Play a video from remote computer using NGINX-RTMP - nginx

I am trying to stream a video using nginx-rtmp with rtmp protocol.
I created a index.html and embedded on it JWPlayer with the rtmp url.
On localhost, I can play the video from the browser but from another computer in same local network when I tried same thing ( open the index.html in the browser the url is http://172.16.40.162:8080 ) I get an error message.
But when I try with vlc (the rtmp url : rtmp://172.16.40.162/vod/test) it worked.
Here the code of index.html
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>VoD Example</title>
<script src="http://jwpsrv.com/library/s7iNvOAyEeSMdQ4AfQhyIQ.js"></script>
</head>
<body>
<div id='videotest'></div>
<script type='text/javascript'>
jwplayer('videotest').setup({
file: 'rtmp://localhost/vod/test',
width: '50%',
aspectratio: '16:9'
});
</script>
</body>
</html>
the nginx.conf
#user nobody;
worker_processes 1;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name localhost;
# rtmp stat
location /stat {
rtmp_stat all;
rtmp_stat_stylesheet stat.xsl;
}
location /stat.xsl {
# you can move stat.xsl to a different location
root /usr/local/nginx/html;
}
# rtmp control
location /control {
rtmp_control all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
rtmp {
server {
listen 1935;
notify_method get;
chunk_size 8192;
application vod {
allow play all;
wait_video on;
play /var/www/Videos;
push rtmp://localhost/vod/test;
}
}
}
I get these messages on :
acces.log
172.16.40.148 - - [16/Apr/2015:13:08:33 +0100] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0"
172.16.40.148 [16/Apr/2015:13:19:29 +0100] PLAY "vod" "test" "" - 382 3660906 "" "LNX 9,0,124,2" (1m 58s)
127.0.0.1 [16/Apr/2015:13:51:47 +0100] PLAY "vod" "test" "" - 483 3669724 "http://172.16.40.162:8080/" "LNX 11,2,202,457" (1m 50s)
error.log
2015/04/16 13:07:06 [notice] 3771#0: using the "epoll" event method
2015/04/16 13:07:06 [notice] 3771#0: nginx/1.5.0
2015/04/16 13:07:06 [notice] 3771#0: built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)
2015/04/16 13:07:06 [notice] 3771#0: OS: Linux 2.6.32-504.12.2.el6.x86_64
2015/04/16 13:07:06 [notice] 3771#0: getrlimit(RLIMIT_NOFILE): 1024:4096
2015/04/16 13:07:06 [notice] 3772#0: start worker processes
2015/04/16 13:07:06 [notice] 3772#0: start worker process 3773
2015/04/16 13:08:41 [info] 3773#0: *3 client closed connection while waiting for request, client: 172.16.40.148, server: 0.0.0.0:8080
Information about the video I use (I executed ffmpeg -i test.flv)
Input #0, flv, from 'test.flv':
Metadata:
major_brand : mp42
minor_version : 0
compatible_brands: mp42isom
encoder : Lavf56.30.100
Duration: 00:01:50.03, start: 0.060000, bitrate: 270 kb/s
Stream #0:0: Video: h264 (High), yuv420p, 320x240 [SAR 1:1 DAR 4:3], 30.30 fps, 30 tbr, 1k tbn, 60 tbc
Stream #0:1: Audio: mp3, 22050 Hz, stereo, s16p, 64 kb/s


In index.html replace file: 'rtmp://localhost/vod/test' with file: 'rtmp://172.16.40.162/vod/test'.
The JWPlayer Flash will request that URL from the client machine. Using localhost will obviously not work since it looks for the stream on the same computer.

