[HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

symtab · 2011-07-17 19:21:44

Hi,

Here's a small howto on how to configure lighttpd for FLV/H264 streaming and hotlinking protection. There are 2 scenarios, one is apache on port 80
for PHP and lighttpd on port 81 for streaming/leeching protection and lighttpd on port 80 for both php (fcgi) and streaming/leeching protection. In both cases
the same things apply.

For installing Lighttpd please check this thread: http://forum.adultscriptpro.com/viewtopic.php?id=577

Configure Lighttpd mod_flv_streaming and mod_h264_streaming modules in /etc/lighttpd/conf.d/h264.conf:

#### flv module
server.modules += ("mod_flv_streaming")

#### h264_module
server.modules += ("mod_h264_streaming")

# Files ending in .mp4 and .f4v are served by the module
h264-streaming.extensions = ( ".mp4", ".f4v" )
flv-streaming.extensions = (".flv")

# The number of seconds after which the bandwidth is shaped (defaults to 0=disable)
h264-streaming.buffer-seconds = 10
# Add Expires/Cache-Control header
$HTTP["url"] =~ "\.(mp4|f4v|flv)$" {
   expire.url = ( "" => "access 8 hours" )
}

Configure Lighttpd mod_secdownload module in /etc/lighttpd/conf.d/secdownload.conf:

#######################################################################
##
##  Secure Download Module 
## ------------------------ 
##
## see http://www.lighttpd.net/documentation/secdownload.html
##
server.modules += ( "mod_secdownload" )

##
## Document root for the download area.
## The directory should not be below your normal 
## document root! 
##
secdownload.document-root = "/path/to/your/script/media/videos"

##
## Secret string that will be used for the checksum calculation.
##
secdownload.secret = "S3CR3tW0RD"

##
## How long is the secret valid?
##
## Default: 60 seconds
##
secdownload.timeout = 7200

##
## Prefix for the download area. 
##
secdownload.uri-prefix = "/stream/"

The secdownload.secret and secdownload.uri-prefix will also be defined in Admin -> Video -> Config -> View (also for servers if multi-server is enabled, same thing for premium).

If you run apache on port 80 in order to prevent leeching you need to add a .htaccess rules to deny
access to the FLV/H264 files. Create a .htaccess file containing:

deny from all

in the following folders:

/where/your/script/is/media/videos/flv
/where/your/script/is/media/videos/mp4
/where/your/script/is/media/videos/mobile

You need to add the below lines (to lighttpd.conf or if you use vhosts, to your vhost file) in both cases in order to limit access to the files via lighttpd:

    auth.require = (
        "/media/videos/flv/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        ),
               "/media/videos/mp4/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        ),
                "/media/videos/mobile/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        )
    )

Once everything is configured, the video files can only be accessed via a lighttpd secdownload URL and this URL will change every 2 hours, so basically
nobody will be able to leech/hotlink your videos.

NOTE: By no means this is 100% secure, but in 99% of the cases it will stop the leeching. If you want the best security you have to use a media server (like flash media server, red5 or wowza), however most people use lighttpd or nginx.

NOTE2: I've found a free media streaming server (http://www.rtmpd.com/), but i have to checkout if it supports what we need.

Eri · 2011-07-27 07:26:50

also some info that will save you bandwith and make the streaming faster

connection.kbytes-per-second = 100

## simply put "mod_evasive" into the server.modules list
evasive.max-conns-per-ip = 3

## 1024 by default but 2048 is a better default for busy servers
server.max-fds = 2048

server.stat-cache-engine = "simple"
server.event-handler = "linux-sysepoll"
server.max-keep-alive-requests = 4
server.max-keep-alive-idle = 2

## writev - is recommended for sending many large files up to 10MB
server.network-backend = "writev"

## If you have to serve a lot of large files with a high concurrency, you will notice that you will be IO-bound
to your hard-drive. lighty will spend most of the time waiting for the hard-drive to seek to the right
sector to send out the file. As lighty will wait for the disk, all connections in the process will have to wait. In order to process more requests concurrently, you should create 4 to 16 work processes. This will allow you to both send and wait for data at the same time.
server.max-worker = 4

Last edited by Eri (2011-07-27 07:49:56)

symtab · 2011-07-27 09:52:19

server.network-backend = "writev"

Is pretty good, but it only works if you use lighttpd only for streaming (i personally serve everything with lighttpd). Also there is another conf option in lighttpd for restricting the amount of bandwidth a connection can use at a time, making sure that if someone has 20MBps connection he wont eat bandwith that he doesnt need (basically limiting to max 2MBps for example).

