Forum

Handling multiple Origins/domains when request is being proxied to CloudFront

David 2018-01-12 13:03:09 UTC in Nimble Streamer

Hi there

I have multiple domains, lets say sportsteam.tv and sportsleague.tv
and want to implement CloudFront as a CDN incase of big unexpected viewerships that my usual VPS setup can't handle comfortably (past say 1000 concurrent viewers).

I have setup cdn.sportsteam.tv and cdn.sportsleague.tv as valid CloudFront CNAME subdomains all running under HTTPS.

All of my content is protected using Cookies, with xhrSetup and xhr.withCredentials=true in my hls.js initialisation code.

However, I cannot now use * as a access_control_allow_origin and Cross Domain does not seem to be acknowledged in this setup.

If I set my nimble.conf access_control_allow_origin = sportsteam.tv, sportsleague.tv (with or without https://) the browser gives me some variety of: "Failed to load https://cdn.sportsteam.tv/xxx/playlist.m3u8: The 'Access-Control-Allow-Origin' header contains multiple values 'https://sportsteam.tv,https://sportsleague.tv', but only one is allowed"

I have seen other suggestions on the web to re-write headers based on the $_REQUEST['http_domain'] (or whatever) but that doesn't seem possible in nimble.

I could dedicate one machine to this CDN origin, happily enough, but I cannot dedicate five machines for my ~five client domains for origins.

Could there be a way to get nimble to present the requesting domain (somehow) as the accepted one, like: https://streamerdomain.com:port/origin=sportsteam.tv/streamurl.m3u8
and then the origin should be approved/validated in some way.

I hope that all makes sense...!! Am happy to discuss further details, show example of live use case via email if desired.

Thanks
David

David 2018-01-12 13:05:16 UTC 

To be clear, if i set my access_control_allow_origin = sportsteam.tv on my nimble.conf - cloudfront + the player will all work happily together and play back video via the CDN.

Alex Pokotilo 2018-01-14 03:50:02 UTC 

David,
thanks for analysis you are correct in your findings.
Am I right that it's enough to return "Origin" header in case if "Origin" is among access_control_allow_origin specified in nimble.conf ?
"Access-Control-Allow-Origin" header cannot be a list of domains but rather should be exact domain.
We can change access_control_allow_origin behavior so that if we have domain list then we check Origin header and find matched domain in the list and If exists return Origin if not - don't add Access-Control-Allow-Origin at all.
What do you think ?

David 2018-01-14 10:26:33 UTC 

It seems like that would be a suitable workaround. If you need me to help run a test version please let me know I’ll be happy to help.

Alex Pokotilo 2018-01-15 06:50:11 UTC 

David,
could you please give us http request headers client sent and http headers received in case if you setup
access_control_allow_origin = sportsteam.tv
And access sportsteam.tv in case if your setup works.
I need to check requested/returned headers to make sure my fix will work

David 2018-01-17 11:33:58 UTC 

Alex I've sent an email to support FAO you.

Alex Pokotilo 2018-01-18 01:24:31 UTC 

David,
I've got it and replied.
To everybody interested in the subject - we will release this support soon.

David 2018-01-18 01:27:04 UTC 

Thanks Alex, looking forward to trying it out.

Vitl 2018-07-19 11:21:14 UTC 

Is there already support subject?

Terry 2018-08-04 02:12:28 UTC 

Has this been implemented?