Related

Nginx: peer closed connection in SSL handshake while SSL handshaking to upstream

I have this new client which only can talk TLSv1.2 which communicate with a old service which can only talk TLSv1. It is about to be upgraded. It is an internal system without access to internet.
To solve the problem I have placed a Nginx proxy in between.
client =TLS1.2=> Nginx =TLSv1=> oldservice
Even with proxy_ssl_verify=off I get this error:
==> /var/log/nginx/ngx-error.log <==
2021/09/15 14:48:26 [error] 13231#0: *3 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 10.140.164.9, server: ngx.example.org, request: "GET /net/EXT/microservice.svc HTTP/1.1", upstream: "https://172.23.149.10:443/EXT/microservice.svc", host: "ngx.example.org"
If I on ngx.example.org run curl -v https://endp.example.org/EXT/microservice.svc I get this message:
* NSS error -8016 (SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)
* The certificate was signed using a signature algorithm that is disabled because it is not secure.
* Closing connection 0
curl: (60) The certificate was signed using a signature algorithm that is disabled because it is not secure.
If I run curl --insecure it is working and this is the behavior I want Nginx to do.
My Nginx configuration:
server {
listen 80;
listen 443 ssl;
server_name ngx.example.org;
access_log /var/log/nginx/ngx-access.log;
error_log /var/log/nginx/ngx-error.log;
root /var/www/nginx/ngx;
ssl_protocols TLSv1.2;
ssl_certificate /etc/pki/nginx/private/ngx.example.org.crt;
ssl_certificate_key /etc/pki/nginx/private/ngx.example.org.key;
ssl_verify_client off;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#proxy_ssl_ciphers PSK-3DES-EDE-CBC-SHA;
location /net/ {
proxy_ssl_name endp.example.org;
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/wsgw.root.ca.pem;
proxy_set_header Host endp.example.org;
proxy_set_header X_FORWARDED_PROTO https;
proxy_pass https://endp.example.org/;
}
}
Edit:
Here is the output from openssl without -tlsv1:
openssl s_client -connect endp.example.org:443
139801673865104:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631880896
Timeout : 300 (sec)
Verify return code: 0 (ok)
Here is the output from openssl with -tlsv1:
openssl s_client -connect endp.example.org:443 -tls1
depth=0 CN = endp.example.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = endp.example.org
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=endp.example.org
i:/CN=endp.example.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICIzCCAYygAwIBAgIQZs9VZsp/iZRC2rL+oYTf0DANBgkqhkiG9w0BAQQFADAc
...lines deleted
OS+ih0tnXEzJKqtSC52Z+zAIFWdEipA=
-----END CERTIFICATE-----
subject=/CN=endp.example.org
issuer=/CN=endp.example.org
---
No client certificate CA names sent
---
SSL handshake has read 694 bytes and written 363 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: A01E00002B40C49CA7D7CD8EE73A9FB8DF44BF155300CDFCC98712657F697F88
Session-ID-ctx:
Master-Key: A90284275AA0067A47836A269592213E419F5286E0D30EA38F1094B50536F67913FCE7BA5D43025D1AC7FBDCA769FBE4
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631862396
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Content of certificate:
$ openssl x509 -in endp.example.org.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:cf:55:66:ca:7f:89:94:42:da:b2:fe:a1:84:df:d0
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=endp.example.org
Validity
Not Before: Nov 9 11:08:50 2010 GMT
Not After : Dec 30 23:00:00 2030 GMT
Subject: CN=endp.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:eb:ea:04:f0:53:87:26:b5:19:13:c6:a5:7b:27:
75:7e:f5:9a:84:74:59:d3:ec:0d:40:42:78:a4:c6:
1b:42:b2:50:19:3e:90:7b:20:73:f4:71:b8:3b:c3:
b3:dd:84:94:78:64:64:ac:5c:dc:a3:e4:8c:36:10:
32:ec:12:90:89:6c:e9:44:0e:fb:2e:84:0f:df:16:
c2:ae:b8:2c:d6:d0:73:b3:cf:4b:f8:56:91:e6:30:
c1:15:34:9f:70:6d:e1:e9:33:de:d6:9b:4d:2e:c8:
03:7b:eb:ed:6b:9c:8e:0b:80:a2:ef:29:5f:18:4e:
bf:e3:9a:81:e3:57:ae:c5:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
2.5.29.1:
0D....M..w....T..."...0.1.0...U....endp.example.org..f.Uf....B.......
Signature Algorithm: md5WithRSAEncryption
83:a7:c9:cf:a5:d3:91:78:65:d0:43:24:84:c5:77:62:be:ba:
52:db:7f:c6:ca:59:40:50:91:5f:48:fe:77:4a:94:26:36:23:
3a:82:6b:54:46:c1:a4:0d:bd:8f:96:bc:04:c8:54:f7:74:94:
83:3a:9e:71:61:8c:d4:a0:77:be:fc:50:e8:3f:12:a3:00:01:
9d:d6:06:a0:77:c2:84:24:96:03:c1:6a:05:57:bb:5e:d0:47:
e5:ff:a9:6c:a1:e1:cc:a4:d0:4b:b0:9d:1b:0b:d4:39:2f:a2:
87:4b:67:5c:4c:c9:2a:ab:52:0b:9d:99:fb:30:08:15:67:44:
8a:90

