关于目前对HTTPS SSL的支持?
HuYihe2008 opened this issue · 3 comments
我在使用nginx-http-flv-module时,在配置完成后尝试打开SSL,访问推流发现405NotAllow,是否是模块不支持https
先决条件
环境:宝塔Nginx1.21.4
OS:centOS stream 8
模块绑定:已绑定域名
nginx的config文件:
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
stream {
log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';
access_log /www/wwwlogs/tcp-access.log tcp_format;
error_log /www/wwwlogs/tcp-error.log;
include /www/server/panel/vhost/nginx/tcp/*.conf;
}
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}
rtmp_auto_push on;
rtmp_auto_push_reconnect 1s;
rtmp {
out_queue 4096;
chunk_size 512;
out_cork 8;
max_streams 128;
timeout 30s;
idle_streams off;
drop_idle_publisher 30s;
server {
listen 1935 reuseport;
server_name live.cscfsx.com;
application myapp {
live on;
#gop_cache on;
}
}
}
网站的nginx config文件:
server
{
listen 80 reuseport;
listen 443 reuseport ssl http2;
server_name live.cscfsx.com;
index index.php index.html index.htm default.php default.htm default.html;
root /ssd/live.cscfsx.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/live.cscfsx.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/live.cscfsx.com/privkey.pem;
ssl_session_cache shared:HTTP_LIVE:5m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /live {
flv_live on;
chunked_transfer_encoding on;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Cache-Control' 'no-store';
}
#location /ws {
# websocket on srv_ping_interval=5s cli_ping_interval=500ms srv_ping_timeout=30s;
# ws_live on;
# frame_size 512;
# }
location /stat {
rtmp_stat all;
#rtmp_stat_format json;
rtmp_stat_stylesheet stat.xsl;
}
location /stat.xsl {
root /ssd/live.cscfsx.com;
}
location /control {
rtmp_control all;
}
location /hls{
root /ssd/live.cscfsx.com/tmp;
autoindex on;
types {
application/vnd.apple.mpegurl m3u8;
}
add_header 'Cache-Control' 'no-store';
add_header 'Access-Control-Allow-Origin' '*';
}
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-74.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/live.cscfsx.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log /www/wwwlogs/live.cscfsx.com.log;
error_log /www/wwwlogs/live.cscfsx.com.error.log;
}
开启https后的截图
另外
关于拉流无法在大多数支持flv的网页播放器播放,是否有解决办法?
关于在拉流时发现音频出现电流音,是否与我的服务器带宽有关,带宽为30mbps,服务器的核心数量为28
绝大多数 http2 实现都是加密的,本模块不支持 http2。
Most of http2 implementations are encrypted, this module does not support http2.
绝大多数 http2 实现都是加密的,本模块不支持 http2。 Most of http implementations are encrypted, this module does not support http2.
那如何解决我无法使用https的问题?
@HuYihe2008 在配置文件里注释掉 http2 即可。