What do they write in tech support video streamer?
Hello. Dozens of different calls open daily to our support, from simple questions “help set up a cluster” to very complex “the stream doesn't work, sometimes the stream stutters”, but there are questions that already have an eye twitching and every employee can answer in detail.
And since the questions do not stop, so you can answer here.
We already have two articles in the blog ( one , two ) on this topic, read them if you work with video, and here I will give a short and comprehensive answer:
Modern Internet streaming is the HLS protocol . Sometimes DASH, but it does not matter, because they are both segment.
How it works? Streaming video is “sliced” into small files (usually 2-8 seconds, depending on the dynamic content), 3-10 such segments are accumulated and described by a special playlist, which is automatically updated when you delete the old segment and add a new one. Just like that. More segments - more delay, longer duration of each segment - more delay. 10-20 seconds is normal.
Why do you need it? Why accumulate so much video in the video server memory? Segmentation allows the player to not respond to the instability of the Internet connection, not to interrupt the video when switching from a Wi-Fi network to a mobile connection. If the video were not prepared in advance and packaged into separate files, then at the slightest disruption or lack of bandwidth, we would have video on the screen artifacts, and segmentation gives the player about 4-20 seconds to reconnect the player and upload new data.
What if you need a video without delay? Choose a different protocol if you are going to make a web chat, control the web through the Internet, watch IP video cameras. Here are examples: WebRTC, MSE-LD, RTMP.
The task is very simple - the video on the site should be protected from pasting to other sites, no one wants to pay for someone else's traffic, video traffic is expensive. And still video can be private and should not fall outside the personal account.
I always have one answer to all such requests - you need to set up Securelink on your site. Content protection is impossible unilaterally - the site itself must generate links, you can not just take and insert a static link to the site.
Securelink is an old and highly effective link protection technology. Many habrachiteleami aware of a special module for Nginx - ngx_http_secure_link_module. We do not use Nginx, but there is a similar and equally effective implementation, the difference is only in the order of parameters.
How it works? The site generates a unique one-time link based on user data. And what does the web server know about the client? Correctly, this is IP-address, User-Agent, Cookie, requested URL. If the client is authorized, then other information can be obtained in the session variables, for example, the unique client ID in the service database, or, for example, the subscription validity period.
We collect parameters in one line and we hash our favorite algorithm, for example, SHA1. It turns out a set of useless characters. For example, the hash from the string “127.0.0.1Habr” would be: 70ebe94671dd21bd65f4a00dfd988adc83fe6bda.
This string will be transmitted to the video streamer and its task will be to check the validity of the link, that it was generated by your website, not “spoiled” and not passed on to third parties. There is no feedback from the site, so the video streamer should generate a hash using the same data that the website used. The video streamer also knows the client’s IP address, the requested content, but cannot in any way know either the user ID or the link lifetime. You will have to transfer this data directly in the link and use the secret key so that anyone could not generate links to themselves.
We take the line "127.0.0.1Habr1540327100SECRET" and we get SHA1 99fe961672c52aa3033b98b545ec2cdec93bf515, and now we form a link of the form:
example.com/Habr/index.m3u8?token=99fe961672c52aa3033b98b5cate5c5c5a5c3a8333c8aa3033bf515c5c3a833cfb155c5cfc15bf515c5a5335cfc.
example.com is your video server, Habr is the requested video, index.m3u8 is the standard name of the HLS playlist, the value token is a string from the web server that we generated with you.
The video streamer easily extracts from this data everything that is needed to get the same hash: the IP address is read from the web server variable, the requested content is from the URL, the lifetime is from the token parameter, the only thing that is missing is the secret key; write to config file and keep secret.
You can’t send such a link to a friend or open it in another browser - there is an IP address in the hash formula, and the lifetime cannot be changed - then the hash will not match.
I really wanted to describe in two paragraphs, but in short did not work. This is the first problem - not everyone is willing to delve into such details, because it is much easier to insert a static link. We have ready-made examples on our site , so there should be no problem.
It often happens that the website and the web server incorrectly determine the IP address of the client, this is normal if you use a CDN network, for example, CloudFlare. In this case, you need to take the IP address from the correct header, you may need the help of a CDN provider. For example, with CloudFlare, this is CF-Connecting-IP.
Wrong time. Incorrect time on one of the servers, in combination with attempts to shorten the link lifetime as much as possible, often leads to broken links. It also happens that the user leaves the tab open for several hours, and then cannot play the video due to the short lifetime.
3-24 hours link lifetime is normal, they are still protected and there are ways to limit the number of simultaneous views.
