Livestream server on Ubuntu using nginx, rtmp, hls, videojs.

1. Here's the pastebin that I promised in my youtube video and on my website (www.ustoopia.nl)
2. ===========================================================================================
3.  
4. # 1: Install Nginx + RTMP module.
5.  
6. sudo apt install -y nginx
7. sudo apt install -y libnginx-mod-rtmp
8.  
9. # 2: Installing required & additional software.
10.  
11. sudo apt install -y software-properties-common
12. sudo add-apt-repository ppa:certbot/certbot
13.  
14. sudo dpkg --add-architecture i386
15. sudo apt update
16.  
17. sudo apt install wget nano python-certbot-nginx ufw unzip software-properties-common dpkg-dev git make gcc automake build-essential joe ntp ntpdate zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd-dev libgeoip-dev libgoogle-perftools-dev libperl-dev pkg-config autotools-dev gpac ffmpeg sysstat nasm yasm mediainfo mencoder lame libvorbisenc2 libvorbisfile3 libx264-dev libvo-aacenc-dev libmp3lame-dev libopus-dev libfdk-aac-dev libavcodec-dev libavformat-dev libavutil-dev g++ libc6:i386 freeglut3-dev libx11-dev libxmu-dev libxi-dev libglu1-mesa libglu1-mesa-dev
18.  
19. OPTIONAL!
20. sudo apt install mariadb-server mariadb-client phpmyadmin php php-cgi php-common php-pear php-mbstring php-fpm
21.  
22. # 3: Setup a firewall and perform other required steps.
23.  
24. cd /usr/src
25. git clone https://github.com/arut/nginx-rtmp-module
26. cp /usr/src/nginx-rtmp-module/stat.xsl /var/www/html/stat.xsl
27.  
28. sudo nano /var/www/html/crossdomain.xml
29.  
30. <?xml version="1.0"?>
31. <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
32. <cross-domain-policy>
33. <allow-access-from domain="*"/>
34. </cross-domain-policy>
35.  
36. sudo nano /var/www/html/info.php
37.  
38. <?php
39. phpinfo();
40. ?>
41.  
42. wget -O /var/www/html/poster.jpg https://i.imgur.com/gTeWLDO.jpg
43.  
44. sudo mkdir /var/livestream
45. sudo mkdir /var/livestream/hls
46.  
47. sudo chown -R www-data: /var/livestream
48.  
49. sudo ufw allow 22/tcp
50. sudo ufw allow 80/tcp
51. sudo ufw allow 443/tcp
52. sudo ufw allow 10000/tcp
53. sudo ufw allow 1935
54.  
55. sudo nano /etc/nginx/nginx.conf
56.  
57. On line 2 change the worker_processes option from auto to 1, so it says: worker_processes 1;
58.  
59. Scroll all the way down and add the following at the end of the file, or something similar if you're situation requires other variables (use your brain :-)
60.  
61. ----
62.  
63. rtmp {
64. server {
65. listen 1935;
66. chunk_size 8192;
67.  
68. application live {
69. live on;
70. interleave off;
71. meta on;
72. wait_key on;
73. wait_video on;
74. idle_streams off;
75. sync 300ms;
76. session_relay on;
77. allow publish all;
78. allow play all;
79. max_connections 1000;
80.  
81. ## == FORWARD STREAM (OPTIONAL) == ##
82. # == == TWITCH RE-STREAM == == #
83. # push rtmp://live-ams.twitch.tv/app/LIVESTREAM_KEY;
84. # == == YOUTUBE RE-STREAM == == #
85. # push rtmp://a.rtmp.youtube.com/live2/LIVESTREAM_KEY;
86. # == == MIXER.com RE-STREAM == == #
87. # push rtmp://ingest-ams.mixer.com:1935/beam/LIVESTREAM_KEY;
88.  
89. publish_notify off;
90. # play_restart off;
91. # on_publish http://your-website/on_publish.php;
92. # on_play http://your-website/on_play.php;
93. # on_record_done http://your-website/on_record_done.php;
94.  
