Initial Commit for nginx-rtmp ansible role.

README.md

+dorftv.nginx_rtmp
+=========
+
+Installs multi domain multi application rtmp nginx
+
+Requirements
+------------
+
+debian 10
+
+Role Variables
+--------------
+
+See defaults/main.yal
+
+Dependencies
+------------
+
+
+
+Example Playbook
+----------------
+
+    - hosts: servers
+      vars:
+        nginx_rtmp_sites:
+          rtmp1.example.com:
+            endpoints:
+              live:
+                key: live
+                secret: mysecret
+              second_app:
+                key: live
+                secret: othersecret              
+          rtmp2.example.com:
+            endpoints:
+              partner:
+                key: live
+                secret: mynewsecret          
+      roles:
+         - { role: username.rolename }
+
+License
+-------
+
+GPL2
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

defaults/main.yml

+---
+# defaults file for nginx-rtmp
+
+nginx_rtmp_app_base_dir: /var/www/
\ No newline at end of file

handlers/main.yml

+---
+# handlers file for nginx-rtmp
+
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
\ No newline at end of file

meta/main.yml

+galaxy_info:
+  author: Stefan Hageneder
+  description: install nginx rtmp applications on debian 10
+  company: dorftv
+
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  galaxy_tags: []
+
+dependencies: []
+  
\ No newline at end of file

tasks/install.yml

+- name: Install a list of packages
+  apt:
+    pkg:
+      - libnginx-mod-rtmp
+      - nginx-light
+
+
+- name: Remove default site
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  notify:
+    - reload nginx
+
+- name: Create rtmp config dirs
+  file:
+    state: directory
+    path: "/etc/nginx/{{item}}"
+  loop:
+    - rtmp-available
+    - rtmp-enabled
+
+- name: "Template nginx.conf"
+  template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/nginx.conf"
+  notify:
+    - reload nginx         
\ No newline at end of file

tasks/main.yml

+---
+# tasks file for nginx-rtmp
+
+- include_tasks: install.yml
+
+- include_tasks: site.yml
+  loop:
+    - "{{ nginx_rtmp_sites | dict2items }}"
+  loop_control:
+    loop_var: sites
\ No newline at end of file

tasks/site.yml

+
+#- name: debug
+#  debug: msg="{{ site }}"
+#  with_items:
+#    - "{{ sites }}"
+#  loop_control:
+#    loop_var: site    
+
+- name: Include Site Tasks
+  include_tasks: site_tasks.yml
+  with_items:
+    - "{{ sites }}"
+  loop_control:
+    loop_var: site
+
+

tasks/site_rtmp_tasks.yml

+- debug: var=rtmp
+
+- name: "Template rtmp application {{ rtmp.key }} for {{ site.key }}"
+  template:
+    src: rtmp.j2
+    dest: "/etc/nginx/rtmp-available/{{ site.key }}_{{ rtmp.key }}"
+  notify:
+    - reload nginx     
+    
+- name: "Enable rtmp application {{ rtmp.key }} for {{ site.key }} "
+  file:
+    src: "/etc/nginx/rtmp-available/{{ site.key }}_{{ rtmp.key }}"
+    dest: "/etc/nginx/rtmp-enabled/{{ site.key }}_{{ rtmp.key }}"        
+    state: link
+  notify:
+    - reload nginx    

tasks/site_tasks.yml

+#- debug: msg="{{ info.results.site.key }}"
+#- debug: var=site.key
+
+#nginx_rtmp_sites:
+#  rtmp.neuf.at:
+#    endpoints:
+#      live:
+#        key: ars1
+#        secret: lorem
+#      test:
+#        key: arstest
+#        secret: ipsum
+
+- name: "Prepare directories"
+  file:
+    path: "{{ nginx_rtmp_app_base_dir }}/{{ site.key }}/{{ item }}"
+    owner: www-data
+    group: www-data
+    state: directory
+  with_items:
+    - player
+    - hls
+
+- name: "Template sites-available for {{ site.key }}"
+  template:
+    src: sites.j2
+    dest: "/etc/nginx/sites-available/{{ site.key }}"
+  notify:
+    - reload nginx    
+
+- name: "Template nginx-available for {{ site.key }}"
+  template:
+    src: sites.j2
+    dest: "/etc/nginx/sites-available/{{ site.key }}"
+  notify:
+    - reload nginx        
+
+- name: "Enable {{ site.key }}"
+  file:
+    src: "/etc/nginx/sites-available/{{ site.key }}"
+    dest: "/etc/nginx/sites-enabled/{{ site.key }}"        
+    state: link
+  notify:
+    - reload nginx
+
+- debug: var=site.value.endpoints 
+
+- name: Include RTMP App Tasks
+  include_tasks: site_rtmp_tasks.yml
+  with_items:
+    - "{{ site.value.endpoints | dict2items }}"
+  loop_control:
+    loop_var: rtmp
\ No newline at end of file

templates/nginx.conf.j2

+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 768;
+        # multi_accept on;
+}
+
+rtmp {
+        ack_window    1000000;
+        chunk_size    32768;
+        wait_video on;
+        wait_key on;
+
+        server {
+                listen 1935;
+	            notify_method get;
+                include /etc/nginx/rtmp-enabled/*;
+        }                
+}
+
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        access_log /var/log/nginx/access.log;
+        error_log /var/log/nginx/error.log;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+
+        # gzip_vary on;
+        # gzip_proxied any;
+        # gzip_comp_level 6;
+        # gzip_buffers 16 8k;
+        # gzip_http_version 1.1;
+        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}
+

templates/rtmp.j2

+application {{ rtmp.key }} {
+        #GENERAL STREAM SETTING
+        wait_key on;
+        interleave on;
+        sync 10ms;
+        hls_cleanup on;
+        drop_idle_publisher 60s;
+        live on;
+        #ALLOW SETTINGS
+        allow publish all;
+        allow play all;
+        #HLS SETTINGS
+        hls on;
+        #hls_dvr on;
+        hls_path /var/www/{{ site.key }}/data/{{rtmp.key}};
+        hls_nested on;
+        hls_type live;
+        hls_fragment 5s;
+        hls_base_url https://{{ site.key }}/{{ rtmp.value.key }};
+        hls_variant _high  BANDWIDTH=1200000;
+        hls_variant _mid BANDWIDTH=664000;
+        hls_variant _low BANDWIDTH=362000;
+        #RECORD SETTINGS
+        record all;
+        record_path /var/www/{{ site.key }}/data/record;
+        record_suffix -%d-%b-%y-%T.flv;
+        hls_fragment_slicing plain;
+        hls_playlist_length 180m;
+        hls_continuous on;
+        meta off;
+        #hls_allow_client_cache enabled;
+
+        #### 
+        # Security
+        #
+        on_publish http://{{ site.key }}/auth/{{ rtmp.key }}/{{ rtmp.value.key }};
+        }

templates/sites.j2

+
+
+server {
+        listen 80;
+        listen [::]:80;
+        server_name {{ site.key }};
+        root /var/www/{{ site.key }};
+        index index.html;
+
+    
+    {% for key, value in site.value.endpoints.items() %}
+
+        location /auth/{{ key }}/{{ value.key }} {
+        if ($arg_psk = '{{ value.secret }}') {
+          return 201;
+        }
+          return 404;
+        }
+
+    {% endfor %}
+
+
+    
+        location / {
+
+                try_files $uri $uri/ =404;
+        }
+
+
+
+
+}
+

vars/main.yml

+---
+# vars file for nginx-rtmp
\ No newline at end of file