實(shí)際操作的服務(wù)器是CentOS 6.x 64位系統(tǒng)
一、配置防火墻
開(kāi)啟80端口(nginx)唉俗、8080端口(srs http)嗤朴、1935端口(nginx-rtmp)、19350端口(srs)
vi /etc/sysconfig/iptables #編輯防火墻配置文件
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1935 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 19350 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq! #保存退出
service iptables restart #最后重啟防火墻使配置生效
如果是centOS7.x虫溜,默認(rèn)使用的是firewall作為防火墻雹姊,可以改為iptables防火墻。
-
關(guān)閉firewall:
systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall開(kāi)機(jī)啟動(dòng) -
安裝iptables防火墻
yum install iptables-services #安裝 -
編輯防火墻配置文件
vi /etc/sysconfig/iptables內(nèi)容編輯同6.x
-
7.x的service與6.x不同
systemctl restart iptables.service #重啟防火墻使配置生效 systemctl enable iptables.service #設(shè)置防火墻開(kāi)機(jī)啟動(dòng)
二衡楞、關(guān)閉SELINUX
vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing #注釋掉
SELINUX=disabled #增加
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
#SELINUXTYPE=targeted #注釋掉
:wq! #保存退出
setenforce 0 #使配置立即生效
三 吱雏、指定路徑
軟件源代碼包存放位置:/usr/local/src
源碼包編譯安裝位置:/usr/local/軟件名字
四、下載軟件包
1瘾境、下載nginx源代碼
wget http://nginx.org/download/nginx-1.12.0.tar.gz
2歧杏、下載pcre源代碼 (支持nginx偽靜態(tài))
wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz
3、下載openssl(nginx擴(kuò)展)
wget ftp://ftp.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz
注:
1)迷守、For the relationships between OpenSSL and FIPS 140-2, read this documentation犬绒。
2)、如果編譯參數(shù)中含有--with-openssl=...兑凿,則表明Nginx是靜態(tài)編譯openssl凯力,需要自己提供源碼包。
輸入命令
ldd `which nginx`|grep ssl
顯示
libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003709c00000)
表明系統(tǒng)存在的nginx是動(dòng)態(tài)鏈接openssl的礼华。
3)咐鹤、更多信息參考這個(gè)鏈接。
4圣絮、下載zlib源碼(nginx擴(kuò)展)
wget http://zlib.net/zlib-1.2.11.tar.gz
5祈惶、下載nginx-rtmp-module源碼
git clone https://github.com/arut/nginx-rtmp-module.git
6、下載Simple RTMP Server源碼
git clone https://github.com/ossrs/srs.git
原作git扮匠,作者清空了master branch捧请,不過(guò)1.0release、2.0release棒搜、develop三個(gè)分支還在血久。(目前默認(rèn)分支是2.0release)
以上軟件包使用WinSCP工具上傳到/usr/local/src目錄,也可以直接在服務(wù)端git clone或者wget帮非。
五、安裝編譯工具及庫(kù)文件(使用yum命令安裝)
yum install -y apr* autoconf automake bison bzip2 bzip2* cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel gcc gcc-c++ gtk+-devel gd gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng libpng* libpng-devel libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libX* libtiff libtiff* make mpfr ncurses* ntp openssl nasm nasm* openssl-devel patch pcre-devel perl php-common php-gd policycoreutils ppl telnet t1lib t1lib* wget zlib-devel libxml2 libxml2-devel libxslt libxslt-devel unzip
六、開(kāi)始安裝
1末盔、安裝nginx-rtmp
源代碼包上傳解壓或clone
groupadd www
useradd -g www www -s /bin/false
cd /usr/local/src
tar zxvf nginx-1.12.0.tar.gz
cd nginx-1.12.0
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-openssl=../openssl-1.0.1j --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-zlib=/usr/local/src/zlib-1.2.11 --with-pcre=../pcre-8.40 --with-pcre-jit --with-http_xslt_module --add-module=../nginx-rtmp-module --with-debug
#注意:--with-openssl=../openssl-1.0.1j --with-zlib=../zlib-1.2.8 --with-pcre=../pcre-8.38指向的是源碼包解壓的路徑筑舅,而不是安裝的路徑,否則會(huì)報(bào)錯(cuò)陨舱。
make
