Nginx搭建flv mp4流媒体服务器
环境:Centos 8.0 64bit
一、安装依赖包
1.安装gcc-c++
yum -y install gcc-c++
2.安装zlib
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xzvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install
3.安装pcre
wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz
tar zxvf pcre-8.43.tar.gz
cd pcre-8.43
./configure --prefix=/usr/local/pcre
make && make install
4.安装 openssl openssl-devel
yum install perl perl-devel
yum install openssl openssl-devel
5.下载mp4支持模块备用
wget http://h264.code-shop.com/download/nginx_mod_h264_streaming-2.2.7.tar.gz
tar zxvf nginx_mod_h264_streaming-2.2.7.tar.gz
vi nginx_mod_h264_streaming-2.2.7/src/ngx_http_streaming_module.c将如下几行注释
/* TODO: Win32 */
if (r->zero_in_uri)
{
return NGX_DECLINED;
}
二、安装Nginx服务器并配置
1.安装
groupadd www
useradd -g www www
wget http://nginx.org/download/nginx-1.22.1.tar.gz
tar xzvf nginx-1.22.1.tar.gz
cd nginx-1.22.1
./configure --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --user=www --group=www --with-http_flv_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers' --with-http_v2_module --with-http_mp4_module --with-http_hls_module --with-http_secure_link_module --with-cc-opt='-O3'
make && make install
1.1 set but not used [-Werror=unused-but-set-variable] 错误
编辑/root/nginx-1.22.1/objs/Makefile文件,去掉-Werror后重新编译即可
2.验证已安装的Nginx服务器是否支持mp4、flv等视频
/usr/local/nginx/sbin/nginx -V
输出结果如下:
nginx version: nginx/1.22.1
built by gcc 8.2.1 20180905 (Red Hat 8.2.1-3) (GCC)
built with OpenSSL 1.1.1 FIPS 11 Sep 2018
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --user=www --group=www --with-http_flv_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers' --with-http_v2_module --with-http_mp4_module --with-http_hls_module --with-http_secure_link_module --with-cc-opt=-O3
三、配置
编辑 /usr/local/nginx/conf/nginx.conf 文件
下面仅显示需要修改的参数
user www www;
worker_processes auto;
error_log /usr/local/nginx/logs/error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 150m;
tcp_nopush on;
tcp_nodelay on;
sendfile on;
sendfile_max_chunk 256k;
aio threads;
directio 512k;
output_buffers 1 128k;
keepalive_timeout 60;
limit_conn_zone $binary_remote_addr zone=perip:10m; #容器共使用10M的内存来应对IP传输开销
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; #限制请求数为每个ip 1次/s
#只允许同源域名下的页面iframe
add_header X-Frame-Options SAMEORIGIN;
#响应头可以禁用浏览器的类型猜测行为
add_header X-Content-Type-Options nosniff;
#XSS 保护
add_header X-XSS-Protection "1; mode=block";
#跨域授权
add_header Access-Control-Allow-Origin "http://www.2dan.cc";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
#启用HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_reject_handshake on;
return 444;
}
server {
listen 80 backlog=20480;
listen 443 ssl http2 fastopen=3 reuseport;
server_name 2dan.cc;
root /home/html;
limit_conn perip 3; #限制每个IP同一时间只能发起3个连接
limit_rate_after 10m; #在视频文件下载10M以后开始限速
limit_rate 100k; #速度限制为100K
charset utf-8;
ssl_certificate 2dan.cc_bundle.crt;
ssl_certificate_key 2dan.cc.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
error_page 497 https://$host$uri; #http重定向到https
location ~ \.mp4 {
mp4;
valid_referers none blocked *.2dan.cc; #防盗链授权
if ($invalid_referer) {
return 403;
}
expires 365d;
}
location ~ \.flv {
flv;
valid_referers none blocked *.2dan.cc; #防盗链授权
if ($invalid_referer) {
return 403;
}
expires 365d;
}
access_log off;
}
}
测试启动nginx
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
设置nginx开机启动:
在系统服务目录里创建nginx.service文件vi /usr/lib/systemd/system/nginx.service
写入内容如下:
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
设置开机自启动
systemctl enable nginx.service
杀死nginx重启nginx
pkill -9 nginx
systemctl start nginx
四、使用与测试
1.为视频文件添加关键帧,flv使用 yamdi mp4使用 qt-faststart
2.将输出的文件上传到 /home/html 目录下,并使用播放器调用以测试是否正常播放、随意拖动、边缓存边播放。
五、SSL证书
推荐使用acme.sh免费生成letsencrypt证书