Forum

Handling multiple Origins/domains when request is being proxied to CloudFront

nimblecorscloudfrontawscredentialsmultiple origins
David 2018-01-12 13:03:09 UTC in Nimble Streamer

Hi there

I have multiple domains, lets say sportsteam.tv and sportsleague.tv
and want to implement CloudFront as a CDN incase of big unexpected viewerships that my usual VPS setup can't handle comfortably (past say 1000 concurrent viewers).

I have setup cdn.sportsteam.tv and cdn.sportsleague.tv as valid CloudFront CNAME subdomains all running under HTTPS.

All of my content is protected using Cookies, with xhrSetup and xhr.withCredentials=true in my hls.js initialisation code.

However, I cannot now use * as a access_control_allow_origin and Cross Domain does not seem to be acknowledged in this setup.

If I set my nimble.conf access_control_allow_origin = sportsteam.tv, sportsleague.tv (with or without https://) the browser gives me some variety of: "Failed to load https://cdn.sportsteam.tv/xxx/playlist.m3u8: The 'Access-Control-Allow-Origin' header contains multiple values 'https://sportsteam.tv,https://sportsleague.tv', but only one is allowed"

I have seen other suggestions on the web to re-write headers based on the $_REQUEST['http_domain'] (or whatever) but that doesn't seem possible in nimble.

I could dedicate one machine to this CDN origin, happily enough, but I cannot dedicate five machines for my ~five client domains for origins.

Could there be a way to get nimble to present the requesting domain (somehow) as the accepted one, like: https://streamerdomain.com:port/origin=sportsteam.tv/streamurl.m3u8
and then the origin should be approved/validated in some way.

I hope that all makes sense...!! Am happy to discuss further details, show example of live use case via email if desired.

Thanks
David

David 2018-01-12 13:05:16 UTC 

To be clear, if i set my access_control_allow_origin = sportsteam.tv on my nimble.conf - cloudfront + the player will all work happily together and play back video via the CDN.

Alex Pokotilo 2018-01-14 03:50:02 UTC 

David,
thanks for analysis you are correct in your findings.
Am I right that it's enough to return "Origin" header in case if "Origin" is among access_control_allow_origin specified in nimble.conf ?
"Access-Control-Allow-Origin" header cannot be a list of domains but rather should be exact domain.
We can change access_control_allow_origin behavior so that if we have domain list then we check Origin header and find matched domain in the list and If exists return Origin if not - don't add Access-Control-Allow-Origin at all.
What do you think ?

David 2018-01-14 10:26:33 UTC 

It seems like that would be a suitable workaround. If you need me to help run a test version please let me know I’ll be happy to help.

Alex Pokotilo 2018-01-15 06:50:11 UTC 

David,
could you please give us http request headers client sent and http headers received in case if you setup
access_control_allow_origin = sportsteam.tv
And access sportsteam.tv in case if your setup works.
I need to check requested/returned headers to make sure my fix will work

David 2018-01-17 11:33:58 UTC 

Alex I've sent an email to support FAO you.

Alex Pokotilo 2018-01-18 01:24:31 UTC 

David,
I've got it and replied.
To everybody interested in the subject - we will release this support soon.

David 2018-01-18 01:27:04 UTC 

Thanks Alex, looking forward to trying it out.

Vitl 2018-07-19 11:21:14 UTC 

Is there already support subject?

Terry 2018-08-04 02:12:28 UTC 

Has this been implemented?

Post a reply


Post a new question

Categories:

Tags:

