Nginx Live Stream Configuration

ZgreG · June 16, 2017, 4:44pm

Ok, some news …
On the server, I try this command :

ffmpeg -re -i /var/local/PAP-test.mp4 -c copy -f flv “rtmp://5.135.188.49:1935/kLive/test”

The encoding process good without any error message :

ffmpeg version 3.2 Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8.2 (GCC) 20140120 (Red Hat 4.8.2-16)
  configuration: --prefix=/opt/kaltura/ffmpeg-3.2 --libdir=/opt/kaltura/ffmpeg-3.2/lib --shlibdir=/opt/kaltura/ffmpeg-3.2/lib --extra-cflags='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --extra-cflags='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC -I/opt/kaltura/include' --extra-ldflags=-L/opt/kaltura/lib --disable-devices --enable-bzlib --enable-libgsm --enable-libmp3lame --enable-libschroedinger --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libx265 --enable-avisynth --enable-libxvid --enable-filter=movie --enable-avfilter --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-libvpx --enable-libspeex --enable-libass --enable-postproc --enable-pthreads --enable-static --enable-shared --enable-gpl --disable-debug --disable-optimizations --enable-gpl --enable-pthreads --enable-swscale --enable-vdpau --enable-bzlib --disable-devices --enable-filter=movie --enable-version3 --enable-indev=lavfi --enable-x11grab
  libavutil      55. 34.100 / 55. 34.100
  libavcodec     57. 64.100 / 57. 64.100
  libavformat    57. 56.100 / 57. 56.100
  libavdevice    57.  1.100 / 57.  1.100
  libavfilter     6. 65.100 /  6. 65.100
  libswscale      4.  2.100 /  4.  2.100
  libswresample   2.  3.100 /  2.  3.100
  libpostproc    54.  1.100 / 54.  1.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/var/local/PAP-test.mp4':
  Metadata:
    major_brand     : mp42
    minor_version   : 512
    compatible_brands: isomiso2avc1mp41
    encoder         : HandBrake 0.10.0 2014112200
  Duration: 00:01:48.08, start: 0.080000, bitrate: 103 kb/s
    Stream #0:0(und): Video: h264 (Main) (avc1 / 0x31637661), yuv420p(tv, bt709), 1920x1080 [SAR 1:1 DAR 16:9], 97 kb/s, 25 fps, 25 tbr, 90k tbn, 180k tbc (default)
    Metadata:
      handler_name    : VideoHandler
    Stream #0:1(eng): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, mono, fltp, 1 kb/s (default)
    Metadata:
      handler_name    : Mono
Output #0, flv, to 'rtmp://5.135.188.49:1935/kLive/test':
  Metadata:
    major_brand     : mp42
    minor_version   : 512
    compatible_brands: isomiso2avc1mp41
    encoder         : Lavf57.56.100
    Stream #0:0(und): Video: h264 (Main) ([7][0][0][0] / 0x0007), yuv420p(tv, bt709), 1920x1080 [SAR 1:1 DAR 16:9], q=2-31, 97 kb/s, 25 fps, 25 tbr, 1k tbn, 90k tbc (default)
    Metadata:
      handler_name    : VideoHandler
    Stream #0:1(eng): Audio: aac (LC) ([10][0][0][0] / 0x000A), 48000 Hz, mono, 1 kb/s (default)
    Metadata:
      handler_name    : Mono
Stream mapping:
  Stream #0:0 -> #0:0 (copy)
  Stream #0:1 -> #0:1 (copy)
Press [q] to stop, [?] for help
frame= 2700 fps= 25 q=-1.0 Lsize=    1437kB time=00:01:48.05 bitrate= 109.0kbits/s speed=   1x    
video:1280kB audio:20kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: 10.562756%

But nothing in the folder /var/tmp/hlsme.

The permissions for the folder /var/tmp/hlsme are :
> drwxr-xr-x 2 kaltura apache 4096 Jun 16 11:38 hlsme

The kaltura_nginx_access.log and the kaltura_nginx_errors.log are empty.

