Install kaltura Nginx VOD module

Jess

Our IT departman opened port 8443 internal and external, you can see console.

Jess

/etc/nginx/static this directory doesn’t exist in my server, must I create it ?

[root@cdn nginx]# pwd
/etc/nginx
[root@cdn nginx]# ll
total 36
drwxr-xr-x 2 root root  128 Oct 19 20:09 conf.d
-rw-r--r-- 1 root root  964 Sep  9 17:52 fastcgi_params
-rw-r--r-- 1 root root 2837 Sep  9 17:52 koi-utf
-rw-r--r-- 1 root root 2223 Sep  9 17:52 koi-win
-rw-r--r-- 1 root root 3957 Sep  9 17:52 mime.types
-rw-r--r-- 1 root root 1689 Oct 19 17:20 nginx.conf
-rw-r--r-- 1 root root 1681 Oct 19 15:39 nginx.conf.old
-rw-r--r-- 1 root root  596 Sep  9 17:52 scgi_params
-rw-r--r-- 1 root root  623 Sep  9 17:52 uwsgi_params
-rw-r--r-- 1 root root 3610 Sep  9 17:52 win-utf
[root@cdn nginx]#

Hi @jess

This is not work with 8443
https://cdn.yasar.edu.tr:8443/hls/p/101/sp/10100/serveFlavor/entryId/0_5u72aefd/v/2/flavorId/0_paronbmo/name/a.mp4/index.m3u8

This is work on chrome, firefox
https://cdn.yasar.edu.tr:8443/hls/p/101/sp/10100/serveFlavor/entryId/0_5u72aefd/v/2/flavorId/0_paronbmo/name/a.mp4/index.m3u8

Hello,

I cannot seem to reach any of the URLs you posted but I’ll walk you through a fully operational SSL config and hopefully you can check what’s different in yours and correct it.
I am assuming a single instance here, if you have a cluster with an LB obviously things are somewhat different. Paths are provided as they are on RHEL based machines because I know that’s what you have. If someone else reads this in the future for reference, on deb they are different but the principle remains the same.

All examples below use test.kaltura.org as host/service URL. Obviously, you should change them to your own host, which seems to be cdn.yasar.edu.tr from the examples you posted.

In this setup, Apache listens on port 443 and Nginx, on the same machine, listens on port 8443.

Apache over SSL:
/etc/httpd/conf.d/zzzkaltura.ssl.conf -> /opt/kaltura/app/configurations/apache/kaltura.ssl.conf

<IfModule !ssl_module>
        LoadModule ssl_module modules/mod_ssl.so
</IfModule>


SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
<IfVersion < 2.4>
        SSLMutex default
</IfVersion>
<IfVersion >= 2.4>
        Mutex sysvsem default
</IfVersion>
SSLCryptoDevice builtin

SSLCertificateFile /etc/pki/tls/certs/kaltura.org.crt
SSLCertificateKeyFile /etc/pki/tls/private/kaltura.org.key
SSLCACertificateFile /etc/pki/tls/certs/ca-kaltura.org.crt
<VirtualHost test.kaltura.org>
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

        ErrorLog "/opt/kaltura/log/kaltura_apache_errors_ssl.log"
        CustomLog /opt/kaltura/log/kaltura_apache_access_ssl.log vhost_kalt

        Include "/opt/kaltura/app/configurations/apache/conf.d/enabled.*.conf"
</VirtualHost>

