GPT帮助SRS 5.0支持HTTP API鉴权
SRS 5.0的HTTP API支持鉴权了,感谢SRS开发者和GPT(GitHub Copilot)一起完成了代码、注释和双语文档。
How to Secure Your HTTP API
当你构建了SRS服务器后,你可以使用HTTP API来访问它,比如SRS控制台或者其他HTTP客户端。但是,你应该保护好你的HTTP API,防止未授权的访问。本文介绍如何保护你的HTTP API。
Usage
首先,请升级SRS到5.0.152+或者6.0.40+,这些版本支持HTTP API鉴权。
然后,请通过配置
http_api.auth来启用HTTP Basic Authentication:# conf/http.api.auth.conf
http_api {
enabledon;
listen1985;
auth {
enabledon;
username admin;
password admin;
}
}接着,用这个配置启动SRS:
./objs/srs -c conf/http.api.auth.conf或者,通过环境变量设置用户名和密码:
env SRS_HTTP_API_ENABLED=on SRS_HTTP_SERVER_ENABLED=on \
SRS_HTTP_API_AUTH_ENABLED=on SRS_HTTP_API_AUTH_USERNAME=admin SRS_HTTP_API_AUTH_PASSWORD=admin \
./objs/srs -e现在,你可以访问下面的地址来验证:
- • 提示输入用户名和密码:http://localhost:1985/api/v1/versions
- • 带用户名和密码的URL:http://admin:admin@localhost:1985/api/v1/versions
要清除用户名和密码,你可以通过用户名访问HTTP API:
- • http://admin@localhost:1985/api/v1/versions
注意:请注意,我们只针对HTTP API开启了鉴权,不包括HTTP服务器和WebRTC HTTP API。
SRS Console
SRS控制台是一个基于SRS的HTTP API的Web应用,它可以让你方便的管理SRS服务器。当SRS启动后,你可以访问SRS控制台:http://localhost:8080/console/
如果你开启了HTTP API鉴权,你可以在访问控制台URL时带上用户名和密码:http://admin:admin@localhost:8080/console/
否则,浏览器会提示输入用户名和密码。
For SRS 4.0
SRS 4.0不支持HTTP API鉴权,有些可选的解决方案。你可以用Nginx来做反向代理,然后在Nginx中配置鉴权。或者用Go语言编写一个简单的HTTP代理。
Browser ---HTTP-with-Authentication---> Nginx ---HTTP---> SRS 4.0你需要修改HTTP API侦听的端口,比如:
http_api {
enabledon;
listen127.0.0.1:1985;
}这样,HTTP API就只能被本机的代理访问了。
About WebRTC API Security
SRS不支持WebRTC相关的HTTP API的鉴权,因为WebRTC鉴权是通过HTTP回调来实现的。
请参考WebRTC回调和Token鉴权等文档。
Conclusion
这篇文章是我和GitHub Copilot一起写的。
代码实现是SRS开发者,和GitHub Copilot一起写的。
How to Secure Your HTTP API
After you have built your SRS server, you can use HTTP API to access it by SRS console or other HTTP clients. However, you should secure your HTTP API to prevent unauthorized access. This article describes how to secure your HTTP API.
Usage
First of all, please upgrade SRS to 5.0.152+ or 6.0.40+, which supports HTTP API security.
Then, please enable the HTTP basic authentication by configuration
http_api.auth:# conf/http.api.auth.conf
http_api {
enabledon;
listen1985;
auth {
enabledon;
username admin;
password admin;
}
}Now, start SRS with the config:
./objs/srs -c conf/http.api.auth.confOr set up the username and password by environment variables:
env SRS_HTTP_API_ENABLED=on SRS_HTTP_SERVER_ENABLED=on \
SRS_HTTP_API_AUTH_ENABLED=on SRS_HTTP_API_AUTH_USERNAME=admin SRS_HTTP_API_AUTH_PASSWORD=admin \
./objs/srs -eNow, you can access the following urls to verify it:
- • Prompt for username and password: http://localhost:1985/api/v1/versions
- • URL with authentication: http://admin:admin@localhost:1985/api/v1/versions
To clean up the username and password, you can access the HTTP API with the username only:
- • http://admin@localhost:1985/api/v1/versions
Note: Please note that we only secure the HTTP API, neither the HTTP server nor the WebRTC HTTP apis.
SRS Console
SRS console is a web application to manage your SRS server. When SRS server started, you can access the SRS console by the URL: http://localhost:8080/console/
If you enable the HTTP API authentication, you should use URL with username and password to access the SRS console: http://admin:admin@localhost:8080/console/
Or, the browser will prompt for username and password.
For SRS 4.0
SRS 4.0 does not support HTTP API authentication, however there is a workaround to secure your HTTP API. You can use the nginx to proxy the HTTP API, and enable the HTTP basic authentication by nginx. Or write a Go HTTP proxy for SRS HTTP API.
Browser ---HTTP-with-Authentication---> Nginx ---HTTP---> SRS 4.0In this solution, you should also change the listen of SRS HTTP API to lo:
http_api {
enabledon;
listen127.0.0.1:1985;
}So that the HTTP API is only accessible by the localhost proxy server.
About WebRTC API Security
SRS doesn't support HTTP API authentication for WebRTC, instead, you should use the HTTP callback to verify the client.
Please see WebRTC HTTP Callback and Token Authentication for more details.
Conclusion
GitHub Copilot and I wrote this article.
The code of this feature was written by SRS developers and GitHub Copilot.
阅读原文 最新评论
推荐文章
作者最新文章
你可能感兴趣的文章
Copyright Disclaimer: The copyright of contents (including texts, images, videos and audios) posted above belong to the User who shared or the third-party website which the User shared from. If you found your copyright have been infringed, please send a DMCA takedown notice to [email protected]. For more detail of the source, please click on the button "Read Original Post" below. For other communications, please send to [email protected].
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。