Re: RTMP offloading
Hi Cyril, I have tested your config in my Pfsense setup and it doesn't work. As I connecting using a string for auth it might be that, I'm not playing but recording. As I can do for other servervices the same I wonder what goes wrong, it's really not easy to find and plain rtmp through HA proxy goes well. So if you ask me HA does something strange to the offloading on rtmps, could it be that it add something ? I get a long handshake error on Red5 which acutually says the data which comes is in is not as expected but works fine on plain rtmp. Thanks, Matt 2015-03-29 19:14 GMT+02:00 Matt . yamakasi@gmail.com: Hi Cyril, Thanks, I'm indeed using red5 in my setup, client is flex. Just non ssl at all, so only 1935 over HA works prefectly. When I set my frontend to ssl offloading on TCP 443 I see on my red5 server my client coming in when connecting but than it hangs, no other data in de red5 log. I will simply this setup again to see what happens. Red5 works perfectly. I will report. Cheers, Matt 2015-03-29 19:08 GMT+02:00 Cyril Bonté cyril.bo...@free.fr: Hi Matt, Le 29/03/2015 16:19, Matt . a écrit : Whoops my fault while testing. Indeed, on the backends I connect to 1935 again, I see a connection coming in but no clear data. That part is actually my issue and difficult to trace. Then can you re-provide the expected configuration ? Because the one you provided is clearly not going to work. Making some quick tests here, it works (but it was really quick tests in a very simple configuration). Steps : 1. Download a red5-server release, untar, and run it. 2. Access to http://localhost:5080/installer/ and install OFLA Demo. 3. Test a RTMP video provided with the demo : vlc rtmp://localhost/oflaDemo/Avengers2.mp4 4. Configure haproxy for offloading SSL haproxy.cfg content : listen rtmps mode tcp bind :443 ssl crt localhost.pem server rtmp localhost:1935 listen status mode http bind : stats enable stats uri / 5. Launch haproxy (in foreground for the tests): sudo haproxy -f haproxy.cfg 6. Test the RTMPS video : vlc rtmps://localhost/oflaDemo/Avengers2.mp4 = The video is played and we can see that statistics in haproxy are updated when the connection is closed. At this point, I'd recommend simplifying the configuration during the debug. At least, use only one server for the backends. Also, how do you test your rtmps streams ? with which client ? which RTMP server ? ... 2015-03-29 16:11 GMT+02:00 Baptiste bed...@gmail.com: frontend rtmp_https bindxxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem modetcp log global maxconn 9 timeout client 60 use_backend rtmpbackend_tcp_ipvANY if default_backend rtmpbackend_tcp_ipvANY backend rtmpbackend_tcp_ipvANY modetcp balance leastconn timeout connect 3 timeout server 3 retries 3 option httpchk GET / server rtmp-01 172.16.5.11:443 check-ssl check inter 1000 weight 100 verify none server rtmp-02 172.16.5.12:443 check-ssl check inter 1000 weight 100 verify none Weren't you supposed to connect on port 1935 where traffic is unciphered? Can you confirm wether traffic is ciphered or not on server's port 443 ?? (you seem to be mixing clear traffic over a connection which expect ciphered traffic on the server side). Does haproxy says the servers are UP (logs, stats page, etc...) Baptiste -- Cyril Bonté
Re: RTMP offloading
Whoops my fault while testing. Indeed, on the backends I connect to 1935 again, I see a connection coming in but no clear data. That part is actually my issue and difficult to trace. 2015-03-29 16:11 GMT+02:00 Baptiste bed...@gmail.com: frontend rtmp_https bindxxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem modetcp log global maxconn 9 timeout client 60 use_backend rtmpbackend_tcp_ipvANY if default_backend rtmpbackend_tcp_ipvANY backend rtmpbackend_tcp_ipvANY modetcp balance leastconn timeout connect 3 timeout server 3 retries 3 option httpchk GET / server rtmp-01 172.16.5.11:443 check-ssl check inter 1000 weight 100 verify none server rtmp-02 172.16.5.12:443 check-ssl check inter 1000 weight 100 verify none Weren't you supposed to connect on port 1935 where traffic is unciphered? Can you confirm wether traffic is ciphered or not on server's port 443 ?? (you seem to be mixing clear traffic over a connection which expect ciphered traffic on the server side). Does haproxy says the servers are UP (logs, stats page, etc...) Baptiste
Re: RTMP offloading