Post a reply


Post a new question

Categories:

Tags:

nimbleNimble StreamerFAQHLSnimble streamerDVRRTMPhlsSRTsrtABRrtmpcacheNimblewmsauthAPItranscoderdvrffmpegapisldpudpVODaudioRTSPfailoverrtspDASHwmspanelUDPvodpaywallstreamingabrSLDPyoutubemp4DispersastreamerandroidsslmulticastLarixsubtitlesliveNDIvideolivestreamingplaylistWMSAuthMPEG-DASHpay-per-viewerrorgeoMPEG-TSre-streamingdashcorsWMSPaneledgebandwidththumbnaillarix broadcasterWindowshttpswhite labelconfigsmilFFMPEGencryptionCORSperformancechunksraspberry pimpeg-dashpublish controlcloudfrontDRMRepublishingvlcAWSS3advertisinguser agentadvertizerristrepublishingrules.confipv6MPEGTSFastSpringRecordingRAMwms panelfileFMLEVATcrossdomainSMILmpegtsaespushakamaimobilewowzaPullserverscodecmanifestSSLchromecastbalancedrmTranscodem3u8TranscoderbugWowzaIDreportingconfigurationsnapshotdownloadawsAndroidnimblestreamerdomaintranscoderaspianloopscte35streamroutesamazonupdateipVidillionHttpsmpeg-tsBroadcastplaylist_dvrVLCPIDerrorsEncoderoriginscte-35issuechunklimitsecurityLarix BroadcasterIPCDNthumbnailsUIRegistration Issuedirect link32-bit Windowstwitchcache_controlitworkmecudalive abr support mpeg-dashwmspanelapibeirutreloadWWDCdubaideep statsCentOS v6.4logIIS Smooth StreamingcloudmediaIPTVprofilelarix abrTSReaderAbrHTTPSHot-linking protectionHDSvaddioalertsMuxjwplayer websitewhmcsbaselinetimelineVaddioAV BridgePI3 Ubuntuview timeAuthentication in HLSNimble Streamer APIPi4streamsinterfacesHLS Meta Tag editing.encrytpionloadbalancingwmsattachmentHEVCmetadatamod_rewritewmsauthsignpricehighresourcehds streamOld logsciscolocalscreencastID3 tagsgbpsAxis.net hotlinkRTMP republishattaching domainssdpshoutcastno internetInterlacedocumentationofflinecontainerNimble streamer upgradeMulticast*concurrent-connectionsTrancoderrecordingrtmp abranalisysresumeniblerhls restreamingServer-siderestreamstoppedMPEG2TSNimble Streamer versionmainWMSCONFIG_HOMEdissapointmentdatmessagegentoo install server nimbletranscoding using NvidiaPublic IpPaywall AuthwildcardobsTCOno WMSPanelVideo Playertransocding republishingdecoderAliaspay per viewlost trafficdvr_archivesmpeg dashnginx rtmp nimbleRaspian Bustericecast urlexportopenssllimuxamazon web servicenginxPlayReadychangedvr stream twiceLarix GroveamfAXVVGhot-linkIOSExpression EncoderblocknvenconSteam stopped workingadaptiveAV1 codecHLS PlayerJWPLAYERNGINX-RTMPHLS in UDP outDASH PlayerHLS voddvr export to mp47analyticsapplicationpaywalbrandingtrialCablemicrosoft streamMP4rocksoftlog traffic statsjpegscreen freezecan't registeraccuracyprivate networkLarge DVR fileslive videodebianTelegraminterleavingSLDP PLayerseekingmac osx installwotermarklive video on demandbandwithnimblesessionidFFmpegmultiple originsvimeohelp errorserverload balancezabbixheadercache expirycdnvsomlog nimble analysertmp playbacklive streamsourceViewer StatsAdsvideojsLive Streamingbitrate#restreamMP4 not playedspaceServer-Side-Task-Controlvideo stopaes encryptionsubscriptionvod no soundconcurrent connectionlebanonlocationUbuntu 20 ARM - AWSunique visitorconnectivitydvr streamstereo to monoscreen capturelive pull settingsWMSPanel settingsABR HLS Bitratesrtmp for YouTube4Kcrossdomain more then 1 domainWidevineFairplaycpunot foundCPU LoadpullAS3loggingnimble streamer vod hls transmuxingbuttAWS 3Cross Domaininsert logoinstall players setup ready to goDVRSettingstwitch larix