Not a solution but a work-around: Use Apache
ServerName ngx.example.org:443
SSLEngine on
SSLProxyEngine on
SSLProxyVerifyDepth 0
SSLProtocol TLSv1.2
SSLProxyProtocol TLSv1
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
SSLCertificateFile /etc/pki/nginx/private/ngx.example.org.crt
SSLCertificateKeyFile /etc/pki/nginx/private/ngx.example.org.key
DocumentRoot /var/www/httpd/ngx
CustomLog /var/log/httpd/ngx/access.log combined
ErrorLog /var/log/httpd/ngx/error.log
ProxyPass "/net/" "https://endp.example.org/"

What request path is location = /bar supposed to match in Nginx?

What request path is location = /bar supposed to match in Nginx?
What works fine: location /bar
Here is my nginx configuration, host file configuration, and my HTML files.
# cat /etc/nginx/sites-enabled/foo
server {
listen 80;
listen [::]:80;
server_name foo;
root /tmp/;
location /bar/ {
alias /var/www/foo/;
}
}
# cat /etc/hosts
127.0.0.1 localhost foo
127.0.1.1 debian
# cat /tmp/index.html
Hi! I am Tmp!
# cat /var/www/foo/index.html
<p>Hi! I am Index!</p>
# cat /var/www/foo/max.html
<p>Hi! I am Max!</p>
HTTP requests to the root, /bar/, and /bar/max.html produce the expected
output:
# systemctl restart nginx && curl http://foo/
Hi! I am Tmp!
# systemctl restart nginx && curl http://foo/bar/
<p>Hi! I am Index!</p>
# systemctl restart nginx && curl http://foo/bar/max.html
<p>Hi! I am Max!</p>
What does not work fine: location = /bar
Now I edit the configuration to replace location /bar with location = /bar:
# cat /etc/nginx/sites-enabled/foo
server {
listen 80;
listen [::]:80;
server_name foo;
root /tmp/;
location = /bar/ {
alias /var/www/foo/;
}
}
# systemctl restart nginx && curl http://foo/
Hi! I am Tmp!
These HTTP requests no longer work:
# systemctl restart nginx && curl http://foo/bar/
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.10.3</center>
</body>
</html>
# tail -n 1 /var/log/nginx/error.log
2018/05/25 00:07:50 [error] 29157#29157: *1 open() "/tmp/bar/index.html" failed (2: No such file or directory), client: 127.0.0.1, server: foo, request: "GET /bar/ HTTP/1.1", host: "foo"
# systemctl restart nginx && curl http://foo/bar
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.10.3</center>
</body>
</html>
# tail -n 1 /var/log/nginx/error.log
2018/05/25 00:08:49 [error] 29203#29203: *1 open() "/tmp/bar" failed (2: No such file or directory), client: 127.0.0.1, server: foo, request: "GET /bar HTTP/1.1", host: "foo"
# systemctl restart nginx && curl http://foo/bar/max.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.10.3</center>
</body>
</html>
# tail -n 1 /var/log/nginx/error.log
2018/05/25 00:10:10 [error] 29265#29265: *1 open() "/tmp/bar/max.html" failed (2: No such file or directory), client: 127.0.0.1, server: foo, request: "GET /bar/max.html HTTP/1.1", host: "foo"
It appears that the GET requests for either /bar or /bar/ match the location = /bar/ directive? I thought these requests should have worked with this directive because http://nginx.org/en/docs/http/ngx_http_core_module.html#location mentions:
Also, using the “=” modifier it is possible to define an exact match of URI and location. If an exact match is found, the search terminates.
But as explained in my example, it does not seem to work? What kind of request would match the location = /bar directive then?

The URI /bar/ relies on the index directive to internally rewrite the URI to /bar/index.html. See this document for details.
The exact match location syntax will only match the original URI, and not the rewritten URI.
nginx will process the rewritten URI using the default location (which in your configuration, is the server context). So, the URI /bar/index.html will be searched for at /tmp/bar/index.html, and not found.

Nginx don't block bot by user-agent

I'm trying to ban annoying bot by user-agent. I put this into server section of nginx config:
server {
listen 80 default_server;
....
if ($http_user_agent ~* (AhrefsBot)) {
return 444;
}
checking by curl:
[root#vm85559 site_avaliable]# curl -I -H 'User-agent: Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)' localhost/
curl: (52) Empty reply from server
so i check /var/log/nginx/access.log and i see some connections get 444, but another connections get 200!
51.255.65.78 - - [25/Jun/2017:15:47:36 +0300 - -] "GET /product/kovriki-avtomobilnie/volkswagen/?PAGEN_1=10 HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" 1498394856.155
217.182.132.60 - - [25/Jun/2017:15:47:50 +0300 - 2.301] "GET /product/bryzgoviki/toyota/ HTTP/1.1" 200 14500 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" 1498394870.955
How is it possible?

