Created
August 25, 2017 11:14
-
-
Save kirkins/fb811f8caf34d3cdf1d9874050fb1a62 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
daemon off; | |
worker_processes auto; | |
error_log /var/log/nginx/error.log debug; | |
events { | |
worker_connections 1024; | |
} | |
rtmp { | |
server { | |
listen 1935; | |
# Any origin can play the stream | |
allow play all; | |
chunk_size 4000; | |
# Get methods contains all arguments | |
notify_method get; | |
application publish { | |
live on; | |
# Any ip can publish | |
allow publish all; | |
# Publish only endpoint | |
deny play all; | |
# Get the publish server | |
on_publish http://172.17.0.1:3000/rtmp/publish; | |
# Notify the API that the rtmp has finish | |
on_publish_done http://172.17.0.1:3000/rtmp/publish_done; | |
} | |
# Public endpoint for playing RTMP | |
application play { | |
deny publish all; | |
allow play all; | |
live on; | |
# Get play server | |
on_play http://172.17.0.1:3000/rtmp/play; | |
} | |
# Public endpoint | |
application live { | |
live on; | |
# Non publishable endpoint. Plya from private subnets only. | |
allow play 127.0.0.1; | |
allow play 172.17.0.1; | |
allow play 10.0.0.0/8; | |
allow play 172.16.0.0/12; | |
allow play 192.0.0.0/16; | |
deny play all; | |
allow publish 127.0.0.1; | |
deny publish all; | |
} | |
application encode { | |
live on; | |
# Publish from private subnets only | |
allow publish 127.0.0.1; | |
allow publish 172.17.0.1; | |
allow publish 10.0.0.0/8; | |
allow publish 172.16.0.0/12; | |
allow publish 192.0.0.0/16; | |
deny publish all; | |
# Not playable endpoint | |
allow play 127.0.0.1; | |
allow play 172.17.0.1; | |
allow play 10.0.0.0/8; | |
allow play 172.16.0.0/12; | |
allow play 192.0.0.0/16; | |
deny play all; | |
hls_keys on; | |
hls_key_path /data/keys; | |
hls_key_url https://localhost/keys/; | |
hls_fragments_per_key 10; | |
exec ffmpeg -i rtmp://localhost:1935/encode/$name | |
# no conversion | |
#-c:a libfdk_aac -c:v libx264 -f flv -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name | |
#-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 2500k -f flv -g 30 -r 30 -s 1280x720 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_720p2628kbs | |
-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 1000k -f flv -g 30 -r 30 -s 854x480 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_480p1128kbs | |
-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 750k -f flv -g 30 -r 30 -s 640x360 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_360p878kbs | |
-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 400k -f flv -g 30 -r 30 -s 426x240 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_240p528kbs | |
-c:a libfdk_aac -b:a 64k -c:v libx264 -b:v 200k -f flv -g 15 -r 15 -s 426x240 -preset superfast -profile:v baseline rtmp://localhost:1935/hls/$name_240p264kbs | |
; | |
# Stream locally on /live | |
exec ffmpeg -i rtmp://localhost:1935/encode/$name | |
-c:a libfdk_aac -b:a 128k -c:v libx264 -b:v 1000k -f flv -g 30 -r 30 -s 854x480 -preset superfast -profile:v baseline rtmp://localhost:1935/live/$name | |
; | |
} | |
application hls { | |
live on; | |
allow publish 127.0.0.1; | |
deny publish all; | |
allow play all; | |
hls_fragment_naming system; | |
hls_fragment 2s; | |
hls on; | |
hls_path /data/hls; | |
# Split streams into folders | |
hls_nested on; | |
# multi bitrate HLS | |
# https://support.jwplayer.com/customer/en/portal/articles/1430240-hls-adaptive-streaming | |
#hls_variant _720p2628kbs BANDWIDTH=2628000,RESOLUTION=1280x720; | |
