• How to configure a live stream repeater

    This tutorial provides the basic steps that show how to configure live stream repeater (origin/edge) applications in Wowza Streaming Engine™ live streaming software.

    Contents


    Tutorial

    More resources

    Tutorial


    Live stream repeater is an origin/edge configuration for delivering a single live stream across a multiple-server deployment to many viewers. The source stream is published to a Wowza origin server, and the stream is made available for playback on multiple Wowza edge servers. For testing purposes, you can do this on a single computer that's running Wowza media server software, in which case the [wowza-origin-address] and [wowza-edge-address] values are the same.

    Wowza Streaming Engine Manager configuration


    This section shows you how to set up live stream repeater (origin/edge) applications in Wowza Streaming Engine™ Manager.

    Wowza origin


    1. On the Wowza origin server, make sure Wowza Streaming Engine Manager is running. See How to start and stop Wowza Streaming Engine software.

    2. In the Applications contents panel, click Add Application, and then click the Live application type.



    3. In the New Application dialog box, name the new application liveorigin, and then click Add.




    4. On the liveorigin page, select all of the Playback Types, and then click Save.



      Important: The Adobe RTMP playback type MUST be set to enable edge servers to connect to the origin server in a live stream repeater configuration.
    5. Configure encoder source authentication:

      1. In the contents panel, click Source Security, and then click Edit.



      2. The Source Security page is displayed. Configure the following options, and then click Save:

        • Under RTMP Sources, select Require password authentication.

        • Under RTSP Sources, select Require password authentication.

        • Under Client Restrictions, select No client restrictions.



        Notes:
        • For more information about configuring the options to secure source connections to live applications, see Source Security.

        • For more information about publishing, see Publishing the stream.
    6. Restart the application.



    7. Configure the source user name and password to publish to the liveorigin application on the origin server:

      1. In the Server contents panel, click Source Authentication, and then click Add Source.



      2. On the Source Authentication page, enter values for Source User Name and Password, and then click Add.


    Wowza edge


    1. On the Wowza edge server, make sure Wowza Streaming Engine Manager is running. See How to start and stop Wowza Streaming Engine software.

    2. In the Applications contents panel, click Add Application, and then click the Live Edge application type.



    3. In the New Application dialog box, name the new application liveedge, and then click Add.



    4. The liveedge page is displayed. Configure the following options, and then click Save:

      • Select all of the Playback Types.

      • Enter the Wowza origin server URL for the stream in Primary Origin URL.

      • (Optional) Enter a backup Wowza origin server URL in Secondary Origin URL. The secondary origin is for redundancy. If the primary origin server fails, clients may experience up to a 12-second timeout before failover to the backup origin server is completed. Use secondary origin only for failover purposes.




      Notes:
      • Both the Primary Origin URL and the optional Secondary Origin URL must use one of the following URL prefixes: wowz://, wowzs://, rtmp://, or rtmps://.

      • Important: If you specify that the wowzs:// URL prefix is used to address the origin server over an SSL connection, be aware of the following requirements for SSL encryption:

        • The SSL certificate must be from a certificate authority (see How to request an SSL certificate from a certificate authority). Self-signed certificates aren't supported. Wowza StreamLock™ certificates are fully supported (see How to get SSL certificates from the StreamLock service).

        • You must specify the domain name when addressing the origin server. The origin IP address can't be used.

        • If you don't specify a port value when addressing the origin server, port 443 is used.

        • The live stream repeater will fail to connect to a non-SSL-protected destination port on the origin server. It will repeatedly try to connect. Connection failures like the following will be reported in the Wowza media server logs:

          WARN server comment - LiveMediaStreamReceiver.secureConnectionValidation: SSL Connection was not established: wowzs://[wowza-ip-address]:1935/live/_definst_/myStream
    5. Restart the application.


    XML configuration


    Note: If you created an origin/edge configuration by following the previous section, skip this section. If you make changes to the Application.xml files and you're using the Wowza Streaming Engine™ software, any supported settings will be displayed in the manager the next time it's started. Wowza Media Server™ software doesn't support Wowza Streaming Engine Manager, so you must edit Application.xml for origin and edge applications in a text editor if you're running Wowza Media Server.

