/
Using a devoted rails server for streaming auth callbacks

Using a devoted rails server for streaming auth callbacks

Avalon 8.1 introduced a configuration (Settings.streaming.auth_referer) that would allow setting the refer header sent on m3u8 requests to the streaming server which it then uses to callback for authorization. In some cases it can be advantageous to set this so auth callbacks go a more direct route to an internally accessible hostname/IP. In other cases it can be used to call a different avalon process than issued the original m3u8 request.

One such case is when using the Wowza streaming server which requires requesting a request to Wowza and thus auth callback as part of a user request cycle. This can lead to lockups if the available rails server worker threads are filled up with streaming requests and Wowza is unable to fulfill auth callbacks. (It will eventually timeout after 90-120 seconds.) Having auth callbacks go to a separate server devoted to them would avoid this situation.

High level steps to setup a devoted separate rails server:

  1. Add an initializer that enforces the separate server only handles requests from the streaming server.

    Rails.application.config.to_prepare do ApplicationController.class_eval do before_action :only_wowza_requests_for_auth_callback def only_wowza_requests_for_auth_callback if ENV['AUTHCALLBACK_SERVER'] if request.remote_ip != Settings.streaming.server_ip redirect_to root_url, allow_other_host: true end end end end end

  2. Setup a separate rails server process on a different port/hostname/ip and set AUTHCALLBACK_SERVER=true for it.

  3. Add the new rails address to the allow list of avalon urls for the streaming server and restart it.

  4. Set Settings.streaming.auth_referer to the address of the separate rails server process.

  5. Restart avalon and start the separate rails server.