The service kaltura-nginx is running good.

service kaltura-nginx status

Redirecting to /bin/systemctl status  kaltura-nginx.service
● kaltura-nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/kaltura-nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-06-14 12:58:14 CEST; 2 days ago
     Docs: http://nginx.org/en/docs/
  Process: 28986 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
 Main PID: 899 (nginx)
   CGroup: /system.slice/kaltura-nginx.service
           ├─  899 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           ├─28987 nginx: worker process
           ├─28988 nginx: worker process
           ├─28989 nginx: worker process
           ├─28990 nginx: worker process
           └─28991 nginx: cache manager process
Jun 14 12:58:08 vodyou.fr systemd[1]: Starting nginx - high performance web server...
Jun 14 12:58:13 vodyou.fr nginx[322]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jun 14 12:58:14 vodyou.fr nginx[322]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Jun 14 12:58:14 vodyou.fr systemd[1]: Started nginx - high performance web server.
Jun 15 03:35:45 vodyou.fr systemd[1]: Reloaded nginx - high performance web server.

jess · June 16, 2017, 5:08pm

Edit /etc/nginx/nginx.conf so that:

error_log  /opt/kaltura/log/kaltura_nginx_errors.log;

becomes:

error_log  /opt/kaltura/log/kaltura_nginx_errors.log debug;

Then restart the Nginx daemon with:
# service kaltura-nginx restart
Try to stream again and look at what’s outputted to /opt/kaltura/log/kaltura_nginx_errors.log

ZgreG · June 16, 2017, 5:27pm

@jess

Ok I’ve some results now in kaltura_nginx_errors.log

SERVER SIDE

ffmpeg -re -i /var/local/PAP-test.mp4 -c copy -f flv “rtmp://5.135.188.49:1935/kLive/test”

2017/06/16 18:49:01 [notice] 14763#14763: using the "epoll" event method
2017/06/16 18:49:01 [notice] 14763#14763: nginx/1.12.0
2017/06/16 18:49:01 [notice] 14763#14763: built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
2017/06/16 18:49:01 [notice] 14763#14763: OS: Linux 3.14.32-xxxx-grs-ipv6-64
2017/06/16 18:49:01 [notice] 14763#14763: getrlimit(RLIMIT_NOFILE): 1024:4096
2017/06/16 18:49:01 [notice] 14765#14765: start worker processes
2017/06/16 18:49:01 [notice] 14765#14765: start worker process 14766
2017/06/16 18:49:01 [notice] 14765#14765: start worker process 14767
2017/06/16 18:49:01 [notice] 14765#14765: start worker process 14768
2017/06/16 18:49:01 [warn] 14766#14766: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:01 [notice] 14765#14765: start worker process 14769
2017/06/16 18:49:01 [notice] 14765#14765: start cache manager process 14770
2017/06/16 18:49:01 [warn] 14767#14767: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:01 [warn] 14768#14768: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:01 [warn] 14769#14769: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:01 [warn] 14770#14770: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:07 [notice] 14765#14765: signal 3 (SIGQUIT) received, shutting down
2017/06/16 18:49:07 [notice] 14766#14766: gracefully shutting down
2017/06/16 18:49:07 [notice] 14768#14768: gracefully shutting down
2017/06/16 18:49:07 [notice] 14767#14767: gracefully shutting down
2017/06/16 18:49:07 [notice] 14769#14769: gracefully shutting down
2017/06/16 18:49:07 [notice] 14766#14766: exiting
2017/06/16 18:49:07 [notice] 14768#14768: exiting
2017/06/16 18:49:07 [notice] 14767#14767: exiting
2017/06/16 18:49:07 [notice] 14769#14769: exiting
2017/06/16 18:49:07 [notice] 14768#14768: exit
2017/06/16 18:49:07 [notice] 14767#14767: exit
2017/06/16 18:49:07 [notice] 14766#14766: exit
2017/06/16 18:49:07 [notice] 14770#14770: exiting
2017/06/16 18:49:07 [notice] 14769#14769: exit
2017/06/16 18:49:07 [notice] 14765#14765: signal 17 (SIGCHLD) received
2017/06/16 18:49:07 [notice] 14765#14765: cache manager process 14770 exited with code 0
2017/06/16 18:49:07 [notice] 14765#14765: signal 29 (SIGIO) received
2017/06/16 18:49:07 [notice] 14765#14765: signal 17 (SIGCHLD) received
2017/06/16 18:49:07 [notice] 14765#14765: worker process 14767 exited with code 0
2017/06/16 18:49:07 [notice] 14765#14765: worker process 14768 exited with code 0
2017/06/16 18:49:07 [notice] 14765#14765: signal 29 (SIGIO) received
2017/06/16 18:49:07 [notice] 14765#14765: signal 15 (SIGTERM) received, exiting
2017/06/16 18:49:07 [notice] 14765#14765: signal 17 (SIGCHLD) received
2017/06/16 18:49:07 [notice] 14765#14765: worker process 14766 exited with code 0
2017/06/16 18:49:07 [notice] 14765#14765: signal 29 (SIGIO) received
2017/06/16 18:49:07 [notice] 14765#14765: signal 17 (SIGCHLD) received
2017/06/16 18:49:07 [notice] 14765#14765: worker process 14769 exited with code 0
2017/06/16 18:49:07 [notice] 14765#14765: exit
2017/06/16 18:49:22 [notice] 14862#14862: using the "epoll" event method
2017/06/16 18:49:22 [notice] 14862#14862: nginx/1.12.0
2017/06/16 18:49:22 [notice] 14862#14862: built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
2017/06/16 18:49:22 [notice] 14862#14862: OS: Linux 3.14.32-xxxx-grs-ipv6-64
2017/06/16 18:49:22 [notice] 14862#14862: getrlimit(RLIMIT_NOFILE): 1024:4096
2017/06/16 18:49:22 [notice] 14864#14864: start worker processes
2017/06/16 18:49:22 [notice] 14864#14864: start worker process 14865
2017/06/16 18:49:22 [notice] 14864#14864: start worker process 14866
2017/06/16 18:49:22 [notice] 14864#14864: start worker process 14867
2017/06/16 18:49:22 [notice] 14864#14864: start worker process 14868
2017/06/16 18:49:22 [notice] 14864#14864: start cache manager process 14869
2017/06/16 18:49:22 [warn] 14865#14865: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:22 [warn] 14867#14867: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:22 [warn] 14866#14866: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:22 [warn] 14868#14868: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:22 [warn] 14869#14869: audio_filter_process_init: failed to get AAC encoder, audio filtering is disabled. recompile libavcodec with libfdk_aac to enable it
2017/06/16 18:49:44 [info] 14865#14865: *1 client connected '5.135.188.49'
2017/06/16 18:49:44 [info] 14865#14865: *1 connect: app='kLive' args='' flashver='FMLE/3.0 (compatible; Lavf57.56' swf_url='' tc_url='rtmp://5.135.188.49:1935/kLive' page_url='' acodecs=0 vcodecs=0 object_encoding=0, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/16 18:49:44 [info] 14865#14865: *1 createStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/16 18:49:45 [info] 14865#14865: *1 publish: name='test' args='' type=live silent=0, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/16 18:51:33 [info] 14865#14865: *1 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/16 18:51:33 [info] 14865#14865: *1 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/16 18:51:33 [info] 14865#14865: *1 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935