    Wowza origin


    1. On the Wowza origin server, create the application folder [install-dir]/applications/liveorigin.

    2. Create the configuration folder [install-dir]/conf/liveorigin and copy [install-dir]/conf/Application.xml to this new folder.

    3. Open the newly copied Application.xml file in a text editor and set the StreamType property to live:
      <StreamType>live</StreamType>
    4. Edit the [install-dir]/conf/publish.password file and add a publisher user name and password that will be used to control RTMP and RTSP publishing access. The following is an example of the file with publisherName and [password]:
      # Publish password file (format [username][space][password])
      # username password
      publisherName [password]
    5. Start the Wowza media server.

    Wowza edge


    1. On each Wowza edge server, create the application folder [install-dir]/applications/liveedge.

    2. Create the configuration folder [install-dir]/conf/liveedge and copy [install-dir]/conf/Application.xml to this new folder.

    3. Open the newly copied Application.xml file in a text editor and set the StreamType property to liverepeater-edge:
      <StreamType>liverepeater-edge</StreamType>
    4. Start the Wowza media server.

    Configuring HTTP packetizers

    Live streams coming into the Wowza media server must be packaged (packetized) before they can be delivered to clients using HTTP streaming protocols such as Apple HTTP Live Streaming (Apple HLS), Adobe HTTP Dynamic Streaming (Adobe HDS), Microsoft Smooth Streaming, and MPEG-DASH Streaming. The <Streams>/<LiveStreamPacketizers> list in Application.xml specifies the streaming protocols that are used when packetizing live streams. There are two types of packetizers: streaming packetizers and repeater packetizers.

    Wowza origin


    In a live stream repeater (origin/edge) configuration, streaming packetizers are used when delivering a stream from the Wowza origin server to a Wowza edge server. The <Streams>/<LiveStreamPacketizers> list in Application.xml on the origin can contain none, one, or more than one of the following streaming packetizers.

    cupertinostreamingpacketizer Enables Apple HLS live streaming to iOS-based devices.
    sanjosestreamingpacketizer Enables Adobe HDS live streaming to Flash Player.
    smoothstreamingpacketizer Enables Smooth Streaming to Microsoft Silverlight.
    mpegdashstreamingpacketizer Enables MPEG-DASH Streaming to DASH-compatible players.
    On the Wowza origin server, add the desired streaming packetizers to the <Streams>/<LiveStreamPacketizers> list in /conf/liveorigin/Application.xml:
    <LiveStreamPacketizers>cupertinostreamingpacketizer, smoothstreamingpacketizer, sanjosestreamingpacketizer, mpegdashstreamingpacketizer</LiveStreamPacketizers>

    Wowza edge


    In a live stream repeater (origin/edge) configuration, packetizers are set with repeater values on each Wowza edge server. The <Streams>/<LiveStreamPacketizers> list in Application.xml on each edge can contain none, one, or more than one of the following repeater packetizers.

    cupertinostreamingrepeater Enables Apple HLS live stream repeater for iOS-based devices.
    sanjosestreamingrepeater Enables Adobe HDS live stream repeater for Flash Player.
    smoothstreamingrepeater Enables Microsoft Smooth Streaming live stream repeater for Silverlight.
    mpegdashstreamingrepeater Enables MPEG-DASH Streaming live stream repeater for DASH-compatible players.
    On each Wowza edge server, add the desired repeater packetizers to the <Streams>/<LiveStreamPacketizers> list in /conf/liveedge/Application.xml:
    <LiveStreamPacketizers>cupertinostreamingrepeater, smoothstreamingrepeater, sanjosestreamingrepeater, mpegdashstreamingrepeater</LiveStreamPacketizers>

    Setting originURL(s)

    Wowza edge


    On each Wowza edge server, add the Wowza origin server URL to the Application.xml file:
    <Repeater>
        <OriginURL>wowz://[wowza-origin-address]:1935/liveorigin</OriginURL>
        <QueryString><=!=[=C=D=A=T=A=[]=]=></QueryString>
    </Repeater>
    For redundancy, you can define multiple Wowza origin servers for a single stream by specifying two origin URLs separated by the pipe (|) character. For example:
    <Repeater>
        <OriginURL>wowz://[wowza-origin-address]:1935/liveorigin|wowz://[wowza-alternate-origin-address]:1935/backuporigin</OriginURL>
        <QueryString><=!=[=C=D=A=T=A=[]=]=></QueryString>
    </Repeater>
    All origin URLs must use one of the following URL prefixes: wowz://, wowzs://, rtmp://, or rtmps://.

