HLS直播点播加密

/

软硬件环境

  • ubuntu 16.04
  • Android Studio 2.2.3
  • OTT BOx with android 5.1.1
  • nginx 1.11.3
  • nginx-rtmp-module
  • VLC

前言

在基于HLS的视频直播/点播应用中,为了保护自己的数字内容,防止被下载/拷贝/传播,需要给视频进行加密.本文完成服务器端加密及Android端的解密播放.

nginx.conf

这里我把我使用的nginx.conf文件完整的列了出来,方便大家使用

  1. #user nobody;
  2. worker_processes auto;
  3. rtmp_auto_push on;
  4. error_log logs/error.log;
  5. error_log logs/error.log notice;
  6. error_log logs/error.log info;
  7. #pid logs/nginx.pid;
  8. events {
  9. worker_connections 1024;
  10. }
  11. rtmp {
  12. server {
  13. listen 1935;
  14. chunk_size 4000;
  15. # exec ffmpeg -re -i udp://@224.0.0.1:4321 -vcodec libx264 -acodec aac -strict -2 -s 1280x720 -f flv rtmp://localhost/hls/livestream;
  16. # TV mode: one publisher, many subscribers
  17. #application mytv {
  18. # enable live streaming
  19. #live on;
  20. # record first 1K of stream
  21. #record all;
  22. #record_path /tmp/av;
  23. #record_max_size 1K;
  24. # append current timestamp to each flv
  25. #record_unique on;
  26. # publish only from localhost
  27. #allow publish 127.0.0.1;
  28. #deny publish all;
  29. #allow play all;
  30. #}
  31. # Transcoding (ffmpeg needed)
  32. application big {
  33. live on;
  34. # On every pusblished stream run this command (ffmpeg)
  35. # with substitutions: $app/${app}, $name/${name} for application & stream name.
  36. #
  37. # This ffmpeg call receives stream from this application &
  38. # reduces the resolution down to 32x32. The stream is the published to
  39. # 'small' application (see below) under the same name.
  40. #
  41. # ffmpeg can do anything with the stream like video/audio
  42. # transcoding, resizing, altering container/codec params etc
  43. #
  44. # Multiple exec lines can be specified.
  45. }
  46. application small {
  47. live on;
  48. # Video with reduced resolution comes here from ffmpeg
  49. }
  50. #application webcam {
  51. # live on;
  52. # Stream from local webcam
  53. # exec_static ffmpeg -f video4linux2 -i /dev/video0 -c:v libx264 -an
  54. #-f flv rtmp://localhost:1935/webcam/mystream;
  55. #}
  56. # application mypush {
  57. # live on;
  58. # Every stream published here
  59. # is automatically pushed to
  60. # these two machines
  61. #push rtmp1.example.com;
  62. #push rtmp2.example.com:1934;
  63. # }
  64. # application mypull {
  65. # live on;
  66. # Pull all streams from remote machine
  67. # and play locally
  68. #pull rtmp://rtmp3.example.com pageUrl=www.example.com/index.html;
  69. # }
  70. # application mystaticpull {
  71. # live on;
  72. # Static pull is started at nginx start
  73. #pull rtmp://rtmp4.example.com pageUrl=www.example.com/index.html name=mystream static;
  74. # }
  75. # video on demand
  76. # application vod {
  77. # play /opt/www/vod;
  78. # }
  79. # application vod2 {
  80. # play /var/mp4s;
  81. # }
  82. # Many publishers, many subscribers
  83. # no checks, no recording
  84. #application videochat {
  85. # live on;
  86. # The following notifications receive all
  87. # the session variables as well as
  88. # particular call arguments in HTTP POST
  89. # request
  90. # Make HTTP request & use HTTP retcode
  91. # to decide whether to allow publishing
  92. # from this connection or not
  93. # on_publish http://localhost:8080/publish;
  94. # Same with playing
  95. # on_play http://localhost:8080/play;
  96. # Publish/play end (repeats on disconnect)
  97. # on_done http://localhost:8080/done;
  98. # All above mentioned notifications receive
  99. # standard connect() arguments as well as
  100. # play/publish ones. If any arguments are sent
  101. # with GET-style syntax to play & publish
  102. # these are also included.
  103. # Example URL:
  104. # rtmp://localhost/myapp/mystream?a=b&c=d
  105. # record 10 video keyframes (no audio) every 2 minutes
  106. # record keyframes;
  107. # record_path /tmp/vc;
  108. # record_max_frames 10;
  109. # record_interval 2m;
  110. # Async notify about an flv recorded
  111. # on_record_done http://localhost:8080/record_done;
  112. #}
  113. # HLS
  114. # For HLS to work please create a directory in tmpfs (/tmp/hls here)
  115. # for the fragments. The directory contents is served via HTTP (see
  116. # http{} section in config)
  117. #
  118. # Incoming stream must be in H264/AAC. For iPhones use baseline H264
  119. # profile (see ffmpeg example).
  120. # This example creates RTMP stream from movie ready for HLS:
  121. #
  122. # ffmpeg -loglevel verbose -re -i movie.avi -vcodec libx264
  123. # -vprofile baseline -acodec libmp3lame -ar 44100 -ac 1
  124. # -f flv rtmp://localhost:1935/hls/movie
  125. #
  126. # If you need to transcode live stream use 'exec' feature.
  127. application hls {
  128. live on;
  129. hls on;
  130. hls_path /opt/www/live;
  131. hls_continuous on;
  132. hls_sync 100ms;
  133. hls_nested on;
  134. hls_playlist_length 5m;
  135. hls_fragment 10s;
  136. hls_variant _low BANDWIDTH=800000;
  137. hls_variant _mid BANDWIDTH=1200000;
  138. hls_variant _hi BANDWIDTH=2000000;
  139. #hls key
  140. hls_keys on;
  141. hls_key_path /opt/www/keys;
  142. hls_key_url http://10.10.10.79:8081/keys/;
  143. hls_fragments_per_key 10;
  144. #exec /home/djstava/Workshop/Web/nginx-1.11.3/build/test.sh;
  145. #exec_kill_signal term;
  146. #recorder all {
  147. # record all;
  148. # record_suffix -%Y-%m-%d-%H_%M_%S.flv;
  149. # record_max_size 6200000K;
  150. # record_path /opt/www/record;
  151. #}
  152. }
  153. #application Upload {
  154. # play /opt/www/record;
  155. #}
  156. # MPEG-DASH is similar to HLS
  157. #application dash {
  158. # live on;
  159. # dash on;
  160. # dash_path /tmp/dash;
  161. #}
  162. }
  163. }
  164. # HTTP can be used for accessing RTMP stats
  165. http {
  166. server {
  167. listen 8081;
  168. location / {
  169. root /opt/www/;
  170. }
  171. # This URL provides RTMP statistics in XML
  172. location /stat {
  173. rtmp_stat all;
  174. # Use this stylesheet to view XML as web page
  175. # in browser
  176. rtmp_stat_stylesheet stat.xsl;
  177. }
  178. location /stat.xsl {
  179. # XML stylesheet to view RTMP stats.
  180. # Copy stat.xsl wherever you want
  181. # and put the full directory path here
  182. root /home/djstava/Workshop/Web/nginx-rtmp-module/;
  183. }
  184. location /control {
  185. rtmp_control all;
  186. }
  187. location /hls {
  188. # Serve HLS fragments
  189. types {
  190. application/vnd.apple.mpegurl m3u8;
  191. video/mp2t ts;
  192. }
  193. root /opt/www/;
  194. add_header Cache-Control no-cache;
  195. }
  196. location /dash {
  197. # Serve DASH fragments
  198. root /opt/www/;
  199. add_header Cache-Control no-cache;
  200. }
  201. }
  202. }

