介绍
srs 服务器支持rtmp、whip、whep,搭建方法简单灵活。我采用主从机的方式进行搭建,环境是阿里云的 ubuntu22。
当然这里我只有一台机器,我采用双网卡的方式模拟主从机的架构。我的内网ip是172.16.154.157(eth0),具有外网ip地址,端口全部可以被外网访问,我在阿里云控制台又为这台 ECS 添加了一个网卡,该网卡的内网 ip 是172.16.154.158(eth1),没有外网 ip,监听在 158 上的 srs 将不能被外网访问。ping -I eth0 www.baidu.com 就可以,ping -I eth1 www.baidu.com 就不行。我用监听到 157 上的 nginx 服务器代理到 srs 的服务端口就可以了。我本来想尝试虚拟网卡的方案,但是那样的网卡用起来还是不方便,最后发现双网卡方案最靠谱。不过需要 httpx-static 源码小小的改动一下以支持监听指定的网卡而不是全部网卡。srs 提供http 的服务,webrtc 需要 https,所以中间用到 nginx 做反向代理。
rtc 需要暴漏相应的端口,没有需要在出入站规则里面设置公开响应UDP、TCP的端口,我是全部打开的。
srs[158] <--> httpx-static <--> nginx(157)
编译
sudo apt install -y cmake golang-go coturn git
git clone https://gitee.com/ossrs/srs.git cd ~/srs/trunk && ./configure && make -j
编译完成后将web目录复制到目标路径下:
cp -a ~/srs/trunk/objs/nginx/html /var/www/aacxx.com/srs
我的实际路径如下:
/var/www/aacxx.com/index.html
/var/www/aacxx.com/srs/index.html
按下图修改 srs/trunk/3rdparty/httpx-static/main.go,代码放后面。
补丁内容
+ var ipInterface string
+ flag.StringVar(&ipInterface, "i", "0.0.0.0", "ip interface")
+ flag.StringVar(&ipInterface, "net card", "0.0.0.0", "listen at ethn.")
- hs := &http.Server{Addr: fmt.Sprintf(":%v", httpPort), Handler: nil}
+ hs := &http.Server{Addr: fmt.Sprintf("%v:%v", ipInterface, httpPort), Handler: nil}
- Addr: fmt.Sprintf(":%v", httpsPort),
+ Addr: fmt.Sprintf("%v:%v", ipInterface, httpsPort),
编译 httpx-static:sudo apt install golang-go cd ~/srs/trunk/3rdparty/httpx-static go build -mod=vendor .
配置
以下是 srs 的 nginx 配置,命名为rtc.nginx.conf,放到/etc/nginx/sites-enabled/下在主站里面引用即可:
server {
if ($host = rtc.aacxx.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
# 修改
listen 172.16.154.157:80;
# listen [::]:80;
# 修改
server_name rtc.aacxx.com;
# Prevent nginx HTTP Server Detection
server_tokens off;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
# rtc 监听 157,将 443 https 请求过滤转发给 158
server {
listen 172.16.154.157:443 ssl;
server_name rtc.aacxx.com;
ssl_certificate /etc/letsencrypt/live/aacxx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aacxx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
root /var/www/aacxx.com/srs;
index index.html index.htm;
# autoindex on;
# autoindex_exact_size off;
# autoindex_localtime on;
# autoindex_format html;
}
# 将 https 请求转发给 httpx-static 的 -proxy 对应端口,再由其转为 http 发给 srs
# https://ossrs.net/lts/zh-cn/docs/v5/doc/http-server 参考官方示例 Nginx Proxy 即可
location ~ ^/(console|players)/ {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://172.16.154.158;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
location ~ ^/.+/.*\.(flv|m3u8|ts|aac|mp3)$ {
proxy_pass https://172.16.154.158;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
location ~ ^/(api|rtc)/ {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://172.16.154.158;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
}
# rtc 监听 157,将 1990 端口的 api 请求转发 158
server {
listen 172.16.154.157:1990;
server_name rtc.aacxx.com;