Nginx config:
/etc/nginx/nginx.conf:

user  kaltura;
worker_processes  auto;

error_log  /opt/kaltura/log/kaltura_nginx_errors.log;

pid             /var/run/nginx.pid;

events {
        worker_connections  1024;
        multi_accept on;
        use epoll;
}

http {
        upstream kalapi {
                server test.kaltura.org;
        }

        include    mime.types;
        default_type  application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $bytes_sent $request_time "$http_referer" "$http_user_agent" "-" - '
                '"$sent_http_x_kaltura" "$http_host" $pid $sent_http_x_kaltura_session - '
                '$request_length "$sent_http_content_range" "$http_x_forwarded_for" '
                '"$http_x_forwarded_server" "$http_x_forwarded_host" "$sent_http_cache_control" '
                '$connection ';

        access_log /opt/kaltura/log/kaltura_nginx_access.log main;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;

        keepalive_timeout 60;
        keepalive_requests 1000;
        client_header_timeout 20;
        client_body_timeout 20;
        reset_timedout_connection on;
        send_timeout 20;

        gzip  on;
        gzip_types application/vnd.apple.mpegurl video/f4m application/dash+xml text/xml;
        # common vod settings
        vod_mode mapped;
        vod_upstream_location /kalapi_proxy;
        vod_upstream_extra_args "pathOnly=1";

        # shared memory zones
        vod_metadata_cache metadata_cache 512m;
        vod_mapping_cache mapping_cache 64m;
        vod_response_cache response_cache 64m;
        vod_performance_counters perf_counters;

        # common file caching / aio
        open_file_cache max=1000 inactive=5m;
        open_file_cache_valid 2m;
        open_file_cache_min_uses 1;
        open_file_cache_errors on;
        aio on;

        server {
                listen 88;
                server_name test.kaltura.org;
                include /etc/nginx/conf.d/kaltura.conf;

        }
        include /etc/nginx/conf.d/ssl.conf;
}

/etc/nginx/conf.d/kaltura.conf:
Notice in particular the use of proxy_pass https://kalapi/; Should be ‘https’ and not ‘http’.

                # static files (crossdomain.xml, robots.txt etc.) + fallback to api
                location / {
                        root   /etc/nginx/static;
                        try_files $uri @api_fallback;
                }

                # nginx status page
                location /nginx_status {
                        stub_status on;
                        access_log off;
                }

                # vod status page
                location /vod_status {
                        vod_status;
                        access_log off;
                }

                # internal location for vod subrequests
                location /kalapi_proxy/ {
                        internal;
                        proxy_pass https://kalapi/;
                        proxy_set_header Host $http_host;
                }

                # serve flavor progressive (clipFrom/To are not supported with 'vod none' so they are proxied)
                location ~ ^/p/\d+/(sp/\d+/)?serveFlavor/((?!clipFrom)(?!clipTo).)*$ {
                        vod none;

                        add_header Last-Modified "Sun, 19 Nov 2000 08:52:00 GMT";
                        expires 100d;
                }

                # serve flavor HLS
                location ~ ^/hls/p/\d+/(sp/\d+/)?serveFlavor/ {
                        vod hls;
                        vod_bootstrap_segment_durations 2000;
                        vod_bootstrap_segment_durations 2000;
                        vod_bootstrap_segment_durations 2000;
                        vod_bootstrap_segment_durations 4000;

                        add_header Last-Modified "Sun, 19 Nov 2000 08:52:00 GMT";
                        add_header Access-Control-Allow-Headers "*";
                        add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range";
                        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
                        add_header Access-Control-Allow-Origin "*";
                        expires 100d;
                }

                # serve flavor DASH
                location ~ ^/dash/p/\d+/(sp/\d+/)?serveFlavor/ {
                        vod dash;
                        vod_segment_duration 4000;
                        vod_bootstrap_segment_durations 3500;
                        vod_align_segments_to_key_frames on;
                        vod_dash_manifest_format segmenttemplate;

                        add_header Last-Modified "Sun, 19 Nov 2000 08:52:00 GMT";
                        add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer";
                        add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range";
                        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
                        add_header Access-Control-Allow-Origin "*";
                        expires 100d;
                }

                # serve flavor HDS
                location ~ ^/hds/p/\d+/(sp/\d+/)?serveFlavor/ {
                        vod hds;
                        vod_segment_duration 6000;
                        vod_align_segments_to_key_frames on;
                        vod_segment_count_policy last_rounded;

