Configure a live stream repeater in Wowza Streaming Engine

Configure live stream repeater (origin/edge) applications in Wowza Streaming Engine™ media server software.

About live stream repeaters


Live stream repeater is an origin/edge configuration for delivering a single live stream across a multiple-server deployment to many viewers. The source stream is published to an origin server, and the stream is made available for playback on multiple edge servers. For testing purposes, you can do this on a single computer that's running Wowza Streaming Engine, in which case the [wowza-origin-address] and [wowza-edge-address] values are the same.

Video tutorial: Configure a live stream repeater


See how to configure origin and edge servers as a live stream repeater in Wowza Streaming Engine Manager.

Wowza Streaming Engine configuration


This section shows you how to set up live stream repeater (origin/edge) applications in Wowza Streaming Engine Manager.

Note: If you use a .stream file as your source, ensure that the origin and edge applications are located on separate Wowza Streaming Engine instances, otherwise playback on the edge server fails. Additionally, playback on the edge server fails if a .stream file on the edge server has an identical name to the source .stream file on the origin server, so ensure that there are no .stream files on the edge server with the same name as .stream files on the origin server.

Wowza origin

  1. On the origin server, make sure Wowza Streaming Engine Manager is running. See Start and stop Wowza Streaming Engine.
  2. In the Applications contents panel, click Add Application, and then click the Live application type.

  3. In the New Application dialog box, name the new application liveorigin, and then click Add.


     
  4. On the liveorigin page, select all of the Playback Types, and then click Save.

    Important: The Adobe RTMP playback type must be set to enable edge servers to connect to the origin server in a live stream repeater configuration.

  5. Configure encoder source authentication:
     
    1. In the contents panel, click Source Security, and then click Edit.


       
    2. The Source Security page is displayed. Configure the following options, and then click Save:
       
      • Under RTMP Sources, select Require password authentication.
         
      • Under RTSP Sources, select Require password authentication.
         
      • Select one of the options for Client Restrictions. Restricting source publishing to specific IP addresses or blocking source publishing from specific IP address is recommended for security purposes. See Secure incoming sources for more information about these options.
       
      Notes:
      • For more information about configuring the options to secure source connections to live applications, see Source Security.
         
      • For more information about publishing, see Publishing the stream.
  6. Restart the application.


     
  7. Configure the source user name and password to publish to the liveorigin application on the origin server:
     
    1. In the Server contents panel, click Source Authentication, and then click Add Source.


       
    2. On the Source Authentication page, enter values for Source User Name and Password, and then click Add.

Wowza edge 

  1. On the edge server, make sure Wowza Streaming Engine Manager is running. See Start and stop Wowza Streaming Engine.
     
  2. In the Applications contents panel, click Add Application, and then click the Live Edge application type.


     
  3. In the New Application dialog box, name the new application liveedge, and then click Add.


     
  4. The liveedge page is displayed. Configure the following options, and then click Save:
     
    • Select all of the Playback Types.
       
    • Enter the Wowza origin server URL for the stream in Primary Origin URL.
       
    • (Optional) Enter a backup Wowza origin server URL in Secondary Origin URL. The secondary origin is for redundancy. If the primary origin server fails, clients may experience up to a 12-second timeout before failover to the backup origin server is completed. Use secondary origin only for failover purposes.

    Notes:
    • Both the Primary Origin URL and the optional Secondary Origin URL must use one of the following URL prefixes: wowz://, wowzs://, rtmp://, or rtmps://.
    • Important: If you specify that the wowzs:// URL prefix is used to address the origin server over an SSL connection, be aware of the following requirements for SSL encryption:
      • The SSL certificate must be from a certificate authority (see Request an SSL certificate for Wowza Streaming Engine from a certificate authority). Self-signed certificates aren't supported. Wowza StreamLock™ certificates are fully supported (see Get SSL certificates from the Wowza Streaming Engine StreamLock service).
      • You must specify the domain name when addressing the origin server. The origin IP address can't be used.
      • If you don't specify a port value when addressing the origin server, port 443 is used.
      • The live stream repeater will fail to connect to a non-SSL-protected destination port on the origin server. It will repeatedly try to connect. Connection failures like the following will be reported in the Wowza Streaming Engine logs:
        WARN server comment - LiveMediaStreamReceiver.secureConnectionValidation: SSL Connection was not established: wowzs://[wowza-ip-address]:1935/live/_definst_/myStream
  5. Restart the application.

