证书
1
| kubectl create secret generic 92-ssl --from-file=ssh-privatekey=172.16.100.92-key.pem --from-file=ssh-publickey=172.16.100.92.pem
|
配置文件
srs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
| apiVersion: v1
kind: ConfigMap
metadata:
name: srs-config
data:
srs.conf: |-
listen 1935;
max_connections 1000;
daemon off;
http_api {
enabled on;
listen 1985;
https {
enabled on;
listen 443;
key /ssl/ssh-privatekey;
cert /ssl/ssh-publickey;
}
}
http_server {
enabled on;
listen 8080;
https {
enabled on;
listen 8090;
key /ssl/ssh-privatekey;
cert /ssl/ssh-publickey;
}
}
rtc_server {
enabled on;
# Listen at udp://38000
listen 38000;
#
# The $CANDIDATE means fetch from env, if not configed, use * as default.
#
# The * means retrieving server IP automatically, from all network interfaces,
# @see https://github.com/ossrs/srs/issues/307#issuecomment-599028124
candidate $CANDIDATE;
}
vhost __defaultVhost__ {
tcp_nodelay on;
min_latency on;
play {
gop_cache off;
queue_length 10;
mw_latency 100;
}
publish {
mr off;
}
hls {
enabled off;
hls_path ./objs/nginx/html;
}
http_remux {
enabled off;
mount [vhost]/[app]/[stream].flv;
}
rtc {
enabled on;
bframe discard;
rtc_to_rtmp off;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: srs-deployment
labels:
app: srs
spec:
replicas: 1
selector:
matchLabels:
app: srs
template:
metadata:
labels:
app: srs
spec:
nodeSelector:
type: master
volumes:
- name: config-volume
configMap:
name: srs-config
- name: secret-volume
secret:
secretName: 92-ssl
containers:
- name: srs
image: ossrs/srs:4
env:
- name: CANDIDATE
value: 172.16.100.92
ports:
- containerPort: 1935
- containerPort: 1985
- containerPort: 8080
- containerPort: 8090
- containerPort: 38000
- containerPort: 443
volumeMounts:
- name: config-volume
mountPath: /usr/local/srs/conf
- name: secret-volume
mountPath: /ssl
---
apiVersion: v1
kind: Service
metadata:
name: srs-service
spec:
type: NodePort
selector:
app: srs
ports:
- name: srs-service-1935-31935
port: 1935
protocol: TCP
targetPort: 1935
nodePort: 31935
- name: srs-service-443-31443
port: 443
protocol: TCP
targetPort: 443
nodePort: 31443
- name: srs-service-8090-38090
port: 8090
protocol: TCP
targetPort: 8090
nodePort: 38090
- name: srs-service-38000-38000
port: 38000
protocol: UDP
targetPort: 38000
nodePort: 38000
|
端口信息
| 内部端口 |
外部端口 |
解释 |
| 1935 |
31935 |
rtmp推流端口 |
| 443 |
31443 |
https srs api |
| 8090 |
38090 |
https http服务地址,flv播放地址等 |
| 38000 |
38000 |
rtc端口 |
flv播放
1
| https://172.16.100.92:38090/live/aaa.flv
|
信令服务器
/soyuan/sslone2one
srs
/soyuan/srs
仓库
https://github.com/ossrs/srs
https://github.com/ossrs/srs-docs
平滑退出
https://github.com/ossrs/srs/issues/1579
grace_final_wait 3200;
force_grace_quit off;