95. ## == HLS == ##
96. hls off;
97. # hls_nested on;
98. # hls_path /var/livestream/hls/live;
99. # hls_base_url http://abc.de:1953/hls;
100. # hls_playlist_length 60s;
101. # hls_fragment 10s;
102. # hls_sync 100ms;
103. # hls_cleanup on;
104.  
105. ## == DASH == ##
106. dash off;
107. # dash_nested on;
108. # dash_path /var/livestream/dash;
109. # dash_fragment 10s;
110. # dash_playlist_length 60s;
111. # dash_cleanup on;
112.  
113. push rtmp://localhost/hls;
114. }
115.  
116. application hls {
117. live on;
118. allow play all;
119. hls on;
120. hls_type live;
121. hls_nested on;
122. hls_path /var/livestream/hls;
123. hls_cleanup on;
124. hls_sync 100ms;
125. hls_fragment 10s;
126. hls_playlist_length 60s;
127. hls_fragment_naming system;
128. }
129. }
130. }
131.  
132. ----
133.  
134. nginx -t
135. sudo systemctl restart nginx
136.  
137. sudo nano /etc/nginx/sites-available/default
138.  
139. ----
140.  
141. server {
142. listen 80 default_server;
143. listen [::]:80 default_server;
144. # listen 443 ssl http2 default_server;
145. # listen [::]:443 ssl default_server;
146. # include snippets/snakeoil.conf;
147. keepalive_timeout 70;
148. gzip off;
149.  
150. root /var/www/html;
151.  
152. # Add index.php to the list if you are using PHP
153. index index.php index.nginx-debian.html index.html index.htm;
154.  
155. server_name _;
156.  
157. # add_header Strict-Transport-Security "max-age=63072000;";
158. # add_header X-Frame-Options "DENY";
159.  
160. location / {
161. location ~* \.m3u8$ {
162. add_header Cache-Control no-cache;
163. }
164. add_header Access-Control-Allow-Origin *;
165.  
166. # First attempt to serve request as file, then as directory, then fall back to displaying a 404.
167. try_files $uri $uri/ =404;
168. }
169.  
170. location ~ \.php$ {
171. include snippets/fastcgi-php.conf;
172. # # With php-fpm (or other unix sockets):
173. fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
174. # # With php-cgi (or other tcp sockets):
175. # fastcgi_pass 127.0.0.1:9000;
176. }
177.  
178. ## deny access to .htaccess files, if Apache's document root concurs with nginx's one
179. #location ~ /\.ht {
180. # deny all;
181. #}
182.  
183. ## This provides RTMP statistics in XML at http://domain.net/stat
184. location /stat {
185. rtmp_stat all;
186. rtmp_stat_stylesheet stat.xsl;
187. # auth_basic "Restricted Content";
188. # auth_basic_user_file /etc/nginx/.htpasswd;
189. }
190.  
191. ## XML stylesheet to view RTMP stats. Copy stat.xsl wherever you want and put the full directory path here
192. location /stat.xsl {
193. root /var/www/html/;
194. }
195. }
196.  
197. ----
198.  
199. nginx -t
200. sudo systemctl restart nginx
201.  
202. # Obviously you need to change the DOMAIN part in the next lines to whatever your domain name is.
203.  
204. sudo nano /etc/nginx/sites-available/DOMAIN.net.conf
205.  
206. # Add the following to this new file, but don't forget to change DOMAIN first!
207.  
208. ----
209.  
210. server {
211. listen 80;
212. listen [::]:80;
213. root /var/www/html;
214. server_name DOMAIN.net www.DOMAIN.net;
215. }
216.  
217. ----
218.  
219. nginx -t
220.  
221. ln -s /etc/nginx/sites-available/DOMAIN.net.conf /etc/nginx/sites-enabled/DOMAIN.net.conf
222.  
