Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RTMPS support for Facebook Live API's Upcoming Requirement #1397

Closed
JosueAChavez opened this issue Apr 2, 2019 · 41 comments
Closed

RTMPS support for Facebook Live API's Upcoming Requirement #1397

JosueAChavez opened this issue Apr 2, 2019 · 41 comments

Comments

@JosueAChavez
Copy link

@JosueAChavez JosueAChavez commented Apr 2, 2019

Facebook is planning to deprecate RTMP on May 1st.

Using the SSL option for my RTMP connection changes the Server URL from rtmp://live-api-s.facebook.com:80/rtmp/ to rtmps://live-api-s.facebook.com:443/rtmp/.

When I insert that URL paired with my streaming key in my nginx.conf file, I'm returned with an invalid port message that looks like

nginx: [emerg] invalid port in url "rtmps://live-api-s.facebook.com:443/rtmp/some_secret_key" in C:\nginx 1.7.11.3 Gryphon/conf/nginx.conf:187

I suspect that the port rtmps is unknown.

Are there any workarounds to use this module with RTMPS? This module is very efficient compared to alternatives solutions I found (ffmpeg).

I'm using nginx 1.7.11.3 Gryphon on Windows 10.

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 2, 2019

I've just seen the same @JosueAChavez and started panicking. I am using nginx on a raspberry pi to push streams to facebook live and wondering how to do this after 1st May 2019.

I understand at this time that nginx does not support RTMPS however from doing some searching, it looks like you can use stunnel somehow. This looks above my level so I am reluctant to try it on my raspberry pi server.

@duoporcoduo

This comment has been minimized.

Copy link

@duoporcoduo duoporcoduo commented Apr 3, 2019

I'm on the same issue, I use a command today:

push rtmp://live-api-s.facebook.com:80/rtmp/KEY;

push rtmp://x.rtmp.youtube.com/live2/KEY;

When replacing the address with rtmps the server does not rise.

Can someone help?

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 3, 2019

I have the same issue as I also use the RTMP module to stream to FaceBook live.

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 3, 2019

I am looking at nimble streamer as an alternative, apparently that supports RTMPS

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 3, 2019

Nimble appears to require a subscription? If so, that's not for me.

@Lax

This comment has been minimized.

Copy link

@Lax Lax commented Apr 4, 2019

I have a solution to run an stunnel and publish to the rtmps:// address.

I will write a brief into doc in a few days
Here a link to the steps and key config "RTMP/RTMPS relay with stunnel"


Yes, you need to choose another port if nginx is listening on :1935

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 4, 2019

Lax, I had been reading about stunnel but couldn't figure out how to configure it. Thank you so much for the tutorial!!! I'll give it a shot!

One question: Since nginx is listening on port 1935, doesn't stunnel need to be listening to a different port since they are running on the same machine?

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 4, 2019

I have a solution to run an stunnel and publish to the rtmps:// address.

I will write a brief into doc in a few days
Here a link to the steps and key config "RTMP/RTMPS relay with stunnel"

I have had a look at this article and I don't understand how it works. Does anyone have any idea?

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 4, 2019

Lax, I had been reading about stunnel but couldn't figure out how to configure it. Thank you so much for the tutorial!!! I'll give it a shot!

One question: Since nginx is listening on port 1935, doesn't stunnel need to be listening to a different port since they are running on the same machine?

I'm assuming it will be 443

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 4, 2019

jwainwright87, Lax's tutorial has nginx and stunnel running on the same box so they both can't be listening to port 1935. For my testing, right or wrong, I chose port 207 (an unused AppleTalk port) for stunnel to listen on.

Initial testing shows that Lax's example works for me, however I did have to remove the "include = /etc/stunnel/conf.d" line though. It appears to me that right now FB will accept an RTMP or an RTMPS stream regardless of the SLL switch setting.

I use OBS to stream and nginx to relay to FB, YT and a private 3rd party web site. So here is how it works: obs -> nginx (port 1935) -> stunnel (port 207) -> FB. I run nginx and now stunnel on a ubuntu 18.04 server.

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 4, 2019

@ForrestScott That's ace I'll give that a go. I got a bit confused during one tutorial it was talking about setting up a certificate from the client side. Do you know it stunnel sorts all that out for you. Also, how do you sent the rtmps feed instead of the rtmp address?

Thanks in advanced

@franMx

This comment has been minimized.