    Notes:
    • Important: If you specify that the wowzs:// URL prefix is used to address the origin server over an SSL connection, be aware of the following requirements for SSL encryption:

      • The SSL certificate must be from a certificate authority (see How to request an SSL certificate from a certificate authority). Self-signed certificates aren't supported. Wowza StreamLock™ certificates are fully supported (see How to get SSL certificates from the StreamLock service).

      • You must specify the domain name when addressing the origin server. The origin IP address can't be used.

      • If you don't specify a port value when addressing the origin server, port 443 is used.

      • The live stream repeater will fail to connect to a non-SSL-protected destination port on the origin server. It will repeatedly try to connect. Connection failures like the following will be reported in the Wowza media server logs:

        WARN server comment - LiveMediaStreamReceiver.secureConnectionValidation: SSL Connection was not established: wowzs://[wowza-ip-address]:1935/live/_definst_/myStream
    The above setup defines a single Wowza origin server per-application. Each stream that's played through that application uses the OriginURL value to locate the Wowza origin server for the stream.

    Notes:
    • If the primary Wowza origin server fails, clients may experience up to a 12-second timeout before failover to the backup Wowza origin server is completed. Use the above method only for failover purposes.

    • The WOWZ™ protocol is a TCP-based messaging protocol in Wowza Media Server software (version 3.5 and later) and Wowza Streaming Engine software and is used for server-to-server communication. It's enabled by default. If one of the the Wowza media servers in the origin/edge configuration is running an earlier version of the software, an RTMP connection is established between the servers instead.

    • Important: The origin server MUST have the Adobe RTMP playback type enabled so that edge server(s) can connect using any of the supported messaging protocols (WOWZ, WOWZS, RTMP or RTMPS).

    Publishing the stream


    Publish a live stream from an encoder to the liveorigin application on the Wowza origin server. The steps for publishing a stream from your encoder to the Wowza media server will vary depending on the encoder being used. For more information about how to configure your encoder, review your encoder documentation.

    You can also re-stream IP Camera streams (RTSP/RTP streams), SHOUTcast/Icecast streams, and streams from native RTP or MPEG-TS encoders through the liveorigin application using the MediaCaster system in the Wowza media server software. For more information see How to create and use .stream files in Wowza Streaming Engine Manager.

    Testing basic configuration


    Use the Test Players described in Playing the streams with the following URL syntax to test origin and edge playback:

    Test from the Wowza origin server

    Server: rtmp://[wowza-origin-address]:1935/liveorigin
    Stream: myStream

    Test from the Wowza edge server

    Server: rtmp://[wowza-edge-address]:1935/liveedge
    Stream: myStream

    Playing the streams


    Wowza Streaming Engine Manager

    In Streaming Engine Manager, click Test Players in the upper-right corner of the liveedge application page. The Test Players window that opens includes test players that are preconfigured to stream the live stream named myStream over various streaming formats.

    Each tab in the Test Players window either hosts a test player that you can use to play the live stream or provides instructions for playing the live stream. For example, to use the Adobe HDS protocol to play myStream, click the Adobe HDS tab, and then click Start.


    The URL syntax for playback from Wowza edge servers is:

    • MPEG-DASH: http://[wowza-edge-address]:1935/liveedge/myStream/manifest.mpd

    • Adobe RTMP: rtmp://[wowza-edge-address]:1935/liveedge/myStream

    • Adobe HDS: http://[wowza-edge-address]:1935/liveedge/myStream/manifest.f4m

    • Microsoft Smooth Streaming: http://[wowza-edge-address]:1935/liveedge/myStream/Manifest

    • iOS: http://[wowza-edge-address]:1935/liveedge/myStream/playlist.m3u8

    • Android/other: rtsp://[wowza-edge-address]:1935/liveedge/myStream

    The test players are also online on our Wowza Test Players webpage.

    Example players

    You can also use example players installed in [install-dir]/examples/ to test your streaming applications. For more information, see the following articles:


    Securing the origin


    You can prevent unauthorized re-streaming from edge servers and direct streaming from Adobe Flash clients using SecureToken.