Tell us in the comments how to bypass such a link protection mechanism?
And since the questions do not stop, so you can answer here.
Why is the video delayed?
We already have two articles in the blog ( one , two ) on this topic, read them if you work with video, and here I will give a short and comprehensive answer:
Modern Internet streaming is the HLS protocol . Sometimes DASH, but it does not matter, because they are both segment.
How it works? Streaming video is “sliced” into small files (usually 2-8 seconds, depending on the dynamic content), 3-10 such segments are accumulated and described by a special playlist, which is automatically updated when you delete the old segment and add a new one. Just like that. More segments - more delay, longer duration of each segment - more delay. 10-20 seconds is normal.
Why do you need it? Why accumulate so much video in the video server memory? Segmentation allows the player to not respond to the instability of the Internet connection, not to interrupt the video when switching from a Wi-Fi network to a mobile connection. If the video were not prepared in advance and packaged into separate files, then at the slightest disruption or lack of bandwidth, we would have video on the screen artifacts, and segmentation gives the player about 4-20 seconds to reconnect the player and upload new data.
What if you need a video without delay? Choose a different protocol if you are going to make a web chat, control the web through the Internet, watch IP video cameras. Here are examples: WebRTC, MSE-LD, RTMP.
How to protect the video? Paste only on your website
The task is very simple - the video on the site should be protected from pasting to other sites, no one wants to pay for someone else's traffic, video traffic is expensive. And still video can be private and should not fall outside the personal account.
I always have one answer to all such requests - you need to set up Securelink on your site. Content protection is impossible unilaterally - the site itself must generate links, you can not just take and insert a static link to the site.
Securelink is an old and highly effective link protection technology. Many habrachiteleami aware of a special module for Nginx - ngx_http_secure_link_module. We do not use Nginx, but there is a similar and equally effective implementation, the difference is only in the order of parameters.
How it works? The site generates a unique one-time link based on user data. And what does the web server know about the client? Correctly, this is IP-address, User-Agent, Cookie, requested URL. If the client is authorized, then other information can be obtained in the session variables, for example, the unique client ID in the service database, or, for example, the subscription validity period.
We collect parameters in one line and we hash our favorite algorithm, for example, SHA1. It turns out a set of useless characters. For example, the hash from the string “127.0.0.1Habr” would be: 70ebe94671dd21bd65f4a00dfd988adc83fe6bda.
This string will be transmitted to the video streamer and its task will be to check the validity of the link, that it was generated by your website, not “spoiled” and not passed on to third parties. There is no feedback from the site, so the video streamer should generate a hash using the same data that the website used. The video streamer also knows the client’s IP address, the requested content, but cannot in any way know either the user ID or the link lifetime. You will have to transfer this data directly in the link and use the secret key so that anyone could not generate links to themselves.
We take the line "127.0.0.1Habr1540327100SECRET" and we get SHA1 99fe961672c52aa3033b98b545ec2cdec93bf515, and now we form a link of the form:
example.com/Habr/index.m3u8?token=99fe961672c52aa3033b98b5cate5c5c5a5c3a8333c8aa3033bf515c5c3a833cfb155c5cfc15bf515c5a5335cfc.
example.com is your video server, Habr is the requested video, index.m3u8 is the standard name of the HLS playlist, the value token is a string from the web server that we generated with you.
The video streamer easily extracts from this data everything that is needed to get the same hash: the IP address is read from the web server variable, the requested content is from the URL, the lifetime is from the token parameter, the only thing that is missing is the secret key; write to config file and keep secret.
You can’t send such a link to a friend or open it in another browser - there is an IP address in the hash formula, and the lifetime cannot be changed - then the hash will not match.
Underwater rocks
I really wanted to describe in two paragraphs, but in short did not work. This is the first problem - not everyone is willing to delve into such details, because it is much easier to insert a static link. We have ready-made examples on our site , so there should be no problem.
It often happens that the website and the web server incorrectly determine the IP address of the client, this is normal if you use a CDN network, for example, CloudFlare. In this case, you need to take the IP address from the correct header, you may need the help of a CDN provider. For example, with CloudFlare, this is CF-Connecting-IP.
Wrong time. Incorrect time on one of the servers, in combination with attempts to shorten the link lifetime as much as possible, often leads to broken links. It also happens that the user leaves the tab open for several hours, and then cannot play the video due to the short lifetime.
3-24 hours link lifetime is normal, they are still protected and there are ways to limit the number of simultaneous views.
Instead of the total
Tell us in the comments how to bypass such a link protection mechanism?