Copy link

@franMx franMx commented Apr 4, 2019

HI, I'm trying this on a windows machine. Any idea on the configuration to work properly on stunnel?
Tried:
[fb-live]
client = yes
accept = 127.0.0.1:1935
connect = live-api-s.facebook.com:443
verifyChain = no

but got:
Service [fb-live] needs authentication to prevent MITM attacks

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 4, 2019

@jwainwright87 I didn't have to do anything with security certificates. I think that is what the "verifyChain = no" line is about. But I do wonder about that.

I changed my nginx push to FB to this: "push rtmp://127.0.0.1:207/rtmp/;" Again, I am using port 207 for stunnel.

@franMx I got the same message but in my case I think it can be ignored since nginx and stunnel are communicating on the same machine.

@franMx

This comment has been minimized.

Copy link

@franMx franMx commented Apr 4, 2019

Thanks, @ForrestScott unfortunately got this one.

2019.04.04 09:46:49 LOG5[1]: Service [fb-live] accepted connection from 127.0.0.1:53922
2019.04.04 09:46:49 LOG5[1]: s_connect: connected 31.13.89.1:443
2019.04.04 09:46:49 LOG5[1]: Service [fb-live] connected remote server from 192.168.15.8:53923
2019.04.04 09:46:49 LOG5[1]: Connection closed: 3591 byte(s) sent to TLS, 3480 byte(s) sent to socket

Would you mind sharing your conf?

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 4, 2019

@franMx , that looks exactly what I see in my log.

Here is my conf:

setuid = stunnel4
setgid = stunnel4
pid = /tmp/stunnel.pid
output = /var/log/stunnel4/stunnel.log
;include = /etc/stunnel/conf.d

[fb-live]
client = yes
accept = 127.0.0.1:207
connect = live-api-s.facebook.com:443
verifyChain = no

@franMx

This comment has been minimized.

Copy link

@franMx franMx commented Apr 4, 2019

Thanks @ForrestScott, it's working now. On windows stunnel didn't modified the first part, just second block.

@JosueAChavez

This comment has been minimized.

Copy link
Author

@JosueAChavez JosueAChavez commented Apr 5, 2019

Thank you @Lax for the solution! I tried it and it works perfectly and with little to none performance hiccups 🙌

I wrote instructions for those who are using this on Windows. We are all not doomed after all!

@Lax

This comment has been minimized.

Copy link

@Lax Lax commented Apr 5, 2019

Lax, I had been reading about stunnel but couldn't figure out how to configure it. Thank you so much for the tutorial!!! I'll give it a shot!

One question: Since nginx is listening on port 1935, doesn't stunnel need to be listening to a different port since they are running on the same machine?

Yes, you need to choose another port for stunnel if Nginx is already listening on :1935.
(document updated)

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 5, 2019

Having some issues when I am running the following command
systemctl restart stunnel4 && systemctl status stunnel4

This is my output...

`==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'stunnel4.service'.
Multiple identities can be used for authentication:

  1. ,,, (pi)
  2. root
    Choose identity to authenticate as (1-2): 1
    Password:
    ==== AUTHENTICATION COMPLETE ===
    ● stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
    Loaded: loaded (/etc/init.d/stunnel4; generated; vendor preset: enabled)
    Active: active (exited) since Fri 2019-04-05 17:01:04 BST; 27ms ago
    Docs: man:systemd-sysv-generator(8)
    Process: 1168 ExecStop=/etc/init.d/stunnel4 stop (code=exited, status=0/SUCCESS)
    Process: 1174 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=0/SUCCESS)

Apr 05 17:01:04 NginX systemd[1]: Starting LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)...
Apr 05 17:01:04 NginX stunnel4[1174]: TLS tunnels disabled, see /etc/default/stunnel4
Apr 05 17:01:04 NginX systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).`

I did have a issue when installing stunnel4. For some reason it would not let me create the stunnel.conf in bash, so I had to manually create the conf file using nano and input the code in there.

Any help would be much appreciated.

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 5, 2019

I am also getting this when entering the code for the config file:
sudo cat < /etc/stunnel/stunnel.conf

setuid = stunnel4
setgid = stunnel4
pid=/tmp/stunnel.pid
output = /var/log/stunnel4/stunnel.log
include = /etc/stunnel/conf.d
EOF
-bash: /etc/stunnel/stunnel.conf: Permission denied

@ForrestScott

This comment has been minimized.

Copy link

@ForrestScott ForrestScott commented Apr 5, 2019

@jwainwright87 , are you running your commands as sudo? It's required but not mentioned in Lax's guide.

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 5, 2019

@ForrestScott Yes, sorry forgot to mention that. I am also running on Debian Stretch

@duoporcoduo

This comment has been minimized.