                        add_header Last-Modified "Sun, 19 Nov 2000 08:52:00 GMT";
                        add_header Access-Control-Allow-Origin "*";
                        expires 100d;
                }

                # serve flavor MSS
                location ~ ^/mss/p/\d+/(sp/\d+/)?serveFlavor/ {
                        vod mss;
                        vod_segment_duration 4000;
                        vod_manifest_segment_durations_mode accurate;

                        add_header Last-Modified "Sun, 19 Nov 2000 08:52:00 GMT";
                        expires 100d;
                }

                # all unidentified requests fallback to api (inc. playManifest)
                location @api_fallback {
                        proxy_pass https://kalapi;
                        proxy_set_header Host $http_host;
                }

                #error_page  404                          /404.html;

                # redirect server error pages to the static page /50x.html
                #
                error_page   500 502 503 504  /50x.html;
                location = /50x.html {
                        root   html;
                }

/etc/nginx/conf.d/ssl.conf:

server {
    listen     8443   ssl;
    server_name test.kaltura.org;

    ssl_certificate      /etc/pki/tls/certs/kaltura.org.crt;
    ssl_certificate_key  /etc/pki/tls/private/kaltura.org.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    include /etc/nginx/conf.d/kaltura.conf;
}

Delivery Profiles:

mysql> select * from delivery_profile where id in (1001,1002,1003)\G                      
*************************** 1. row ***************************
             id: 1001
     partner_id: 0
     created_at: 2016-10-21 09:49:19
     updated_at: 2016-10-21 09:49:19
           name: Kaltura HLS segmentation
           type: 61
    system_name: Kaltura HLS segmentation
    description: Kaltura HLS segmentation
            url: https://test.kaltura.org:8443/hls
      host_name: test.kaltura.org
     recognizer: NULL
      tokenizer: NULL
         status: 0
media_protocols: NULL
  streamer_type: applehttp
     is_default: 1
      parent_id: 0
    custom_data: NULL
       priority: 0
*************************** 2. row ***************************
             id: 1002
     partner_id: 0
     created_at: 2016-10-21 09:49:19
     updated_at: 2016-10-21 09:49:19
           name: Kaltura HDS segmentation
           type: 63
    system_name: Kaltura HDS segmentation
    description: Kaltura HDS segmentation
            url: https://test.kaltura.org:8443/hds
      host_name: test.kaltura.org
     recognizer: NULL
      tokenizer: NULL
         status: 0
media_protocols: NULL
  streamer_type: hdnetworkmanifest
     is_default: 1
      parent_id: 0
    custom_data: NULL
       priority: 0
*************************** 3. row ***************************
             id: 1003
     partner_id: 0
     created_at: 2016-10-21 09:49:19
     updated_at: 2016-10-21 09:49:19
           name: Kaltura DASH segmentation
           type: 68
    system_name: Kaltura DASH segmentation
    description: Kaltura DASH segmentation
            url: https://test.kaltura.org:8443/dash
      host_name: test.kaltura.org
     recognizer: NULL
      tokenizer: NULL
         status: 0
media_protocols: NULL
  streamer_type: mpegdash
     is_default: 1
      parent_id: 0
    custom_data: NULL
       priority: 0
3 rows in set (0.00 sec)

If, after verifying that all your configurations are the same as above, it still does not work, then I will need access to a sample embed code.

Hi @jess

Thanks for your support.
When I changed from http://kalapi to httpS://kalapi, everything was worked successfully.

Hi @eemirtekinn,

Great, glad to hear we’re good.

I tried all those but i still get this page. nginx worked untill i restarted the service. what is the path and name of the root config file for apache? it looks like something is wrong with the webroot when i try https. but http works fine wih both nginx and apache. if i try to access my https the ssl is shown clearly on the browser without any error. bot nginx (video not playing) and apache don’t work on https.