主要是关注rtmp中的hls application

  1. hls_keys on;
  2. hls_key_path /opt/www/keys;
  3. hls_key_url http://10.10.10.79:8081/keys/;
  4. hls_fragments_per_key 10;

各个标签的含义如下

hls_keys : 是否启用加密

hls_key_path : 产生的key文件存放路径

hls_key_path : key文件的url,方便网络访问

hls_fragments_per_key : 共用同一个key的视频切片数

推流

以本地视频文件为例,nginx服务器ip为10.10.10.79

  1. ffmpeg -re -i /opt/www/xjcy.mp4 -vcodec copy -acodec copy -f flv -y rtmp://10.10.10.79/hls/test

查看生成的key文件

nginx_ffmpeg_key

再注意看下生成的m3u8文件,默认加密方式是128位的AES

  1. #EXTM3U
  2. #EXT-X-VERSION:3
  3. #EXT-X-MEDIA-SEQUENCE:357
  4. #EXT-X-TARGETDURATION:19
  5. #EXT-X-KEY:METHOD=AES-128,URI="http://10.10.10.79:8081/keys/test/354.key",IV=0x00000000000000000000000000000162
  6. #EXTINF:11.679,
  7. 357.ts
  8. #EXTINF:15.348,
  9. 358.ts
  10. #EXTINF:19.395,
  11. 359.ts
  12. #EXTINF:10.010,
  13. 360.ts
  14. #EXTINF:10.010,
  15. 361.ts
  16. #EXTINF:13.138,
  17. 362.ts
  18. #EXTINF:13.305,
  19. 363.ts
  20. #EXT-X-KEY:METHOD=AES-128,URI="http://10.10.10.79:8081/keys/test/364.key",IV=0x0000000000000000000000000000016C
  21. #EXTINF:18.727,
  22. 364.ts
  23. #EXTINF:16.350,
  24. 365.ts
  25. #EXTINF:10.010,
  26. 366.ts
  27. #EXTINF:10.010,
  28. 367.ts
  29. #EXTINF:10.010,
  30. 368.ts
  31. #EXTINF:17.225,
  32. 369.ts
  33. #EXTINF:17.476,
  34. 370.ts
  35. #EXTINF:15.223,
  36. 371.ts
  37. #EXTINF:10.469,
  38. 372.ts
  39. #EXTINF:10.010,
  40. 373.ts
  41. #EXT-X-KEY:METHOD=AES-128,URI="http://10.10.10.79:8081/keys/test/374.key",IV=0x00000000000000000000000000000176

Android客户端

基于vitamio 5.0.2版本的android播放器,可以直接播放http://10.10.10.79:8081/live/test/index.m3u8这个链接.我把整个工程打了个包,提供给需要的朋友.下载地址: https://pan.baidu.com/s/1hsuSovy

参考文献

转载请注明作者和出处,并添加本页链接。
原文链接: http://xugaoxiang.com/post/97

给我留言