如何将proxy_pass后的HTTPS协议保存为HTTP协议?
How to save HTTPS protocol after proxy_pass to HTTP protocol?
我在同一网络中有 3 个 docker 个容器:
- 存储 (golang) - 它提供API上传视频文件。
- Streamer (nginx) - 它流式传输上传的文件
- 反向代理(姑且称之为代理)
我在用户和代理之间有 HTTPS 协议。
假设有一个文件 id=c14de868-3130-426a-a0cc-7ff6590e9a1f 并且用户想要查看它。因此,用户向 https://stream.example.com/hls/master.m3u8?id=c14de868-3130-426a-a0cc-7ff6590e9a1f 发出请求。 Streamer 知道视频 ID(来自查询参数),但它不知道视频的路径,因此它向存储发出请求并为视频路径交换视频 ID。实际上它确实 proxy_pass 到 http://docker-storage/getpath?id=c14de868-3130-426a-a0cc-7ff6590e9a1f.
docker-storage in an upstream server. And protocol is http, because
I have no SSL-connection between docker containers in local network.
在 Streamer 获取文件路径后开始流式传输。但是用户的浏览器开始抛出 Mixed Content Type 错误,因为第一个请求抛出 HTTPS 并且在 proxy_pass 之后它变成了 HTTP.
这是nginx.conf文件(它是一个Streamer容器):
worker_processes auto;
events {
use epoll;
}
http {
error_log stderr debug;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
vod_mode local;
vod_metadata_cache metadata_cache 16m;
vod_response_cache response_cache 512m;
vod_last_modified_types *;
vod_segment_duration 9000;
vod_align_segments_to_key_frames on;
vod_dash_fragment_file_name_prefix "segment";
vod_hls_segment_file_name_prefix "segment";
vod_manifest_segment_durations_mode accurate;
open_file_cache max=1000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
aio on;
upstream docker-storage {
# There is a docker container called storage on the same network
server storage:9000;
}
server {
listen 9000;
server_name localhost;
root /srv/static;
location = /exchange-id-to-path {
proxy_pass $auth_request_uri;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
# I tried to experiment with this header
proxy_set_header X-Forwarded-Proto https;
set $filepath $upstream_http_the_file_path;
}
location /hls {
# I use auth_request module just to get the path from response header (The-File-Path)
set $auth_request_uri "http://docker-storage/getpath?id=$arg_id";
auth_request /exchange-id-to-path;
auth_request_set $filepath $upstream_http_the_file_path;
# Here I provide path to the file I want to stream
vod hls;
alias $filepath/$arg_id;
}
}
}
这是浏览器控制台的屏幕截图:
这是成功 (200) 请求的响应:
#EXTM3U
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=1470038,RESOLUTION=1280x720,FRAME-RATE=25.000,CODECS="avc1.4d401f,mp4a.40.2"
http://stream.example.com/hls/index-v1-a1.m3u8
#EXT-X-I-FRAME-STREAM-INF:BANDWIDTH=171583,RESOLUTION=1280x720,CODECS="avc1.4d401f",URI="http://stream.example.com/hls/iframes-v1-a1.m3u8"
问题是proxy_pass后的https协议如何保存到http?
p.s. 我使用 Kaltura nginx-vod-module 来播放视频文件。
我认为 proxy_pass 不是这里的问题。当 vod 模块 returns 索引路径时,它使用绝对 URL 和 HTTP 协议。相对 URL 应该足够了,因为索引文件和块在同一个域下(如果我理解正确的话)。
尝试设置 vod_hls_absolute_index_urls off;(以及 vod_hls_absolute_master_urls off;),这样您的浏览器应该使用 HTTPS.
发送相对于 stream.example.com 域的请求
我在同一网络中有 3 个 docker 个容器:
- 存储 (golang) - 它提供API上传视频文件。
- Streamer (nginx) - 它流式传输上传的文件
- 反向代理(姑且称之为代理)
我在用户和代理之间有 HTTPS 协议。
假设有一个文件 id=c14de868-3130-426a-a0cc-7ff6590e9a1f 并且用户想要查看它。因此,用户向 https://stream.example.com/hls/master.m3u8?id=c14de868-3130-426a-a0cc-7ff6590e9a1f 发出请求。 Streamer 知道视频 ID(来自查询参数),但它不知道视频的路径,因此它向存储发出请求并为视频路径交换视频 ID。实际上它确实 proxy_pass 到 http://docker-storage/getpath?id=c14de868-3130-426a-a0cc-7ff6590e9a1f.
docker-storage in an upstream server. And protocol is http, because I have no SSL-connection between docker containers in local network.
在 Streamer 获取文件路径后开始流式传输。但是用户的浏览器开始抛出 Mixed Content Type 错误,因为第一个请求抛出 HTTPS 并且在 proxy_pass 之后它变成了 HTTP.
这是nginx.conf文件(它是一个Streamer容器):
worker_processes auto;
events {
use epoll;
}
http {
error_log stderr debug;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
vod_mode local;
vod_metadata_cache metadata_cache 16m;
vod_response_cache response_cache 512m;
vod_last_modified_types *;
vod_segment_duration 9000;
vod_align_segments_to_key_frames on;
vod_dash_fragment_file_name_prefix "segment";
vod_hls_segment_file_name_prefix "segment";
vod_manifest_segment_durations_mode accurate;
open_file_cache max=1000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
aio on;
upstream docker-storage {
# There is a docker container called storage on the same network
server storage:9000;
}
server {
listen 9000;
server_name localhost;
root /srv/static;
location = /exchange-id-to-path {
proxy_pass $auth_request_uri;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
# I tried to experiment with this header
proxy_set_header X-Forwarded-Proto https;
set $filepath $upstream_http_the_file_path;
}
location /hls {
# I use auth_request module just to get the path from response header (The-File-Path)
set $auth_request_uri "http://docker-storage/getpath?id=$arg_id";
auth_request /exchange-id-to-path;
auth_request_set $filepath $upstream_http_the_file_path;
# Here I provide path to the file I want to stream
vod hls;
alias $filepath/$arg_id;
}
}
}
这是浏览器控制台的屏幕截图:
这是成功 (200) 请求的响应:
#EXTM3U
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=1470038,RESOLUTION=1280x720,FRAME-RATE=25.000,CODECS="avc1.4d401f,mp4a.40.2"
http://stream.example.com/hls/index-v1-a1.m3u8
#EXT-X-I-FRAME-STREAM-INF:BANDWIDTH=171583,RESOLUTION=1280x720,CODECS="avc1.4d401f",URI="http://stream.example.com/hls/iframes-v1-a1.m3u8"
问题是proxy_pass后的https协议如何保存到http?
p.s. 我使用 Kaltura nginx-vod-module 来播放视频文件。
我认为 proxy_pass 不是这里的问题。当 vod 模块 returns 索引路径时,它使用绝对 URL 和 HTTP 协议。相对 URL 应该足够了,因为索引文件和块在同一个域下(如果我理解正确的话)。
尝试设置 vod_hls_absolute_index_urls off;(以及 vod_hls_absolute_master_urls off;),这样您的浏览器应该使用 HTTPS.
stream.example.com 域的请求