目录
1、创建2个Ubuntu虚拟机,分别作为nginx服务器、SRS服务器。配置为桥接模式连接局域网(有独立IP)
2、通过Linux的ifconfig命令,分别查看两服务器的IP
3、修改C:\Windows\System32\drivers\etc\hosts文件,添加如下内容:(做DNS劫持,在局域网模拟公网环境)
1、git clone SRS代码仓库到~/,按readme执行初始化
3、在~/srs/trunk/3rdparty/httpx-static下编译httpx-static:
4、 使用OpenSSL发布自签名证书,得到证书mysrs.crt和私钥mysrs.key,复制到~/srs/trunk/3rdparty/httpx-static:
5、启动httpx-static,代理SRS到https协议:
6、启动SRS,此时可以通过https协议访问SRS服务器。
2、输入sudo nginx -t,找到config所在的位置,如:/etc/nginx,将证书复制到此
3、在该目录下的./conf.d文件夹,创建新的conf文件srs.conf(文件名称不做要求)
背景
nginx服务器(公网暴露访问,挂域名)
SRS服务器(内网IP访问,也可公网IP访问,无域名)
目的
实现用户通过域名向nginx服务器发送WebRTC推拉流请求,由nginx服务器代理到SRS服务器,SRS服务器不在公网暴露。
局域网实验
1、创建2个Ubuntu虚拟机,分别作为nginx服务器、SRS服务器。配置为桥接模式连接局域网(有独立IP)
2、通过Linux的ifconfig
命令,分别查看两服务器的IP
3、修改C:\Windows\System32\drivers\etc\hosts
文件,添加如下内容:(做DNS劫持,在局域网模拟公网环境)
4、SRS服务器配置
1、git clone SRS代码仓库到~/
,按readme执行初始化
2、安装go语言环境
sudo apt install golang-go
3、在~/srs/trunk/3rdparty/httpx-static
下编译httpx-static:
srs@ubuntu:~/srs/trunk/3rdparty/httpx-static$ go build -mod=vendor .
4、 使用OpenSSL发布自签名证书,得到证书mysrs.crt
和私钥mysrs.key
,复制到~/srs/trunk/3rdparty/httpx-static
:
openssl genrsa -out mysrs.key 2048 &&
subj="/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=192.168.0.110" && # 这里需要替换内网IP
openssl req -new -x509 -key mysrs.key -out mysrs.crt -days 3650 -subj $subj &&
5、启动httpx-static,代理SRS到https协议:
srs@ubuntu:~/srs/trunk/3rdparty/httpx-static$ sudo ./httpx-static -t 80 -s 443 -k mysrs.key -c mysrs.crt -r ~/srs/trunk/research/ -p http://127.0.0.1:1985/rtc/
6、启动SRS,此时可以通过https协议访问SRS服务器。
srs@ubuntu:~/srs/trunk$ ./objs/srs -c ./conf/https.rtc.conf
listen 1935;
max_connections 1000;
daemon off;
srs_log_tank console;
http_server {
enabled on;
listen 8080;
dir ./objs/nginx/html;
https {
enabled on;
listen 8088;
# key ./conf/server.key;
# cert ./conf/server.crt;
key ./conf/mysrs.key; # 此处有修改
cert ./conf/mysrs.crt; # 此处有修改
}
}
http_api {
enabled on;
listen 1985;
https {
enabled on;
listen 1990;
# key ./conf/server.key;
# cert ./conf/server.crt;
key ./conf/mysrs.key; # 此处有修改
cert ./conf/mysrs.crt; # 此处有修改
}
}
stats {
network 0;
}
rtc_server {
enabled on;
listen 8000; # UDP port
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#config-candidate
candidate $CANDIDATE;
}
vhost __defaultVhost__ {
rtc {
enabled on;
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtmp-to-rtc
rtmp_to_rtc off;
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtc-to-rtmp
# rtc_to_rtmp off;
rtc_to_rtmp on; # 此处有修改
}
http_remux {
enabled on;
mount [vhost]/[app]/[stream].flv;
}
}
5、nginx服务器配置
1、安装nginx:
nginx@ubuntu:~$ sudo apt install nginx
2、输入sudo nginx -t
,找到config所在的位置,如:/etc/nginx
,将证书复制到此
3、在该目录下的./conf.d
文件夹,创建新的conf文件srs.conf
(文件名称不做要求)
# 将此文件中所有 mynginx.com 更换为nginx服务器公网域名
# 将此文件中所有 192.168.0.110 更换为SRS服务器内网IP
server {
listen 80;
server_name mynginx.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl;
server_name mynginx.com;
ssl_certificate /etc/nginx/cacert.pem;
ssl_certificate_key /etc/nginx/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location /players {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://192.168.0.110;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
location /rtc {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://192.168.0.110;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
location /console {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://192.168.0.110;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
}
server {
listen 1990;
server_name mynginx.com;
location /api {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://192.168.0.110;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
}