Welcome to World of IPTV

With

+23k members
+11k threads
+106k posts

we are the most popular IPTV community on the web. 

IMPORTANT NOTE:
WE HAVE RECENTLY NOTICED THAT TOO MANY DOUBLE FAKE ACCOUNTS ARE CREATED IN THE PAST.
TO PREVENT THIS ISSUE THE DECISION WAS MADE THAT IN THE FUTURE A ANNUALLY FEE 20 EURO WILL BE RAISED FOR NEW MEMBERSHIPS.

Join now to the World of IPTV

Forum Rules

Before you start, check out the forum rules first

Account upgrade

Upgrade your account to get access to full features

Advertising

Would you like to place your advertisement with us ?

Resources Manager

Hundreds of IPTV scripts and apps are available for download

Tutorial Tutorial Wowza 4.8.x – Ubuntu 18.04 – Letsencrypt

Professor

Basic Member
Basic Member
Seller
Joined
Oct 21, 2022
Messages
27
Reaction score
543
Points
59
Location
Spain

Tutorial Wowza 4.8.x – Ubuntu 18.04 – Letsencrypt​


Requirements
  • Ubuntu 18.04 LTS server installed
  • Wowza 4.8.x installed
  • Firewall open ports: 8088, 8090, 443, 80, 1935
  • a domainname pointing to your wowza server (we need this for SSL activation)
What will show you:

  • Installation of letsencrypt on Ubuntu Server
  • SSL converter to JKS file
  • configuration of frontend (playback) and backend (enginemanager) over SSL
  • Testing of playback url’s (vlc, jwplayer)
Keep in mind:

  • Your server might have an increase of virtual memory because of the ssl encryption in your stream(s).
  • Always test this in your test environment. Don’t keep me responsible for it. This is a guide as is.

Start of installation
Open an ssh connection to your Server and run scripts as root


Code:
# update your server
apt-get update && apt-get upgrade -y apt-get install git

# clone the certbot repository and configure certbot
git clone [URL]https://github.com/certbot/certbot[/URL] /opt/letsencrypt cd /opt/letsencrypt

# create an SSL certificate. change SUB.DOMAIN.EXT to the domain that points to your server
sudo -H ./letsencrypt-auto certonly --standalone -d SUB.DOMAIN.EXT