Ok, got it!
I've add $server_name and $server_addr to nginx log format, and saw that cunning bot connects by ip without server_name:
51.255.65.40 - _ *myip* - [25/Jun/2017:16:22:27 +0300 - 2.449] "GET /product/soyuz_96_2/mitsubishi/l200/ HTTP/1.1" 200 9974 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" 1498396947.308
so i added this and bot can't connect anymore
server {
listen *myip*:80;
server_name _;
return 403;
}

nginx = / location pattern not working

I am trying to configure nginx to serve a static html page on the root domain, and proxy everything else to uwsgi. As a quick test I tried to divert to two different static pages:
server {
server_name *.example.dev;
index index.html index.htm;
listen 80;
charset utf-8;
location = / {
root /www/src/;
}
location / {
root /www/test/;
}
}
This seems to be what http://nginx.org/en/docs/http/ngx_http_core_module.html#location says you can do. But I'm always getting sent to the test site, even on the / request by visiting http://www.example.dev in my browser.
Curl output:
$ curl http://www.example.dev -v
* Rebuilt URL to: http://www.example.dev/
* Hostname was NOT found in DNS cache
* Trying 192.168.50.51...
* Connected to www.example.dev (192.168.50.51) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: www.example.dev
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.8.0 is not blacklisted
< Server: nginx/1.8.0
< Date: Tue, 19 May 2015 01:11:10 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 415
< Last-Modified: Wed, 15 Apr 2015 02:53:27 GMT
< Connection: keep-alive
< ETag: "552dd2a7-19f"
< Accept-Ranges: bytes
<
<!DOCTYPE html>
<html>
...
And the output from the nginx access log:
192.168.50.1 - - [19/May/2015:01:17:05 +0000] "GET / HTTP/1.1" 200 415 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36" "-"
So I decided to comment out the test location. So I have only the location = / { ... block. Nginx now 404s and logs the following error:
2015/05/19 01:24:12 [error] 3116#0: *6 open() "/etc/nginx/html/index.html" failed (2: No such file or directory), client: 192.168.50.1, server: *.example.dev, request: "GET / HTTP/1.1", host: "www.example.dev"
Which is the default root in the original nginx conf file? I guess this confirms my location = / pattern is not matching.
I added $uri to the access log and see that it is showing /index.html which I guess means the first location pattern is matching, but then it goes into the second location block? So now I just need to figure out how to serve my index.html from the / block, or just add another block like: location =/index.html

according to #Alexey Ten commented, in ngx_http_index doc:
It should be noted that using an index file causes an internal redirect, and the request can be processed in a different location. For example, with the following configuration:
location = / {
index index.html;
}
location / {
...
}
a “/” request will actually be processed in the second location as “/index.html”.
In your case, request to "/" will not get /www/src/index.html, but /www/test/index.html.

How to use The uWSGI FastRouter whith Nginx?

Configuration of Nginx:
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:3030;
}
uWSGI FasterRouter
uwsgi --fastrouter 127.0.0.1:3030 --fastrouter-subscription-server 127.0.0.1:3131 -M
uWSGI web-app instance
uwsgi -M --subscribe-to 127.0.0.1:3131:/ --file server.py --http :8080
then HTTP GET [server ip]:80/ no response
HTTP GET [server ip]:8080/ got response
Configuration of Nginx:
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:3030;
}
uwsgi -M --file server.py -s 127.0.0.1:3030
then HTTP GET [server ip]:80/ Got response

Do as follows. Worked. Thanks roberto for help.
Configuration of Nginx:
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:3030;
}
uWSGI FasterRouter
uwsgi --fastrouter 127.0.0.1:3030 --fastrouter-subscription-server 127.0.0.1:3131 -M
uWSGI web-app instance
uwsgi -M --subscribe-to 127.0.0.1:3131:[server_ip] --file server.py -s 127.0.0.1:3232
Console output
[uwsgi-subscription for pid 18957] new pool: [server_ip] (hash key: 22902)
[uwsgi-subscription for pid 18957] [server_ip] => new node: 127.0.0.1:3232
then HTTP GET [server ip]:80/ GOT response

Resources