Project

General

Profile

tvheadend as tvheadend client

Added by Guillaume DC about 6 years ago

Hi all,

I searched for similar topic and I didn't find. Here is what I need:

I have 2 tvh, both version are 4.0.9-4~gac9e47d~trusty - i686 and x86_64. They are launched like that "tvheadend -f -u hts -g video --http_root /tvh -s -l /var/log/tvheadend.log"

my i686 tvh has 2 DVB-T tuners and all channels are working fine for my local HTSP clients. But I need my x86_64 tvh to take (on-demand) http stream from i686.

Both tvh are proxied by nginx server:

vhost for i686:
server {
listen 80 default_server;
server_name my.i686.server.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl spdy;
server_name my.i686.server.com;
ssl_certificate /root/my.i686.server.com.crt;
ssl_certificate_key /root/my.i686.server.com.key;
client_max_body_size 500M;
client_body_buffer_size 30M;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA$
ssl_dhparam /root/dhparams.pem;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/access_my.i686.server.com.log;
error_log /var/log/nginx/error_my.i686.server.com.log;

location /tvh {
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_pass http://127.0.0.1:9981;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}

vhost for x86_64:
server {
listen 80 default_server;
server_name my.x86_64.server.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl spdy;
server_name my.x86_64.server.com;
ssl_certificate /root/my.x86_64.server.com.crt;
ssl_certificate_key /root/my.x86_64.server.com.key;
client_max_body_size 500M;
client_body_buffer_size 30M;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA$
ssl_dhparam /root/dhparams.pem;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/access_my.x86_64.server.com.log;
error_log /var/log/nginx/error_my.x86_64.server.com.log;

location /tvh {
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_pass http://127.0.0.1:9981;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}

x86_64 tvh setup:
1) added IPTV network named IPTV
2) added mux from each channel with: http://user:[email protected]/tvh/stream/channelnumber/x

checking service passed, mapping channel passed

When I ask my x86_64 tvh with vlc, network stream with "https://login:_64.server.com/tvh/stream/channel/"hash"?title="channelname""

I also tried "https://login:_64.server.com/tvh/play/stream/channel/"hash"?title="channelname"" and it works too

All works fine a few seconds and then stop. My i686 tvh is always tuned on multiplex, he always send datas to my x86_64 tvh. but my x86_64 tvh does not receive anything more.

I checked all my network parameters / firewall and all is good (if it wasn't, nothing works). I have nothing in logs (both sides) when that happens. I have to manually disconnect the hanged stream on x86_64 to release tuner on i686.

Please, has someone the same system, and working? :) or maybe an other way to do the same thing?


Replies (4)

RE: tvheadend as tvheadend client - Added by Guillaume DC about 6 years ago

Ok it works fine with HTTP vhost (always with nginx proxy). Both sides have to be HTTP only. I don't know why that does not work over SSL.

I don't like to send password through HTTP but actually I don't have choice :)

Let's put some firewall rules and other good stuff!!

RE: tvheadend as tvheadend client - Added by Guillaume DC about 6 years ago

It seams that users are using it with nginx proxy over SSL. Maybe they can help me with my nginx please? :)

RE: tvheadend as tvheadend client - Added by Guillaume DC about 6 years ago

fresh update:

I am able to put x86_64 with SSL ans it seems to work. I'll try again tomorrow. But same issue if I put SSL on i686.

I just commented this lines in vhost (x86_64)

ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

Please help me :p

RE: tvheadend as tvheadend client - Added by Guillaume DC about 6 years ago

After a few days, it works good with my front tvh (x86_64) over SSL. My tvh with DVB-T tuners (i686) is on HTTP nginx vhost. So the new parameters for i686 are:

i686 vhost:

tvh is launched with --noacl

server {
listen 80 default_server;
server_name my.i686.server.com;
error_log /var/log/nginx/error_my.i686.server.com.log;
access_log /var/log/nginx/access_my.i686.server.com.log;
root /var/www/html;
index index.html index.htm index.php;

location /hts {
proxy_pass http://127.0.0.1:9981;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
allow "lansubnet";
allow "x86_64IP";
deny all;
}
location / {
deny all;
return 444;
}
location /robots.txt {
return 200 "User-agent: *\nDisallow: /";
}
}
    (1-4/4)