{ env.SRS_VERSION }} runs-on: ubuntu-20.04 diff --git a/DEVELOPER.md b/DEVELOPER.md index 83120b0d..fb919757 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -1028,6 +1028,7 @@ The following are the update records for the SRS Stack server. * Use upx to make binary smaller. v5.11.16 * Refine transcode test case. [v5.11.17](https://github.com/ossrs/srs-stack/releases/tag/v5.11.17) * HTTPS: Enable self-signed certificate by default. v5.11.18 + * HLS: Nginx HLS CDN support HTTPS. v5.11.19 * v5.10 * Refine README. v5.10.1 * Refine DO and droplet release script. v5.10.2 diff --git a/scripts/nginx-hls-cdn/Dockerfile b/scripts/nginx-hls-cdn/Dockerfile.http similarity index 72% rename from scripts/nginx-hls-cdn/Dockerfile rename to scripts/nginx-hls-cdn/Dockerfile.http index 798c8126..c70da67b 100644 --- a/scripts/nginx-hls-cdn/Dockerfile +++ b/scripts/nginx-hls-cdn/Dockerfile.http @@ -4,7 +4,7 @@ FROM ${ARCH}nginx:latest AS dist # The environment variables for template. ENV SRS_STACK_SERVER=127.0.0.1:2022 -ADD nginx.edge.conf.template /etc/nginx/templates/default.conf.template +ADD nginx.edge.http.conf.template /etc/nginx/templates/default.conf.template # Create the proxy cache directory for NGINX. RUN mkdir -p /data/nginx-cache diff --git a/scripts/nginx-hls-cdn/Dockerfile.https b/scripts/nginx-hls-cdn/Dockerfile.https new file mode 100644 index 00000000..66ce4605 --- /dev/null +++ b/scripts/nginx-hls-cdn/Dockerfile.https @@ -0,0 +1,12 @@ +ARG ARCH + +FROM ${ARCH}nginx:latest AS dist + +# The environment variables for template. +ENV SRS_STACK_SERVER=127.0.0.1:2022 \ + SRS_STACK_SSL_KEY=/data/config/nginx.key \ + SRS_STACK_SSL_CRT=/data/config/nginx.crt +ADD nginx.edge.https.conf.template /etc/nginx/templates/default.conf.template + +# Create the proxy cache directory for NGINX. +RUN mkdir -p /data/nginx-cache diff --git a/scripts/nginx-hls-cdn/README.md b/scripts/nginx-hls-cdn/README.md index 65402b0a..d2c9b289 100644 --- a/scripts/nginx-hls-cdn/README.md +++ b/scripts/nginx-hls-cdn/README.md @@ -25,7 +25,6 @@ You will receive an internet IP address, for example, `128.199.114.145`. Log in ```bash apt-get update -y && apt-get install -y docker.io curl net-tools ffmpeg pcp && -docker rm -f srs-stack || echo OK && docker run --rm --name srs-stack -d -v $HOME/data:/data \ -p 2022:2022 -p 2443:2443 -p 1935:1935/tcp -p 8000:8000/udp -p 10080:10080/udp \ ossrs/srs-stack:5 @@ -68,10 +67,9 @@ You will receive an internet IP address, for example, `128.199.93.163`. Log in a ```bash apt-get update -y && apt-get install -y docker.io curl net-tools ffmpeg pcp && -docker rm -f srs-stack-nginx01 || echo OK && docker run --rm -it --name srs-stack-nginx01 -d \ -p 80:80 -e SRS_STACK_SERVER=128.199.114.145:2022 \ - ossrs/srs-stack:nginx-hls-cdn + ossrs/srs-stack:nginx-hls-cdn-http ``` > Note: Please replace the IP `128.199.114.145` with your SRS Stack. @@ -115,4 +113,26 @@ allows for the expansion and addition of more NGINX servers to accommodate more supporting thousands or even millions. Since the SRS Stack only needs to serve the NGINX servers, the load will consistently remain low. - \ No newline at end of file +## (Optional) Step 4: Setup HTTPS for Nginx Edge Server + +You can configure HTTPS for the Nginx Edge server if you have an SSL certificate file, or you can create +a self-signed SSL certificate file by: + +```bash +openssl genrsa -out