XML configuration


Note: If you created an origin/edge configuration by following the previous section, skip this section. If you make changes to the Application.xml files, updated settings will be reflected in Wowza Streaming Engine Manager the next time it's started.

Wowza origin 

  1. On the origin server, create the application folder [install-dir]/applications/liveorigin.
     
  2. Create the configuration folder [install-dir]/conf/liveorigin and copy [install-dir]/conf/Application.xml to this new folder.
     
  3. Open the newly copied Application.xml file in a text editor and set the StreamType property to live:
    <StreamType>live</StreamType>
  4. Edit the [install-dir]/conf/publish.password file and add a publisher user name and password that will be used to control RTMP and RTSP publishing access. The following is an example of the file with publisherName and [password]:
    # Publish password file (format [username][space][password])
    # username password
    publisherName [password]
  5. Start Wowza Streaming Engine.

Wowza edge 

  1. On each edge server, create the application folder [install-dir]/applications/liveedge.
     
  2. Create the configuration folder [install-dir]/conf/liveedge and copy [install-dir]/conf/Application.xml to this new folder.
     
  3. Open the newly copied Application.xml file in a text editor and set the StreamType property to liverepeater-edge:
    <StreamType>liverepeater-edge</StreamType>
  4. Start Wowza Streaming Engine.

Configuring HTTP packetizers

Live streams coming into Wowza Streaming Engine must be packaged (packetized) before they can be delivered to clients using HTTP streaming protocols such as Apple HLS and MPEG-DASH. The <Streams>/<LiveStreamPacketizers> list in Application.xml specifies the streaming protocols that are used when packetizing live streams. There are two types of packetizers: streaming packetizers and repeater packetizers.

Wowza origin

In a live stream repeater (origin/edge) configuration, streaming packetizers are used when delivering a stream from the Wowza origin server to a Wowza edge server. The <Streams>/<LiveStreamPacketizers> list in Application.xml on the origin can contain none, one, or more than one of the following streaming packetizers.
 
cupertinostreamingpacketizer Enables Apple HLS live streaming to iOS-based devices.
mpegdashstreamingpacketizer Enables MPEG-DASH Streaming to DASH-compatible players.

On the Wowza origin server, add the desired streaming packetizers to the <Streams>/<LiveStreamPacketizers> list in /conf/liveorigin/Application.xml:

<LiveStreamPacketizers>cupertinostreamingpacketizer, mpegdashstreamingpacketizer</LiveStreamPacketizers>

Wowza edge

In a live stream repeater (origin/edge) configuration, packetizers are set with repeater values on each Wowza edge server. The <Streams>/<LiveStreamPacketizers> list in Application.xml on each edge can contain none, one, or more than one of the following repeater packetizers.
 
cupertinostreamingrepeater Enables Apple HLS live stream repeater for iOS-based devices.
mpegdashstreamingrepeater Enables MPEG-DASH Streaming live stream repeater for DASH-compatible players.

On each Wowza edge server, add the desired repeater packetizers to the <Streams>/<LiveStreamPacketizers> list in /conf/liveedge/Application.xml:

<LiveStreamPacketizers>cupertinostreamingrepeater, mpegdashstreamingrepeater</LiveStreamPacketizers>

Setting origin URL(s)

Wowza edge

On each Wowza edge server, add the Wowza origin server URL to the Application.xml file:

<Repeater>
    <OriginURL>wowz://[wowza-origin-address]:1935/liveorigin</OriginURL>
    <QueryString><![CDATA[]]></QueryString>
</Repeater>

For redundancy, you can define multiple Wowza origin servers for a single stream by specifying two origin URLs separated by the pipe ( | ) character. For example:

<Repeater>
    <OriginURL>wowz://[wowza-origin-address]:1935/liveorigin|wowz://[wowza-alternate-origin-address]:1935/backuporigin</OriginURL>
    <QueryString><![CDATA[]]></QueryString>
</Repeater>

All origin URLs must use one of the following URL prefixes: wowz://, wowzs://, rtmp://, or rtmps://.

