NGINX Cache Setup for Wowza Streaming Engine

Community Streaming Tips
1

Hi everyone,

I’m looking for guidance or expertise to set up NGINX caching for my Wowza Streaming Engine 4.5 setup. The goal is to optimize performance and reduce server load on my streaming platform. Below are the details of my current setup:

Current Server Setup and Protocols

  • Server: Wowza Streaming Engine 4.5 on Debian 12.
  • Protocols: HLS and RTMP with SSL enabled.
  • Security: Secure Token V2 is configured for streams.
  • Origin-Edge Configuration: My origin server connects to edge servers using Secure Token V1 to ensure only my edge servers can fetch streams from the origin.
  • Duplicate Prevention: The “no duplicate streams in origin” option is enabled to avoid conflicts.

Project Goal:

  • Set up NGINX caching to work seamlessly with Wowza, particularly for HLS streams, to improve performance and reduce server load.

Key Considerations:

  • The caching setup must integrate smoothly with my existing Secure Token V2 and origin-edge Secure Token V1 configurations.
  • The solution should maintain compatibility with Wowza’s standard security features and not interfere with existing stream delivery workflows.

If anyone has experience with NGINX caching for Wowza or can share relevant guides, configurations, or advice, I’d greatly appreciate your help. Alternatively, if you’re a developer with expertise in this area and open to collaboration, feel free to reach out!

Thanks in advance for your support!

Best regards,

2

One challenge with a caching edge with secure token, is that you need to make sure the per viewer tokens do not get cached otherwise no caching occurs!

3

Hi @Florentin_Valentan. I concur with @Scott_Kellicker2. Do the players that connect to the Nginx machine also use Secure Token V2? In that case caching won’t happen because every request must be forwarded to the Origin. Any other configuration would compromise security or may cause serious trouble, e.g. if cached tokens are used to connect to the Origin.

It looks like you have full control over the configuration of the Nginx machine(s); and in that case I’d go for token verification on the Nginx itself e.g. by using LUA. You may combine that with simple clear-key AES-128 encryption of the chunks; that should give you a reasonable protection (next step would be DRM, I think) - but it would require some development.

We’re not supposed to say this in any other forums than “Hire A Consultant” but since you asked: Both @Scott_Kellicker2 and myself are seasoned experts with ~20 years of experience with Wowza and offer consultancy/development services.