make install
/usr/local/nginx/sbin/nginx #啟動(dòng)Nginx
設(shè)置nginx開(kāi)機(jī)啟動(dòng)翠拣,參考鏈接
make_dir部分在markdown復(fù)制有點(diǎn)問(wèn)題,請(qǐng)從上面的鏈接處復(fù)制過(guò)來(lái)游盲。
vi /etc/rc.d/init.d/nginx #編輯啟動(dòng)文件添加下面內(nèi)容
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -n "$user" ]; then
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
fi
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
:wq! #保存退出
chmod 775 /etc/rc.d/init.d/nginx #賦予文件執(zhí)行權(quán)限
chkconfig nginx on #設(shè)置開(kāi)機(jī)啟動(dòng)
/etc/rc.d/init.d/nginx restart #重啟
service nginx restart #這樣重啟也行
2误墓、編譯安裝Simple RTMP Server
git clone https://github.com/ossrs/srs.git
cd srs
#目前官方git默認(rèn)分支是2.0release,功能較全益缎,相對(duì)穩(wěn)定
#git checkout develop
git pull
cd trunk/
#nginx和ffmpeg自己編譯
./configure --full --without-ffmpeg --without-nginx #--log-verbose --log-info --log-trace
make
#安裝在usr/local/srs谜慌,可不安裝,直接在源代碼目錄調(diào)試學(xué)習(xí)
make install
cd /usr/local/srs
./objs/srs -c conf/srs.conf
#系統(tǒng)服務(wù)啟動(dòng)
cp /usr/local/srs/etc/init.d/srs /etc/rc.d/init.d/srs
chmod a+x /etc/rc.d/init.d/srs
chkconfig srs on
service srs restart
七莺奔、編譯安裝FFmpeg
參考的是段總的分享欣范,見(jiàn)這里。
原作源代碼放置在~/ffmpeg_sources令哟,編譯中間文件在$HOME/ffmpeg_build恼琼,編譯得到的目標(biāo)文件在$HOME/bin。
實(shí)際安裝時(shí)做了一下修改屏富,源代碼放置在/usr/local/src/ffmpeg_sources晴竞,編譯中間文件在/usr/local/src/ffmpeg_sources/ffmpeg_build,編譯得到的目標(biāo)文件在/usr/bin狠半。
步驟如下:
yum install autoconf automake cmake freetype-devel openssl-devel gcc gcc-c++ git libtool make mercurial nasm pkgconfig zlib-devel
mkdir /usr/local/src/ffmpeg_sources #原作這里不正確
cd /usr/local/src/ffmpeg_sources
git clone --depth 1 git://github.com/yasm/yasm.git
cd yasm
autoreconf -fiv
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --bindir="/usr/bin"
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
git clone --depth 1 git://git.videolan.org/x264
cd x264
PKG_CONFIG_PATH="/usr/local/src/ffmpeg_sources/ffmpeg_build/lib/pkgconfig" ./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --bindir="/usr/bin" --enable-static
make
make install
make distclean-
cd /usr/local/src/ffmpeg_sources
hg clone https://bitbucket.org/multicoreware/x265
git clone https://github.com/videolan/x265.git
cd /usr/local/src/ffmpeg_sources/x265/build/linux
cmake -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX="/usr/local/src/ffmpeg_sources/ffmpeg_build" -DENABLE_SHARED:bool=off ../../source
make
make install cd /usr/local/src/ffmpeg_sources
git clone --depth 1 git://git.code.sf.net/p/opencore-amr/fdk-aac
cd fdk-aac
autoreconf -fiv
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
curl -L -O http://downloads.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
tar xzvf lame-3.99.5.tar.gz
cd lame-3.99.5
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --bindir="/usr/bin" --disable-shared --enable-nasm
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
git clone https://github.com/xiph/opus.git #原作鏈接要翻墻噩死,改成github
cd opus
autoreconf -fiv
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
curl -O http://downloads.xiph.org/releases/ogg/libogg-1.3.2.tar.gz
tar xzvf libogg-1.3.2.tar.gz
cd libogg-1.3.2
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
