Nginx-Rtmp with CDN Proxy - Media Control Panel

This guide will walk you through setting up an NGINX proxy server that forwards requests to another server URL. We’ll optimize it for HTTP Live Streaming (HLS) content by configuring caching for .m3u8 and .ts files.

MediaCP is capable of deploying Nginx-Rtmp through a CDN to allow for this increased capacity and reliability.

Pros & Cons

Benefits

Increase Viewers Capacity beyond the limitations of a single server, with minimal cost
Reliable Streaming – CDNs typically cache content at edges around the world which means fast and reliable acaess to the broadcast from any location in the world.

Limitations

Connections and Statistics Information is not available from MediaCP. The information may be available from your CDN service. For this reason it is typically best suited to serve a single customer per server instance.
It is not possible to see or limit the number of viewers on a CDN enabled stream.

Cost

Compatibility with the MediaCP requires an add-on to be enabled on your MediaCP license. Contact our Billing & Support department to enable the CDN add-on. Please note additional costs may apply.

How to Set Up an NGINX Proxy for HLS Content

Prerequisites

The Nginx Proxy should be installed on a server external to your MediaCP installation, in order to proxy requests through to the MediaCP server. We recommend deploying the latest stable release of Ubuntu, Debian, CentOS, RHEL, or similar.

For SSL we recommend using CloudFlare or AWS Certificate Manager to automate certificate deployment. We will include steps for CloudFlare in this document.

Step 1: Install Nginx

Install NGINX using the commands relevant to your operating system below.

Ubuntu/Debian

sudo apt update
sudo apt install nginx certbot python3-certbot-dns-cloudflare

CentOS/RHEL/AlmaLinux

sudo yum install epel-release
sudo yum install nginx certbot python3-certbot-dns-cloudflare

Step 2: Configure DNS API Credentials

Create a credentials file for your DNS provider. For Cloudflare, it might look like the below.

Generate CloudFlare API Token
Create a file named cloudflare.ini:
```
touch ~/cloudflare.ini
```

Add your Cloudflare API token to the file:

dns_cloudflare_api_token = your_cloudflare_api_token

Secure the file by restricting permissions:
```
chmod 600 ~/cloudflare.ini
```

Step 3: Obtain the SSL Certificate

Run Certbot with the DNS plugin to obtain your certificate. Replace cdn.yourdomain.com with your actual domain name:

sudo certbot --nginx --dns-cloudflare --dns-cloudflare-credentials ~/cloudflare.ini -d cdn.yourdomain.com

Step 4: Configure NGINX as a Proxy with SSL

Create a new configuration file for the proxy at /etc/nginx/conf.d/hls_proxy.conf and add the following configuration below.

Be sure to replace cdn.yourdomain.com with your CDN domain name, and panel.yourdomain.com with the MediaCP domain name. We’re also assuming nginx-rtmp is running on the default port 19350.

server {
    listen 80;
    server_name cdn.yourdomain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name cdn.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/cdn.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cdn.yourdomain.com/privkey.pem;

    location / {
        proxy_pass https://panel.yourdomain.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Cache settings for HLS
        proxy_cache hls_cache;
        proxy_cache_valid 200 1s;
        proxy_cache_valid 404 1s;
        proxy_cache_valid 500 1s;
        proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
    }

    location ~* \.m3u8$ {
        proxy_pass https://panel.yourdomain.com;
        proxy_cache hls_cache;
        proxy_cache_valid 200 1s;
        proxy_cache_valid 404 1s;
        proxy_cache_valid 500 1s;
        add_header Cache-Control "public, max-age=1";
    }

    location ~* \.ts$ {
        proxy_pass https://panel.yourdomain.com;
        proxy_cache hls_cache;
        proxy_cache_valid 200 5s;
        proxy_cache_valid 404 5s;
        proxy_cache_valid 500 5s;
        add_header Cache-Control "public, max-age=5";
    }
}

Step 5: Set Up Proxy Cache

Add the following cache configuration to your main NGINX configuration file, typically found at /etc/nginx/nginx.conf:

http {
    # Other configurations...

    proxy_cache_path /var/cache/nginx/hls_cache levels=1:2 keys_zone=hls_cache:10m max_size=1g inactive=60m use_temp_path=off;

    # Include the proxy configuration
    include /etc/nginx/conf.d/*.conf;
}

Step 6: Test and Reload NGINX

Test your NGINX configuration for syntax errors:

sudo nginx -t

If the test is successful, reload NGINX to apply the changes:

sudo systemctl reload nginx

Step 7: MediaCP Edge URL

Navigate to System Config -> Plugins -> Nginx RTMP and fill out the “EDGEURL” field with your CDN URL.

Once saved, all URLs in the panel relating to Nginx-Rtmp Viewing links will be updated to use the Edge URL on default ports.

Multiple Proxies and Load Balancing

The proxy configuration can be replicated to as many servers as you desire to increase stability, reliability and capacity. We recommend sizing your clusters appropriately to the audience to take advantage of caching.

A basic form of load balancing can be achieved by adding a duplicate A Record for each server ip address using nginx proxy. This will create a round-robin load balancer.