From 407318445db48eb72fd186f2021026c9805aefff Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Mon, 5 Dec 2022 16:26:50 +0100 Subject: [PATCH] nginx-rtmps --- bundles/letsencrypt/README.md | 2 +- bundles/nginx-rtmps/README.md | 15 +++++++++ bundles/nginx-rtmps/files/rtmps.conf | 38 +++++++++++++++++++++ bundles/nginx-rtmps/items.py | 9 +++++ bundles/nginx-rtmps/metadata.py | 50 ++++++++++++++++++++++++++++ bundles/nginx/files/nginx.conf | 5 ++- bundles/nginx/items.py | 16 ++++++--- nodes/netcup.mails.py | 10 ++++-- 8 files changed, 135 insertions(+), 10 deletions(-) create mode 100644 bundles/nginx-rtmps/README.md create mode 100644 bundles/nginx-rtmps/files/rtmps.conf create mode 100644 bundles/nginx-rtmps/items.py create mode 100644 bundles/nginx-rtmps/metadata.py diff --git a/bundles/letsencrypt/README.md b/bundles/letsencrypt/README.md index 0214915..1364f92 100644 --- a/bundles/letsencrypt/README.md +++ b/bundles/letsencrypt/README.md @@ -1,6 +1,6 @@ https://github.com/dehydrated-io/dehydrated/wiki/example-dns-01-nsupdate-script -``` +```sh printf "server 127.0.0.1 zone acme.resolver.name. update add _acme-challenge.ckn.li.acme.resolver.name. 600 IN TXT "hello" diff --git a/bundles/nginx-rtmps/README.md b/bundles/nginx-rtmps/README.md new file mode 100644 index 0000000..3935da6 --- /dev/null +++ b/bundles/nginx-rtmps/README.md @@ -0,0 +1,15 @@ +OBS +=== + +publish +------- + +obs stream to `rtmps://rtmp.sublimity.de:1937/24b626n246n2462v46bb2n2` stream key `ckn` + +input +----- + +- Media Source +- uncheck Local File +- Input: `rtmps://rtmp.sublimity.de:1937/24b626n246n2462v46bb2n2/ckn` + diff --git a/bundles/nginx-rtmps/files/rtmps.conf b/bundles/nginx-rtmps/files/rtmps.conf new file mode 100644 index 0000000..4f30c69 --- /dev/null +++ b/bundles/nginx-rtmps/files/rtmps.conf @@ -0,0 +1,38 @@ +stream { + upstream rtmp { + server 127.0.0.1:1936; + } + + server { + listen 1937 ssl; + listen [::]:1937 ssl; + + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + + proxy_pass rtmp; + } +} + +rtmp { + server { + listen 127.0.0.1:1936; + chunk_size 4096; + + application ${stream_key} { + live on; + record off; + allow publish 127.0.0.1; # for streaming through nginx + allow play 127.0.0.1; # for the pull from /live + } + + application live { + live on; + record off; + deny publish all; # no need to publish on /live + allow play all; # playing allowed + + pull rtmp://127.0.0.1:1936/${stream_key}; + } + } +} diff --git a/bundles/nginx-rtmps/items.py b/bundles/nginx-rtmps/items.py new file mode 100644 index 0000000..ae6bb08 --- /dev/null +++ b/bundles/nginx-rtmps/items.py @@ -0,0 +1,9 @@ +files = { + '/etc/nginx/conf.d/rtmps.conf': { + 'content_type': 'mako', + 'context': { + 'server_name': node.metadata.get('nginx-rtmps/hostname'), + 'stream_key': node.metadata.get('nginx-rtmps/stream_key'), + } + }, +} diff --git a/bundles/nginx-rtmps/metadata.py b/bundles/nginx-rtmps/metadata.py new file mode 100644 index 0000000..604bcc6 --- /dev/null +++ b/bundles/nginx-rtmps/metadata.py @@ -0,0 +1,50 @@ +defaults = { + 'apt': { + 'packages': { + 'libnginx-mod-stream': {}, + 'libnginx-mod-rtmp': {}, + }, + }, + 'nftables': { + 'input': { + 'tcp dport 1937 accept', + }, + }, +} + + +@metadata_reactor.provides( + 'nginx-rtmps/stream_key', +) +def stream_key(metadata): + return { + 'nginx-rtmps': { + 'stream_key': repo.vault.password_for(f"{metadata.get('id')} nginx-rtmps stream_key", length=24) + }, + } + + +@metadata_reactor.provides( + 'dns', +) +def dns(metadata): + return { + 'dns': { + metadata.get('nginx-rtmps/hostname'): repo.libs.ip.get_a_records(metadata), + } + } + + +@metadata_reactor.provides( + 'letsencrypt/domains', +) +def letsencrypt(metadata): + return { + 'letsencrypt': { + 'domains': { + metadata.get('nginx-rtmps/hostname'): { + 'reload': {'nginx'}, + }, + }, + }, + } diff --git a/bundles/nginx/files/nginx.conf b/bundles/nginx/files/nginx.conf index 804c64f..865f0ce 100644 --- a/bundles/nginx/files/nginx.conf +++ b/bundles/nginx/files/nginx.conf @@ -2,6 +2,9 @@ pid /var/run/nginx.pid; user www-data; worker_processes 10; +include /etc/nginx/modules-enabled/*; +include /etc/nginx/conf.d/*; + events { worker_connections 768; } @@ -15,7 +18,7 @@ http { server_names_hash_bucket_size 128; tcp_nopush on; client_max_body_size 32G; - + % if node.has_bundle('php'): upstream php-handler { server unix:/var/run/php/php${node.metadata.get('php/version')}-fpm.sock; diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py index 045887b..60b9582 100644 --- a/bundles/nginx/items.py +++ b/bundles/nginx/items.py @@ -9,6 +9,12 @@ directories = { 'svc_systemd:nginx:restart', }, }, + '/etc/nginx/conf.d': { + 'purge': True, + 'triggers': { + 'svc_systemd:nginx:restart', + }, + }, '/etc/nginx/ssl': { 'purge': True, 'triggers': { @@ -26,22 +32,22 @@ files = { 'triggers': { 'svc_systemd:nginx:restart', }, - }, + }, '/etc/nginx/fastcgi.conf': { 'triggers': { 'svc_systemd:nginx:restart', }, - }, + }, '/etc/nginx/sites/80.conf': { 'triggers': { 'svc_systemd:nginx:restart', }, - }, + }, '/etc/nginx/sites/stub_status.conf': { 'triggers': { 'svc_systemd:nginx:restart', }, - }, + }, '/etc/nginx/sites-available': { 'delete': True, 'needs': { @@ -88,7 +94,7 @@ for name, config in node.metadata.get('nginx/vhosts').items(): 'svc_systemd:nginx:restart', }, } - + if name in node.metadata.get('letsencrypt/domains'): files[f'/etc/nginx/sites/{name}']['needs'].append( f'action:letsencrypt_ensure-some-certificate_{name}', diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index c140681..f48d2af 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -11,13 +11,14 @@ ], 'bundles': [ 'bind-acme', + 'build-ci', 'download-server', 'islamicstate.eu', + 'lonercrew', + 'nginx-rtmps', + 'steam', 'wireguard', 'zfs', - 'lonercrew', - 'build-ci', - 'steam', ], 'metadata': { 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', @@ -165,6 +166,9 @@ }, }, }, + 'nginx-rtmps': { + 'hostname': 'rtmp.sublimity.de', + }, 'roundcube': { 'product_name': 'Sublimity Mail', 'version': '1.5.0',