CLIENT SIDE (wirh same error message at the end of stream)

ffmpeg -re -i /Users/Greg/Documents/www-dev/Kimsufi-GreG/Sources/PAP-test/tests/PAP-test.mp4 -c copy -f flv “rtmp://vodyou.fr:1935/kLive/Test”

2017/06/16 19:02:30 [info] 14868#14868: *2 client connected '82.235.134.184'
2017/06/16 19:02:30 [info] 14868#14868: *2 connect: app='kLive' args='' flashver='FMLE/3.0 (compatible; Lavf57.73' swf_url='' tc_url='rtmp://vodyou.fr:1935/kLive' page_url='' acodecs=0 vcodecs=0 object_encoding=0, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/16 19:02:30 [info] 14868#14868: *2 createStream, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/16 19:02:30 [info] 14868#14868: *2 publish: name='Test' args='' type=live silent=0, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/16 19:04:18 [info] 14868#14868: *2 deleteStream, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/16 19:04:18 [info] 14868#14868: *2 disconnect, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/16 19:04:18 [info] 14868#14868: *2 deleteStream, client: 82.235.134.184, server: 0.0.0.0:1935

jess · June 16, 2017, 5:32pm

And yet, you’re saying that WHILE STREAMING there is nothing under /var/tmp/hlsme/? After the ffmpeg command is done the files will be cleared so I want to make sure you are checking this while actively streaming and not afterwards.

