实际操作的服务器是CentOS 6.x 64位系统
一、配置防火墙
开启80端口(nginx)、8080端口(srs http)、1935端口(nginx-rtmp)、19350端口(srs)
vi /etc/sysconfig/iptables #编辑防火墙配置文件
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1935 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 19350 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq! #保存退出
service iptables restart #最后重启防火墙使配置生效
如果是centOS7.x,默认使用的是firewall作为防火墙,可以改为iptables防火墙。
-
关闭firewall:
systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 -
安装iptables防火墙
yum install iptables-services #安装 -
编辑防火墙配置文件
vi /etc/sysconfig/iptables内容编辑同6.x
-
7.x的service与6.x不同
systemctl restart iptables.service #重启防火墙使配置生效 systemctl enable iptables.service #设置防火墙开机启动
二、关闭SELINUX
vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing #注释掉
SELINUX=disabled #增加
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
#SELINUXTYPE=targeted #注释掉
:wq! #保存退出
setenforce 0 #使配置立即生效
三 、指定路径
软件源代码包存放位置:/usr/local/src
源码包编译安装位置:/usr/local/软件名字
四、下载软件包
1、下载nginx源代码
wget http://nginx.org/download/nginx-1.12.0.tar.gz
2、下载pcre源代码 (支持nginx伪静态)
wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz
3、下载openssl(nginx扩展)
wget ftp://ftp.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz
注:
1)、For the relationships between OpenSSL and FIPS 140-2, read this documentation。
2)、如果编译参数中含有--with-openssl=...,则表明Nginx是静态编译openssl,需要自己提供源码包。
输入命令
ldd `which nginx`|grep ssl
显示
libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003709c00000)
表明系统存在的nginx是动态链接openssl的。
3)、更多信息参考这个链接。
4、下载zlib源码(nginx扩展)
wget http://zlib.net/zlib-1.2.11.tar.gz
5、下载nginx-rtmp-module源码
git clone https://github.com/arut/nginx-rtmp-module.git
6、下载Simple RTMP Server源码
git clone https://github.com/ossrs/srs.git
原作git,作者清空了master branch,不过1.0release、2.0release、develop三个分支还在。(目前默认分支是2.0release)
以上软件包使用WinSCP工具上传到/usr/local/src目录,也可以直接在服务端git clone或者wget。
五、安装编译工具及库文件(使用yum命令安装)
yum install -y apr* autoconf automake bison bzip2 bzip2* cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel gcc gcc-c++ gtk+-devel gd gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng libpng* libpng-devel libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libX* libtiff libtiff* make mpfr ncurses* ntp openssl nasm nasm* openssl-devel patch pcre-devel perl php-common php-gd policycoreutils ppl telnet t1lib t1lib* wget zlib-devel libxml2 libxml2-devel libxslt libxslt-devel unzip
六、开始安装
1、安装nginx-rtmp
源代码包上传解压或clone
groupadd www
useradd -g www www -s /bin/false
cd /usr/local/src
tar zxvf nginx-1.12.0.tar.gz
cd nginx-1.12.0
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-openssl=../openssl-1.0.1j --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-zlib=/usr/local/src/zlib-1.2.11 --with-pcre=../pcre-8.40 --with-pcre-jit --with-http_xslt_module --add-module=../nginx-rtmp-module --with-debug
#注意:--with-openssl=../openssl-1.0.1j --with-zlib=../zlib-1.2.8 --with-pcre=../pcre-8.38指向的是源码包解压的路径,而不是安装的路径,否则会报错。
make
make install
/usr/local/nginx/sbin/nginx #启动Nginx
设置nginx开机启动,参考链接
make_dir部分在markdown复制有点问题,请从上面的链接处复制过来。
vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -n "$user" ]; then
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
fi
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
:wq! #保存退出
chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限
chkconfig nginx on #设置开机启动
/etc/rc.d/init.d/nginx restart #重启
service nginx restart #这样重启也行
2、编译安装Simple RTMP Server
git clone https://github.com/ossrs/srs.git
cd srs
#目前官方git默认分支是2.0release,功能较全,相对稳定
#git checkout develop
git pull
cd trunk/
#nginx和ffmpeg自己编译
./configure --full --without-ffmpeg --without-nginx #--log-verbose --log-info --log-trace
make
#安装在usr/local/srs,可不安装,直接在源代码目录调试学习
make install
cd /usr/local/srs
./objs/srs -c conf/srs.conf
#系统服务启动
cp /usr/local/srs/etc/init.d/srs /etc/rc.d/init.d/srs
chmod a+x /etc/rc.d/init.d/srs
chkconfig srs on
service srs restart
七、编译安装FFmpeg
参考的是段总的分享,见这里。
原作源代码放置在~/ffmpeg_sources,编译中间文件在$HOME/ffmpeg_build,编译得到的目标文件在$HOME/bin。
实际安装时做了一下修改,源代码放置在/usr/local/src/ffmpeg_sources,编译中间文件在/usr/local/src/ffmpeg_sources/ffmpeg_build,编译得到的目标文件在/usr/bin。
步骤如下:
yum install autoconf automake cmake freetype-devel openssl-devel gcc gcc-c++ git libtool make mercurial nasm pkgconfig zlib-devel
mkdir /usr/local/src/ffmpeg_sources #原作这里不正确
cd /usr/local/src/ffmpeg_sources