Copy link

@duoporcoduo duoporcoduo commented Apr 5, 2019

@Lax, you saved my day, it worked out right here, thank you!

@jwainwright87

This comment has been minimized.

Copy link

@jwainwright87 jwainwright87 commented Apr 5, 2019

@ForrestScott SOLVED my problem.

Issue I had was I needed to ENABLE=1 stunnel in /etc/default/stunnel4

When I ran the restart, it all worked.

Link to article that helped me https://cindyxiaoxiaoli.wordpress.com/2014/06/04/get-stunnel4-up-and-running-on-ubuntu-14-04/

@lbradio

This comment has been minimized.

Copy link

@lbradio lbradio commented Apr 22, 2019

Lax, I had been reading about stunnel but couldn't figure out how to configure it. Thank you so much for the tutorial!!! I'll give it a shot!
One question: Since nginx is listening on port 1935, doesn't stunnel need to be listening to a different port since they are running on the same machine?

Yes, you need to choose another port for stunnel if Nginx is already listening on :1935.
(document updated)

Did you actually updated the document? It's still on port 1935 ;-) (and I can't get it to work)

@Akeem1985

This comment has been minimized.

Copy link

@Akeem1985 Akeem1985 commented Apr 22, 2019

Can someone help me I think I am missing something I was able to install stunnel on my nginx server. However I am a bit confuse of the next steps. Can someone help

@h1rule

This comment has been minimized.

Copy link

@h1rule h1rule commented May 15, 2019

I still get

[!] /etc/stunnel/stunnel.conf:5: "verifyChain = no": Specified option name is not valid here

@nhalstead

This comment has been minimized.

Copy link

@nhalstead nhalstead commented May 18, 2019

Just a note as well, Facebook is closing the usage of RTMP and only allowing RTMPs starting November 1st 2019. Facebook has reset static/persistent stream keys and in addition the stream defaults for the user to use is RTMPs, you just need to uncheck the box that is "Use a secure connection (SSL)".

(This is related to Facebook Pages, Streaming to User Accounts, "Share on your timeline", I believe are forced)
tempsnip

@nhalstead

This comment has been minimized.

Copy link

@nhalstead nhalstead commented May 18, 2019

#457 related.

@alfg alfg mentioned this issue May 21, 2019
@Yesha052

This comment has been minimized.

Copy link

@Yesha052 Yesha052 commented Jul 25, 2019

Hi,
I am getting
rtmps://live-api-s.facebook.com:443/rtmp/130874754803808?s_bl=1&s_sml=2&s_sw=0&s_vt=api-s&a=AbyjDx0YL44B3Zi9
this URL. This is not working in ExoPlayer. Please help me with this.

@colleenkhenry

This comment has been minimized.

Copy link

@colleenkhenry colleenkhenry commented Jul 30, 2019

@Yesha052 You're trying to play a URL that you are supposed to send data TO in Exoplayer?

@Yesha052

This comment has been minimized.

Copy link

@Yesha052 Yesha052 commented Jul 31, 2019

@colleenkhenry
No, Actually, I need to integrate facebook live in my app. I am getting this rtmps URL in the response from GraphAPI, now I need to play this as a live facebook video. How can I play this URL I am stuck.

@nhalstead

This comment has been minimized.

Copy link

@nhalstead nhalstead commented Jul 31, 2019

@Yesha052 If you would look at the URL that you have posted, that is a Stream Key to Facebook's RTMP (with SSL) for Streaming TO Facebook.

This feed is ONE WAY. So feeding this into ExoPlayer will not work. Check for a different link in the the OG API. Chances are, Facebook will not give you a direct link to get the video feed FROM Facebook servers, you'll probability get a link to the post or something such as that.

In addition this Issue that you are having is NOT related to this issue, Either create a new Issue and work out of that or if you already have one work from that ticket.

@kkrishnan90

This comment has been minimized.

Copy link

@kkrishnan90 kkrishnan90 commented Oct 6, 2019

Is there anyway to pass the Facebook streaming key as a dynamic parameter in push directive ? I have been banging my head for the past 2 days to do it. Any help is much appreciated ! Thanks in advance !

@ssllqq

This comment has been minimized.

Copy link

@ssllqq ssllqq commented Nov 15, 2019

I still get

[!] /etc/stunnel/stunnel.conf:5: "verifyChain = no": Specified option name is not valid here

I just removed verifyChain = no and it started working, by default it no

@threehappypenguins

This comment has been minimized.

