#16 Serve HLS stream

Resolves #16.
harryjubb · Jun 26, 2020 · 0f46813 · 0f46813
1 parent 7d1ed65
commit 0f46813
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 133 deletions.
diff --git a/server/backend/config/nginx/custom/site-confs/default b/server/backend/config/nginx/custom/site-confs/default
@@ -1,5 +1,6 @@
 ## Version 2020/05/23 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
-# See the example for commented
+# See the example at https://github.com/linuxserver/docker-letsencrypt/blob/42e6fa5ec9d8628b4af8aa3ce566afc0c16bfdf8/root/defaults/default
+# for further commented out examples
 
 # redirect all traffic to https
 server {
@@ -25,12 +26,6 @@ server {
 	# all ssl related config moved to ssl.conf
 	include /config/nginx/ssl.conf;
 
-	# enable for ldap auth
-	#include /config/nginx/ldap.conf;
-
-	# enable for Authelia
-	#include /config/nginx/authelia-server.conf;
-
 	client_max_body_size 0;
 
 	location / {
@@ -42,111 +37,19 @@ server {
 		return 200 'buzzzzz';
 	}
 
-	location ~ \.php$ {
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass 127.0.0.1:9000;
-		fastcgi_index index.php;
-		include /etc/nginx/fastcgi_params;
-	}
+	# location ~ \.php$ {
+	# 	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	# 	fastcgi_pass 127.0.0.1:9000;
+	# 	fastcgi_index index.php;
+	# 	include /etc/nginx/fastcgi_params;
+	# }
 
-# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
-# notice this is within the same server block as the base
-# don't forget to generate the .htpasswd file as described on docker hub
-#	location ^~ /cp {
-#		auth_basic "Restricted";
-#		auth_basic_user_file /config/nginx/.htpasswd;
-#		include /config/nginx/proxy.conf;
-#		proxy_pass http://192.168.1.50:5050/cp;
-#	}
+	location /hls {
+		proxy_pass http://rtmp_nginx:8080/hls;
+	}
 
 }
 
-# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
-# notice this is a new server block, you need a new server block for each subdomain
-#server {
-#	listen 443 ssl http2;
-#	listen [::]:443 ssl http2;
-#
-#	root /config/www;
-#	index index.html index.htm index.php;
-#
-#	server_name cp.*;
-#
-#	include /config/nginx/ssl.conf;
-#
-#	client_max_body_size 0;
-#
-#	location / {
-#		auth_basic "Restricted";
-#		auth_basic_user_file /config/nginx/.htpasswd;
-#		include /config/nginx/proxy.conf;
-#		proxy_pass http://192.168.1.50:5050;
-#	}
-#}
-
-# sample reverse proxy config for "heimdall" via subdomain, with ldap authentication
-# ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info
-# notice this is a new server block, you need a new server block for each subdomain
-#server {
-#	listen 443 ssl http2;
-#	listen [::]:443 ssl http2;
-#
-#	root /config/www;
-#	index index.html index.htm index.php;
-#
-#	server_name heimdall.*;
-#
-#	include /config/nginx/ssl.conf;
-#
-#	include /config/nginx/ldap.conf;
-#
-#	client_max_body_size 0;
-#
-#	location / {
-#		# the next two lines will enable ldap auth along with the included ldap.conf in the server block
-#		auth_request /auth;
-#		error_page 401 =200 /ldaplogin;
-#
-#		include /config/nginx/proxy.conf;
-#		resolver 127.0.0.11 valid=30s;
-#		set $upstream_app heimdall;
-#		set $upstream_port 443;
-#		set $upstream_proto https;
-#		proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-#	}
-#}
-
-# sample reverse proxy config for "heimdall" via subdomain, with Authelia
-# Authelia container has to be running in the same user defined bridge network, with container name "authelia", and with 'path: "authelia"' set in its configuration.yml
-# notice this is a new server block, you need a new server block for each subdomain
-#server {
-#	listen 443 ssl http2;
-#	listen [::]:443 ssl http2;
-#
-#	root /config/www;
-#	index index.html index.htm index.php;
-#
-#	server_name heimdall.*;
-#
-#	include /config/nginx/ssl.conf;
-#
-#	include /config/nginx/authelia-server.conf;
-#
-#	client_max_body_size 0;
-#
-#	location / {
-#		# the next line will enable Authelia along with the included authelia-server.conf in the server block
-#		include /config/nginx/authelia-location.conf;
-#
-#		include /config/nginx/proxy.conf;
-#		resolver 127.0.0.11 valid=30s;
-#		set $upstream_app heimdall;
-#		set $upstream_port 443;
-#		set $upstream_proto https;
-#		proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-#	}
-#}
-
 # enable subdomain method reverse proxy confs
 include /config/nginx/proxy-confs/*.subdomain.conf;
 # enable proxy cache for auth

diff --git a/server/backend/docker-compose.yml b/server/backend/docker-compose.yml
@@ -5,33 +5,36 @@ services:
   rtmp_nginx:
     build: ./services/rtmp_nginx
     env_file: .env
+    volumes:
+      - type: tmpfs
+        target: /hlstmp
     networks:
       - server_network
 
