I was looking for some information on putting WowzaStreamingEngineManager behind an nginx/Linux reverse proxy but have not found anything useful. Read my solution below.
Some details:
- We are serving engine manager over HTTPS securely
- We use a basic authentication to further protect it and hide it completely
- We force engine manager to bind to localhost only
nginx conifg:
server {
listen 10.1.1.1:443;
ssl on;
ssl_certificate /etc/ssl/mycert.crt;
ssl_certificate_key /etc/ssl/mycert.key;
server_name wowzamngr.example.com;
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/wowzamngr.htpasswd;
# Wowza manager
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://127.0.0.1:8088;
proxy_set_header Authorization "";
}
}
Edit file: /usr/local/WowzaStreamingEngine/manager/bin/startmgr.sh
Find this:
if [[ 1 == $CloudPlatformFlag ]]; then
...
else
CMD="$_EXECJAVA -Dcom.wowza.wms.ConfigURL=\"\" -Dcom.wowza.wms.ConfigHome=$WMSMGR_HOME -Djava.io.tmpdir=$WMSMGR_HOME/temp -Dlog4j.configuration=file://$WMSMGR_HOME/conf/winstone-log4j.properties -Djava.net.preferIPv4Stack=true -jar $WMSMGR_HOME/lib/wms-winstone-1.0.5-boot.jar --prefix=/enginemanager --defaultWebApp=/enginemanager --tempDirectory=$WMSMGR_HOME/temp --webroot=$WMSMGR_HOME/temp --warfile=$WMSMGR_HOME/lib/WMSManager.war --httpPort=8088 --config=$WMSMGR_HOME/conf/winstone.properties --ajp13Port=-1 --directoryListings=false"
fi
Add “–httpListenAddress=127.0.0.1” parameter just before “–httpPort=8088”. Restart manager, then check if the Java process was correctly bind to localhost:
# netstat -lnp | grep 8088
tcp 0 0 127.0.0.1:8088 0.0.0.0:* LISTEN 6679/java
Test manager access at: https://wowzamngr.example.com
I hope you find it useful.