Инструменты пользователя

Инструменты сайта


tvip_key_server_installation

TVIP key server installation

WARNING: TVIP cas-server in ALPHA stage, please report all bugs to support@tvip.ru

echo "deb http://deb.packages.tvip.ru/ xenial main" >> /etc/apt/sources.list.d/tms.list
wget --quiet -O - http://deb.packages.tvip.ru/deploy/key.asc | apt-key add -

apt-get -y -q install software-properties-common
add-apt-repository ppa:chris-lea/redis-server

apt-get update
apt-get install tvip-cas

Configuration

Copy original /opt/tvip-cas/application-prod.yml.example to /opt/tvip-cas/application-prod.yml:

cp /opt/tvip-cas/application-prod.yml.example /opt/tvip-cas/application-prod.yml

Use your favorite editor to change configuration file, for example vi:

vi /opt/tvip-cas/application-prod.yml

Main steps:

Configure Redis Storage

# Change redis password with real password:
spring:
  redis:
    host: localhost
    port: 6379
    password: REAL_REDIS_PASSWORD

That password must be equal with password in redis config, you can find password under SECURITY block in /etc/redis/redis.conf

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
requirepass REAL_REDIS_PASSWORD

After setup requirepass you must restart redis server for apply new settings

Attach Flussonic media server to Key server

In application-prod.yml file add Flussonic ip addresses in stream-servers directive:

  stream-servers:
    - 127.0.0.2
    - 127.0.0.3
    - 127.0.0.4

On each flussonic on each stream you may configure address where flussonic be fetch keys for segments, for setup we recommend to configure one channel:

stream rtd {
  url udp://226.180.180.180:1234 priority=1;
  #dvr /media/6T10 7d; 
  hds off;
  dash off;
  mpegts off;
  drm aes128 keyserver=http://keys.example.com:8081/cas-server;
}

Where keys.example.com is real domain of keyserver

Attach TMS with key server

TMS must use to connect next params:

  1. URL of key-server
  2. Name of application, by default that name is s1.keys.example.com (defined in app section in /opt/tvip-cas/application-prod.yml)
  3. Private key for sign request from CAS server (defined in app section in /opt/tvip-cas/application-prod.yml). For prevent security violations that key must be redefined by yourself
  4. Each TMS must be defined in tms-servers section of config file

After changes in config you must restart tvip-cas for applying settings,

on Ubuntu 16.04 you can use:

service tvip-cas restart

on Ubuntu 14.04 you can use:

/etc/init.d/tvip-cas restart

On TMS side you must configure CAS in Settings → CAS servers

Flussonic channel configuration

If you wish encode channel you must add drm directive to channel declaration. Channel encoding available only for hls streams, other streams must be disabled for security reasons.

stream examplechannel{
  ...
  ...
  hds off;
  rtmp off;
  rtsp off;
  dash off;
  mpegts off;
  drm aes128 keyserver=http://keys.example.net/cas-server;
}

TMS channel configuration

TMS require same channel name on flussonic and «System name» in Channel entity. For example below that name is examplechannel. Other settings of CAS for channel is no needed.

tvip_key_server_installation.txt · Последние изменения: 2020/02/28 09:19 — Egor Danilenko