Nginx搭建flv mp4流媒体服务器

环境:Centos 8.0 64bit

一、安装依赖包

1.安装gcc-c++

yum -y install gcc-c++

2.安装zlib

wget http://zlib.net/zlib-1.2.11.tar.gz
tar xzvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install

3.安装pcre

wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz
tar zxvf pcre-8.43.tar.gz
cd pcre-8.43
./configure --prefix=/usr/local/pcre
make && make install

4.安装 openssl openssl-devel

yum install perl perl-devel
yum install openssl openssl-devel

5.下载mp4支持模块备用

wget http://h264.code-shop.com/download/nginx_mod_h264_streaming-2.2.7.tar.gz
tar zxvf nginx_mod_h264_streaming-2.2.7.tar.gz
vi nginx_mod_h264_streaming-2.2.7/src/ngx_http_streaming_module.c


将如下几行注释

/* TODO: Win32 */
if (r->zero_in_uri)
{
return NGX_DECLINED;
}

二、安装Nginx服务器并配置

1.安装

groupadd www
useradd -g www www
wget http://nginx.org/download/nginx-1.19.0.tar.gz
tar xzvf nginx-1.19.0.tar.gz
cd nginx-1.19.0
./configure --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --user=www --group=www --with-http_flv_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt=enable --with-http_v2_module --with-http_mp4_module --with-cc-opt='-O3'
make && make install

1.1 set but not used [-Werror=unused-but-set-variable] 错误
编辑/root/nginx-1.19.0/objs/Makefile文件,去掉-Werror后重新编译即可

2.验证已安装的Nginx服务器是否支持mp4、flv等视频

/usr/local/nginx/sbin/nginx -V

输出结果如下:

nginx version: nginx/1.19.0
built by gcc 8.2.1 20180905 (Red Hat 8.2.1-3) (GCC)
built with OpenSSL 1.1.1 FIPS  11 Sep 2018
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --user=www --group=www --with-http_flv_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt=enable --with-http_v2_module --with-http_mp4_module --with-cc-opt=-O3./configure --prefix=/usr/local/nginx --add-module=../nginx_mod_h264_streaming-2.2.7 --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --user=www --group=www --with-http_flv_module --with-http_stub_status_module --with-threads --with-http_ssl_module --with-openssl-opt=enable --with-http_v2_module --with-http_mp4_module --with-cc-opt=-O3

三、配置

编辑 /usr/local/nginx/conf/nginx.conf 文件
下面仅显示需要修改的参数

user www www;

worker_processes auto;

error_log  /usr/local/nginx/logs/error.log  crit;

pid /usr/local/nginx/logs/nginx.pid;

events {
    use epoll;
    worker_connections 65535;
}

http {
    include mime.types;
    default_type application/octet-stream;
    
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 150m;
    tcp_nopush on;
    tcp_nodelay on;
    
    sendfile on;
    sendfile_max_chunk 256k; 
    aio threads;
    directio 512k;
    output_buffers 1 128k;

    keepalive_timeout 60;
    limit_conn_zone $binary_remote_addr zone=perip:10m; #容器共使用10M的内存来应对IP传输开销
    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; #限制请求数为每个ip 1次/s
    
    #只允许同源域名下的页面iframe
    add_header X-Frame-Options SAMEORIGIN;
    #响应头可以禁用浏览器的类型猜测行为
    add_header X-Content-Type-Options nosniff;
    #XSS 保护
    add_header X-XSS-Protection "1; mode=block";
    
    #跨域授权
    add_header Access-Control-Allow-Origin "http://www.2dan.cc";
    add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";

    #启用HSTS
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied        expired no-cache no-store private auth;
    gzip_disable        "MSIE [1-6]\.";
    
    server {
        listen 80;
        listen 443 ssl http2; 
        server_name 2dan.cc; 
        root /home/html;
        limit_conn perip 3; #限制每个IP同一时间只能发起3个连接
        limit_rate_after 10m; #在视频文件下载10M以后开始限速
        limit_rate 100k; #速度限制为100K
        charset utf-8;

        ssl_certificate      2dan.cc_bundle.crt;
        ssl_certificate_key  2dan.cc.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_prefer_server_ciphers on;
        error_page 497 https://$host$uri; #http重定向到https 

        location ~ \.mp4 {
                mp4;
          valid_referers none blocked *.2dan.cc; #防盗链授权
              if ($invalid_referer) {
                 return 403;
             }
             expires      365d;
        }
        location ~ \.flv {
            flv;
          valid_referers none blocked *.2dan.cc; #防盗链授权 
              if ($invalid_referer) {
                  return 403;
             }
             expires      365d;
        }
        access_log off;
    }
}

测试启动nginx

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

设置nginx开机启动:

在系统服务目录里创建nginx.service文件vi /usr/lib/systemd/system/nginx.service
写入内容如下:

[Unit]
Description=nginx
After=network.target
  
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
  
[Install]
WantedBy=multi-user.target

设置开机自启动

systemctl enable nginx.service

杀死nginx重启nginx

pkill -9 nginx
systemctl start nginx

四、使用与测试

1.为视频文件添加关键帧,flv使用 yamdi mp4使用 qt-faststart
2.将输出的文件上传到 /home/html 目录下,并使用播放器调用以测试是否正常播放、随意拖动、边缓存边播放。

五、SSL证书

推荐使用acme.sh免费生成letsencrypt证书

标签:Nginx, 服务器, flv, mp4, 流媒体

添加新评论