January 22, 2019
This post examines the problem with using Lighttp
to securely route the video stream obtained from
MJPG-Streamer. It shows that version 1.4.35
can be installed on Rasbian Stretch. It also better
describes the problem with version 1.4.45 of Lighttp.
This exercise was done on a Raspberry Pi 3 model B running the latest
version of Rasbian Stretch. The user name was not
changed and remained pi
, the host name was changed to
orion
. The corresponding IP address was
192.168.1.22
. If attempts are made to follow the steps described
below, then these last three values will have to be adjusted.
Table of Contents
- Installing Lighttpd 1.4.35 on Raspbian Stretch
- Creating a Self-Signed TLS Certificate
- Configuration of the Reverse Proxy in Lighttpd 1.4.35
- