diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..a37f5ec --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,8 @@ +osp_edge_http_user: "http" +osp_edge_http_group: "http" +osp_edge_http_path: "/var/www" +osp_edge_allow: +- "::1" +- "127.0.0.1" + + diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..e0af6b0 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +- name: reload nginx + systemd: + name: nginx + state: reloaded diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..0adb501 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: +- kewlfft.aur diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..829d763 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,56 @@ +- name: Workaround ansible switch between users + file: + path: "/tmp/ansible/" + mode: 0777 + state: directory + +- name: Install dependencies + package: + name: + - ffmpeg + - base-devel + - yay + +- name: Create AUR User for build + user: + name: aur_builder + +- name: Add sudo permission to aur user + lineinfile: + path: /etc/sudoers.d/11-install-aur_builder + line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' + create: yes + validate: 'visudo -cf %s' + +- name: Install nginx with rtmp + become: yes + become_user: aur_builder + aur: + name: nginx-rtmp-sergey-git + +- name: Configure NGINX + notify: reload nginx + template: + src: "{{ item }}" + dest: "/etc/nginx/{{ item }}" + loop: + - nginx.conf + - osp-rtmp.conf + - osp-redirects.conf + +- name: Create www directory + file: + path: "{{osp_edge_http_path }}/{{item}}" + owner: "{{ osp_edge_http_user }}" + group: "{{ osp_edge_http_group }}" + state: directory + loop: + - . + - live + - live-adapt + +- name: Nginx + systemd: + name: nginx + state: started + enabled: yes diff --git a/templates/nginx.conf b/templates/nginx.conf new file mode 100644 index 0000000..5260bb5 --- /dev/null +++ b/templates/nginx.conf @@ -0,0 +1,100 @@ +user {{ osp_edge_http_user }}; +worker_processes auto; + +# pid in nginx.service +# pid /run/nginx.pid; + +events { + worker_connections 1024; + multi_accept on; + use epoll; +} + +http { + types_hash_max_size 2048; + types_hash_bucket_size 128; + + include mime.types; + default_type application/octet-stream; + + proxy_cache_path /tmp/osp levels=1:2 keys_zone=auth_cache:5m max_size=1g inactive=24h; + + sendfile on; + tcp_nopush on; + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; + + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + image/gif + image/png + video/mp4 + video/mpeg + video/x-flv + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + + keepalive_timeout 65; + + server { + listen 9000; + + allow 127.0.0.1; # keep save there is one allowed +{% for h in osp_edge_allow %} + allow {{ h }}; +{% endfor %} + deny all; + + location /stat { + rtmp_stat all; + rtmp_stat_stylesheet stat.xsl; + } + + location /stat.xsl { + root /opt/osp/static; + } + } + + server { + listen 80; + listen [::]:80; + + # set client body size to 16M # + client_max_body_size 16M; + + include osp-redirects.conf; + + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + } +} + +include osp-rtmp.conf; diff --git a/templates/osp-redirects.conf b/templates/osp-redirects.conf new file mode 100644 index 0000000..c4fdb4c --- /dev/null +++ b/templates/osp-redirects.conf @@ -0,0 +1,17 @@ +location /live-adapt { + add_header 'Access-Control-Allow-Origin' "*" always; + valid_referers server_names ~.; + if ($invalid_referer) { + return 403; + } + alias {{ osp_edge_http_path }}/live-adapt; +} + +location /live { + add_header 'Access-Control-Allow-Origin' "*" always; + valid_referers server_names ~.; + if ($invalid_referer) { + return 403; + } + alias {{osp_edge_http_path}}/live; +} diff --git a/templates/osp-rtmp.conf b/templates/osp-rtmp.conf new file mode 100644 index 0000000..1abf8f1 --- /dev/null +++ b/templates/osp-rtmp.conf @@ -0,0 +1,79 @@ +rtmp_auto_push on; +rtmp_auto_push_reconnect 1s; + +rtmp { + server { + #listen 1935; + listen [::]:1935; + chunk_size 4096; + + application stream-data { + live on; + +{% for h in osp_edge_allow %} + allow publish {{ h }}; +{% endfor %} + #deny publish all; + allow play 127.0.0.1; + + push rtmp://127.0.0.1:1935/live/; + + hls on; + hls_path {{ osp_edge_http_path }}/live; + hls_fragment 1; + hls_playlist_length 30s; + + hls_nested on; + hls_fragment_naming system; + + } + + application stream-data-adapt { + live on; + +{% for h in osp_edge_allow %} + allow publish {{ h }}; +{% endfor %} + #deny publish all; + allow play 127.0.0.1; + + push rtmp://127.0.0.1:1935/live/; + + exec ffmpeg -i rtmp://127.0.0.1:1935/live/$name + -c:v libx264 -c:a aac -b:a 192k -vf "scale=-2:1080" -vsync 1 -copyts -start_at_zero -sws_flags lanczos -r 30 -g 30 -keyint_min 30 -force_key_frames "expr:gte(t,n_forced*1)" -tune zerolatency -preset ultrafast -crf 28 -maxrate 4192k -bufsize 8384k -threads 4 -f flv rtmp://localhost:1935/show/$name_1080 + -c:v libx264 -c:a aac -b:a 128k -vf "scale=-2:720" -vsync 1 -copyts -start_at_zero -sws_flags lanczos -r 30 -g 30 -keyint_min 30 -force_key_frames "expr:gte(t,n_forced*1)" -tune zerolatency -preset ultrafast -crf 28 -maxrate 2096k -bufsize 4192k -threads 4 -f flv rtmp://localhost:1935/show/$name_720 + -c:v libx264 -c:a aac -b:a 96k -vf "scale=-2:480" -vsync 1 -copyts -start_at_zero -sws_flags lanczos -r 30 -g 30 -keyint_min 30 -force_key_frames "expr:gte(t,n_forced*1)" -tune zerolatency -preset ultrafast -crf 28 -maxrate 1200k -bufsize 2400k -threads 4 -f flv rtmp://localhost:1935/show/$name_480; + # -c copy -f flv rtmp://localhost:1935/show/$name_src; + + } + + application show { + live on; + allow publish 127.0.0.1; + allow play 127.0.0.1; + + hls on; + hls_path {{ osp_edge_http_path }}/live-adapt; + hls_nested on; + hls_fragment 1; + hls_playlist_length 30s; + + hls_fragment_naming system; + + record off; + + # Instruct clients to adjust resolution according to bandwidth + hls_variant _480 BANDWIDTH=1200000; # Medium bitrate, SD resolution + hls_variant _720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution + hls_variant _1080 BANDWIDTH=4096000; # FHB 1080p + #hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution + } + + application live { + live on; + drop_idle_publisher 30s; + allow publish 127.0.0.1; + allow play all; + } + } +}