ZgreG · June 16, 2017, 5:35pm

@jess
Yes I’ve just checked with my client stream.

jess · June 16, 2017, 5:37pm

I’m not sure what you mean by “I checked with client stream”…
What I want you to do is run the ffmpeg command and then SSH to the server and run:
# ls -al /var/tmp/hlsme

ZgreG · June 16, 2017, 5:42pm

I launch the stream with my client and checked on the server folder.

So I found the files …
They are in :

/var/tmp/systemd-private-#KEY#-kaltura-nginx.service-WH2Hue/tmp/hlsme

And I confirm that at the end, the files are deleted.

jess · June 16, 2017, 5:44pm

I don’t understand what /var/tmp/systemd-private-#KEY#-kaltura-nginx.service-WH2Hue/tmp/hlsme is…
The Nginx config has:

hls_path /var/tmp/hlsme/;

in /etc/nginx/nginx.conf
When streaming, do you or do you not see the m3u8 and the ts files there?
Did you change the configuration to place the files in a different path? if so, why? if not, what’s under /var/tmp/hlsme when you stream?

ZgreG · June 16, 2017, 5:48pm

No, I didn’t change the path in nginx.conf

# RTMP configuration
rtmp {
    server {
	listen 1935; # Listen on standard RTMP port
        chunk_size 4000;

        # This application is to accept incoming stream
        application kLive {
                live on; # Allows live input from above
                dash on;
                dash_path /var/tmp/dashme;

                hls on; # Enable HTTP Live Streaming
                hls_cleanup on;
                hls_sync 100ms;
                hls_fragment 2s;

                hls_path /var/tmp/hlsme/;


        }
    }
}

I see the m3u8 file and all TS files, during streaming, in the folder :
/var/tmp/systemd-private-#KEY#-kaltura-nginx.service-WH2Hue/tmp/hlsme

I don’t know why !!!

ZgreG · June 16, 2017, 5:59pm

@jess

Ok I find the source of the problem with this folder : Secure Tmp Systemd
(https://support.plesk.com/hc/en-us/articles/115000063849-Directories-like-tmp-systemd-private-overflow-and-cause-server-crash-due-to-lack-of-disk-space)

grep -R PrivateTmp /etc/systemd/
/etc/systemd/system/multi-user.target.wants/ntpd.service:PrivateTmp=true
/etc/systemd/system/multi-user.target.wants/kaltura-nginx.service:PrivateTmp=true
/etc/systemd/system/multi-user.target.wants/dovecot.service:PrivateTmp=true
/etc/systemd/system/multi-user.target.wants/mariadb.service:PrivateTmp=true
/etc/systemd/system/multi-user.target.wants/httpd.service:PrivateTmp=true

I will try this week-end to de-activate this function and I’ll come back here to close this topic

Thanks a lot and have a nice week-end.
GreG

jess · June 16, 2017, 6:42pm

Hi @ZgreG,

This is what PrivateTmp does:

    If true sets up a new file system
    namespace for the executed processes and mounts a private /tmp
    directory inside it, that is not shared by processes outside of
    the namespace. This is useful to secure access to temporary files
    of the process, but makes sharing between processes via /tmp
    impossible. Defaults to false.

I never tried to use it myself but it should still work. However, you can always change the directory in nginx.conf to something else, just to eliminate the option that PrivateTmp is the cause of the issue. Remember to reload Nginx if you do so.

At any rate, if you do see the m3u8 and TS files, try to play and entry while you have your browser’s dev tools open and check for failing requests under the “Network” tab and for error under the “Console” tab and paste them here.

ZgreG · June 19, 2017, 11:54am

Hello @jess

I fixed the problem with the PrivateTmp service.
Now I see the .m3u8 file and all .TS files in the /var/tmp/hlsme folder.

