Hello,
Our wowza server sits behind a proxy, the player connects with the proxy through https and the proxy forwards the connection to wowza through http.
A playlist item (adaptive bitrate) we use is sample.smil/manifest.mpd, the wowza server generates the mpeg-dash manifest, but the problem is that this generated file contains http links instead of https.
Is it possible to tell wowza the original connection is a https connection so the manifest file is generated with https links?
Can we use the x-forwarded headers for this?
X-Forwarded-For
X-Forwarded-Proto
X-Forwarded-Port
Kind regards, Erik
Hi,
Currently this isn’t possible but it is something that has been requested a few times and is already registered as a feature request. Unfortunately I can’t say when or if this will be added but you can check this page for any announcement of new updates, including release notes.
Paul
For us it’s also an issue. We tried to modify manifest on proxy but it was too power intensive. Now we terminate ssl on wowza machnies but we are still looking for better solution.
Hello,
Thanks for the feedback. I’ve linked this forum to the backlog request so any additional +1 comments will be reviewed by our Product Team.
Best regards,
Andrew
No updates on this? It’s quite important and looks simple to follow up a header and adjust the manifest file accordingly.
You can fix it using nginx.
server {
listen 443 ssl http2;
server_name play.example.com;
index index.html index.htm;
access_log /var/log/play.example.com/nginx_access.log;
error_log /var/log/play.example.com/nginx_error.log error;
ssl_certificate /etc/ssl/ansible/play.example.com.pem;
ssl_certificate_key /etc/ssl/ansible/play.example.com.key;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
gzip_proxied any;
gzip_types *;
location / {
proxy_pass http://wowza_rtmp;
proxy_set_header Host play.example.com;
proxy_set_header Accept-Encoding ""; # Otherwise gzipped content doesn't filter, see - https://stackoverflow.com/a/36274259/5996922
sub_filter "http://play.example.com" "https://play.example.com";
sub_filter_types *;
sub_filter_once off;
sub_filter_last_modified on;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
File /etc/nginx/nginx.conf:
upstream wowza_rtmp {
ip_hash;
server 127.0.0.1:1935;
}
1 Like