需求背景:
想着搭建一个视频点播服务器,最后选择了nginx+vod的方案,用lua脚本写拉流鉴权,但是环境搭建过程中又发现nginx++vod+lua的环境并不是很容易搭建,是nginx+lua的环境,手动搭建比较麻烦,但还是实现了,还有另一种方案是可以用openresty(nginx+lua)+ vod的方案,因为openresty已经帮你包含了nginx和lua的环境,但是还不包含vod这个点播模块,只需自己add-module vod就可以了
注意本文章介绍的点播lua鉴权,只做了m3u8文件的鉴权,并未对ts文件的鉴权,简单的判断是否带token的鉴权,至于token的设计,还需自己配置,
本文主要介绍了环境的搭建,鉴权流程的分析,重在流程,最后会在文中附上安装脚本和nginx.conf的整个配置文件
方案一 nginx+vod+lua
配置服务器DNS:
echo "nameserver 114.114.114.114" >> /etc/resolv.conf安装网路工具
yum install wget ntpdate git -y 安装编译工具及依赖库
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y同步服务器时间
-
ntpdate ntp.aliyun.com
-
timedatectl set-timezone Asia/Shanghai
创建点播服务器的安装目录
我这里安装到了/usr/cloudland/nginx的目录下
-
mkdir -p /usr/cloudland/nginx
-
export NGINX_INSTALL_PATH=/usr/cloudland/nginx
下载配置安装lua解释器LuaJIT
-
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
-
tar xzvf LuaJIT-2.0.4.tar.gz
-
cd LuaJIT-2.0.4
-
make install PREFIX=$NGINX_INSTALL_PATH/luajit
-
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
-
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
-
cd -
注意上面的两个export命令,配置lua解释器的环境变量
下载nginx NDK(ngx_devel_kit)扩展模块
-
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
-
tar -xzvf v0.3.0.tar.gz
下载lua-nginx-module
-
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
-
tar -xzvf v0.10.9rc7.tar.gz
下载安装lua-resty-http模块(lua的库,实现http功能的一些库)
-
wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
-
tar -zxvf v0.16.1.tar.gz
-
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
-
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
注意NGINX_INSTALL_PATH换成自己nginx的安装路径即可,上面的两个cp的命令,这个是解决resty-http找不到的问题
下载安装lua-cjson模块(lua的库,为lua提供json相关功能)
-
wget https://github.com/openresty/lua-cjson/archive/refs/tags/2.1.0.9.tar.gz
-
tar -zxvf 2.1.0.9.tar.gz
-
cd lua-cjson-2.1.0.9
-
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/
-
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/ install
-
cd -
注意上面的make参数,指定的安装路径及头文件,解决的是找不到lua-cjson相关库的问题
下载nginx-vod模块
这个模块是为nginx实现点播功能的
-
wget https://github.com/kaltura/nginx-vod-module/archive/refs/tags/1.28.tar.gz
-
tar -zxvf 1.28.tar.gz
下载配置安装nginx
-
wget https://nginx.org/download/nginx-1.20.1.tar.gz
-
tar -xzvf nginx-1.20.1.tar.gz
-
cd nginx-1.20.1
-
./configure --prefix=/usr/cloudland/nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0 --add-module=../nginx-vod-module-1.28/
-
make
-
make install
将luajia相关库加载一下
-
echo "$NGINX_INSTALL_PATH/luajit/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
-
ldconfig
修改nginx配置文件nginx.conf
有两处修改
修改处一:
-
init_by_lua_block {
-
cjson = require "cjson";
-
http = require "resty.http";
-
}
添加位置:
修改处二:
-
location /vod {
-
-
rewrite_by_lua_block {
-
-- local cjson = require "cjson"
-
-- local http = require "resty.http"
-
local httpc = http.new()
-
local ngx = ngx
-
local headers = ngx.req.get_headers()
-
local extension = ngx.var.request_uri:match(".+%.(%w+)$")
-
-
local token = headers["token"]
-
local request_method = ngx.var.request_method
-
local args = nil
-
if "GET" == request_method then
-
args = ngx.req.get_uri_args()
-
elseif "POST" == request_method then
-
ngx.req.read_body()
-
args = ngx.req.get_post_args()
-
end
-
-
if extension == 'm3u8' then
-
token = args["token"];
-
if not token then
-
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
-
ngx.status = ngx.HTTP_FORBIDDEN
-
ngx.say("Nil token,Not Privileged To Play")
-
-- ngx.say(ngx.var.request_uri);
-
-- ngx.say(extension);
-
ngx.exit(200)
-
end
-
-- 要实现token鉴权的服务,header和参数已经实现,根据实际需要选择
-
-- 可以将URL发送给一个golang服务,用golang服务来做具体鉴权
-
local url = "http://172.20.0.95:11985/api/rest/v1/vod/check";
-
-
local res, err = httpc:request_uri(url, {method="GET", headers={["token"]=token}})