curl -O http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.4.tar.gz
tar xzvf libvorbis-1.3.4.tar.gz
cd libvorbis-1.3.4
LDFLAGS="-L/usr/local/src/ffmpeg_sources/ffmeg_build/lib" CPPFLAGS="-I/usr/local/src/ffmpeg_sources/ffmpeg_build/include" ./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --with-ogg="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-shared
make
make install
make distcleancd /usr/local/src/ffmpeg_sources
git clone --depth 1 https://github.com/webmproject/libvpx.git
cd libvpx
./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --disable-examples --as=yasm
make
make install #某個(gè)版本會(huì)在make test時(shí)出錯(cuò),忽略典予,不影響后續(xù)靜態(tài)連接
make cleancd /usr/local/src/ffmpeg_sources
curl -O http://rtmpdump.mplayerhq.hu/download/rtmpdump-2.3.tgz
tar xzvf rtmpdump-2.3.tgz
cd rtmpdump-2.3/librtmp
sed -i 's#prefix=/usr/local#prefix=/usr/local/src/ffmpeg_sources/ffmpeg_build#' Makefile
sed -i 's/SHARED=yes/SHARED=no/' Makefile
make
make install
make cleancd /usr/local/src/ffmpeg_sources
git clone git://source.ffmpeg.org/ffmpeg.git ffmpeg
cd ffmpeg
PKG_CONFIG_PATH="/usr/local/src/ffmpeg_sources/ffmpeg_build/lib/pkgconfig" ./configure --prefix="/usr/local/src/ffmpeg_sources/ffmpeg_build" --extra-cflags="-I/usr/local/src/ffmpeg_sources/ffmpeg_build/include" --extra-ldflags="-L/usr/local/src/ffmpeg_sources/ffmpeg_build/lib" --bindir="/usr/bin" --pkg-config-flags="--static" --enable-gpl --enable-nonfree --enable-openssl --enable-protocol=rtmp --enable-librtmp --enable-demuxer=rtsp --enable-muxer=rtsp --enable-libfreetype --enable-libfdk-aac --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --disable-shared --enable-static --disable-debug
make
make install
make distclean
如果要升級(jí)甜滨,請(qǐng)先
rm -rf /usr/local/src/ffmpeg_sources/ffmpeg_build /usr/bin/{ffmpeg,ffprobe,ffserver,lame,vsyasm,x264,x265,yasm,ytasm}
八、我要做什么瘤袖?
自建源站衣摩,編碼器推送到源站,有多個(gè)CDN線路備用捂敌,nginx-rtmp可以使用push指令艾扮,將stream推送到多個(gè)CDN,播放器打開(kāi)占婉,可以根據(jù)自己的情況泡嘴,切換不同的線路,選擇效果最好的進(jìn)行播放逆济。
但是這樣的情況酌予,有幾個(gè)備用線路磺箕,源站就要push出去幾次,對(duì)源站服務(wù)器的帶寬占用較大抛虫,要是能夠按需切換就好了松靡。開(kāi)源的nginx-rtmp不支持nginx自身的reload特性(短鏈接有效),修改了nginx.conf建椰,需要停止當(dāng)前的服務(wù)重新載入配置雕欺。
于是做個(gè)了變通的方案,源站服務(wù)器上同時(shí)安裝nginx-rtmp和srs棉姐,編碼器推送到nginx-rtmp(1935端口)屠列,配置文件nginx.conf:
rtmp {
server {
listen 1935;
application live {
live on;
push rtmp://127.0.0.1:19350 app=pushlive;
}
}
}
nginx-rtmp轉(zhuǎn)推到本機(jī)的srs(19350端口),配置文件srs.conf(這個(gè)配置可能是的 Velop分支的寫(xiě)法伞矩,需要對(duì)照下官方wiki):
listen 19350;
max_connections 1000;
srs_log_tank file;
srs_log_file ./objs/srs.log;
vhost __defaultVhost__ {
forward wsrtmppub.cdn.mydomain.com dlrtmppub.cdn.mydomain.com;
}
其中笛洛,
wsrtmppub.cdn.mydomain.com 網(wǎng)宿上行域名
dlrtmppub.cdn.mydomain.com 帝聯(lián)上行域名
如果還要添加新的備用線路,可以在forward后繼續(xù)添加扭吁。如果要減少撞蜂,將相應(yīng)的上行域名刪除即可。這個(gè)方法的優(yōu)點(diǎn)是srs支持reload侥袜,修改srs.conf文件后蝌诡,killall -1 srs 或者 /etc/init.d/srs reload,可以不影響當(dāng)前轉(zhuǎn)推的情況下枫吧,添加或者減少轉(zhuǎn)推的CDN目標(biāo)浦旱。
當(dāng)然,這只是個(gè)權(quán)宜之計(jì)九杂,真正用在生產(chǎn)環(huán)境颁湖,還是需要能夠hold住nginx-rtmp或者srs代碼,開(kāi)源只是給我們啟發(fā)例隆,指出一條正確的道路甥捺,期待開(kāi)源可以解決遇到的所有問(wèn)題是不現(xiàn)實(shí)的。
