Nginx搭建flv mp4流媒体服务器

环境：Centos8 / Debian12

一、安装依赖包

1.安装gcc-c++编译器

Centos

yum -y install gcc-c++

Debian

apt install -y build-essential

2.安装zlib

wget http://zlib.net/zlib-1.3.1.tar.gz
tar xzvf zlib-1.3.1.tar.gz
cd zlib-1.3.1
./configure
make && make install

3.安装pcre

wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz
tar zxvf pcre-8.45.tar.gz
cd pcre-8.45
./configure --prefix=/usr/local/pcre
make && make install

4.安装 perl openssl

Centos

yum install -y perl perl-devel
yum install -y openssl openssl-devel

Debian

apt install -y perl libperl-dev
apt install -y openssl libssl-dev

5.下载mp4支持模块备用

wget https://raw.githubusercontent.com/code-shop-com/h264/refs/heads/main/download/nginx_mod_h264_streaming-2.2.7.tar.gz
tar zxvf nginx_mod_h264_streaming-2.2.7.tar.gz
vi nginx_mod_h264_streaming-2.2.7/src/ngx_http_streaming_module.c

将如下几行注释

/* TODO: Win32 */
if (r->zero_in_uri)
{
return NGX_DECLINED;
}

二、安装Nginx服务器并配置

1.安装

groupadd www
useradd -g www www
wget http://nginx.org/download/nginx-1.28.0.tar.gz
tar xzvf nginx-1.28.0.tar.gz
cd nginx-1.28.0
./configure --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.45 --with-pcre-jit --with-zlib=../zlib-1.3.1 --user=www --group=www --with-http_flv_module --with-http_sub_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers' --with-http_v2_module --with-http_v3_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_realip_module --with-http_mp4_module --with-http_secure_link_module --with-cc-opt='-O3'
make && make install

1.1 set but not used [-Werror=unused-but-set-variable] 错误
编辑/root/nginx-1.28.0/objs/Makefile文件，去掉-Werror后重新编译即可

2.验证已安装的Nginx服务器是否支持mp4、flv等视频

/usr/local/nginx/sbin/nginx -V

输出结果如下：

nginx version: nginx/1.28.0
built by gcc 12.2.0 (Debian 12.2.0-14+deb12u1)
built with OpenSSL 3.0.17 1 Jul 2025
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.45 --with-pcre-jit --with-zlib=../zlib-1.3.1 --user=www --group=www --with-http_flv_module --with-http_sub_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers' --with-http_v2_module --with-http_v3_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_realip_module --with-http_mp4_module --with-http_secure_link_module --with-cc-opt=-O3

三、配置

编辑 /usr/local/nginx/conf/nginx.conf 文件
下面仅显示需要修改的参数

user www www;

worker_processes auto;

error_log  /usr/local/nginx/logs/error.log  crit;

pid /usr/local/nginx/logs/nginx.pid;

events {
    use epoll;
    worker_connections 65535;
    multi_accept on;
}

http {
    include mime.types;
    default_type application/octet-stream;
    
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 150m;
    tcp_nopush on;
    tcp_nodelay on;
    
    sendfile on;
    sendfile_max_chunk 256k; 
    aio threads;
    directio 512k;
    output_buffers 1 128k;

    keepalive_timeout 60;
    #limit_conn_zone $binary_remote_addr zone=perip:10m; #容器共使用10M的内存来应对IP传输开销
    #limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; #限制请求数为每个ip 1次/s
    
    #只允许同源域名下的页面iframe
    add_header X-Frame-Options SAMEORIGIN;
    #响应头可以禁用浏览器的类型猜测行为
    add_header X-Content-Type-Options nosniff;
    #XSS 保护
    add_header X-XSS-Protection "1; mode=block";
    
    #跨域授权
    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

    #启用HSTS
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied        expired no-cache no-store private auth;
    gzip_disable        "MSIE [1-6]\.";
    
    server {
    listen 80 default_server;
    listen 443 ssl default_server;
    ssl_reject_handshake on;
    return 444;
    }

    server {
        listen 80 backlog=20480;
        listen 443 quic reuseport;
        listen 443 ssl;
        http2 on;
        ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;
        add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000';

        server_name 2dan.cc; 
        root /home/html;
        #limit_conn perip 3; #限制每个IP同一时间只能发起3个连接
        limit_rate_after 10m; #在视频文件下载10M以后开始限速
        limit_rate 100k; #速度限制为100K
        charset utf-8;

        ssl_certificate      /usr/local/nginx/conf/fullchain.cer;
        ssl_certificate_key  /usr/local/nginx/conf/2dan.cc.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
        ssl_prefer_server_ciphers on;
        error_page 497 https://$host$uri; #http重定向到https

        location ~ \.well-known{
            allow all;
        }
        location ~ \.mp4 {
                mp4;
          valid_referers none blocked *.2dan.cc;
              if ($invalid_referer) {
                 return 403;
             }
             expires      365d;
        }
        location ~ \.flv {
            flv;
          valid_referers none blocked *.2dan.cc; 
              if ($invalid_referer) {
                  return 403;
             }
             expires      365d;
        }
        access_log off;
    }
}

测试启动nginx

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

设置nginx开机启动:

在系统服务目录里创建nginx.service文件vi /usr/lib/systemd/system/nginx.service
写入内容如下:

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=false

[Install]
WantedBy=multi-user.target

设置开机自启动

systemctl enable nginx.service

杀死nginx重启nginx

pkill -9 nginx
systemctl start nginx

或者

systemctl restart nginx

重载nginx

systemctl reload nginx

查看nginx服务状态

systemctl status nginx

四、使用与测试

1.为视频文件添加关键帧，flv使用 yamdi mp4使用 qt-faststart
2.将输出的文件上传到 /home/html 目录下，并使用播放器调用以测试是否正常播放、随意拖动、边缓存边播放。

五、SSL证书

推荐使用acme.sh免费生成Let's Encrypt证书

1.安装 acme.sh

curl https://get.acme.sh | sh -s [email protected]

2.生成证书

acme.sh --issue -d example.com -d www.example.com --webroot /home/html/example.com/

或者

acme.sh --issue -d example.com --nginx

如果你还没有运行任何 web 服务, 80 端口是空闲的, 那么 acme.sh 还能假装自己是一个webserver, 临时听在80 端口, 完成验证:

acme.sh --issue -d example.com --standalone

如果报错

-bash: acme.sh: command not found

执行下面的命令让PATH生效即可：

source ~/.bashrc

3.copy/安装 证书

acme.sh --install-cert -d example.com \
--key-file      /usr/local/nginx/conf/example.com.key  \
--fullchain-file /usr/local/nginx/conf/fullchain.cer \
--reloadcmd     "service nginx force-reload"

4.查看已安装证书信息

acme.sh --info -d example.com

5.更新证书

目前证书在 90 天以后会自动更新, 你无需任何操作. 请确保crontab正确安装, 运行命令crontab -l后看起来是类似这样的:

56 * * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

手动强制更新证书

acme.sh --cron --home "/root/.acme.sh" --force

6.更新 acme.sh到最新版

acme.sh --upgrade

如果你不想手动升级, 可以开启自动升级:

acme.sh --upgrade --auto-upgrade

之后, acme.sh就会自动保持更新了.

你也可以随时关闭自动更新:

acme.sh --upgrade --auto-upgrade  0