-  apiary:
-    build: ./apps/apiary
-    env_file: .env
-    volumes: 
-      - ./apps/apiary:/app
-      - static:/static
-      - media:/media
-    depends_on: 
-      - postgres
-    restart: always
-    ports:
-      - 8000:8000
-    networks:
-      - server_network
+  # apiary:
+  #   build: ./apps/apiary
+  #   env_file: .env
+  #   volumes: 
+  #     - ./apps/apiary:/app
+  #     - static:/static
+  #     - media:/media
+  #   depends_on: 
+  #     - postgres
+  #   restart: always
+  #   ports:
+  #     - 8000:8000
+  #   networks:
+  #     - server_network
 
-  postgres:
-    image: postgres:latest
-    volumes:
-      - postgres:/var/lib/postgresql/data/
-    environment:
-      - POSTGRES_PASSWORD
-    restart: always
-    networks:
-      - server_network
+  # postgres:
+  #   image: postgres:latest
+  #   volumes:
+  #     - postgres:/var/lib/postgresql/data/
+  #   environment:
+  #     - POSTGRES_PASSWORD
+  #   restart: always
+  #   networks:
+  #     - server_network
 
   # api:
   #   build: ./services/api

diff --git a/server/backend/services/rtmp_nginx/Dockerfile b/server/backend/services/rtmp_nginx/Dockerfile
@@ -6,4 +6,6 @@ COPY nginx.conf.template /templates/nginx.conf.template
 
 COPY entrypoint.sh /custom_entrypoint/entrypoint.sh
 
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
+
 ENTRYPOINT ["sh", "/custom_entrypoint/entrypoint.sh"]
diff --git a/server/backend/services/rtmp_nginx/entrypoint.sh b/server/backend/services/rtmp_nginx/entrypoint.sh
@@ -5,4 +5,7 @@ set -e
 export STREAM_SECRET_KEY
 envsubst '$STREAM_SECRET_KEY' < /templates/nginx.conf.template > /etc/nginx/nginx.conf
 
+mkdir -p /hlstmp/hls
+chmod -R 777 /hlstmp/hls
+
 nginx -g 'daemon off;'
diff --git a/server/backend/services/rtmp_nginx/nginx.conf.template b/server/backend/services/rtmp_nginx/nginx.conf.template
@@ -1,7 +1,11 @@
+error_log /dev/stdout info;
+
 worker_processes auto;
 rtmp_auto_push on;
 events {}
 rtmp {
+    access_log /dev/stdout;
+
     server {
         # Listening on port 1936
         # As a forward target for 1935 on SSL nginx
@@ -17,20 +21,32 @@ rtmp {
 
             notify_method get;
             on_publish http://127.0.0.1:9123/auth;
+
+            # Turn on HLS
+            hls on;
+            hls_path /hlstmp/hls/;
+            hls_fragment 5s;
+            # hls_fragment 3;
+            # hls_playlist_length 60;
         }
 
         application live {
             live on;
             record off;
             deny publish all;
-            allow play all;
+
+            # allow play all;
+            # Disable consuming the stream from nginx as RTMP(S)
+            deny play all;
 
             pull rtmp://127.0.0.1:1936/publish;
         }
     }
 }
 
 http {
+    access_log /dev/stdout;
+
     # RTMP authentication endpoint
     server {
         listen 9123;
@@ -41,4 +57,51 @@ http {
             return 404;
         }
     }
-}
+
+    # HLS specific settings
+    sendfile off;
+    tcp_nopush on;
+    # aio on;
+    directio 512;
+    default_type application/octet-stream;
+
+    # HLS output endpoint    
+    server {
+        listen 8080;
+
+        location /hls {
+            types {
+                application/vnd.apple.mpegurl m3u8;
+            }
+            root /hlstmp;
+            add_header Cache-Control no-cache;
+
+            # To avoid issues with cross-domain HTTP requests (e.g. during development)
+            add_header Access-Control-Allow-Origin *;
+
+            # # Disable cache
+            # add_header 'Cache-Control' 'no-cache';
+
+            # # CORS setup
+            # add_header 'Access-Control-Allow-Origin' '*' always;
+            # add_header 'Access-Control-Expose-Headers' 'Content-Length';
+
+            # # allow CORS preflight requests
+            # if ($request_method = 'OPTIONS') {
+            #     add_header 'Access-Control-Allow-Origin' '*';
+            #     add_header 'Access-Control-Max-Age' 1728000;
+            #     add_header 'Content-Type' 'text/plain charset=UTF-8';
+            #     add_header 'Content-Length' 0;
+            #     return 204;
+            # }
+
+            # types {
+            #     application/dash+xml mpd;
+            #     application/vnd.apple.mpegurl m3u8;
+            #     video/mp2t ts;
+            # }
+
+            # root /hlstmp/;
+        }
+    }
+}