需求背景:
想着搭建一个视频点播服务器,最后选择了nginx+vod的方案,用lua脚本写拉流鉴权,但是环境搭建过程中又发现nginx++vod+lua的环境并不是很容易搭建,是nginx+lua的环境,手动搭建比较麻烦,但还是实现了,还有另一种方案是可以用openresty(nginx+lua)+ vod的方案,因为openresty已经帮你包含了nginx和lua的环境,但是还不包含vod这个点播模块,只需自己add-module vod就可以了
注意本文章介绍的点播lua鉴权,只做了m3u8文件的鉴权,并未对ts文件的鉴权,简单的判断是否带token的鉴权,至于token的设计,还需自己配置,
本文主要介绍了环境的搭建,鉴权流程的分析,重在流程,最后会在文中附上安装脚本和nginx.conf的整个配置文件
方案一 nginx+vod+lua
配置服务器DNS:
echo "nameserver 114.114.114.114" >> /etc/resolv.conf安装网路工具
yum install wget ntpdate git -y 安装编译工具及依赖库
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y同步服务器时间
ntpdate ntp.aliyun.com
timedatectl set-timezone Asia/Shanghai创建点播服务器的安装目录
我这里安装到了/usr/cloudland/nginx的目录下
mkdir -p /usr/cloudland/nginx下载配置安装lua解释器LuaJIT
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=$NGINX_INSTALL_PATH/luajit
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
cd -注意上面的两个export命令,配置lua解释器的环境变量
下载nginx NDK(ngx_devel_kit)扩展模块
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar -xzvf v0.3.0.tar.gz下载lua-nginx-module
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
tar -xzvf v0.10.9rc7.tar.gz下载安装lua-resty-http模块(lua的库,实现http功能的一些库)
wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
tar -zxvf v0.16.1.tar.gz
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/注意上面的两个cp的命令,这个是解决resty-http找不到的问题
下载安装lua-cjson模块(lua的库,为lua提供json相关功能)
wget https://github.com/openresty/lua-cjson/archive/refs/tags/2.1.0.9.tar.gz
tar -zxvf 2.1.0.9.tar.gz
cd lua-cjson-2.1.0.9
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/ install
cd -注意上面的make参数,指定的安装路径及头文件,解决的是找不到lua-cjson相关库的问题
下载nginx-vod模块
这个模块是为nginx实现点播功能的
wget https://github.com/kaltura/nginx-vod-module/archive/refs/tags/1.28.tar.gz
tar -zxvf 1.28.tar.gz下载配置安装nginx
wget https://nginx.org/download/nginx-1.20.1.tar.gz
tar -xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=/usr/cloudland/nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0 --add-module=../nginx-vod-module-1.28/
make
make install将luajia相关库加载一下
echo "$NGINX_INSTALL_PATH/luajit/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig修改nginx配置文件nginx.conf
有两处修改
修改处一:
init_by_lua_block {
cjson = require "cjson";
http = require "resty.http";
}添加位置:
修改处二:
location /vod {
rewrite_by_lua_block {
-- local cjson = require "cjson"
-- local http = require "resty.http"
local httpc = http.new()
local ngx = ngx
local headers = ngx.req.get_headers()
local extension = ngx.var.request_uri:match(".+%.(%w+)$")
local token = headers["token"]
local request_method = ngx.var.request_method
local args = nil
if "GET" == request_method then
args = ngx.req.get_uri_args()
elseif "POST" == request_method then
ngx.req.read_body()
args = ngx.req.get_post_args()
end
if extension == 'm3u8' then
token = args["token"];
if not token then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say("Nil token,Not Privileged To Play")
-- ngx.say(ngx.var.request_uri);
-- ngx.say(extension);
ngx.exit(200)
end
-- 要实现token鉴权的服务,header和参数已经实现,根据实际需要选择
-- 可以将URL发送给一个golang服务,用golang服务来做具体鉴权
local url = "http://172.20.0.95:11985/api/rest/v1/vod/check";
local res, err = httpc:request_uri(url, {method="GET", headers={["token"]=token}})
if not res then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.say(cjson.encode({message = "Error getting response",status = ngx.HTTP_INTERNAL_SERVER_ERROR }));
ngx.exit(200)
end
if res.body == '0' then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.say("Valid token,Not Privileged To Play.");
ngx.exit(200)
end
end
}
vod hls; # 协议使用hls模式
vod_mode local; # 访问模式指定为local模式
vod_align_segments_to_key_frames on; # 每个切片以关键帧开头
vod_manifest_segment_durations_mode accurate; # 精确显示每个切片的长度
root /media;
#alias /media; # 视频文件路径
#proxy_pass http://172.0.0.74:80/lua;
}
添加位置:
整个nginx.conf文件的配置
#user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
init_by_lua_block {
cjson = require "cjson";
http = require "resty.http";
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /lua {
default_type 'text/plain';
content_by_lua 'ngx.say("hello, lua for vod")';
}
location /vod {
rewrite_by_lua_block {
-- local cjson = require "cjson"
-- local http = require "resty.http"
local httpc = http.new()
local ngx = ngx
