The preparatory work
- Open AliYun Live Streaming service: Aliyun live streaming service receives live streaming and provides the broadcast address. To complete a live broadcast, you need to open Aliyun live streaming service first. Click “Open immediately” on the details page of aliyun official website to open Aliyun live streaming service.
- If you have been able to use Aliyun to broadcast live, but have not broadcast live, please refer to how to Use PC to Push stream.
System architecture
As can be seen from the following figure, we can control the security of live broadcast from three aspects.
- Authenticates the push flow
- Control of live streaming
- Authenticate playback
Broadcast authentication
The mechanism of push stream authentication is the same as that of play authentication.
Authentication principle:
The user sets a key for the accelerated domain name and performs hash based on the string of URI, timestamp, and key that will access Ali Cloud. The hash value and timestamp are taken as part of the request parameters. When the following two items pass, the url is allowed to access.
- The timestamp does not exceed the current time.
- The server uses the same hash algorithm to compute the hash value, and the hash values in the request parameters are the same.
Authentication algorithm:
- Unauthenticated URL:
`js
http://DomainName AppName/StreamName. FLV.
- Authenticated js url: http://domainname /Filename? auth_key=timestamp-rand-0-md5hash.Copy the codeParameter Description:
- Timestamp: expiration time, integer positive, fixed length 10, number of seconds since January 1, 1970 Used to control the time of failure.
- Rand: random number, usually set to 0.
- Md5hash: Indicates the authentication string calculated using the MD5 algorithm. Algorithm (assume that the user key is 123456: md5hash= MD5 (timestamp-rand-0-123456).
An example of authentication:
User to a.com this domain name is configured with an authentication keys: xyz, effective for authentication of hope: the 2017-07-28 05:43:20, ready to use ` js rtmp://video-center.alivecdn.com/live/abc?vhost=a.com `
The corresponding authentication calculation logic is as follows:
Push the flow
- Access to push flow
Js URI: /live/ ABC. - Obtain unixtimestamp: 2017-07-28 05:43:2000 unixtimestamp: 1501191800
- Assemble encrypted strings:
`js
/ live/ABC – 1501191800-0-0 – xyz.
- evaluate the encrypted string: md5 ("/live/ABC - 1501191800-0-0 - xyz ") = 7856896499 b661b1123dca82d7406aa3. - Splice encrypted push stream js URL: RTMP: / / video - center.alivecdn.com/live/abc?vhost=a.com?auth_key=1501191800-0-0-7856896499b661b1123dca82d7406aa3.Copy the codeplay
- The calculation method of playback is similar to that of push stream. Take HTTPFLV playback address as an example. The unauthenticated URL is:
`js
http://A.com/live/abc.flv.
- Get the play js URL: /live/abc.flv.Copy the code- Obtain unixtimestamp: 2017-07-28 05:43:2000 unixtimestamp: 1501191800
- Assemble encrypted strings:
`js
/ live/ABC. FLV – 1501191800-0-0 – xyz.
- Calculates the encrypted string: MD5 (" /live/ abc.flV-1501191800-0-0-XYZ ") = b022238fd0cd1c8efae2ba84fc0 c9119 - joining together push the encrypted stream url: ` ` ` js http://a.com/live/abc.flv?auth_key=1501191800-0-0-b022238fd0cd1c8efae2ba84fc0 c9119.Copy the code- Setting method: You can set it in the live broadcast console, and the authentication calculator in the console can easily generate the authentication URL. For details, see live authentication.
Live stream control
For live streaming, if the content of live streaming is found to be illegal in the process of live streaming, it can not only stop live streaming by stopping the stream, but also block the live streaming by means of live streaming control.
Access the live video console, and you can see the blacklist option in the stream management list. After the video is blacklisted, the stream will not be in the state of receiving the stream.
Click to view the original article