OvenMediaEngine
0.18.0
0.18.0
  • Introduction
  • Quick Start
    • Online Demo
  • Getting Started
    • Getting Started with Docker
    • Getting Started with OME Docker Launcher
  • Configuration
    • TLS Encryption
    • IPv6
  • Live Source
    • RTMP
    • WebRTC / WHIP
    • SRT
    • MPEG-2 TS
    • RTSP Pull
    • Scheduled Channel
    • Multiplex Channel
  • ABR and Transcoding
    • Transcoding
    • ABR
    • TranscodeWebhook
    • GPU Acceleration
  • Streaming
    • WebRTC Streaming
    • Low-Latency HLS
    • HLS
    • SRT
  • CrossDomains
  • Access Control
    • SignedPolicy
    • AdmissionWebhooks
  • Clustering
  • Thumbnail
  • Recording
  • Push Publishing
  • REST API
    • v1
      • VirtualHost
        • Reload Certificate
        • Application
          • Output Profile
          • Record
          • Push
          • Stream
            • Send Event
            • HLS Dump
            • Conclude HLS Live
          • ScheduledChannel
          • MultiplexChannel
      • Statistics
        • Current
  • Alert
  • Performance Tuning
  • Logs and Statistics
  • Troubleshooting
  • P2P Delivery (Experiment)
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Configuration

TLS Encryption

Most browsers can't load resources via HTTP and WS (WebSocket) from HTTPS web pages secured with TLS. Therefore, if the player is on an HTTPS page, the player must request streaming through "https" and "wss" URLs secured with TLS. In this case, you must apply the TLS certificate to the OvenMediaEngine.

You can set the port for TLS in TLSPort. Currently, LLHLS and WebRTC Signaling support TLS.

<Bind>
    <!-- For API Server -->
    <Managers>
	    <API>
	    <Port>8081</Port>
	    <TLSPort>8082</TLSPort>
            <WorkerCount>1</WorkerCount>
	</API>
    </Managers>
    <!-- For Providers -->
    <Providers>
        <WebRTC>
	    <Signalling>
		<Port>3333</Port>
		<TLSPort>3334</TLSPort>
		<WorkerCount>1</WorkerCount>
	    </Signalling>
            ...
        </WebRTC>
    </Providers>
    <!- For Publishers -->
    <Publishers>
        <LLHLS>
            <Port>80</Port>
            <TLSPort>443</TLSPort>
        </LLHLS>
        <WebRTC>
            <Signalling>
                <Port>3333</Port>
                <TLSPort>3334</TLSPort>
            </Signalling>
            ...
        </WebRTC>
    </Publishers>
</Bind>

Add your certificate files to as follows:

<!-- For API Server -->
<Managers>
  <Host>
    <Names>
      <Name>*</Name>
    </Names>
    <TLS>
      <CertPath>path/to/file.crt</CertPath>
      <KeyPath>path/to/file.key</KeyPath>
      <ChainCertPath>path/to/file.crt</ChainCertPath>
    </TLS>
  </Host>
  ...
</Managers>

<VirtualHosts>
  <VirtualHost>
    <!-- For Vitual Host -->
    <Host>
        <Names>
            <Name>*</Name>
        </Names>
        <TLS>
          <CertPath>/etc/pki/airensoft.com/_airensoft_com.crt</CertPath>
          <KeyPath>/etc/pki/airensoft.com/_airensoft_com.key</KeyPath>
          <ChainCertPath>/etc/pki/airensoft.com/_airensoft_com.ca-bundle</ChainCertPath>
        </TLS>
    </Host>

To enable HTTP for HLS and WebRTC signaling servers, you must enable the TLS element and install the certificate file in PEM format. This involves indicating a server certificate through the CertPath, as well as a private key file through the KeyPath. These paths can be specified as either absolute or relative paths from the executable. However, if the server certificate was issued using an intermediate certificate, some browsers may raise concerns about the certificate's authenticity. To address this, a bundle of chained certificates provided by a Certificate Authority can be set in the ChainCertPath.

Last updated 2 months ago

Was this helpful?

Assuming the certificate settings are correctly configured, WebRTC streaming can then be played via the wss://url protocol, while LLHLS streaming can be accessed via .

https://url