-
-
if not res then
-
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
-
ngx.say(cjson.encode({message = "Error getting response",status = ngx.HTTP_INTERNAL_SERVER_ERROR }));
-
ngx.exit(200)
-
end
-
if res.body == '0' then
-
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
-
ngx.say("Valid token,Not Privileged To Play.");
-
ngx.exit(200)
-
end
-
end
-
}
-
-
vod hls; # 协议使用hls模式
-
vod_mode local; # 访问模式指定为local模式
-
-
vod_align_segments_to_key_frames on; # 每个切片以关键帧开头
-
vod_manifest_segment_durations_mode accurate; # 精确显示每个切片的长度
-
root /media;
-
-
#alias /media; # 视频文件路径
-
#proxy_pass http://172.0.0.74:80/lua;
-
}
添加位置:
整个nginx.conf文件的配置
-
-
#user nobody;
-
worker_processes 1;
-
-
error_log logs/error.log;
-
#error_log logs/error.log notice;
-
#error_log logs/error.log info;
-
-
#pid logs/nginx.pid;
-
-
-
events {
-
worker_connections 1024;
-
}
-
-
-
http {
-
include mime.types;
-
default_type application/octet-stream;
-
-
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-
'$status $body_bytes_sent "$http_referer" '
-
'"$http_user_agent" "$http_x_forwarded_for"';
-
-
access_log logs/access.log main;
-
-
sendfile on;
-
#tcp_nopush on;
-
-
#keepalive_timeout 0;
-
keepalive_timeout 65;
-
-
#gzip on;
-
-
init_by_lua_block {
-
cjson = require "cjson";
-
http = require "resty.http";
-
}
-
-
server {
-
listen 80;
-
server_name localhost;
-
-
#charset koi8-r;
-
-
#access_log logs/host.access.log main;
-
-
location / {
-
root html;
-
index index.html index.htm;
-
}
-
-
location /lua {
-
default_type 'text/plain';
-
content_by_lua 'ngx.say("hello, lua for vod")';
-
}
-
-
-
location /vod {
-
-
rewrite_by_lua_block {
-
-- local cjson = require "cjson"
-
-- local http = require "resty.http"
-
local httpc = http.new()
-
local ngx = ngx
-
local headers = ngx.req.get_headers()
-
local extension = ngx.var.request_uri:match(".+%.(%w+)$")
-
-
local token = headers["token"]
-
local request_method = ngx.var.request_method
-
local args = nil
-
if "GET" == request_method then
-
args = ngx.req.get_uri_args()
-
elseif "POST" == request_method then
-
ngx.req.read_body()
-
args = ngx.req.get_post_args()
-
end
-
-
if extension == 'm3u8' then
-
token = args["token"];
-
if not token then
-
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
-
ngx.status = ngx.HTTP_FORBIDDEN
-
ngx.say("Nil token,Not Privileged To Play")
-
-- ngx.say(ngx.var.request_uri);
-
-- ngx.say(extension);
-
ngx.exit(200)
-
end
-
-- 要实现token鉴权的服务,header和参数已经实现,根据实际需要选择
-
-- 可以将URL发送给一个golang服务,用golang服务来做具体鉴权
-
local url = "http://172.20.0.95:11985/api/rest/v1/vod/check";
-
-
local res, err = httpc:request_uri(url, {method="GET", headers={["token"]=token}})
-
-
if not res then
-
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
-
ngx.say(cjson.encode({message = "Error getting response",status = ngx.HTTP_INTERNAL_SERVER_ERROR }));
-
ngx.exit(200)
-
end
-
if res.body == '0' then
-
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
-
ngx.say("Valid token,Not Privileged To Play.");
-
ngx.exit(200)
-
end
-
end
-
}
-
-
vod hls; # 协议使用hls模式
-
vod_mode local; # 访问模式指定为local模式
-
-
vod_align_segments_to_key_frames on; # 每个切片以关键帧开头
-
vod_manifest_segment_durations_mode accurate; # 精确显示每个切片的长度
-
root /media;
-
-
#alias /media; # 视频文件路径
-
#proxy_pass http://172.0.0.74:80/lua;
-
}
-
-
-
#error_page 404 /404.html;
-
-
# redirect server error pages to the static page /50x.html
-
#
-
error_page 500 502 503 504 /50x.html;
-
location = /50x.html {
-
root html;
-
}
-
-
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
-
#
-
#location ~ \.php$ {
-
# proxy_pass http://127.0.0.1;
-
#}
-
-
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-