223. nginx -t
224. sudo systemctl restart nginx
225.  
226. # 5: Confirm that the RTMP stream works.
227.  
228. (see video or https://www.ustoopia.nl/featured/nginx-rtmp-hls-ssl-videojs-on-ubuntu-18-04/)
229.  
230. # 6: Create SSL certificates for Nginx
231.  
232. sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
233.  
234. sudo certbot --nginx -d DOMAIN.net -d www.DOMAIN.net
235.  
236. sudo crontab -e
237.  
238. 0 12 * * * /usr/bin/certbot renew --quiet
239.  
240.  
241. sudo nano /etc/nginx/sites-available/DOMAIN.net.conf
242.  
243. ---
244.  
245. erver {
246. listen 80;
247. listen [::]:80;
248. listen 443 ssl http2;
249. listen [::]:443 ssl;
250. # include snippets/snakeoil.conf;
251. keepalive_timeout 70;
252. gzip off;
253.  
254. root /var/www/html;
255.  
256. # Add index.php to the list if you are using PHP
257. index index.php index.nginx-debian.html index.html index.htm;
258.  
259. server_name DOMAIN.COM;
260.  
261. ssl_certificate /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem;
262. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.COM/privkey.pem;
263. ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN.COM/chain.pem;
264. ssl_dhparam /etc/ssl/certs/dhparam.pem;
265.  
266. ssl_protocols TLSv1.2 TLSv1.3;
267. ssl_session_cache shared:le_nginx_SSL:1m;
268. ssl_session_timeout 1440m;
269. ssl_prefer_server_ciphers on;
270. ssl_session_tickets off;
271. ssl_stapling off;
272. ssl_stapling_verify on;
273. resolver 8.8.8.8 8.8.4.4 valid=300s;
274. resolver_timeout 5s;
275. ssl_ecdh_curve secp384r1;
276.  
277. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
278.  
279. add_header Strict-Transport-Security "max-age=63072000;";
280. add_header X-Frame-Options "DENY";
281.  
282. # Redirect non-https traffic to https
283. # if ($scheme != "https") {
284. # return 301 https://$host$request_uri;
285. # }
286.  
287. location / {
288. location ~* \.m3u8$ {
289. add_header Cache-Control no-cache;
290. }
291. add_header Access-Control-Allow-Origin *;
292.  
293. # First attempt to serve file, then as directory, then a 404.
294. try_files $uri $uri/ =404;
295. }
296.  
297. # pass PHP scripts to FastCGI server
298.  
299. location ~ \.php$ {
300. include snippets/fastcgi-php.conf;
301. # # With php-fpm (or other unix sockets):
302. fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
303. # # With php-cgi (or other tcp sockets):
304. # fastcgi_pass 127.0.0.1:9000;
305. }
306.  
307. # deny access to .htaccess files, if Apache's document root concurs with nginx's one
308.  
309. #location ~ /\.ht {
310. # deny all;
311. #}
312.  
313. # This provides RTMP statistics in XML at http://your-server-address/stat
314. location /stat {
315. rtmp_stat all;
316. rtmp_stat_stylesheet stat.xsl;
317. # auth_basic "Restricted Content";
318. # auth_basic_user_file /etc/nginx/.htpasswd;
319. }
320.  
321. # XML stylesheet to view RTMP stats. Copy stat.xsl wherever you want and put the full directory path here
322. location /stat.xsl {
323. root /var/www/html/;
324. }
325.  
326. # Control interface (extremely useful, but can also boot people from streams so we put basic auth in front of it - see https://github.com/arut/nginx-rtmp-module/wiki/Control-module for more info
327.  
328. #location /control {
329. # you'll need a htpasswd auth file, that's outside the scope of this doc but any apache one will work
330. # auth_basic "Restricted Content";
331. # auth_basic_user_file /etc/nginx/.htpasswd;
332. #rtmp_control all;
333. #}
334.  
