Инструменты пользователя

Инструменты сайта


tvip_key_server_installation

Это старая версия документа.


TVIP key server installation

WARNING: TVIP cas-server in ALPHA stage, please report all bugs to support@tvip.ru

echo "deb http://deb.packages.tvip.ru/ xenial main" >> /etc/apt/sources.list.d/tms.list
wget --quiet -O - http://deb.packages.tvip.ru/deploy/key.asc | apt-key add -

apt-get -y -q install software-properties-common
add-apt-repository ppa:chris-lea/redis-server

apt-get update
apt-get install tvip-cas
echo "deb http://deb.packages.tvip.ru/ xenial main" >> /etc/apt/sources.list.d/tms.list
wget --quiet -O - http://deb.packages.tvip.ru/deploy/key.asc | apt-key add -

apt-get -y -q install software-properties-common
add-apt-repository ppa:webupd8team/java
add-apt-repository ppa:chris-lea/redis-server
apt-get update
apt-get install tvip-cas

ln -s /opt/tvip-cas/tvip-cas.jar /etc/init.d/tvip-cas

Configuration

Copy original /opt/tvip-cas/application-prod.yml.example to /opt/tvip-cas/application-prod.yml.example:

cp /opt/tvip-cas/application-prod.yml.example /opt/tvip-cas/application-prod.yml

Use your favorite editor to change configuration file, for example vi:

vi /opt/tvip-cas/application-prod.yml

Main steps:

Configure Redis Storage

# Change redis password with real password:
spring:
  redis:
    host: localhost
    port: 6379
    password: REAL_REDIS_PASSWORD

That password must be equal with password in redis config, you can find password under SECURITY block in /etc/redis/redis.conf

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
requirepass REAL_REDIS_PASSWORD

After setup requirepass you must restart redis server for apply new settings

Attach Flussonic media server to Key server

In application-prod.yml file add Flussonic ip addresses in stream-servers directive:

  stream-servers:
    - 127.0.0.2
    - 127.0.0.3
    - 127.0.0.4

On each flussonic on each stream you may configure address where flussonic be fetch keys for segments, for setup we recommend to configure one channel:

stream rtd {
  url udp://226.180.180.180:1234 priority=1;
  #dvr /media/6T10 7d; 
  hds off;
  dash off;
  mpegts off;
  drm aes128 keyserver=http://keys.example.com:8081/cas-server;
}

Where keys.example.com is real domain of keyserver

Attach TMS with key server

TMS must use to connect next params:

  1. URL of key-server
  2. Name of application, by default that name is s1.keys.example.com (defined in app section in /opt/tvip-cas/application-prod.yml)
  3. Private key for sign request from CAS server (defined in app section in /opt/tvip-cas/application-prod.yml). For prevent security violations that key must be redefined by yourself
  4. Each TMS must be defined in tms-servers section of config file

After changes in config you must restart tvip-cas for applying settings,

on Ubuntu 16.04 you can use:

service tvip-cas restart

on Ubuntu 14.04 you can use:

/etc/init.d/tvip-cas restart

On TMS side you must configure CAS in Settings → CAS servers

tvip_key_server_installation.1524231156.txt.gz · Последние изменения: 2018/04/20 16:32 — Egor Danilenko

Инструменты страницы