Matt, I won't do your configuration since I have no idea what you want to do. Share what you did exactly, share more information about the issues (logs, etc...) and we may help. Baptiste On Sun, Mar 29, 2015 at 3:53 PM, Matt . yamakasi@gmail.com wrote: Hi, I have tried all, also TCP, I'm configuring it using pfsense so I need to grab it from there. Do you have a small example of what should work ? I can paste that to pfsense to than. In my app I just should connect rtmps to port 443 on ha, offload and connect to normal rtmp 1935 again was my idea ? Thanks so far! Cheers, Matt 2015-03-29 15:47 GMT+02:00 Baptiste bed...@gmail.com: On Sun, Mar 29, 2015 at 1:05 PM, Matt . yamakasi@gmail.com wrote: Hi Guys, I'm trying to offload a rtmp connection where I connect using rtmps to ha proxy and offload the ssl layer there. In some strange way I can't get it working but I can with other services the same way. Is RTMP a hard one in this case ? Thanks, Matt Hi, Are you using mode tcp ? could you share your configuration? any error message provided by any equipement involved in your setup? Baptiste
Re: RTMP offloading
frontend rtmp_https bindxxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem modetcp log global maxconn 9 timeout client 60 use_backend rtmpbackend_tcp_ipvANY if default_backend rtmpbackend_tcp_ipvANY backend rtmpbackend_tcp_ipvANY modetcp balance leastconn timeout connect 3 timeout server 3 retries 3 option httpchk GET / server rtmp-01 172.16.5.11:443 check-ssl check inter 1000 weight 100 verify none server rtmp-02 172.16.5.12:443 check-ssl check inter 1000 weight 100 verify none Weren't you supposed to connect on port 1935 where traffic is unciphered? Can you confirm wether traffic is ciphered or not on server's port 443 ?? (you seem to be mixing clear traffic over a connection which expect ciphered traffic on the server side). Does haproxy says the servers are UP (logs, stats page, etc...) Baptiste
Re: RTMP offloading
Hi, I have tried all, also TCP, I'm configuring it using pfsense so I need to grab it from there. Do you have a small example of what should work ? I can paste that to pfsense to than. In my app I just should connect rtmps to port 443 on ha, offload and connect to normal rtmp 1935 again was my idea ? Thanks so far! Cheers, Matt 2015-03-29 15:47 GMT+02:00 Baptiste bed...@gmail.com: On Sun, Mar 29, 2015 at 1:05 PM, Matt . yamakasi@gmail.com wrote: Hi Guys, I'm trying to offload a rtmp connection where I connect using rtmps to ha proxy and offload the ssl layer there. In some strange way I can't get it working but I can with other services the same way. Is RTMP a hard one in this case ? Thanks, Matt Hi, Are you using mode tcp ? could you share your configuration? any error message provided by any equipement involved in your setup? Baptiste
Re: RTMP offloading
Bapiste, No that was not the idea but I was debugging with someone of pfsense/haproxy so suggestions were good. This is what I use for RTMP: frontend rtmp_https bindxxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem modetcp log global maxconn 9 timeout client 60 use_backend rtmpbackend_tcp_ipvANY if default_backend rtmpbackend_tcp_ipvANY backend rtmpbackend_tcp_ipvANY modetcp balance leastconn timeout connect 3 timeout server 3 retries 3 option httpchk GET / server rtmp-01 172.16.5.11:443 check-ssl check inter 1000 weight 100 verify none server rtmp-02 172.16.5.12:443 check-ssl check inter 1000 weight 100 verify none 2015-03-29 15:56 GMT+02:00 Baptiste bed...@gmail.com: Matt, I won't do your configuration since I have no idea what you want to do. Share what you did exactly, share more information about the issues (logs, etc...) and we may help. Baptiste On Sun, Mar 29, 2015 at 3:53 PM, Matt . yamakasi@gmail.com wrote: Hi, I have tried all, also TCP, I'm configuring it using pfsense so I need to grab it from there. Do you have a small example of what should work ? I can paste that to pfsense to than. In my app I just should connect rtmps to port 443 on ha, offload and connect to normal rtmp 1935 again was my idea ? Thanks so far! Cheers, Matt 2015-03-29 15:47 GMT+02:00 Baptiste bed...@gmail.com: On Sun, Mar 29, 2015 at 1:05 PM, Matt . yamakasi@gmail.com wrote: Hi Guys, I'm trying to offload a rtmp connection where I connect using rtmps to ha proxy and offload the ssl layer there. In some strange way I can't get it working but I can with other services the same way. Is RTMP a hard one in this case ? Thanks, Matt Hi, Are you using mode tcp ? could you share your configuration? any error message provided by any equipement involved in your setup? Baptiste
Re: RTMP offloading
On Sun, Mar 29, 2015 at 1:05 PM, Matt . yamakasi@gmail.com wrote: Hi Guys, I'm trying to offload a rtmp connection where I connect using rtmps to ha proxy and offload the ssl layer there. In some strange way I can't get it working but I can with other services the same way. Is RTMP a hard one in this case ? Thanks, Matt Hi, Are you using mode tcp ? could you share your configuration? any error message provided by any equipement involved in your setup? Baptiste
Re: RTMP offloading