When I try to play the stream in my Web browser with HTML-5 player nothing happens and I don’t have any error message in the console :

kWidget: Kaltura HTML5 Version: 2.57 ( iframe )   mwEmbedLoader.php:50:636
GET http://vodyou.fr/lib/css/shortlink.css [HTTP/1.1 200 OK 0 ms]
GET http://vodyou.fr/html5/html5lib/v2.57/load.php [HTTP/1.1 200 OK 0 ms]
GET http://vodyou.fr/p/101/sp/10100/thumbnail/entry_id/0_bgkkb253/version/0/width/560/height/315 [HTTP/1.1 200 OK 0 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 30 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 5032 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 21 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 30 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 30 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 25 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 25 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 35 ms]
GET XHR http://vodyou.fr/p/101/sp/10100/playManifest/entryId/0_bgkkb253/format/applehttp/protocol/http/uiConfId/23448169/a.m3u8 [HTTP/1.1 200 OK 43 ms]
GET XHR http://vodyou.fr:1935/hlsme/test.m3u8 [12 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 5032 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 5033 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 5033 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 5032 ms]
GET XHR http://vodyou.fr/api_v3/index.php [HTTP/1.1 200 OK 5035 ms]

In KMC the entry is :

HLS stream URL: http://vodyou.fr:1935/hlsme/test.m3u8
applehttp stream URL: http://vodyou.fr:1935/hlsme/test.m3u8

I didn’t have any error in /opt/kaltura/log/kaltura nginx error.log.
Only informations lines when I start the stream.

2017/06/19 13:09:03 [info] 17057#17057: *206 connect: app='kLive' args='' flashver='FMLE/3.0 (compatible; Lavf57.56' swf_url='' tc_url='rtmp://5.135.188.49:1935/kLive' page_url='' acodecs=0 vcodecs=0 object_encoding=0, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:03 [info] 17057#17057: *206 createStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:03 [info] 17057#17057: *206 publish: name='test' args='' type=live silent=0, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:04 [info] 17057#17057: *207 client connected '5.135.188.49'
2017/06/19 13:09:05 [info] 17050#17050: *204 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:05 [info] 17050#17050: *204 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:05 [info] 17057#17057: *205 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:05 [info] 17057#17057: *205 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:09 [info] 17057#17057: *207 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:09 [info] 17057#17057: *207 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:10 [info] 17049#17049: *208 client connected '5.135.188.49'
2017/06/19 13:09:10 [info] 17056#17056: *209 client connected '5.135.188.49'
2017/06/19 13:09:14 [info] 17056#17056: *210 client connected '5.135.188.49'
2017/06/19 13:09:15 [info] 17049#17049: *208 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:15 [info] 17049#17049: *208 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:15 [info] 17056#17056: *209 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:15 [info] 17056#17056: *209 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:16 [info] 17057#17057: *211 client connected '82.235.134.184'
2017/06/19 13:09:16 [info] 17050#17050: *212 client connected '5.135.188.49'
2017/06/19 13:09:19 [info] 17056#17056: *210 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:19 [info] 17056#17056: *210 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:20 [info] 17057#17057: *213 client connected '5.135.188.49'
2017/06/19 13:09:21 [info] 17050#17050: *212 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:21 [info] 17050#17050: *212 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:24 [info] 17057#17057: *214 client connected '5.135.188.49'
2017/06/19 13:09:24 [info] 17049#17049: *215 client connected '5.135.188.49'
2017/06/19 13:09:25 [info] 17057#17057: *213 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:25 [info] 17057#17057: *213 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:26 [info] 17057#17057: *211 disconnect, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/19 13:09:26 [info] 17057#17057: *211 deleteStream, client: 82.235.134.184, server: 0.0.0.0:1935
2017/06/19 13:09:29 [info] 17057#17057: *214 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:29 [info] 17057#17057: *214 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:29 [info] 17049#17049: *215 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:29 [info] 17049#17049: *215 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:30 [info] 17057#17057: *216 client connected '5.135.188.49'
2017/06/19 13:09:34 [info] 17050#17050: *217 client connected '5.135.188.49'
2017/06/19 13:09:34 [info] 17057#17057: *218 client connected '5.135.188.49'
2017/06/19 13:09:35 [info] 17057#17057: *216 disconnect, client: 5.135.188.49, server: 0.0.0.0:1935
2017/06/19 13:09:35 [info] 17057#17057: *216 deleteStream, client: 5.135.188.49, server: 0.0.0.0:1935

The file /opt/kaltura/log/kaltura_nginx_access.log is empty.

If you have an idea it would be with pleasure
GreG

jess · June 19, 2017, 12:16pm

Hi @ZgreG,

In KMC, it should not be:

http://vodyou.fr:1935/hlsme/test.m3u8

It should be:

http://vodyou.fr:88/hlsme/test.m3u8

Port 1935 is for streaming [RTMP], not for playback.