nimbleNimble StreamerFAQHLSDVRnimble streamerhlsRTMPABRcacheNimbleAPItranscoderSRTrtmpsrtwmsauthapidvrffmpegudpVODsldpfailoverDASHRTSPstreamingrtspwmspanelSLDPlivevodUDPyoutubemp4paywallabrsubtitlesDispersaLarixmulticastvideolivestreamingWMSAuthMPEG-DASHpay-per-viewgeoaudiodashstreameredgeWMSPanelbandwidthsslandroidthumbnailWindowsencryptionhttpswhite labelconfigplaylistsmilFFMPEGperformanceMPEG-TSCORSre-streamingchunksraspberry pimpeg-dashpublish controlcorscloudfrontDRMRepublishingadvertizerrepublishingvlcS3user agentNDIristrules.confadvertisingipv6MPEGTSFastSpringRAMwms panelFMLEfileVATcrossdomainSMILmpegtsRecordingaespushakamaiwowzaserversPullmobilecodecerrorbalanceSSLTranscodem3u8chromecastplaylist_dvrWowzaconfigurationIDreportingbugdownloadsnapshotmpeg-tsawsAndroidnimblestreamerdomainLarix BroadcasterloopraspianchunkAWSoriginCDNipupdatescte35amazonroutesVidillionHttpsIPsecurityUInimble webcam html5Registration Issuedirect link32-bit Windowstwitchcache_controlitworkmelive abr support mpeg-dashwmspanelapiresumertmp abrbeirutWWDCdubaideep statsCentOS v6.4hls to multicast udpnooblogIIS Smooth StreamingcloudmediaAbrHTTPSHot-linking protectionHDSvaddioalertsjwplayer websitewhmcsbaselinetimelinenginx rtmp nimbledurationAV BridgeAuthentication in HLSPi4VaddioPI3 Ubuntupriceresourcelimitview timeOld logsCloud StorageNimble Streamer APIscte-35screencastinterfacesencrytpionDVRRecordingattaching domainsloadbalancingmetadatamod_rewritecontainer*profilelarix abrAxisgbpsID3 tagswmsauthsignhighhds streamdatmessageWMSCONFIG_HOMElocalciscorestreamcost.net hotlinkgentoo install server nimblehls restreamingPublic Iptranscoding using NvidiaPaywall AuthVLCofflinedocumentationNimble streamer upgradeniblerTrancoderconcurrent-connectionsVideo Playertransocding republishingdecoderServer-sideAliaslost trafficstoppedNimble Streamer versionmainlebanonlocationmanifesticecast urlruleMP4 not playedspacehot linkingpay per viewchangeseekingdvr_archivesmpeg dashamfLarix GrovewildcardobsTCORaspian Busterexportopenssllimuxamazon web servicePlayReadynginxdvr stream twiceonSteam stopped workingsdpshoutcastrepublishhot-linkAXVVGHLS vodExpression Encoderblocknvencanalyticspaywalapplication7HLS PlayerbrandingDASH Playertrialjpegmicrosoft streamMP4errorsrocksoftlog traffic statsdebianscreen freezecan't registerlive video on demandbandwithnimblesessionidFFmpegmultiple originsABR DASHprogressive downloadprivate networkLarge DVR filesserverno WMSPanelheaderlive videointerleavingSLDP PLayerlog nimble analysertmp playbackmac osx installsourceAdsvideojswotermarkvimeohelp errorbitrate#restreamload balancevideo stopadaptiveAV1 codecJWPLAYERNGINX-RTMPcache expirystreamscdnvsomlive streamViewer StatsHEVCattachment4Kcrossdomain more then 1 domainvod no soundconcurrent connectionDelaympeg2tsdvr streamconnectivityUbuntu 20 ARM - AWSunique visitorcpuServer-Side-Task-Controldisk migrationdvr on wmspanelscreen capturestereo to monoWidevinebuttAWS 3drmaes encryptionFairplaysubscriptionControl APInot foundCPU LoadTranscoderLive streamingWMSPanel settingslive pull settingsABR HLS Bitratespullrtmp for YouTubeAS3add_chunk failedPost processingfake extensioninstall players setup ready to goDVRSettingstwitch larix broadcaster androidAppleDelete recordsudp streamingoutrateicecastnimble streamer vod hls transmuxinglogginglearnervideo loopinsert logostarttime duration seekpointrebootmonitornimble.confrtmp republishing transcodeIIS Media ServicstrackAVCaptureMovieFileOutputblock downloaddvr streamsapi accessDeep statsloadbalancernimble streamer web server php script pageautomationlivestreamweb playerNimble CapacityABR DVR probleminvalidMPEG DASHUbuntu artful 17.10Transcoder MPEG DASHcontent-dispositionLive Switchernot to stealLive BroadcastNimble ServerfacebookStreaming routeHotlinking ProtectionRTMP republishpaymentstatsreloadssaiDVR Setting limitadvp9contentRTMP Republishpremium featureserver incorrect timeThumbnailsrmtpno internetdemandLiveLIVEIOSHow to do live stream with multiple audio trackavoid refreshraspberryLoad-Balancingnimble streamer mpeg-ts multiple inputswmsAuthSignProgressivenimble aliasesPaywallthumbnail dvr-thumbnailsoundHLS Meta Tag editing.reportscredentialsS3 AWSVideo cant be playedtranscodevbv-maxratetranscoder nimbleHTML5 playerFailoverVR-360SecureJetson Nanolivestreamintransocderbuildrist set fecABR bitratesPacketizingstorage space availablediskautomateuser_agentdelaympeg4alias route.movstoragepublish streamStream Delaytraffichd25AArch64livestream bitratedockerdomain lockVOD HLS streaming on public IPoutputUsers limitcloudflarelarixanalisysscteInvalid frame headerno soundincoming streamGopdistributionLL-HLS DVRav1 codecNimbleStreamerqataritworkscdnvideo.jswirecasta recordhttp serverfastspringNimble streamermp2 audiodata slicesaliasplayer sldpabr fallbackNimble connectionsissuepricinggoogle cloud storageVP9buffering videoSO_RCVBUFCentos 8dissapointmentpay-per-minutebufferlatencyQuickTimevideo streamingwebhookdvr to liverestarthelpFallbackcompatibility protocolsmultiplexserver ip21SSL request3.6.1-1Max connectionUDP Multicastsha265broadcasterOSXmd5rulesError when installinghow-tomanage_dvrDVRStreamsaws amazonDVR SettingPORTanalyseStreamIDmulti-viewerincomingMPEG2 Videologo in streamrtpnimble dvrBandwidthportsRIST Bondingplayoutmultiple audio udphotlink protectionRaspberryPi4ultra low latencyprogressivebroadcast videoCross DomainSRT protocolvideo audioartifactsrtsp push androidtuningRemote StorageWowza AgentSSAI4GwebrtcNimble_CrushTeradek Decoderubuntu 18fallbackRTMP to SRTprerollstreamnimble on cloudrtmp sldp nimbleBroadcastSnapshotsLinuxMPEG-Dashlarix broadcasterRaspberrytasks-controlgpu{stream}LL-HLSthumbnailsvideo and audio not matchLarix broadcasterNetworkRAM Loadstatus:errortranscodingdownTonyFFMPEG;RTMP;I/O errorOBSPIDurlGoogle DriveHLS Streamingdvbspeedup my videoiOSCSSactionscript 3server ssl errorRistmultiplefairplayNginxsubfolderTLSV 1.2 Certificatedynamic linksadjustsoftware versionre-publishingSRT RTMPmultiple audio

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.