Hi Matt, Le 29/03/2015 16:19, Matt . a écrit : Whoops my fault while testing. Indeed, on the backends I connect to 1935 again, I see a connection coming in but no clear data. That part is actually my issue and difficult to trace. Then can you re-provide the expected configuration ? Because the one you provided is clearly not going to work. Making some quick tests here, it works (but it was really quick tests in a very simple configuration). Steps : 1. Download a red5-server release, untar, and run it. 2. Access to http://localhost:5080/installer/ and install OFLA Demo. 3. Test a RTMP video provided with the demo : vlc rtmp://localhost/oflaDemo/Avengers2.mp4 4. Configure haproxy for offloading SSL haproxy.cfg content : listen rtmps mode tcp bind :443 ssl crt localhost.pem server rtmp localhost:1935 listen status mode http bind : stats enable stats uri / 5. Launch haproxy (in foreground for the tests): sudo haproxy -f haproxy.cfg 6. Test the RTMPS video : vlc rtmps://localhost/oflaDemo/Avengers2.mp4 = The video is played and we can see that statistics in haproxy are updated when the connection is closed. At this point, I'd recommend simplifying the configuration during the debug. At least, use only one server for the backends. Also, how do you test your rtmps streams ? with which client ? which RTMP server ? ... 2015-03-29 16:11 GMT+02:00 Baptiste bed...@gmail.com: frontend rtmp_https bindxxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem modetcp log global maxconn 9 timeout client 60 use_backend rtmpbackend_tcp_ipvANY if default_backend rtmpbackend_tcp_ipvANY backend rtmpbackend_tcp_ipvANY modetcp balance leastconn timeout connect 3 timeout server 3 retries 3 option httpchk GET / server rtmp-01 172.16.5.11:443 check-ssl check inter 1000 weight 100 verify none server rtmp-02 172.16.5.12:443 check-ssl check inter 1000 weight 100 verify none Weren't you supposed to connect on port 1935 where traffic is unciphered? Can you confirm wether traffic is ciphered or not on server's port 443 ?? (you seem to be mixing clear traffic over a connection which expect ciphered traffic on the server side). Does haproxy says the servers are UP (logs, stats page, etc...) Baptiste -- Cyril Bonté
Re: RTMP offloading
Hi Cyril, Thanks, I'm indeed using red5 in my setup, client is flex. Just non ssl at all, so only 1935 over HA works prefectly. When I set my frontend to ssl offloading on TCP 443 I see on my red5 server my client coming in when connecting but than it hangs, no other data in de red5 log. I will simply this setup again to see what happens. Red5 works perfectly. I will report. Cheers, Matt 2015-03-29 19:08 GMT+02:00 Cyril Bonté cyril.bo...@free.fr: Hi Matt, Le 29/03/2015 16:19, Matt . a écrit : Whoops my fault while testing. Indeed, on the backends I connect to 1935 again, I see a connection coming in but no clear data. That part is actually my issue and difficult to trace. Then can you re-provide the expected configuration ? Because the one you provided is clearly not going to work. Making some quick tests here, it works (but it was really quick tests in a very simple configuration). Steps : 1. Download a red5-server release, untar, and run it. 2. Access to http://localhost:5080/installer/ and install OFLA Demo. 3. Test a RTMP video provided with the demo : vlc rtmp://localhost/oflaDemo/Avengers2.mp4 4. Configure haproxy for offloading SSL haproxy.cfg content : listen rtmps mode tcp bind :443 ssl crt localhost.pem server rtmp localhost:1935 listen status mode http bind : stats enable stats uri / 5. Launch haproxy (in foreground for the tests): sudo haproxy -f haproxy.cfg 6. Test the RTMPS video : vlc rtmps://localhost/oflaDemo/Avengers2.mp4 = The video is played and we can see that statistics in haproxy are updated when the connection is closed. At this point, I'd recommend simplifying the configuration during the debug. At least, use only one server for the backends. Also, how do you test your rtmps streams ? with which client ? which RTMP server ? ... 2015-03-29 16:11 GMT+02:00 Baptiste bed...@gmail.com: frontend rtmp_https bindxxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem modetcp log global maxconn 9 timeout client 60 use_backend rtmpbackend_tcp_ipvANY if default_backend rtmpbackend_tcp_ipvANY backend rtmpbackend_tcp_ipvANY modetcp balance leastconn timeout connect 3 timeout server 3 retries 3 option httpchk GET / server rtmp-01 172.16.5.11:443 check-ssl check inter 1000 weight 100 verify none server rtmp-02 172.16.5.12:443 check-ssl check inter 1000 weight 100 verify none Weren't you supposed to connect on port 1935 where traffic is unciphered? Can you confirm wether traffic is ciphered or not on server's port 443 ?? (you seem to be mixing clear traffic over a connection which expect ciphered traffic on the server side). Does haproxy says the servers are UP (logs, stats page, etc...) Baptiste -- Cyril Bonté