location /api {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass https://172.16.154.158:1990;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
}
以下是 srs 官方给的配置,srs 自带一个简单的 web 服务,提供一些控制台、推流等接口的调用。我只需要简单修改配置好监听、root、candidate 就行了,srs是内网,我使用自签名证书。命名为rtc.srs.conf。
自签名证书生成:subj="/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=172.16.154.158"; sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout srs.key -out srs.crt -subj $subj
listen 172.16.154.157:1935;
pid /tmp/srs.pid
max_connections 1000;
daemon off;
srs_log_tank console;
http_server {
enabled on;
# 端口和 httpx-static 保持一致
listen 172.16.154.158:8080;
# dir ./objs/nginx/html;
dir /var/www/aacxx.com/srs;
# 默认开启了
crossdomain on;
https {
enabled on;
listen 172.16.154.158:8088;
# cert ./cert/fullchain.pem;
# key ./cert/privkey.pem;
# cert /etc/letsencrypt/live/aacxx.com.dup/cert.pem;
# key /etc/letsencrypt/live/aacxx.com.dup/privkey.pem;
cert /var/www/aacxx.com/srs.crt;
key /var/www/aacxx.com/srs.key;
}
}
http_api {
enabled on;
# 端口和 httpx-static 保持一致
listen 172.16.154.158:1985;
# 默认开启了
crossdomain on;
https {
enabled on;
listen 172.16.154.158:1990;
# cert /etc/letsencrypt/live/aacxx.com.dup/cert.pem;
# key /etc/letsencrypt/live/aacxx.com.dup/privkey.pem;
cert /var/www/aacxx.com/srs.crt;
key /var/www/aacxx.com/srs.key;
}
}
stats {
network 0;
}
rtc_server {
enabled on;
listen 8000; # UDP port 不能指定ip!
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#config-candidate
# 设置为公网的地址
# candidate $CANDIDATE; # 取的应该是上面监听的网卡地址(内网ip不对)
# 一定要设置成公网ip,设置成域名也不能成功转为IP。可以在浏览器控制台网络里面调试查看
# 以上应该就是和 coturn 配置的证书指定的域名地址有关,所以有此问题
api_as_candidates off;
# 使用域名的话火狐好像不能解析
candidate 47.109.148.104;
}
vhost __defaultVhost__ {
rtc {
enabled on; # 启用 RTMP
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtmp-to-rtc
rtmp_to_rtc off; # 每个数据块的大小
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtc-to-rtmp
rtc_to_rtmp off;
}
http_remux {
enabled on;
mount [vhost]/[app]/[stream].flv;
}
}
启动服务
// 1. 运行 srs 在 master 节点上,依赖当前目录
sudo $HOME/srs/trunk/objs/srs -c /var/www/aacxx.com/rtc.srs.conf
2. 运行 srs proxy 在子网卡上,依赖前面的修改代码监听指定的子网卡
sudo $HOME/srs/trunk/3rdparty/httpx-static/httpx-static -- \
-i 172.16.154.158 \
-http=80 \
-https=443 \
-domains=172.16.154.158 \
-root=/var/www/aacxx.com/srs/ \
-ssc /var/www/aacxx.com/srs.crt \
-ssk /var/www/aacxx.com/srs.key \
-proxy=http://172.16.154.158:1985/api/v1/ \
-proxy=http://172.16.154.158:1985/rtc/v1/ \
-proxy=http://172.16.154.158:8080/
接下来就可以从外部访问到srs服务了
注意的点
如果是按照以上双网卡或者主从机方式配置的 srs, candidate 一定要设置外网ip,且要加 api_as_candidates off;,否则推拉流的 sdp 信息里面有两个 ip 不一致的 candidate,导致成功率极大的降低。
遇到问题参考官方文档即可,rtc.srs.conf 来自于官方,官方提供了两中方式,一种作为子目录,一种作为顶级目录,这里是使用了子域名的方式作为顶级目录所部署。web如果加载有问题,F12调试,根据需要简单修改一下站点里面的路径就可以了。
官方参考:https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#config-candidate
扫一扫
6406
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