ZgreG · June 19, 2017, 12:52pm

@jess

Everything is working
This topic can be closed.

Thank a lot for your help.
GreG

jess · June 19, 2017, 12:52pm

Most welcome and glad to hear it:)

hiphopservers · July 27, 2017, 6:29am

@jess

I am having this same issue and I have disable the ‘PrivateTMP’ feature. However, let me note that this functionally is enable by default each time a new process or service is created with yum. I have not figured out how to disable it from doing that on installation of new services. This is how I disabled it on my system.

First, edit the file with your favorite editor vi, nano or whatever you prefer.

# nano /usr/lib/systemd/system/kaltura-nginx.service

Find this line in the file

PrivateTmp=true

then change it to this

PrivateTmp=false

then run these commands

# systemctl daemon-reload
# systemctl restart kaltura-nginx

The location of this file might differ from OS to OS but my current OS is CentOS 7.1.3 and even after doing this change I can see the files in the temp directories:

/var/tmp/hlsme
/var/tmp/dashme

However, my files are still not streaming. I have tried to stream using OBS from my desktop and using my server CLI but I am not able to playback the stream from Kaltura HTML5 player or my VLC player from my desktop. I getting the following error when using VLC:

Your input can’t be opened
VLC is unable to open the MRL ‘http://cdn.mydomain.com:88/hlsme/stream.m3u8’. Check the log for details.

Now in my kaltura_nginx_errors.log I am seeing both the OBS stream and the CLI based stream starting and stopping.

2017/07/27 01:28:01 [info] 19011#19011: *1 exec: starting managed child ‘on’, client: MY_DESKTOP_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:01 [notice] 19011#19011: signal 17 (SIGCHLD) received
2017/07/27 01:28:01 [notice] 19011#19011: unknown process 11248 exited with code 1
2017/07/27 01:28:01 [info] 19011#19011: *1 exec: child 11248 exited; ignoring, client: MY_DESKTOP_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:01 [info] 19011#19011: *1 exec: terminating child 11248, client: MY_DESKTOP_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:01 [info] 19010#19010: *2 exec: starting managed child ‘on’, client: MY_SERVER_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:01 [notice] 19010#19010: signal 17 (SIGCHLD) received
2017/07/27 01:28:01 [notice] 19010#19010: unknown process 11249 exited with code 1
2017/07/27 01:28:01 [info] 19010#19010: *2 exec: child 11249 exited; ignoring, client: MY_SERVER_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:01 [info] 19010#19010: *2 exec: terminating child 11249, client: MY_SERVER_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:06 [info] 19011#19011: *1 exec: starting managed child ‘on’, client: MY_DESKTOP_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:06 [notice] 19011#19011: signal 17 (SIGCHLD) received
2017/07/27 01:28:06 [notice] 19011#19011: unknown process 11254 exited with code 1
2017/07/27 01:28:06 [info] 19011#19011: *1 exec: child 11254 exited; ignoring, client: MY_DESKTOP_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:06 [info] 19011#19011: *1 exec: terminating child 11254, client: MY_DESKTOP_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:06 [info] 19010#19010: *2 exec: starting managed child ‘on’, client: MY_SERVER_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:06 [notice] 19010#19010: signal 17 (SIGCHLD) received
2017/07/27 01:28:06 [notice] 19010#19010: unknown process 11255 exited with code 1
2017/07/27 01:28:06 [info] 19010#19010: *2 exec: child 11255 exited; ignoring, client: MY_SERVER_IP, server: MY_KALTURA_SERVER_IP:1935
2017/07/27 01:28:06 [info] 19010#19010: *2 exec: terminating child 11255, client: MY_SERVER_IP, server: MY_KALTURA_SERVER_IP:1935

You will note from my log that I set the IP used for Kaltura and NGINX to a specific IP and not the default host IP address. This helps to avoid conflicts with other services such as Red5, Wowza or simular that usually generate port conflicts and require use of non-standard ports.

I check the premissions for the tmp folders used for hlsme and dashme and they are:

# ls -al /var/tmp/
total 44
drwxrwxrwt. 11 root    root 4096 Jul 26 22:23 .
drwxr-xr-x. 21 root    root 4096 Jul 21 13:31 ..
drwx------.  2 kaltura root 4096 Jul 27 01:41 dashme
drwx------.  2 kaltura root 4096 Jul 27 01:41 hlsme

However, the files in the folder are owned and in the ‘kaltura’ usergroup as well as own by the same group.