Notes:
  • Important: If you specify that the wowzs:// URL prefix is used to address the origin server over an SSL connection, be aware of the following requirements for SSL encryption:
     
    • The SSL certificate must be from a certificate authority (see Request an SSL certificate for Wowza Streaming Engine from a certificate authority). Self-signed certificates aren't supported. Wowza StreamLock™ certificates are fully supported (see Get SSL certificates for Wowza Streaming Engine from the StreamLock service).
       
    • You must specify the domain name when addressing the origin server. The origin IP address can't be used.
       
    • If you don't specify a port value when addressing the origin server, port 443 is used.
       
    • The live stream repeater will fail to connect to a non-SSL-protected destination port on the origin server. It will repeatedly try to connect. Connection failures like the following will be reported in the Wowza Streaming Engine logs:

      WARN server comment - LiveMediaStreamReceiver.secureConnectionValidation: SSL Connection was not established: wowzs://[wowza-ip-address]:1935/live/_definst_/myStream
The above setup defines a single Wowza origin server per-application. Each stream that's played through that application uses the OriginURL value to locate the Wowza origin server for the stream.
 
Notes:
  • If the primary Wowza Streaming Engine origin server fails, clients may experience up to a 12-second timeout before failover to the backup origin server is completed. Use the above method only for failover purposes.
     
  • The WOWZ™ protocol is a TCP-based messaging protocol and is used for server-to-server communication. It's enabled by default. If one of the Wowza Streaming Engine servers in the origin/edge configuration is running an earlier version of the software, an RTMP connection is established between the servers instead.
     
  • Important: The origin server MUST have the Adobe RTMP playback type enabled so that edge server(s) can connect using any of the supported messaging protocols (WOWZ, WOWZS, RTMP or RTMPS).

Publishing the stream


Publish a live stream from an encoder to the liveorigin application on the Wowza Streaming Engine origin server. The steps for publishing a stream from your encoder to the Wowza Streaming Engine will vary depending on the encoder being used. For more information about how to configure your encoder, review your encoder documentation.

You can also re-stream IP Camera streams (RTSP/RTP streams), SHOUTcast/Icecast streams, and streams from native RTP or MPEG-TS encoders through the liveorigin application using the MediaCaster system in Wowza Streaming Engine. For  information see Create and use .stream files in Wowza Streaming Engine.

Testing basic configuration and playing the streams


Playback URLs

To test playback, you need the playback URLs for your stream and the playback types, or streaming protocols, you want to test. You can get playback URLs from the Test Playback window in Wowza Streaming Engine Manager or by entering information about the stream on the Video Test Players webpage. For more information about playback URLs, see About playing Wowza Streaming Engine streams.

The Test Playback window generates playback URLs for each protocol based on the page you're on when you click Test Playback. You can also edit the Server (IP address or domain name), Stream or Media File Name, and Application fields to update the playback URLs for all protocols as needed.

Test players

To play your stream, enter the playback URL into your player or a mobile browser, depending on the playback type. To learn more about stream playback, see the Players and Playback articles.

You can also test playback using the Video Test Players webpage. Select the tab for the protocol you want to test and enter the playback URL above the player. Entering the server (IP address or domain name), stream name, application name, and application type (VOD or live) will also generate the playback URLs for each protocol. Click Start to play your stream, and then click Stop when you're ready to end your test.

To test origin playback, use the origin server address. To test edge playback, use an edge server address. For example, to test Apple HLS playback, use the following URL syntax:

Test from the Wowza origin server
 
http://[wowza-origin-address]:1935/liveorigin/myStream/playlist.m3u8

Test from the Wowza edge server
 
http://[wowza-edge-address]:1935/liveedge/myStream/playlist.m3u8

Securing the origin


You can prevent unauthorized re-streaming from edge servers and direct streaming from clients using SecureToken.
 