hls_variant _480p1128kbs BANDWIDTH=1128000,RESOLUTION=854x480; | |
hls_variant _360p878kbs BANDWIDTH=878000,RESOLUTION=640x360; | |
hls_variant _240p528kbs BANDWIDTH=528000,RESOLUTION=426x240; | |
hls_variant _240p264kbs BANDWIDTH=264000,RESOLUTION=426x240; | |
# make previews | |
recorder preview { | |
record keyframes; | |
record_max_frames 4; | |
record_path /data/recordings; | |
record_interval 30s; | |
exec_record_done ffmpeg -i $path -vcodec png -vframes 1 -an -f rawvideo -s 320x240 -ss 00:00:01 -y /data/thumbnails/$name.png; | |
} | |
# TODO Recording | |
recorder rec1 { | |
record all manual; | |
record_suffix all.flv; | |
record_path /tmp/rec; | |
record_unique on; | |
} | |
} | |
} | |
} | |
http { | |
log_format main | |
'$remote_addr - $remote_user [$time_local] ' | |
'"$request_method $scheme://$host$request_uri $server_protocol" ' | |
'"$request" $status $bytes_sent ' | |
'"$http_referer" "$http_user_agent" ' | |
'"$gzip_ratio"'; | |
access_log /var/log/nginx/access.log main; | |
# TODO setup another endpoint for controls | |
# https://github.com/arut/nginx-rtmp-module/wiki/Control-module | |
server { | |
listen 8080; | |
server_name localhost; | |
location /control { | |
rtmp_control all; | |
} | |
} | |
server { | |
listen 443 ssl; | |
server_name localhost 127.0.0.1 video.2klic.io *.2klic.io; | |
# location /redirect { | |
# rewrite ^/redirect(.*) https://$server_name/hls/test.m3u8 permanent; | |
# } | |
# certificate for prod | |
#ssl_certificate /config/ssl/2klic.com/ssl_certificate.crt; | |
#ssl_certificate_key /config/ssl/2klic.com/2klic-io.key; | |
# self-signed certificate for localhost tests | |
#ssl_certificate /config/ssl/localhost/server.crt; | |
#ssl_certificate_key /config/ssl/localhost/server.key; | |
# self-signed certificate for *.2klic.io tests | |
#ssl_certificate /config/ssl/wildcard/server.crt; | |
#ssl_certificate_key /config/ssl/wildcard/server.key; | |
include mime.types; | |
default_type application/octet-stream; | |
# full-resolution (desktop) HLS stream - "http://<my-ip>:<port>/hls/<stream-key>/index.m3u8" | |
location /hls { | |
types { | |
application/vnd.apple.mpegurl m3u8; | |
video/mp2t ts; | |
} | |
root /data; | |
add_header Cache-Control no-cache; | |
add_header Access-Control-Allow-Origin *; | |
add_header 'Access-Control-Max-Age' 0; | |
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; | |
add_header 'Access-Control-Allow-Headers' 'Range'; | |
expires off; | |
} | |
# Stats in user readable format | |
location /stat { | |
rtmp_stat all; | |
rtmp_stat_stylesheet static/stat.xsl; | |
allow 127.0.0.1; | |
allow 172.17.0.1; | |
allow 66.131.186.208; | |
deny all; | |
} | |
# Stats in XML format | |
location /stat.xml { | |
rtmp_stat all; | |
allow 127.0.0.1; | |
allow 172.17.0.1; | |
allow 66.131.186.208; | |
deny all; | |
} | |
location /static { | |
alias /static; | |
} | |
location /crossdomain.xml { | |
default_type text/xml; | |
return 200 '<?xml version="1.0"?> | |
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> | |
<cross-domain-policy> | |
<site-control permitted-cross-domain-policies="all"/> | |
<allow-access-from domain="*" secure="false"/> | |
<allow-http-request-headers-from domain="*" headers="*" secure="false"/> | |
</cross-domain-policy>'; | |
expires 24h; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Had the rec1 block inside the wrong application block
https://stackoverflow.com/questions/45871094/rtmp-nginx-use-control-endpoint-for-record