local headers = ngx.req.get_headers()
local extension = ngx.var.request_uri:match(".+%.(%w+)$")
local token = headers["token"]
local request_method = ngx.var.request_method
local args = nil
if "GET" == request_method then
args = ngx.req.get_uri_args()
elseif "POST" == request_method then
ngx.req.read_body()
args = ngx.req.get_post_args()
end
if extension == 'm3u8' then
token = args["token"];
if not token then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say("Nil token,Not Privileged To Play")
-- ngx.say(ngx.var.request_uri);
-- ngx.say(extension);
ngx.exit(200)
end
-- 要实现token鉴权的服务,header和参数已经实现,根据实际需要选择
-- 可以将URL发送给一个golang服务,用golang服务来做具体鉴权
local url = "http://172.20.0.95:11985/api/rest/v1/vod/check";
local res, err = httpc:request_uri(url, {method="GET", headers={["token"]=token}})
if not res then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.say(cjson.encode({message = "Error getting response",status = ngx.HTTP_INTERNAL_SERVER_ERROR }));
ngx.exit(200)
end
if res.body == '0' then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.say("Valid token,Not Privileged To Play.");
ngx.exit(200)
end
end
}
vod hls; # 协议使用hls模式
vod_mode local; # 访问模式指定为local模式
vod_align_segments_to_key_frames on; # 每个切片以关键帧开头
vod_manifest_segment_durations_mode accurate; # 精确显示每个切片的长度
root /media;
#alias /media; # 视频文件路径
#proxy_pass http://172.0.0.74:80/lua;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}将上述nginx.conf修改到/usr/cloudland/nginx.conf
启动nginx
cd /usr/cloudland/nginx/
./sbin/nginx -p $PWD -c conf/nginx.conf
结果验证:
在验证之前最后关闭防火墙
关闭防火墙:
systemctl stop firewalld随便拷贝一个视频到/media/vod目录下
用浏览器打开http://172.24.0.74/vod/720p-test.mp4/index.m3u8
上述不带token的结果
用浏览器打开带token的URLhttp://172.24.0.74/vod/720p-test.mp4/index.m3u8
发现会允许下载index.m3u8文件
用VLC打开带token的URL发现视频可以播放
整个环境搭建的脚本:
#!/bin/sh
NGINX_INSTALL_PATH=/usr/cloudland/nginx
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
yum install wget ntpdate git -y
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
ntpdate ntp.aliyun.com
timedatectl set-timezone Asia/Shanghai
# LuaJIT
if [ ! -f LuaJIT-2.0.4.tar.gz ]; then
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
fi
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=$NGINX_INSTALL_PATH/luajit
export LUAJIT_LIB=$NGINX_INSTALL_PATH/luajit/lib
export LUAJIT_INC=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0
cd -
#ngx_devel_kit
if [ ! -f v0.3.0.tar.gz ]; then
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
fi
tar -xzvf v0.3.0.tar.gz
#lua-nginx-module
if [ ! -f v0.10.9rc7.tar.gz ]; then
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
fi
tar -xzvf v0.10.9rc7.tar.gz
#lua-resty-http
if [ ! -f v0.16.1.tar.gz ]; then
wget https://github.com/ledgetech/lua-resty-http/archive/refs/tags/v0.16.1.tar.gz
fi
tar -zxvf v0.16.1.tar.gz
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/lib/lua/5.1/
cp -r lua-resty-http-0.16.1/lib/resty/ $NGINX_INSTALL_PATH/luajit/share/lua/5.1/
#lua-cjson
if [ ! -f 2.1.0.9.tar.gz ]; then
wget https://github.com/openresty/lua-cjson/archive/refs/tags/2.1.0.9.tar.gz
fi
tar -zxvf 2.1.0.9.tar.gz
cd lua-cjson-2.1.0.9
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/
make LUA_VERSION=5.1 PREFIX=$NGINX_INSTALL_PATH/luajit/ LUA_INCLUDE_DIR=$NGINX_INSTALL_PATH/luajit/include/luajit-2.0/ install
cd -
# vod module
if [ ! -f 1.28.tar.gz ]; then
wget https://github.com/kaltura/nginx-vod-module/archive/refs/tags/1.28.tar.gz
fi
tar -zxvf 1.28.tar.gz
# nginx
if [ ! -f nginx-1.20.1.tar.gz ]; then
wget https://nginx.org/download/nginx-1.20.1.tar.gz
fi
tar -xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=$NGINX_INSTALL_PATH --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --add-module=../lua-nginx-module-0.10.9rc7 --add-module=../ngx_devel_kit-0.3.0 --add-module=../nginx-vod-module-1.28/
make
make install
cd -
echo "$NGINX_INSTALL_PATH/luajit/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig
\cp ./nginx.conf $NGINX_INSTALL_PATH/conf
cd $NGINX_INSTALL_PATH
$NGINX_INSTALL_PATH/sbin/nginx -p $NGINX_INSTALL_PATH -c $NGINX_INSTALL_PATH/conf/nginx.conf
![腾讯xSRC[linux+docker]搭建教程](https://img-blog.csdnimg.cn/d18e2614414b4ad6b662bce774db92e9.png)