#
-
#location ~ \.php$ {
-
# root html;
-
# fastcgi_pass 127.0.0.1:9000;
-
# fastcgi_index index.php;
-
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
-
# include fastcgi_params;
-
#}
-
-
# deny access to .htaccess files, if Apache's document root
-
# concurs with nginx's one
-
#
-
#location ~ /\.ht {
-
# deny all;
-
#}
-
}
-
-
-
# another virtual host using mix of IP-, name-, and port-based configuration
-
#
-
#server {
-
# listen 8000;
-
# listen somename:8080;
-
# server_name somename alias another.alias;
-
-
# location / {
-
# root html;
-
# index index.html index.htm;
-
# }
-
#}
-
-
-
# HTTPS server
-
#
-
#server {
-
# listen 443 ssl;
-
# server_name localhost;
-
-
# ssl_certificate cert.pem;
-
# ssl_certificate_key cert.key;
-
-
# ssl_session_cache shared:SSL:1m;
-
# ssl_session_timeout 5m;
-
-
# ssl_ciphers HIGH:!aNULL:!MD5;
-
# ssl_prefer_server_ciphers on;
-
-
# location / {
-
# root html;
-
# index index.html index.htm;
-
# }
-
#}
-
-
}
将上述nginx.conf修改到/usr/cloudland/nginx.conf
启动nginx
-
cd /usr/cloudland/nginx/
-
./sbin/nginx -p $PWD -c conf/nginx.conf
结果验证:
在验证之前最后关闭防火墙
关闭防火墙:
systemctl stop firewalld随便拷贝一个视频到/media/vod目录下
用浏览器打开http://172.24.0.74/vod/720p-test.mp4/index.m3u8
上述不带token的结果
用浏览器打开带token的URLhttp://172.24.0.74/vod/720p-test.mp4/index.m3u8
发现会允许下载index.m3u8文件
用VLC打开带token的URL发现视频可以播放
整个环境搭建的脚本:
-
#!/bin/sh
-
NGINX_INSTALL_PATH=/usr/cloudland/nginx
-
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
-
-
yum install wget ntpdate git -y
-
-
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
-
-
-
ntpdate ntp.aliyun.com
-
-
timedatectl set-timezone Asia/Shanghai
-
-
-
# LuaJIT
-
if [ ! -f LuaJIT-2.0.4.tar.gz ]; then
-
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
-
fi
-
tar xzvf LuaJIT-2.0.4.tar.gz
-
cd LuaJIT-2.0.4
-
make install PREFIX=$NGINX_INSTALL_PATH/luajit
-
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
-
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
-
cd -
-
-
#ngx_devel_kit
-
if [ ! -f v0.3.0.tar.gz ]; then
-
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
-
fi
-
tar -xzvf v0.3.0.tar.gz
-
-
#lua-nginx-module
-
if [ ! -f v0.10.9rc7.tar.gz ]; then
-
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
-
fi
-
tar -xzvf v0.10.9rc7.tar.gz
-
-
-
#lua-resty-http
-
if [ ! -f v0.16.1.tar.gz ]; then
-
wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
-
fi
-
tar -zxvf v0.16.1.tar.gz
-
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
-
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
-
-
#lua-cjson
-
if [ ! -f 2.1.0.9.tar.gz ]; then
-
wget https://github.com/openresty/lua-cjson/archive/refs/tags/2.1.0.9.tar.gz
-
fi
-
tar -zxvf 2.1.0.9.tar.gz
-
cd lua-cjson-2.1.0.9
-
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/
-
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/ install
-
cd -
-
-
# vod module
-
if [ ! -f 1.28.tar.gz ]; then
-
wget https://github.com/kaltura/nginx-vod-module/archive/refs/tags/1.28.tar.gz
-
fi
-
tar -zxvf 1.28.tar.gz
-
-
-
# nginx
-
if [ ! -f nginx-1.20.1.tar.gz ]; then
-
wget https://nginx.org/download/nginx-1.20.1.tar.gz
-
fi
-
tar -xzvf nginx-1.20.1.tar.gz
-
cd nginx-1.20.1
-
./configure --prefix=$NGINX_INSTALL_PATH --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0 --add-module=../nginx-vod-module-1.28/
-
make
-
make install
-
cd -
-
-
echo "$NGINX_INSTALL_PATH/luajit/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
-
ldconfig
-
-
\cp ./nginx.conf $NGINX_INSTALL_PATH/conf
-
-
cd $NGINX_INSTALL_PATH
-
-
$NGINX_INSTALL_PATH/sbin/nginx -p $NGINX_INSTALL_PATH -c $NGINX_INSTALL_PATH/conf/nginx.conf
-
转载:https://blog.csdn.net/u011285281/article/details/129008487
查看评论