Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Overview

CDN 2.2 implements the following features in addition to CDN 2.0 and 2.1:

  • CDN streams access control

CDN streams access control

CDN 2.2 allows to resctrict subscribers access to certain streams in CDN. Access is restricted by keys combined to access control list (ACL) for every stream. Subscriber can request stream plyback by setting a valid key only. A key should be set in a special parameter passed to the server when establishing connection.

Any new stream is published on Origin server as accessible to all subscribers by default. Keys setting and futher ACL management should be done on Origin server using REST API.

Any stream ACL changes are send to all CDN server immediatly, and applied by server as received. Therefore stream playback will be immediatly stopped with Resctricted access error if the subscriber key is not valid anymore.

After stopping a stream, when stream is published again with the same name, it is created with clean ACL, i.e. it is accessible to all the subscribers.

Configuration

To set subscribers access key parameter name, the following setting should be done in flashphoner.properties file on all CDN servers

client_acl_property_name=aclAuth

In this case access key parameter will be named aclAuth

To make sure key values will not be intercepted, it is recommended to enable SSL usage in CDN with the following setting

wcs_agent_ssl=true

Stream ACL management using REST API

REST API is used to manage stream access keys on Origin server

REST query sho;ud be HTTP/HTTPS POST request as follows:

  • HTTP: http://test.flashphoner.com:8081/rest-api/cdn/stream/access_list/add
  • HTTPS: https://test.flashphoner.com:8444/rest-api/cdn/stream/access_list/add

Where:

  • test.flashphoner.com - WCS server address
  • 8081 - standard REST / HTTP port of WCS server
  • 8444 - standard HTTPS port
  • rest-api - mandatory part of URL
  • /rest-api/cdn/stream/access_list/add - REST query used

REST queries and response states

REST query

Body example

Response example

Response states

Description

/cdn/stream/access_list/add

{
 "name":"test",
 "authorizedKeys":["key1","key2","key3"]
}



200 – OK

500 – Internal Server Error

Add keys to stream ACL

/cdn/stream/access_list/remove
{
 "name":"test",
 "authorizedKeys":["key1"]
}

200 – OK

500 – Internal Server Error

Remove keys from stream ACL

/cdn/stream/access_list/cleanup
{
 "name":"test"
}

200 – OK

500 – Internal Server Error

Clean stream ACL

/cdn/stream/access_list/print
{
 "name":"test"
}
[
    "key1"
]

200 – OK

404 - ACL not found

500 – Internal Server Error

Show stream ACL

Paramaters

Name

Description

Example

name

Имя потока в CDN

test
authorizedKeysСписок ключей доступа к потоку
["key1","key2","key3"]

Access to stream for subscribers

Using WebSDK to play stream via WebRTC

To play stream via WebRTC stream access key should be passed as custom parameter to createSession function

    Flashphoner.createSession({urlServer: "wss://test.flashphoner.com:8443", custom: {aclAuth: "key1"}}).on(SESSION_STATUS.ESTABLISHED, function(session){
        ...
    });

Parameter name should match to configuration setting, in this case aclAuth

Passing the key as connection parameter to play stream via RTMP

To play stream via RTMP stream access key should be passed in RTMP connection parameters

rtmp://edge1.flashphoner.com:1935/live?aclAuth=key1/test

Where

  • edge1.flashphoner.com - server name
  • aclAuth - parameter name as set in configuration
  • test - stream name

Backward compatibility

CDN 2.2 is compatible to CDN 2.0 and 2.1, only streams with clean ACL (as just published) can be played.

  • No labels