git clone --depth 1 git://github.com/yasm/yasm.git
cd yasm
autoreconf -fiv
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --bindir="/usr/bin"
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
git clone --depth 1 git://git.videolan.org/x264
cd x264
PKG_CONFIG_PATH="/usr/local/src/ffmpeg_sources/ffmpeg_build/lib/pkgconfig" ./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --bindir="/usr/bin" --enable-static
make
make install
make distclean-
cd /usr/local/src/ffmpeg_sources
hg clone https://bitbucket.org/multicoreware/x265
git clone https://github.com/videolan/x265.git
cd /usr/local/src/ffmpeg_sources/x265/build/linux
cmake -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX="/usr/local/src/ffmpeg_sources/ffmpeg_build" -DENABLE_SHARED:bool=off ../../source
make
make install cd /usr/local/src/ffmpeg_sources
git clone --depth 1 git://git.code.sf.net/p/opencore-amr/fdk-aac
cd fdk-aac
autoreconf -fiv
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
curl -L -O http://downloads.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
tar xzvf lame-3.99.5.tar.gz
cd lame-3.99.5
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --bindir="/usr/bin" --disable-shared --enable-nasm
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
git clone https://github.com/xiph/opus.git #原作链接要翻墙,改成github
cd opus
autoreconf -fiv
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
curl -O http://downloads.xiph.org/releases/ogg/libogg-1.3.2.tar.gz
tar xzvf libogg-1.3.2.tar.gz
cd libogg-1.3.2
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
curl -O http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.4.tar.gz
tar xzvf libvorbis-1.3.4.tar.gz
cd libvorbis-1.3.4
LDFLAGS="-L/usr/local/src/ffmpeg_sources/ffmeg_build/lib" CPPFLAGS="-I/usr/local/src/ffmpeg_sources/ffmpeg_build/include" ./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --with-ogg="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
git clone --depth 1 https://github.com/webmproject/libvpx.git
cd libvpx
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-examples --as=yasm
make
make install #某个版本会在make test时出错,忽略,不影响后续静态连接
make cleancd /usr/local/src/ffmpeg_sources
curl -O http://rtmpdump.mplayerhq.hu/download/rtmpdump-2.3.tgz
tar xzvf rtmpdump-2.3.tgz
cd rtmpdump-2.3/librtmp
sed -i 's#prefix=/usr/local#prefix=/usr/local/src/ffmpeg_sources/ffmpeg_build#' Makefile
sed -i 's/SHARED=yes/SHARED=no/' Makefile
make
make install
make cleancd /usr/local/src/ffmpeg_sources
git clone git://source.ffmpeg.org/ffmpeg.git ffmpeg
cd ffmpeg
PKG_CONFIG_PATH="/usr/local/src/ffmpeg_sources/ffmpeg_build/lib/pkgconfig" ./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --extra-cflags="-I/usr/local/src/ffmpeg_sources/ffmpeg_build/include" --extra-ldflags="-L/usr/local/src/ffmpeg_sources/ffmpeg_build/lib" --bindir="/usr/bin" --pkg-config-flags="--static" --enable-gpl --enable-nonfree --enable-openssl --enable-protocol=rtmp --enable-librtmp --enable-demuxer=rtsp --enable-muxer=rtsp --enable-libfreetype --enable-libfdk-aac --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --disable-shared --enable-static --disable-debug
make
make install
make distclean
如果要升级,请先
rm -rf /usr/local/src/ffmpeg_sources/ffmpeg_build /usr/bin/{ffmpeg,ffprobe,ffserver,lame,vsyasm,x264,x265,yasm,ytasm}
八、我要做什么?
自建源站,编码器推送到源站,有多个CDN线路备用,nginx-rtmp可以使用push指令,将stream推送到多个CDN,播放器打开,可以根据自己的情况,切换不同的线路,选择效果最好的进行播放。
但是这样的情况,有几个备用线路,源站就要push出去几次,对源站服务器的带宽占用较大,要是能够按需切换就好了。开源的nginx-rtmp不支持nginx自身的reload特性(短链接有效),修改了nginx.conf,需要停止当前的服务重新载入配置。
于是做个了变通的方案,源站服务器上同时安装nginx-rtmp和srs,编码器推送到nginx-rtmp(1935端口),配置文件nginx.conf:
rtmp {
server {
listen 1935;
application live {
live on;
push rtmp://127.0.0.1:19350 app=pushlive;
}
}
}
nginx-rtmp转推到本机的srs(19350端口),配置文件srs.conf(这个配置可能是的 Velop分支的写法,需要对照下官方wiki):
listen 19350;
max_connections 1000;
srs_log_tank file;
srs_log_file ./objs/srs.log;
vhost __defaultVhost__ {
forward wsrtmppub.cdn.mydomain.com dlrtmppub.cdn.mydomain.com;
}
其中,
wsrtmppub.cdn.mydomain.com 网宿上行域名
dlrtmppub.cdn.mydomain.com 帝联上行域名
如果还要添加新的备用线路,可以在forward后继续添加。如果要减少,将相应的上行域名删除即可。这个方法的优点是srs支持reload,修改srs.conf文件后,killall -1 srs 或者 /etc/init.d/srs reload,可以不影响当前转推的情况下,添加或者减少转推的CDN目标。
当然,这只是个权宜之计,真正用在生产环境,还是需要能够hold住nginx-rtmp或者srs代码,开源只是给我们启发,指出一条正确的道路,期待开源可以解决遇到的所有问题是不现实的。