Note: The shared secret values used in this section are sample values for the purposes of the tutorial. Be sure to replace them with your own custom values when deploying your live stream repeater (origin/edge) configuration in production environments.

Secure the Wowza Streaming Engine origin

  1. On the Wowza Streaming Engine origin server, start Wowza Streaming Engine Manager. Start and stop Wowza Streaming Engine.
     
  2. In the Applications contents panel under liveorigin, click Playback Security, and then click Edit.


     
  3. The Playback Security page is displayed. Do the following, and then click Save:
     
    1. Under SecureToken, select the type of secure token playback protection that you want to use. You must select Protect RTMP protocol using TEA (SecureToken version 1). This is the only option supported by the  secureTokenOriginSharedSecret property that is used to secure the edges.
    2. Enter an alphanumeric token value in the Shared Secret box, or click Generate SecureToken Shared Secret to generate a random alphanumeric token in the box. This value must be used by all Wowza edge servers and RTMP players that connect to this application. If the tokens don't match or aren't set, then the connection is rejected.

     
    Note: For more information about configuring the SecureToken options, see Protect streaming using SecureToken in Wowza Streaming Engine.
  4. Go to Secure the Wowza Streaming Engine edges.

Securing the edges


Note: The shared secret values used in this section are sample values for the purposes of the tutorial. Be sure to replace them with your own custom values when deploying your live stream repeater (origin/edge) configuration in production environments.

Secure the Wowza Streaming Engine edges

  1. On each Wowza edge server, start Wowza Streaming Engine Manager. See Start and stop Wowza Streaming Engine software.
     
  2. In the Applications contents panel, under liveedge, click Source Security, and then click Edit.


     
  3. In the Source Security dialog box, enter the Origin SecureToken Shared Secret that you generated in step 3 of the origin server setup procedure, and then click Save. This setting enables this Wowza edge server to connect to the secure Wowza origin server.


     
  4. To use Secure Token functionality on the edge server to prevent unauthorized direct streaming, in the contents panel, click Playback Security, and then click Edit.


     
  5. Follow the Secure Token instructions to create a shared secret.

Secure encryption keys for MPEG-DASH CENC live repeater


Wowza Streaming Engine support MPEG-DASH streaming in a live repeater configuration. Common Encryption (CENC) can be applied to MPEG-DASH streams.

When MPEG-DASH streams are encrypted with CENC in a live repeater configuration, the origin instance is configured to acquire the encryption keys, and the DASH chunks are built and encrypted on the edge instances. This requires that the AES-128 encryption keys used in the CENC encryption are sent from the origin to the edge instances. Wowza Streaming Engine performs an extra encryption on the key information to secure this transmission, using the liveRepeaterEncryptionSharedSecret property. This property provides a unique encryption key for each stream served by the origin. The default shared secret can be used, or you can define your own Custom Property on the application properties page.

Wowza Streaming Engine Manager configuration

For details about how to configure custom properties, see Configure properties.

Note: Access to the Properties tab in Wowza Streaming Engine Manager is limited to administrators with advanced permissions. For more information, see Manage credentials.
On the application properties page, enter the following information in the Add Custom Property dialog box.
 
Path
Name
Type
Value
/Root/Application/Properties liveRepeaterEncryptionSharedSecret string [mySecret]

XML configuration

Note: If you configured Common Encryption (CENC) in Wowza Streaming Engine Manager, you can skip this section.
At the bottom of [install-dir]/conf/live/Application.xml in the application-level <Properties>, add the following property specification.
<Property>
    <Name>liveRepeaterEncryptionSharedSecret</Name>
    <Type>String</Type>
    <Value>[mySecret]</Value>
</Property>
Note: When defining a custom shared secret value, be sure define the same property/value on all origin and edge instances to ensure correct operation.

More resources