Eri · 2011-07-29 09:25:28

Yes , my servers are only for video sreaming.
Also there is a problem with "evasive.max-conns-per-ip = 3" when someone seek video more than three times get's an error connection :@

What settings do you make with lighttpd for faster streaming?

symtab · 2011-07-29 15:49:16

Except for what has been posted in this topic, nothing else.

jason3107 · 2011-08-29 10:31:49

This is still giving me problems in updating lighttpd..can u please help me

thiva7 · 2011-08-29 12:51:05

symtab wrote:

Hi,

If you run apache on port 80 in order to prevent leeching you need to add a .htaccess rules to deny
access to the FLV/H264 files. Create a .htaccess file containing:
deny from all
in the following folders:
/where/your/script/is/media/videos/flv
/where/your/script/is/media/videos/mp4
/where/your/script/is/media/videos/mobile
You need to add the below lines in both cases in order to limit access to the files via lighttpd:
    auth.require = (
        "/media/videos/flv/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        ),
               "/media/videos/mp4/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        ),
                "/media/videos/mobile/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        )
    )
Once everything is configured, the video files can only be accessed via a lighttpd secdownload URL and this URL will change every 2 hours, so basically
nobody will be able to leech/hotlink your videos.
NOTE: By no means this is 100% secure, but in 99% of the cases it will stop the leeching. If you want the best security you have to use a media server (like flash media server, red5 or wowza), however most people use lighttpd or nginx.

in this part i do not know what to do

1) i should replace the script .htaccess ??

2)
where goes this code??

    auth.require = (
        "/media/videos/flv/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        ),
               "/media/videos/mp4/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        ),
                "/media/videos/mobile/" => (
            "method" => "digest",
            "realm" => "Authorized users only",
            "require" => "valid-user"
        )
    )

3) when i done with this steps my server will start run with Lighttpd ?

symtab · 2011-08-29 13:53:13

@jason3107: what exactly is the problem?

@thiva7:

1. You need to create a .htaccess file in the following folders media/videos/flv, media/videos/mp4 and media/videos/mobile (actually the .htaccess file is there already just uncomment the deny from all line).
2. Those files are used in lighttpd, you can put them in /etc/lighttpd/conf.d/auth.conf
3. Your server will use lighttpd to stream videos, The PHP and other files will still be served by apache.

thiva7 · 2011-08-29 14:14:25

symtab wrote:

@jason3107: what exactly is the problem?
@thiva7:
1. You need to create a .htaccess file in the following folders media/videos/flv, media/videos/mp4 and media/videos/mobile (actually the .htaccess file is there already just uncomment the deny from all line).
2. Those files are used in lighttpd, you can put them in /etc/lighttpd/conf.d/auth.conf
3. Your server will use lighttpd to stream videos, The PHP and other files will still be served by apache.

IN WICH LINE I CAN ADD IT?

#######################################################################
##
## Authentication Module
## -----------------------
##
## See http://www.lighttpd.net/documentation/a … ation.html
## for more info.
##
#auth.backend = "plain"
#auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user"
#auth.backend.plain.groupfile = "/etc/lighttpd/lighttpd.group"
#auth.backend.ldap.hostname = "localhost"
#auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
#auth.backend.ldap.filter = "(uid=$)"
#auth.require = ( "/server-status" =>
# (
# "method" => "digest",
# "realm" => "Server Status",
# "require" => "valid-user"
# ),
# )
##
#######################################################################

symtab · 2011-08-29 18:32:30

Make sure you have the auth module enabled in /etc/lighttpd/modules.conf and then you can add in the /etc/lighttpd/conf.d/auth.conf file.

Eri · 2011-10-18 11:51:50

My HD is full with videos and i bought a secondary HD.
What i will do to get my new videos stored at my secondary HD at the same server?