This stream is from ffmpeg using CLI

-rw-r--r--.  1 kaltura kaltura   27072 Jul 27 01:41 frontdoor-3225.ts
-rw-r--r--.  1 kaltura kaltura   27072 Jul 27 01:41 frontdoor-3226.ts
-rw-r--r--.  1 kaltura kaltura    9588 Jul 27 01:41 frontdoor-3227.ts
-rw-r--r--.  1 kaltura kaltura     571 Jul 27 01:41 frontdoor.m3u8

This stream is from OBS using my desktop

-rw-r--r--.  1 kaltura kaltura 2874708 Jul 27 01:41 stream-965.ts
-rw-r--r--.  1 kaltura kaltura 2860044 Jul 27 01:41 stream-966.ts
-rw-r--r--.  1 kaltura kaltura 1492156 Jul 27 01:41 stream-967.ts
-rw-r--r--.  1 kaltura kaltura     510 Jul 27 01:41 stream.m3u8

As you can see the files are being created. Now, the big difference between trying to playback from my compute and Kaltura CE is that my computer basically returns an error saying no stream is available at the URL. Kaltura HTML5 player actual keeps trying to connect and play the stream but just spins non-stop and when I stop the stream completely it basically saying no broadcast is available. So this implies it can detect the stream but is not playing it.

I check the stream from Kaltura HTML5 player using the internal generated page too and view the page with my web developer tool to search for errors. There was only one error which was mixed content error saying that the URL ‘http://cdn.mydomain.com:88/hlsme/stream.m3u8’ was blocked.

Now, at this point I tried changing the url to ‘https://cdn.mydomain.com:8443/hlsme/stream.m3u8’ and got nothing in VLC and Kaltura HTML5 player display the “No broadcast is available” message. Since Kaltura HTML5 player is detecting data or stream is being recieved and VLC appears to be rejected or timesout I am wondering if this is an issue with permissions or something related to the proper configuration of the NGINX so it properly access the assigned tmp folder for the hls and dash files.

Now, I also check for SSL errors but there is no actually NGINX ssl error log for Kaltura even configured so I am not able to troubleshoot the same way to resolve issues related to the content not loading via the SSL port on NGINX.

jess · July 27, 2017, 12:47pm

Hi @hiphopservers,

Seems your current issue is simply that playback is attempted over HTTP whereas the page in which the player is embedded is over SSL. That would make the browser block it due to “mixed content”.

When you say:

Can you please describe what it is that you did?

Is Nginx currently listening on port 8443 with SSL?
To verify:

# netstat -plnt|grep nginx

Should return something like:
tcp        0      0 0.0.0.0:1935                0.0.0.0:*                   LISTEN      23726/nginx         
tcp        0      0 0.0.0.0:88                  0.0.0.0:*                   LISTEN      23726/nginx         
tcp        0      0 0.0.0.0:8443                0.0.0.0:*                   LISTEN      23726/nginx

# cat /etc/nginx/conf.d/ssl.conf

Should return something similar to the below, only with your own FQDN hostname and cert files:
server {
    listen     8443   ssl;
    server_name test.kaltura.org;

    ssl_certificate      /etc/pki/tls/certs/kaltura.org.crt;
    ssl_certificate_key  /etc/pki/tls/private/kaltura.org.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    include /etc/nginx/conf.d/kaltura.conf;
}

Assuming these are OK, what’s the output for:
mysql> select * from delivery_profile where id in (1001,1002,1003)\G
?

A much more detailed explanation about the Nginx VOD module, delivery profiles and Apache configuration can be found here:

hiphopservers · July 27, 2017, 8:19pm

@jess

That would explain the issue with the Kaltura HTML5 player but not why the stream is not loading in my desktop VLC player since there were not NGINX playback restrictions in the configuration file to limit what IPs or clients could access the direct link.

I entered this link into both my desktop VLC player and got an immediate error that the connection was not available. Unless the HTTP URL which dies in VLC after the attempt to connect to the stream times out. Similar with Kaltura HTML5 player which immediately displays a message saying “No Broadcast is Available” unlike the HTTP version which just spins.

