DEV Community: Ugacomp Technologies

How to install Ant Media Server on Ubuntu

Ugacomp Technologies — Fri, 03 May 2024 18:32:03 +0000

(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/v31mk063w17h7r5d8d8u.png)

Ant Media is a streaming server that can be installed on a Linus server for webRTC, HLS & DASH streaming. Here is how to set it up:

How to Secure HLS & DASH Streams in Ant Media

Ugacomp Technologies — Tue, 09 Apr 2024 20:15:29 +0000

Third-party websites are likely to abuse your server resources if your Ant Media streams are not secured; to stop malicious and unauthorized stream embedding. If you're into the business of live streaming, you will understand that server resources are critical and expensive. if anybody can feed on your streaming resources, you're likely tp go out of business quickly as you will keep incurring huge costs.

To stop people from abusing your streaming resources, you can stop third-party domains from embedding your Ant Media HLS and DASH streams. In this article, we would like to give you a brief clue of what you need to implement.

But we recommend that you read the full guide on how to implement everything related to secure Ant Media HLS and DASH streams.

Installing Nginx and setting up the Reverse Proxy

In short, the first step is to install Nginx server on the same machine where Ant Media server. Doing this will allow you to implement the important part of this step, which is configuring the reverse proxy using the nano /etc/nginx/nginx.conf file:

Sample nginx.conf configuration

This is the sample template configuration you’re going to put into the nginx.conf file:

user nginx;
worker_processes auto;
pid /var/run/nginx.pid;
worker_rlimit_nofile 1048576;

events {
worker_connections 1048576;
multi_accept on;
use epoll;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 300s;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;

# ssl settings
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers         HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# logs settings
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"'
                  '"$hostname" "upstream: $upstream_addr"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

# gzip
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/javascript application/x-javascript text/xml application/xml application/xml+rss application/vnd.ms-fontobject application/x-font-ttf font/opentype font/x-woff image/svg+xml image/x-icon;

# proxy settings
proxy_redirect off;
proxy_http_version 1.1;
proxy_read_timeout 10s;
proxy_send_timeout 10s;
proxy_connect_timeout 10s;

#redirect all http requests to https
server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}  

#Origin Configuration
#Change {YOUR_DOMAIN} with your fully qualified domain name. 
server {
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/{YOUR_DOMAIN}/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/{YOUR_DOMAIN}/privkey.pem;
        server_name yourdomain.com;

        location / {
          if ($http_referer !~* "^https?://(www\.)?Whitelisted-domain-name\.com"){
          return 403;
    }
            proxy_pass http://AMS-server-IP:5080;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
    }

#Dashboard Configuration (To allow access to your AMS dashboard on different port which should be allowed only for specific IPs)
#Change {YOUR_DOMAIN} with your fully qualified domain name. 
server {
        listen 4444 ssl;
        ssl_certificate /etc/letsencrypt/live/{YOUR_DOMAIN}/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/{YOUR_DOMAIN}/privkey.pem;
        server_name yourdomain.com;

        location / {
            proxy_pass http://AMS-Server-IP:5080;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
    }
}

Whitelisting the allowed domains

From the above code, you will need to find the following block:

   location / {
          if ($http_referer !~* "^https?://(www\.)?Whitelisted-domain-name\.com"){
          return 403;
    }

it's important to note that this block is critical and without it, you can't whitelist the domains you want to allow to embed your Ant Media HLS streams.

Unwhitelisted domains won't be allowed to embed your streams on their sites.

It’s important to note that the process of securing Ant Media HLS and DASH streams is a bit tricky for a beginner, but you have to follow this guide which simplifies it for you.

Is it possible to test Apache for Syntax errors

Ugacomp Technologies — Tue, 09 Apr 2024 05:02:37 +0000

Yes, you can test Apache Webserver for syntax errors using various mechanisms like:

Using the configtest command:

On your terminal, you can run the following command:

sudo apachectl configtest

This will determine if apache has syntax errors or not. If there are some syntax errors, you be able to identify the affected lines in the apache configuration file.

Using the systemctl status command

Alternatively, you can also use the following command to determine if your apache server is affected by syntax errors:

sudo systemctl status apache2

The above command is usually underrated but it offers a better understanding of whether your apache has syntax errors or not. In most cases, if there some errors, this command will be able to list the affected line in the configuration file.

Now, if you want to fix and learn more about how Aoache Syntax errors, you can read this full guide

Should I use Nginx or Apache Server?

Ugacomp Technologies — Sat, 06 Apr 2024 22:51:26 +0000

Both Nginx and Apache are popular webservers that are used to host applications and websites on the world wide web.

While Nginx and apache offer tremendous benefits, their capabilities could vary based on how each of them handle things like:

Dynamic content handling (Nginx)

Dynamic content are website elements or features that are generated on-the-fly in response to user interactions or other external factors. Unlike static content, which remains the same every time it is accessed, dynamic content can change based on various conditions, such as user input, database queries, or system events.

Nginx is known for being efficient in handling dyanmic content compared to apache webserver. This is because Nginx uses an event-driven and asynchronous architecture, allowing it to efficiently manage and processe incoming connections and requests without relying on a separate thread or process for each connection.

Nginx utilizes an event-driven, non-blocking I/O model, where a single worker process can handle multiple connections concurr. When Nginx receives a request, it initiates non-blocking I/O operations to read or write data from sockets, file descriptors, or upstream servers.

Instead of waiting for these operations to complete, Nginx continues to process other requests or events, maximizing resource utilization and responsiveness.

Dynamic Content Handling (Apache Server)

On the other hand, Apache web server is not particularly good at handling dynamic content. This is because it uses a multi-process multi-threaded architecture and so it processes each request in a separate thread or process, which can consume more system resources, especially under heavy loads.

However, to be able to increase apache's capabilities to handle dynamic content, you will need to implement a couple performance tunning techniques

Scalability

Scalability is an important aspect and feature when it comes to webservers. This capability makes it possible to increase the potential of your webserver infrastructure so the growing traffic needs are served efficiently.

Both Nginx and apache offer the potential to scale up the deployment capabilities using load balancing techniques.

The Nginginx load balancer is widely used in enterprise-grade application deployment scenarios. on the other hand, Apache's load balancer can be activated using the mod_proxy and mod_proxy_balancer modules.

If your traffic is growing, you will need to scale your webserver infrastructure to avoid unexpected downtime due to resource depletion. Of course, both Nginx and Apache can be scaled effectively, but Nginx is generally considered easier to implement for large-scale deployments due to its event-driven architecture and lightweight design.

Configuration and setup

Nginx is widely known for being easier to set up compared to Apache. This is because Nginx syntax is easier to manipulate. However, Apache's configuration complexity comes from the fact that it relies on additional modules for customization. Apache is not so beginner-friendly when it comes to setting up and customize its functionality.

Resource Consumpation

The Apache Webserver is known for being resource-intensive, especially when dealing with dynamic content handling. This is because each request requires a separate process or thread that runs in the background, consuming more server resources.

Nginx on the other hand has been documented for being reource-efficient due to its event-driven and asynchronous architecture.