I am running webserver / domain on HTTPS and Wowza Media Streaming Server on HTTP (Non-SSL) so I am getting Error for LIVE / VOD HLS stream Files “Cannot load M3U8: Unable to fetch HTTP resource over HTTPS”
#FridayFeeling Install #SSL Letsencrypt on #Wowza Server HLS Stream #Nginx https://t.co/lizrbxtx4M pic.twitter.com/DUJPGkQ1QU
— HTML5 Player ♫ ♪ (@HTML5MP3Player) January 26, 2018
HTTP stream
http://origin.domain.com:1935/live/myStream/playlist.m3u8
HTTPS stream – Needs to setup
https://origin.domain.com:1443/live/myStream/playlist.m3u8
Install Let’s Encrypt SSL Certificates –
Free SSL Certbot
=> As I have installed SSL on NGINX … I am running NGINX webserver on 443 (HTTPS) … but wowza is not configured for SSL still
Try to find SSL key in Let’s Encrypt Certificate Directory
# ls /etc/letsencrypt/live
# ls /etc/letsencrypt/live/origin.domain.com
cert.pem chain.pem fullchain.pem privkey.pem README
cert.pem: Server Certificate
chain.pem: Root and Intermediate Certificates
fullchain.pem: Combination of Server, Root and Intermediate Certificates (replaces cert.pem and chain.pem)
privkey.pem: Private Key (don’t share)
# stat /etc/letsencrypt/live/origin.domain.com/fullchain.pem
File: ‘/etc/letsencrypt/live/origin.domain.com/fullchain.pem’ -> ‘../../archive/origin.domain.com/fullchain3.pem’
Size: 50 Blocks: 0 IO Block: 4096 symbolic link
Device: ca01h/51713d Inode: 2754252 Links: 1
Wowza Configuration
Special Thanks to Robymus who made java converter file “wowza-letsencrypt-converter” to convert SSL to an JKS file.
# cd /usr/local/WowzaStreamingEngine/lib
# wget https://github.com/robymus/wowza-letsencrypt-converter/releases/download/v0.1/wowza-letsencrypt-converter-0.1.jar
– The letsencrypt-live-path parameter defaults to /etc/letsencrypt/live
Make sure you have Java 8 installed
# apt-get install oracle-java8-installer
# cd /usr/local/WowzaStreamingEngine/lib
# java -jar wowza-letsencrypt-converter-0.1.jar -v /usr/local/WowzaStreamingEngine/conf/ /etc/letsencrypt/live/
Make sure you will have below files in /usr/local/WowzaStreamingEngine/conf/
– origin.domain.com.jks
– jksmap.txt
– File jksmap.txt have domain to keystore mapping will be used in the VHost.xml of Wowza Streaming Engine.
– JKS password will be ‘secret’.
Now update Wowza file /usr/local/WowzaStreamingEngine/conf/VHost.xml for Wowza HLS M3U8 file
Open Wowza VHost.xml and search 443 HostPort and comment out the <!– before HostPort and –> at the end of HostPort
I am using port 443 already for NGINX SSL HTTPS … so now I am using port 1443 for Wowza HLS M3U8
<!-- 443 with SSL --> <HostPort> <Name>Default SSL Streaming</Name> <Type>Streaming</Type> <ProcessorCount>${com.wowza.wms.TuningAuto}</ProcessorCount> <IpAddress>*</IpAddress> <Port>1443</Port> <HTTPIdent2Response></HTTPIdent2Response> <SSLConfig> <KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/origin.domain.com.jks</KeyStorePath> <KeyStorePassword>secret</KeyStorePassword> <KeyStoreType>JKS</KeyStoreType> <DomainToKeyStoreMapPath></DomainToKeyStoreMapPath> <SSLProtocol>TLS</SSLProtocol> <Algorithm>SunX509</Algorithm> <CipherSuites></CipherSuites> <Protocols></Protocols> </SSLConfig> <SocketConfiguration> <ReuseAddress>true</ReuseAddress> <ReceiveBufferSize>65000</ReceiveBufferSize> <ReadBufferSize>65000</ReadBufferSize> <SendBufferSize>65000</SendBufferSize> <KeepAlive>true</KeepAlive> <AcceptorBackLog>100</AcceptorBackLog> </SocketConfiguration> <HTTPStreamerAdapterIDs>cupertinostreaming,smoothstreaming,sanjosestreaming,dvrchunkstreaming,mpegdashstreaming</HTTPStreamerAdapterIDs> <HTTPProviders> <HTTPProvider> <BaseClass>com.wowza.wms.http.HTTPCrossdomain</BaseClass> <RequestFilters>*crossdomain.xml</RequestFilters> <AuthenticationMethod>none</AuthenticationMethod> </HTTPProvider> <HTTPProvider> <BaseClass>com.wowza.wms.http.HTTPClientAccessPolicy</BaseClass> <RequestFilters>*clientaccesspolicy.xml</RequestFilters> <AuthenticationMethod>none</AuthenticationMethod> </HTTPProvider> <HTTPProvider> <BaseClass>com.wowza.wms.http.HTTPProviderMediaList</BaseClass> <RequestFilters>*jwplayer.rss|*jwplayer.smil|*medialist.smil|*manifest-rtmp.f4m</RequestFilters> <AuthenticationMethod>none</AuthenticationMethod> </HTTPProvider> <HTTPProvider> <BaseClass>com.wowza.wms.http.HTTPServerVersion</BaseClass> <RequestFilters>*</RequestFilters> <AuthenticationMethod>none</AuthenticationMethod> </HTTPProvider> </HTTPProviders> </HostPort>
Now Restart Wowza Server
# service WowzaStreamingEngine restart
Make sure you have also opened port 1443 on your firewall.
Now Wowza HLS M3U8 will work like HTTPS stream
https://origin.domain.com:1443/live/myStream/playlist.m3u8