# netstat -plnt|grep nginx
tcp        0      0 KALTURA_SERVER_IP:1935      0.0.0.0:*               LISTEN      12204/nginx: master
tcp        0      0 KALTURA_SERVER_IP:88        0.0.0.0:*               LISTEN      12204/nginx: master
tcp        0      0 KALTURA_SERVER_IP:8443      0.0.0.0:*               LISTEN      12204/nginx: master

As you can see Kaltura-NGINX is listening on the caption ports. However as I mention the non-SSL ports just timeout or never actually stream. So it is detecting data being sent but nothing is actually showing up. The SSL connection is just straight refused.

# cat /etc/nginx/conf.d/ssl.conf

The SSL cert configured here is using my Wildcard Cert we discuss previously. You will notice I have bind the process to a specific IP on my system in the configuration file for all ports.

# HTTPS server
#
server {
    listen     KALUTRA_SERVER_IP:8443   ssl;
    server_name cdn.mydomain.com;

    ssl_certificate      /etc/ssl/certs/server.crt;
    ssl_certificate_key  /etc/ssl/certs/server.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    include /etc/nginx/conf.d/kaltura.conf;
}

My results from this qurey is as follows:

*************************** 1. row ***************************
             id: 1001
     partner_id: 0
     created_at: 2016-03-18 13:34:15
     updated_at: 2016-03-18 13:34:15
           name: Kaltura HLS segmentation
           type: 61
    system_name: Kaltura HLS segmentation
    description: Kaltura HLS segmentation
            url: https://cdn.mydomain.com:88/hls
      host_name: cdn.mydomain.com
     recognizer: NULL
      tokenizer: NULL
         status: 0
media_protocols: NULL
  streamer_type: applehttp
     is_default: 1
      parent_id: 0
    custom_data: NULL
       priority: 0
*************************** 2. row ***************************
             id: 1002
     partner_id: 0
     created_at: 2016-03-18 13:34:15
     updated_at: 2016-03-18 13:34:15
           name: Kaltura HDS segmentation
           type: 63
    system_name: Kaltura HDS segmentation
    description: Kaltura HDS segmentation
            url: https://cdn.mydomain.com:88/hds
      host_name: cdn.mydomain.com
     recognizer: NULL
      tokenizer: NULL
         status: 0
media_protocols: NULL
  streamer_type: hdnetworkmanifest
     is_default: 1
      parent_id: 0
    custom_data: NULL
       priority: 0
*************************** 3. row ***************************
             id: 1003
     partner_id: 0
     created_at: 2016-03-18 13:34:15
     updated_at: 2016-03-18 13:34:15
           name: Kaltura DASH segmentation
           type: 68
    system_name: Kaltura DASH segmentation
    description: Kaltura DASH segmentation
            url: https://cdn.mydomain.com:88/dash
      host_name: cdn.mydomain.com
     recognizer: NULL
      tokenizer: NULL
         status: 0
media_protocols: NULL
  streamer_type: mpegdash
     is_default: 1
      parent_id: 0
    custom_data: NULL
       priority: 0
3 rows in set (0.00 sec)

jess · July 27, 2017, 8:23pm

Hi @hiphopservers,

In the delivery_profile table, the base URL should be ‘https://cdn.mydomain.com:8443’ not ‘https://cdn.mydomain.com:88’.
Update the delivery_profile.url columns and playback should work. If it doesn’t, please provide a sample URL where the player is embedded and I’ll take a look.

hiphopservers · July 27, 2017, 11:02pm

The resolution to this issue is related to the SSL certificate defined in NGINX. My specific SSL certificate is a Wildcard and requires a CA Root Certificate and since NGINX does not have the functionally to define a CA certificate path the same way as Apache you must set the cert with a bundle-crt or a pem certificate as shown in this example.

I have figured out the solution with a basic Bing search. Which return comments that when using an SSL Cert with NGINX you should assign the CA crt-bundle or set a pem as the cert as shown.

Edit the following file to reflect your correct information.

# /etc/nginx/conf.d/ssl.conf

# HTTPS server
#
server {
listen     KALUTRA_SERVER_IP:8443   ssl;
server_name cdn.mydomain.com;

ssl_certificate    /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key    /etc/ssl/your_domain_name.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

include /etc/nginx/conf.d/kaltura.conf;

}
You have to define the https URL in Kaltura with the correct SSL port when this is completed as previously described.