    Note: The shared secret values used in this section are sample values for the purposes of the tutorial. Be sure to replace them with your own custom values when deploying your live stream repeater (origin/edge) configuration in production environments.

    Secure the Wowza Streaming Engine origin

    1. On the Wowza origin server, start Wowza Streaming Engine Manager. See How to start and stop Wowza Streaming Engine software.

    2. In the Applications contents panel under liveorigin, click Playback Security, and then click Edit.



    3. The Playback Security page is displayed. Do the following, and then click Save:

      1. Under SecureToken, select the type of secure token playback protection that you want to use. We recommend that you select Protect all protocols using hash (SecureToken version 2). This option protects all streaming protocols using the latest hash algorithms.

      2. Enter an alphanumeric token value in the Shared Secret box, or click Generate SecureToken Shared Secret to generate a random alphanumeric token in the box. This value must be used by all Wowza edge servers and RTMP players that connect to this application. If the tokens don't match or aren't set, then the connection is rejected.


      Note: For more information about configuring the SecureToken options, see How to protect streaming using SecureToken in Wowza Streaming Engine.
    4. Go to Secure the Wowza Streaming Engine edges.

    Secure the Wowza Media Server origin

    Wowza Media Server 3.5 and later


    1. On the Wowza origin server, open [install-dir]/conf/[application]/Application.xml in a text editor and do the following:

      1. Add the following <Module> definition as the last entry in the <Modules> list:
        <Module>
            <Name>ModuleRTMPAuthenticate</Name>
            <Description>ModuleRTMPAuthenticate</Description>
            <Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class>
        </Module>
      2. Add the following property to the <Properties> list at the bottom of the file:
        <Property>
            <Name>secureTokenSharedSecret</Name>
            <Value>233e4b442ef9df8c</Value>
        </Property>
    2. Save Application.xml and go to Secure the Wowza Media Server edges (Wowza Media Server 3.5 and later).

    Wowza Media Server 3.1.2 and earlier


    1. Download and unzip the MediaSecurity Addon package, and then copy the two .jar files from the package /lib folder to the Wowza origin server /lib folder.

    2. On the origin server, open [install-dir]/conf/[application]/Application.xml in a text editor and do the following:

      1. Add the following <Module> definition as the last entry in the <Modules> list:
        <Module>
            <Name>ModuleRTMPAuthenticate</Name>
            <Description>ModuleRTMPAuthenticate</Description>
            <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
        </Module>
      2. Add the following property to the <Properties> list at the bottom of the file:
        <Property>
            <Name>secureTokenSharedSecret</Name>
            <Value>233e4b442ef9df8c</Value>
        </Property>
    3. Save Application.xml and go to Secure the Wowza Media Server edges (Wowza Media Server 3.1.2 and earlier).

    Securing the edges


    Note: The shared secret values used in this section are sample values for the purposes of the tutorial. Be sure to replace them with your own custom values when deploying your live stream repeater (origin/edge) configuration in production environments.

    Secure the Wowza Streaming Engine edges

    1. On each Wowza edge server, start Wowza Streaming Engine Manager. See How to start and stop Wowza Streaming Engine software.

    2. In the Applications contents panel, under liveedge, click Source Security, and then click Edit.



    3. In the Source Security dialog box, enter the Origin SecureToken Shared Secret that you generated in step 3 of the origin server setup procedure, and then click Save. This setting enables this Wowza edge server to connect to the secure Wowza origin server.



    4. To use Secure Token functionality on the edge server to prevent unauthorized direct streaming from Adobe Flash clients, in the contents panel, click Playback Security, and then click Edit.



    5. Follow the Secure Token instructions to create a shared secret.

    Secure the Wowza Media Server edges

    Wowza Media Server 3.5 and later


    1. Follow the steps in Secure the Wowza Media Server origin (Wowza Media Server 3.5 and later).

    2. On each edge server, open [install-dir]/conf/[application]/Application.xml in a text editor and do the following:

      1. Add the following <Module> definition as the last entry in the <Modules> list:
        <Module>
            <Name>ModuleRTMPAuthenticate</Name>
            <Description>ModuleRTMPAuthenticate</Description>
            <Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class>
        </Module>
      2. To connect to the secure Wowza origin server, add the following property to the <Properties> list at the bottom of the file:
        <Property>
            <Name>secureTokenOriginSharedSecret</Name>
            <Value>233e4b442ef9df8c</Value>
        </Property>
        Where 233e4b442ef9df8c is the shared secret value specified on the Wowza origin server.