335. #creates the http-location for our full-res desktop HLS stream "http://my-ip/live/my-stream-key/index.m3u8"
336. location /live {
337. # root /var/livestream/hls;
338. alias /var/livestream/hls;
339. expires -1;
340. autoindex on;
341. autoindex_localtime on;
342. # CORS setup #
343. set $sent_http_accept_ranges bytes;
344. add_header 'Cache-Control' 'no-cache';
345. add_header Cache-Control no-cache;
346. add_header 'Access-Control-Allow-Origin' '*' always;
347. add_header 'Access-Control-Expose-Headers' 'Content-Length';
348. # allow CORS preflight requests #
349. if ($request_method = 'OPTIONS') {
350. add_header 'Access-Control-Allow-Origin' '*';
351. add_header 'Access-Control-Max-Age' 1728000;
352. add_header 'Content-Type' 'text/plain charset=UTF-8';
353. add_header 'Content-Length' 0;
354. return 204;
355. }
356. types {
357. application/vnd.apple.mpegurl m3u8;
358. application/dash+xml mpd;
359. video/mp2t ts;
360. }
361. }
362. }
363.  
364. ----
365.  
366. nginx -t
367. sudo systemctl restart nginx
368.  
369.  
370. # 6: Video.js installation & and example index.html
371.  
372. sudo mkdir /var/www/html/videojs
373. cd /var/www/html/videojs
374. wget https://github.com/videojs/video.js/releases/download/v7.7.6/video-js-7.7.6.zip
375.  
376. wget https://github.com/videojs/http-streaming/releases/download/v1.13.1/videojs-http-streaming.js
377.  
378. unzip /var/www/html/videojs/video-js-7.7.6.zip
379. chown -R www-data: /var/www/html
380. ls -la /var/www/html/videojs
381.  
382.  
383. sudo nano /var/www/html/index.html
384.  
385. ----
386.  
387. <!DOCTYPE html>
388. <html>
389. <head>
390. <script src='https://DOMAIN.net/videojs/video.js'></script>
391. <script src="https://DOMAIN.net/videojs/videojs-http-streaming.js"></script>
392. <meta charset=utf-8 />
393. <title>LiveStream</title>
394. <link href="https://DOMAIN.net/videojs/video-js.min.css" rel="stylesheet">
395. <!-- <link href="https://DOMAIN.net/videojs/videojs-sublime-skin.min.css" rel="stylesheet"> -->
396. <!-- <link href="https://DOMAIN.net/videojs/videojs-sublime-skin.css" rel="stylesheet"> -->
397. <!-- <link href="https://DOMAIN.net/videojs/video-js.css" rel="stylesheet"> -->
398. <!-- <link href="https://DOMAIN.net/videojs/videojs-skin-twitchy.css" rel="stylesheet" type="text/css"> -->
399. </head>
400. <body>
401. <center>
402.  
403. <video-js id="live_stream" class="video-js vjs-fluid vjs-default-skin vjs-big-play-centered" controls preload="auto" autoplay="true" width="auto" height="auto" poster="https://DOMAIN.net/poster.jpg">
404.  
405. <source src="https://DOMAIN.net/live/stream/index.m3u8" type="application/x-mpegURL">
406.  
407. <p class='vjs-no-js'>
408. To view this video please enable JavaScript, and consider upgrading to a web browser that
409. <a href='https://videojs.com/html5-video-support/' target='_blank'>supports HTML5 video</a>
410. </p>
411. </video-js>
412.  
413. <script>
414. var player = videojs('live_stream');
415. player.play();
416. </script>
417.  
418. </center>
419. </body>
420. </html>
421.  
422. ----
423.  
424. chown -R www-data: /var/www/html
425.  
426.  
427. FOR A MORE EXTENDED GUIDE WITH EXPLANATIONS VISIT:
428. https://www.ustoopia.nl/featured/nginx-rtmp-hls-ssl-videojs-on-ubuntu-18-04/