Copy link to clipboard
Copied
Hi,
I'm playing around with FMIS 4.5 and HDS/PHDS. My question is, how do I perform stream authentication on HDS?
For RTMP(E) streams I can have an authentication module, but from my experiments (I cannot find any reliable docs on this), neither the auth module or the file module is used for HDS streams. I guess the apache jithttp module doesn't interact at all with the FMIS modules?
Have I missed something, or do I have to use apache access control/write an apache module for this?
If so, can I leave FMS (edge/core etc) out all together for streaming HDS content (ie send traffic straight to the apache listen port. It seems to work.)?
Thank you
Johan
Yes, you are right that subscribers are only served by the Apache and FMS process has no role in that. So FMS's Auth/File module won't work for it.
Apache provides wide possiblities to write your own authentication scheme. You may try using the Apache's mod_auth module or write your own.
For HDS-Vod, yes you don't require running FMS. Only apache is required. But for HDS-live, you need FMS for publisher to send rtmp data to FMS and record it on the server.
Copy link to clipboard
Copied
Yes, you are right that subscribers are only served by the Apache and FMS process has no role in that. So FMS's Auth/File module won't work for it.
Apache provides wide possiblities to write your own authentication scheme. You may try using the Apache's mod_auth module or write your own.
For HDS-Vod, yes you don't require running FMS. Only apache is required. But for HDS-live, you need FMS for publisher to send rtmp data to FMS and record it on the server.
Copy link to clipboard
Copied
Hi Nitin,
thank you for your response.
After playing around with 4.5.0 and trying to bench it a bit, resulting in total crash of the edges, we found that 4.5.2 was released. Unfortunately the FMIS dev download page links to 4.5.0, one has to manually find another page with the updates. This should probably be fixed..
Anyhow, as of 4.5.1 it seems that the traffic is sent directly to Apache, confirming our guesses, and what you wrote.
Regardin authentication, we've looking in to a few solutions similar to what you suggested.
Thank you!