      3. To prevent unauthorized direct streaming from Adobe Flash clients, add the following property to the <Properties> list at the bottom of the file:
        <Property>
            <Name>secureTokenSharedSecret</Name>
            <Value>7a97766ef65e9050</Value>
        </Property>
        Where 7a97766ef65e9050 is the shared secret value specified on this Wowza edge server to prevent unauthorized player access.

    3. Save Application.xml and then restart all Wowza origin and edge servers.

    Wowza Media Server 3.1.2 and earlier


    1. Follow the steps in Secure the Wowza Media Server origin (Wowza Media Server 3.1.2 and earlier).

    2. Download and unzip the MediaSecurity Addon package, and then copy the two .jar files from the package /lib folder to each Wowza edge server /lib folder.

    3. On each edge server, open [install-dir]/conf/[application]/Application.xml in a text editor and do the following:

      1. Add the following <Module> definition as the last entry in the <Modules> list:
        <Module>
            <Name>ModuleRTMPAuthenticate</Name>
            <Description>ModuleRTMPAuthenticate</Description>
            <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
        </Module>
      2. To connect to the secure Wowza origin server, add the following property to the <Properties> list at the bottom of the file:
        <Property>
            <Name>secureTokenOriginSharedSecret</Name>
            <Value>233e4b442ef9df8c</Value>
        </Property>
        Where 233e4b442ef9df8c is the shared secret value specified on the Wowza origin server.

      3. To prevent unauthorized direct streaming from Adobe Flash clients, add the following property to the <Properties> list at the bottom of the file:
        <Property>
            <Name>secureTokenSharedSecret</Name>
            <Value>7a97766ef65e9050</Value>
        </Property>
        Where 7a97766ef65e9050 is the shared secret value specified on this Wowza edge server to prevent unauthorized player access.

    4. Save Application.xml and restart all Wowza origin and edge servers so that the new .jar files are loaded.

    Secure encryption keys for MPEG-DASH CENC live repeater


    Support for MPEG-DASH streaming in a live repeater configuration is new in Wowza Streaming Engine 4.0. Common Encryption (CENC) can be applied to MPEG-DASH streams.

    When MPEG-DASH streams are encrypted with CENC in a live repeater configuration, the origin instance is configured to acquire the encryption keys, and the DASH chunks are built and encrypted on the edge instances. This requires that the AES-128 encryption keys used in the CENC encryption are sent from the origin to the edge instances. Wowza Streaming Engine performs an extra encryption on the key information to secure this transmission, using the liveRepeaterEncryptionSharedSecret property. This property provides a unique encryption key for each stream served by the origin. The default shared secret can be used, or you can define your own Custom Property on the application properties page.

    For details about how to configure custom properties, see Configure properties.

    Note: Access to the Properties tab in Wowza Streaming Engine Manager is limited to administrators with advanced permissions. For more information, see Manage credentials.
    On the application properties page, enter the following information in the Add Custom Property dialog box.

    Path
    Name
    Type
    Value
    /Root/Application/Properties liveRepeaterEncryptionSharedSecret string [mySecret]

    XML Configuration
    Note: If you configured Common Encryption (CENC) above, you can skip this section.
    At the bottom of [install-dir]/conf/live/Application.xml in the application-level <Properties>, add the following property specification.
    <Property>
        <Name>liveRepeaterEncryptionSharedSecret</Name>
        <Type>String</Type>
        <Value>[mySecret]</Value>
    </Property>
    ​Note: When defining a custom shared secret value, be sure define the same property/value on all origin and edge instances to ensure correct operation.

    More resources


    How to set up live stream repeater for use with Wowza nDVR (origin/edge)
    How to set up Adobe HDS from an edge server to align live adaptive bitrate streams
    How to get the Dynamic Load Balancing AddOn
    How to scale video on demand streaming with Media Cache

    Originally Published: 02-08-2011.
    Updated: For Wowza Streaming Engine 4.2.0 on 06-16-2015.

    If you're having problems or want to discuss this article, post in our forum.