broadcaster androidicecast metadataDVRStreamsAppleDelete recordspremium featureControl APIProgressivenimble streamer web server php script pageautomationLive streamingvideo loopUbuntu artful 17.10Transcoder MPEG DASHinvalidMPEG DASHstarttime duration seekpointadd_chunk failedPost processingfake extensionstatus:errorrebootdroppingmobile app live streamingmonitoroutrateudp streamingapi accessDeep statsicecastMPEG-Dashloadbalancerweb playercontent-dispositionpaymentstatsNimble ServerAVCaptureMovieFileOutputblock downloadrestartdvr streamsavoid refreshlivestreamABR DVR problemNimble CapacityHotlinking ProtectionStreaming routehotlinkfacebookcontentRTMP RepublishSecurityLive Switcherdemandnot to stealLive BroadcastMultiple Audio trackssecure streaminglow_bandwidthwmsAuthSignnimble streamer mpeg-ts multiple inputsLoad-Balancingvp9adsounddisk migrationThumbnailsserver incorrect timeLIVELivelearnernimble webcam html5ssaiDVR Setting limitpausemosaicHow to do live stream with multiple audio trackrmtptranscoder nimblereportsdvr on wmspanelfpsVideo cant be playedS3 AWSraspberryPaywalllivestreamintransocderstorage space availablediskcredentialsdvr to livewebhookautomateuser_agentvbv-maxratedomain lockUsers limitoutputcloudflareVOD HLS streaming on public IPlarixscteInvalid frame headerno soundincoming streamSubtitleslivestream bitratedockerDVRRecordingAuthGopDVR SettingPORTdelaympeg4storagealias route.movartifactsrtsp push androidmultiviewRAM Loadhttp serverLatencywirecasta recordruleshow-tomanage_dvrError when installingVP9server ip21Nimble connectionsabr fallbackno audiolatencyaliasdata slicesplayer sldpmp2 audioNimble streamerfastspringsoftware versionadjustSO_RCVBUFbuffering videodistributionbufferqataritworkscdnvideo.jsmultiplexcompatibility protocolsCentos 8pay-per-minuteTeradek Decoderubuntu 183.6.1-1UDP MulticastMax connectionincomingmulti-viewerFallbackhelpmultiple audio udphotlink protectionRaspberryPi4ultra low latencyaws amazonhls to multicast udpnoobSSL requestsha265broadcasterOSXmd5analyseStreamIDprerollnimble on cloudrtmp sldp nimblepluginfallbacktasks-controlRaspberryRTMP to SRTLinuxgpu{stream}Connections count limitNimble_Crushwebrtc4GRIST Bondingplayoutsrt-live-transmitWowza AgentRemote StorageSSAItuningAmazonTVfireOBSvideo and audio not matchLarix broadcasterNetworkspeedup my videoiOSPerformanceSnapshotsSRT RTMPre-publishingletsencryptTonydowntranscodingFFMPEG;RTMP;I/O errorLL-HLSHTML5 playerAddendaABR DASHprogressive downloadeventLL-HLS DVRav1 codecconnectionsNimbleStreamernimble aliasesNimble StreambuildABR bitratesPacketizingcountrist set fecmultiple audioOBS StudioWMSAUTHIVSDelaympeg2tsIIS Media Servicsrtmp republishing transcodenimble.confinterfacetrackbindprogressivebroadcast videovideo audioSRT protocoldvbduplicatingpcdynamic linksTLSV 1.2 CertificatesubfolderbrowserurlGoogle DriveHLS Streamingrtmpscostnimble abr hlsthumbnail dvr-thumbnailaudio languageVR-360Failovergoogle cloud storagepricingoverlayhot linkingTRANSCODErtpnimble dvrBandwidthdurationYadifportsRokuContinuitywordpressJetson NanoSecureLarix PlayerramfairplayNginxpublish streamStream Delayhd25trafficAArch64video streamingQuickTimeCloud StorageRistmultistreamingmultipleserver ssl erroractionscript 3dropped framesCSSMPEG2 VideoPCRlogo in streammultipointrulerepublishconcurrent

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.