If you need to stream hls on your website as https, first we need to make sure nginx works with https. I have a pfx certificate from GlobalSign for my domain. I need to export certificate and key from that pfx file and remove the passphrase from the key. I need to use OpenSSL to export and convert my certificate. Lets do this step by step.

Download OpenSSL from https://indy.fulgan.com/SSL/

Extract the OpenSSL folder to C and name the folder as openssl.  

Run OpenSSL from Command Prompt as Administrator

 

1. Take the file you exported (e.g. certname.pfx) and copy it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.

2. Run the following command to export the private key:

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes

3. Run the following command to export the certificate:

openssl pkcs12 -in certname.pfx -nokeys -out cert.pem

4. Run the following command to remove the passphrase from the private key:

openssl rsa -in key.pem -out server.key

 

Rename the pem and key file as yourserver.yourdomain.pem and yourserver.yourdomain.key After this, we need to place our certificate and key to the correct locations on nginx server.

yourserver.yourdomain.pem will be copied to /etc/ssl/certs

# cp servername.mydomain.pem /etc/ssl/certs

yourserver.yourdomain.key will be copied to /etc/ssl/private

# cp servername.mydomain.key /etc/ssl/private  

 

 

 

  

 Then modify nginx.conf and change https part 

  


# HTTPS server server { listen       443 ssl; server_name  servername.yourdomain.com; ssl on; ssl_certificate     /etc/ssl/certs/servername.yourdomain.com.pem; ssl_certificate_key  /etc/ssl/private/servername.yourdomain.com.key;    ssl_session_cache   shared:SSL:1m; ssl_session_timeout  5m;        ssl_ciphers  HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers  on; location / { root   html; index  index.html index.htm; } } }  

 

 

Save it.

 

 

 

chmod 640 /etc/ssl/private/servername.yourdomain.com.key
sudo service nginx restart
sudo ufw allow 443

 

 

If you havent bought the domain yet, you can test your https from another client PC by modifying the host file on the client pc.

Add this entry to your host file: localIPAddress servername.yourdomain.com

Then ping to servername.yourdomain.com  on the client PC.

And use your browser to check if you can reach the web site by using https://servername.yourdomain.com

 

 

 

 

Now https works with Nginx but we need to add hls part to https portion in nginx.conf. 

 

 http and https can work at the same time. So just modify portion for https like below.

 

    server {
        listen       443 ssl;
        server_name  servername.yourdomain.com;
	ssl		on;
       ssl_certificate      /etc/ssl/certs/servername.yourdomain.com.pem;
        ssl_certificate_key  /etc/ssl/private/servername.yourdomain.com.key;
ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location /hls { # Serve HLS fragments types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; } root /tmp/; add_header Cache-Control no-cache; add_header 'Access-Control-Allow-Origin' '*'; } location / { root html; index index.html index.htm; } }

 

 

 You can now change the source address on your videojs player and watch your hls stream over https by using the url below.

https:/yourdomain/hls/streamkey.m3u8

 

 Enjoy it :)

ennlfrdeitptruestr

Hylafax Installation on Debian

Easy to start HylaFAX is a free linux-based fax server. It is used by many companies worldwide. In this article, we are going to install and configure HylaFAX.

More...

Creating Multiple Users on Active Directory

Docs / SupportIf you are working in an organization which receives a lot new users on several periods of the year, then you should handle creation of domain users  with the help of Powershell. 

More...

How To Change Default Computer OU

Native RTL SupportWhen you join a computer to the domain, Computer Object is created and placed in Default Computer Container which is not an organizational unit and we all know that, GPOs can be only applied to Organizational Units. 

More...

JSN Epic template designed by JoomlaShine.com