Here is a How to, the objective is to demonstrate the setup of a PHLS live stream. PHLS means Protected HLS : the custom format of HLS by Adobe. The protection is realized with a AES-128 encryption on the content. To make this configuration, you need a streaming server which will push content via RTMP. Some live transcoders are available from ElementalLive to ffmpeg. And you need too a Adobe Media Server 4.5 installed to complete this how to. All I write in this post is available via the FMS documentation.
Setup HLS live stream
First, we will push not one, but multiple RTMP streams. Remember, HLS is an adaptive bit rate protocol, so you need to use some bitrate as input. FMS will rewrap the content to the good output. In this case, I will push 4 stream at 200, 400, 600 and 800 kbits/s.
But where do we push the content ? Here is the template url :
rtmp://ams_address/livepkgr/stream_name?adbe-live-event=event_name
Apply this template with the previous data (192.168.0.2 is the address of the FMS), we will have :
- rtmp://192.168.0.2/livepkgr/200k?adbe-live-event=mylive
- rtmp://192.168.0.2/livepkgr/400k?adbe-live-event=mylive
- rtmp://192.168.0.2/livepkgr/600k?adbe-live-event=mylive
- rtmp://192.168.0.2/livepkgr/800k?adbe-live-event=mylive
Ok, now we will check if the stream are correctly pushed. Have a look on the FMS administration and go to Manage Server -> Select the server -> Applications
Another solution, to check the content is correctly pushed, is to connect to the server via ssh, in my case (I used Linux), and check if there is some files in /mnt/applications/livepkgr/events/_definst_/eventname like this kind of files :
MTQ1OTkwMzc5OQ=.stream or NDE3MDY5NTk0OQ=.stream. It can be useful to check the presence of this files in order to manage your live stream platform based on FMS.
Then, and here is the magic of FMS :-), you can watch you content… to be more precise, you can stream each bitrate separately with the player:
- http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/200k.m3u8
- http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/400k.m3u8
- http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/600k.m3u8
- http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/800k.m3u8
Try the differents URLs in iOS device, Quicktime or VLC and you can be able to view the live content. We have some single bit rate stream and at the beginning of this post, I wanted an adaptive bit rate live stream .
So finally, we create a m3u8 manifest file which contains our different sub-streams (the manifest for each bit rate).
#EXTM3U #EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=200000 http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/200k.m3u8 #EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=400000 http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/400k.m3u8 #EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=600000 http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/600k.m3u8 #EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=800000 http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/800k.m3u8
Put this file at the root folder of FMS and try again with the player (for example the address will be at : http://192.168.0.2/manifest.m3u8). You can view the stream adapt to the band-with available. 😉
Add encryption and setup PHLS live stream
We made a big part of the job. We have HLS live stream which is adaptive to the bandwidth. The question is how to encrypt the content and this operation will be made by Adobe Flash Media Server. To do that, we need to change configuration files. When you change the configuration, you need to restart FMS :
rootinstall/server restart
The encryption is possible at 3 different levels :
- server
- application
- event
An application is composed by different events. The configuration will be applied to every event in application. The file is located :
rootinstall/applications/application_name/Application.xml
At event level, the configuration files are located in:
rootinstall/applications/application_name/events/_definst_/event_name
If you want all streams (VoD, Live via RTMP, Live via HTTP) will be encrypted, you do it at the server level. The configuration will be updated in :
rootinstall/Apache2.2/conf/httpd.conf
For this example, we apply the configuration on the server level, so in the httpd.conf. To do it, we will add three directives in the file :
- HLSEncryptionScope : declare the scope in which the encryption is applied (server or content)
- HLSEncryptCipherKeyFile : the location of the encrypted key file.
- HLSEncryptKeyURI : the URI added in the manifest file. The file defined in this directive is the same as HLSEncryptCipherKeyFile directive
There is a key file provided when you had installed FMS. It is located in rootinstall/phls/ and named liveevent.bin. Update the Apache configuration file with the good directive’s value. The directive are located in the tag :
<Location /hls-live>
Here is an example
<Location /hls-live>
HLSHttpStreamingEnabled true
HttpStreamingLiveEventPath "/mnt/applications"
HttpStreamingContentPath "/mnt/applications"
HLSMediaFileDuration 8000
HLSSlidingWindowLength 6
HLSFmsDirPath ".."
HLSM3U8MaxAge 2
HLSTSSegmentMaxAge -1
HLSEncryptionScope server
HLSEncryptCipherKeyFile "../phls/liveeventkey.bin"
HLSEncryptKeyURI "http://192.168.0.2/hls-key/liveeventkey.bin"
Options -Indexes FollowSymLinks
</Location>
Ok, save the file. As you can see, the key will the available at this url http://192.168.0.2/hls-key/liveeventkey.bin but if you try to access it, the file is in 404. It is normal, you need to add one thing in the httpd.conf : the hls-key is not defined, so you need to setup it.
<Location /hls-key>
HLSEncryptHostCipherKey true # if true, this is the cypher key location
HLSFmsDirPath ".." # the folder of the AMS
HLSEncryptKeyRepository "../phls" # the folder where the keys are located
</Location>
Save the file again and restart the server.
You can now test the stream (http://192.168.0.2/manifest.m3u8) with a HLS player (iOS or Quicktime). To validate the content is encrypted, download one of the substream for example http://192.168.0.2/hls-live/livepkgr/_definst_/mylive/200k.m3u8. You find this line :
#EXT-X-KEY:METHOD=AES-128,URI="http://192.168.0.2/hls-key/liveeventkey.bin",IV=0XU806869759IJTE74645447
If you look it, your content is encrypted, you can now enjoy streaming PHLS live 🙂
Sources :
Thanks for the post!
What client are you using to view the stream? My .m3u8 is showing where the key is, but Quicktime or iOS Safari fail to decrypt/decode any stream.
Which version of Media Server do you use ? 4.5 or 5.0
Could you share the key url, it may help me to assist you.