nginx.key 2048 +openssl req -new -x509 -key nginx.key -out nginx.crt -days 3650 -subj "/CN=your-domain.com" +``` + +Start Nginx with SSL certificate file: + +```bash +docker run --rm -it --name srs-stack-nginx01 -d \ + -p 80:80 -e SRS_STACK_SERVER=128.199.114.145:2022 \ + -p 443:443 -v $(pwd)/nginx.key:/data/config/nginx.key -v $(pwd)/nginx.crt:/data/config/nginx.crt \ + ossrs/srs-stack:nginx-hls-cdn-https +``` + +> Note: Please replace the IP `128.199.114.145` with your SRS Stack. + +A HTTPS HLS stream should be available at [https://your-domain.com/live/livestream.m3u8](http://128.199.114.145:2022/tools/player.html?url=https://your-domain.com/live/livestream.m3u8), +and in the following steps, you can create more NGINX servers to deliver HLS stream. diff --git a/scripts/nginx-hls-cdn/index.html b/scripts/nginx-hls-cdn/index.html new file mode 100644 index 00000000..68300b85 --- /dev/null +++ b/scripts/nginx-hls-cdn/index.html @@ -0,0 +1 @@ +It works! diff --git a/scripts/nginx-hls-cdn/nginx.edge.conf.template b/scripts/nginx-hls-cdn/nginx.edge.http.conf.template similarity index 99% rename from scripts/nginx-hls-cdn/nginx.edge.conf.template rename to scripts/nginx-hls-cdn/nginx.edge.http.conf.template index 7f58c679..c4e35a49 100644 --- a/scripts/nginx-hls-cdn/nginx.edge.conf.template +++ b/scripts/nginx-hls-cdn/nginx.edge.http.conf.template @@ -21,6 +21,7 @@ server { proxy_cache_valid 200 302 10s; add_header X-Cache-Status $upstream_cache_status; } + location ~ /.+/.*\.(ts)$ { proxy_set_header Host $host; proxy_pass http://${SRS_STACK_SERVER}$request_uri; diff --git a/scripts/nginx-hls-cdn/nginx.edge.https.conf.template b/scripts/nginx-hls-cdn/nginx.edge.https.conf.template new file mode 100644 index 00000000..247a808f --- /dev/null +++ b/scripts/nginx-hls-cdn/nginx.edge.https.conf.template @@ -0,0 +1,43 @@ + +proxy_cache_path /data/nginx-cache levels=1:2 keys_zone=srs_cache:8m max_size=1000m inactive=600m; +proxy_temp_path /data/nginx-cache/tmp; + +server { + listen 80 default_server; + listen [::]:80 default_server; + + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + ssl_certificate ${SRS_STACK_SSL_CRT}; + ssl_certificate_key ${SRS_STACK_SSL_KEY}; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + add_header Strict-Transport-Security "max-age=0"; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + proxy_cache_valid 404 10s; + proxy_cache_lock on; + proxy_cache_lock_age 300s; + proxy_cache_lock_timeout 300s; + proxy_cache_min_uses 1; + + location ~ /.+/.*\.(m3u8)$ { + proxy_set_header Host $host; + proxy_pass http://${SRS_STACK_SERVER}$request_uri; + + proxy_cache srs_cache; + proxy_cache_key $scheme$proxy_host$uri$args; + proxy_cache_valid 200 302 10s; + add_header X-Cache-Status $upstream_cache_status; + } + + location ~ /.+/.*\.(ts)$ { + proxy_set_header Host $host; + proxy_pass http://${SRS_STACK_SERVER}$request_uri; + + proxy_cache srs_cache; + proxy_cache_key $scheme$proxy_host$uri; + proxy_cache_valid 200 302 60m; + add_header X-Cache-Status $upstream_cache_status; + } +} diff --git a/scripts/nginx-hls-cdn/nginx.root.conf.template b/scripts/nginx-hls-cdn/nginx.root.conf.template new file mode 100644 index 00000000..d4630a3f --- /dev/null +++ b/scripts/nginx-hls-cdn/nginx.root.conf.template @@ -0,0 +1,9 @@ + +server { + listen 80; + server_name localhost; + location / { + root ${ROOT}; + index index.html; + } +}