Coscast · 2011-10-18 12:02:30

Mount that HD somewhere in your Server, then create a subdomain and set the path to the root of that subdomain to the path where you have mounted the hd. Then add a server in ACP with that subdomain you created before

Last edited by Coscast (2011-10-18 12:02:59)

Eri · 2011-12-14 13:43:09

Guys , I have changed to Apache streaming and is much faster , I was getting servers downtime with lighhttpd. With Apache i am ok now

symtab · 2011-12-14 14:06:20

Yes...i've been having a few problems with lighttpd streaming also (not my own sites, though). Exactly the same lighttpd version, same compile options and it simply crashes. What module are you using for apache streaming? Also do you have any hotlinking prevention with apache?

ful2fun.com · 2012-01-07 19:57:52

So Which One We Use lighttpd Or Without It And How To Use Script On Cloud Server Without Server Management Facility. I Found A Good Reasonable Price Cloud But they Do Not Provide Server Management So Any Help To Use Them I Like To try Site On Cloud.

ful2fun.com
livesexpirates.com

symtab · 2012-01-07 21:52:17

Usually you cant install anything on cloud hosting...so your limited to what they already have installed.

Kosimak · 2012-01-23 21:43:16

hello,

I did everything here, but when trying to play the video it says:

200, Stream not found, NetStream.Play.StreamNotFound, clip: '[Clip] 'http://kosimak.com:81/stream/ff3c91b6fdb93253420edefdf3da8c4c/4f1dcfb0/flv/3.flv''

any idea?

symtab · 2012-01-24 07:28:40

Please email me ssh root access. I can configure this for you.

Kosimak · 2012-01-24 08:14:29

Thanks man I just sent it!

Tenche · 2012-07-08 18:32:26

Kosimak wrote:

hello,
I did everything here, but when trying to play the video it says:
200, Stream not found, NetStream.Play.StreamNotFound, clip: '[Clip] 'http://kosimak.com:81/stream/ff3c91b6fdb93253420edefdf3da8c4c/4f1dcfb0/flv/3.flv''
any idea?

Make sure to set server.document-root = "/home/USER/public_html" in the /etc/lighttpd/lighttpd.conf for anyone getting 404 issues.

However, I now am experiencing an issue with loading content from http://127.0.0.1:8080/media/videos/flv/8.flv. 403 Forbidden to be exact.

I have

server.username = "lighttpd"
server.groupname = "lighttpd"

in the conf.

But changing the videos folder and everything in it to lighttpd:lighttpd does nothing. Still 403.

Last edited by Tenche (2012-07-08 19:09:16)

symtab · 2012-07-08 20:53:56

Comment the server.username and server.groupname with # in the lighttpd.conf file and then restart lighttpd.

Tenche · 2012-07-09 01:27:44

symtab wrote:

Comment the server.username and server.groupname with # in the lighttpd.conf file and then restart lighttpd.

Done. Works. Thanks!

Eri · 2012-07-09 06:40:05

use apache streaming is more stable

Tenche · 2012-07-09 18:43:17

Eri wrote:

use apache streaming is more stable

No thanks. If anything, I'd switch to nginx

DuttyRock · 2012-09-15 19:03:12

server.max-keep-alive-requests = 4
server.max-keep-alive-idle = 2

Should i uncomment those two lines? they currently have the # sign in front.

Last edited by DuttyRock (2012-09-15 19:03:29)

Adult Script Pro Community Forums

#1 2011-07-17 19:21:44

[HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#2 2011-07-27 07:26:50

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#3 2011-07-27 09:52:19

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#4 2011-07-29 09:25:28

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#5 2011-07-29 15:49:16

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#6 2011-08-29 10:31:49

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#7 2011-08-29 12:51:05

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#8 2011-08-29 13:53:13

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#9 2011-08-29 14:14:25

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#10 2011-08-29 18:32:30

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#11 2011-10-18 11:51:50

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#12 2011-10-18 12:02:30

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#13 2011-12-14 13:43:09

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#14 2011-12-14 14:06:20

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#15 2012-01-07 19:57:52

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#16 2012-01-07 21:52:17

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#17 2012-01-23 21:43:16

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#18 2012-01-24 07:28:40

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#19 2012-01-24 08:14:29

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#20 2012-07-08 18:32:26

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#21 2012-07-08 20:53:56

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#22 2012-07-09 01:27:44

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#23 2012-07-09 06:40:05

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#24 2012-07-09 18:43:17

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

#25 2012-09-15 19:03:12

Re: [HOWTO] Configure Lighttpd for Streaming and Hotlinking Protection

Board footer