Hi Cyril, I have tested your config in my Pfsense setup and it doesn't work.
As I connecting using a string for auth it might be that, I'm not playing but recording. As I can do for other servervices the same I wonder what goes wrong, it's really not easy to find and plain rtmp through HA proxy goes well. So if you ask me HA does something strange to the offloading on rtmps, could it be that it add something ? I get a long handshake error on Red5 which acutually says the data which comes is in is not as expected but works fine on plain rtmp. Thanks, Matt 2015-03-29 19:14 GMT+02:00 Matt . <[email protected]>: > Hi Cyril, > > Thanks, I'm indeed using red5 in my setup, client is flex. > > Just non ssl at all, so only 1935 over HA works prefectly. When I set > my frontend to ssl offloading on TCP 443 I see on my red5 server my > client coming in when connecting but than it hangs, no other data in > de red5 log. > > I will simply this setup again to see what happens. Red5 works perfectly. > > I will report. > > Cheers, > > Matt > > 2015-03-29 19:08 GMT+02:00 Cyril Bonté <[email protected]>: >> Hi Matt, >> >> Le 29/03/2015 16:19, Matt . a écrit : >>> >>> Whoops my fault while testing. >>> >>> Indeed, on the backends I connect to 1935 again, I see a connection >>> coming in but no "clear data". That part is actually my issue and >>> difficult to trace. >> >> >> Then can you re-provide the "expected" configuration ? Because the one you >> provided is clearly not going to work. >> >> Making some quick tests here, it works (but it was really quick tests in a >> very simple configuration). >> >> Steps : >> 1. Download a red5-server release, untar, and run it. >> 2. Access to http://localhost:5080/installer/ and install OFLA Demo. >> 3. Test a RTMP video provided with the demo : >> vlc rtmp://localhost/oflaDemo/Avengers2.mp4 >> 4. Configure haproxy for offloading SSL >> haproxy.cfg content : >> listen rtmps >> mode tcp >> bind :443 ssl crt localhost.pem >> server rtmp localhost:1935 >> >> listen status >> mode http >> bind :4444 >> stats enable >> stats uri / >> 5. Launch haproxy (in foreground for the tests): >> sudo haproxy -f haproxy.cfg >> 6. Test the RTMPS video : >> vlc rtmps://localhost/oflaDemo/Avengers2.mp4 >> => The video is played and we can see that statistics in haproxy are >> updated when the connection is closed. >> >> At this point, I'd recommend simplifying the configuration during the debug. >> At least, use only one server for the backends. >> Also, how do you test your rtmps streams ? with which client ? which RTMP >> server ? ... >> >> >>> >>> 2015-03-29 16:11 GMT+02:00 Baptiste <[email protected]>: >>>>> >>>>> frontend rtmp_https >>>>> bind xxx.xxx.xxx.xxx:443 name >>>>> xxx.xxx.xxx.xxx:443 ssl crt /var/etc/haproxy/mycert.pem >>>>> mode tcp >>>>> log global >>>>> maxconn 99999 >>>>> timeout client 600000 >>>>> use_backend rtmpbackend_tcp_ipvANY if >>>>> default_backend rtmpbackend_tcp_ipvANY >>>>> >>>>> >>>>> backend rtmpbackend_tcp_ipvANY >>>>> mode tcp >>>>> balance leastconn >>>>> timeout connect 30000 >>>>> timeout server 30000 >>>>> retries 3 >>>>> option httpchk GET / >>>>> server rtmp-01 172.16.5.11:443 check-ssl >>>>> check inter 1000 weight 100 verify none >>>>> server rtmp-02 172.16.5.12:443 check-ssl >>>>> check inter 1000 weight 100 verify none >>>> >>>> >>>> Weren't you supposed to connect on port 1935 where traffic is unciphered? >>>> Can you confirm wether traffic is ciphered or not on server's port 443 >>>> ?? (you seem to be mixing clear traffic over a connection which expect >>>> ciphered traffic on the server side). >>>> Does haproxy says the servers are UP (logs, stats page, etc...) >>>> >>>> Baptiste >>> >>> >> >> >> -- >> Cyril Bonté