# Some questions will be asked. Fill them in accordingly
# Answer some of the questions:
```
enter email: set-your-email
agree TOS(Terms of Service): A
Share your email: (up to you): N
Set 2 cronjobs so the ssl certificate will be updated automatically

Code:
# crontab -e
@weekly root cd /opt/letsencrypt && git pull >> /var/log/letsencrypt/letsencrypt-auto-update.log @monthly root /opt/letsencrypt/letsencrypt-auto certonly --quiet --standalone --renew-by-default -d SUB.DOMAIN.EXT >> /var/log/letsencrypt/letsencrypt-auto-update.log

Wowza needs an JKS file. So we need to convert our just created ssl certificate to a JKS file. On the github page of robymus you can find the script. We will use version 0.1
Code:
# Go to the wowza directory cd /usr/local/WowzaStreamingEngine/lib

# Download the jar file in the lib directory
wget https://github.com/robymus/wowza-letsencrypt-converter/releases/download/v0.1/wowza-letsencrypt-converter-0.1.jar

# Create a jks file
java -jar wowza-letsencrypt-converter-0.1.jar -v /usr/local/WowzaStreamingEngine/conf/ /etc/letsencrypt/live/

# This file will be created in the /usr/local/WowzaStreamingEngine/conf/ directory (jksmap.txt and the jks file).
We now need the contents of the jksmap.txt (copy them to a temporary notepad).
Code:
cat /usr/local/WowzaStreamingEngine/conf/jksmap.txt

# This will show you something like this: SUB.DOMAIN.EXT={"keyStorePath":"/usr/local/WowzaStreamingEngine/conf/SUB.DOMAIN.EXT.jks", "keyStorePassword":"secret", "keyStoreType":"JKS"}
Now we need to enable 443 in the VHost.xml file
Code:
cd /usr/local/WowzaStreamingEngine/conf

vi VHost.xml
You will see that the 443 is in comment tags <!– and –> at the end of the HostPort. Remove those tags. Second is that we have to change the KeyStorePath and KeyStorePassword in this part

Before:
Code:
XML:
<SSLConfig>

<KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/keystore.jks</KeyStorePath>

<KeyStorePassword>[password]</KeyStorePassword>

<KeyStoreType>JKS</KeyStoreType>

<DomainToKeyStoreMapPath></DomainToKeyStoreMapPath>

<SSLProtocol>TLS</SSLProtocol>

<Algorithm>SunX509</Algorithm>

<CipherSuites></CipherSuites>

<Protocols></Protocols>

<AllowHttp2>false</AllowHttp2>

</SSLConfig>
And after we have changed the settings. Also make sure to change SUB.DOMAIN.EXT to your own domainname.
Code:
vi /usr/local/WowzaStreamingEngine/manager/conf/tomcat.properties

#Change the default values
XML:
#httpsPort=8090
#httpsKeyStore=conf/certificate.jks
#httpsKeyStorePassword=[password]
#httpsKeyAlias=[key-alias]

# TO:

XML:
httpsPort=8090
httpsKeyStore=/usr/local/WowzaStreamingEngine/conf/SUB.DOMAIN.EXT.jks
httpsKeyStorePassword=secret
#httpsKeyAlias=[key-alias]

Save the file after you have made the changes.

The last thing before restarting is to change the tomcat properties

Code:
vi /usr/local/WowzaStreamingEngine/manager/conf/tomcat.properties

#Change the default values

XML:
#httpsPort=8090
#httpsKeyStore=conf/certificate.jks
#httpsKeyStorePassword=[password]
#httpsKeyAlias=[key-alias]

# TO:

XML:
httpsPort=8090
httpsKeyStore=/usr/local/WowzaStreamingEngine/conf/SUB.DOMAIN.EXT.jks
httpsKeyStorePassword=secret
#httpsKeyAlias=[key-alias]

Now we will restart Wowza

service WowzaStreamingEngineManager restart service WowzaStreamingEngine restart

The configuration is almost done.

Open your browser and instead of using the http://wowza-server:8088/enginemanager now change this to https://wowza-server:8090/enginemanager

That should give you a valid certificate. Also login in to the enginemanager. We have to do some extra steps there.

Go to Server > Virtual Host Setup and click Edit



If you don’t see port 443 as a Host Port, create it and fill in the fields . Here you have to set the location of the SSL jks file and the password. Change SUB.DOMAIN.EXT to your domainname.


Click Apply to save settings

At this point we are done. To be sure restart wowza or your complete server.

Encoder configuration

Normally via Adobe Media Live or OBS you can stream via RTMP (which is not over ssl). So make sure to stream the http port (1935 by default is http)

If you want to use another port then 1935 add it as an host port and make sure to add the port also to your Firewall (inbound)

Playback url’s

Before:
http://SUB.DOMAIN.EXT:1935/vod/mp4:sample.mp4/playlist.m3u8
In this case i also enabled SSL for port 1935, so these are my new url’s i can use:
#SSL over the default port (443)
http://sub.domain.ext:1935/vod/mp4:sample.mp4/playlist.m3u8

The second stream is the https stream in vlc

Screenshot example.

1668945186099.png

1668945196208.png
 
Last edited:
shape1
shape2
shape3
shape4
shape5
shape6
Top
AdBlock Detected

We know, ad-blocking software do a great job at blocking ads. But our site is sponsored by advertising. 

For the best possible site experience please take a moment to disable your AdBlocker.
You can create a Account with us or if you already have account, you can prefer an Account Upgrade.

I've Disabled AdBlock