Copy link

@threehappypenguins threehappypenguins commented Feb 12, 2020

I tried Lax's instructions, and also tried ForrestScott's changes in the stunnel.conf file, and I still can't get my live stream to show up in Facebook. When I type in nano /var/log/stunnel4/stunnel.log the log is blank.

When I type in systemctl restart stunnel4 && systemctl status stunnel4 I get:

● stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
   Loaded: loaded (/etc/init.d/stunnel4; generated; vendor preset: enabled)
   Active: active (exited) since Wed 2020-02-12 12:00:44 AST; 21ms ago
     Docs: man:systemd-sysv-generator(8)
  Process: 22516 ExecStop=/etc/init.d/stunnel4 stop (code=exited, status=0/SUCCESS)
  Process: 22521 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=0/SUCCESS)
      CPU: 21ms

Feb 12 12:00:44 CRPC-HC2 systemd[1]: Starting LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)...
Feb 12 12:00:44 CRPC-HC2 systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).

Is this normal? How do I even go about figuring out where its going wrong when the log is blank too?

@threehappypenguins

This comment has been minimized.

Copy link

@threehappypenguins threehappypenguins commented Feb 12, 2020

I'm starting to think that maybe this is a port forwarding issue for me. So when I created my nginx server, I did so on my Odroid HC2. Because I need access to port 80 on it, in the nginx.conf file, I changed the listen address from 80 to 8725 (made up number). So then in port forward, I have external port 1935 forwarded to internal port 8725 (for my Odroid's internal IP address).

So then I thought that I should forward internal port 19350 (for stunnel) to 8725 as well. But I still can't receive the Facebook stream. Thoughts?

@threehappypenguins

This comment has been minimized.

Copy link

@threehappypenguins threehappypenguins commented Feb 12, 2020

I had to give up on my Odroid. I ended up signing up for Amazon AWS EC2 and installed nginx and stunnel on Ubuntu. I used ForrestScott's setup for stunnel.conf but with port 19350 instead:

setuid = stunnel4
setgid = stunnel4
pid = /tmp/stunnel.pid
output = /var/log/stunnel4/stunnel.log
;include = /etc/stunnel/conf.d

[fb-live]
client = yes
accept = 127.0.0.1:19350
connect = live-api-s.facebook.com:443
verifyChain = no

Apparently, what is supposed to show when I restart stunnel with systemctl restart stunnel4 && systemctl status stunnel4
is

● stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
   Loaded: loaded (/etc/init.d/stunnel4; generated)
   Active: active (running) since Wed 2020-02-12 18:56:54 UTC; 7ms ago
     Docs: man:systemd-sysv-generator(8)
  Process: 31140 ExecStop=/etc/init.d/stunnel4 stop (code=exited, status=0/SUCCESS)
  Process: 31389 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=0/SUCCESS)
    Tasks: 1 (limit: 1152)
   CGroup: /system.slice/stunnel4.service
           └─31414 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: Running  with OpenSSL 1.1.1  11 Sep 2018
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: Update OpenSSL shared libraries or rebuild stunn
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: Reading configuration from file /etc/stunnel/stu
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: UTF-8 byte order mark not detected
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: FIPS mode disabled
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG4[ui]: Service [fb-live] needs authentication to preven
Feb 12 18:56:54 ip-172-31-4-177 stunnel[31413]: LOG5[ui]: Configuration successful
Feb 12 18:56:54 ip-172-31-4-177 stunnel4[31389]: Starting TLS tunnels: /etc/stunnel/stunnel.conf: started
Feb 12 18:56:54 ip-172-31-4-177 systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network

Lastly, I can see errors with stunnel by typing in systemctl status stunnel4.service or journalctl -ex and press ctrl + c to exit out of it (I am using PuTTY in Windows).

@KenSharp

This comment has been minimized.

Copy link

@KenSharp KenSharp commented Mar 3, 2020

I really don't know why this bug report is full of so much prattle.

stunnel works fine.

@siniztr

This comment has been minimized.

Copy link

@siniztr siniztr commented Mar 18, 2020

OK so I have the RTMP server running, and can do live streams to a website. I have set up the stunnel4 as done in the instructions and am not getting any error, however Facebook is not seeing an incoming stream, and checking netstat does not show a connection outbound to facebook. I do see the stream listening but not too sure if the RTMP server is connecting to the tunnel.

@GordonMatthewson

This comment has been minimized.

Copy link

@GordonMatthewson GordonMatthewson commented Apr 4, 2020

got this working, thank you!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.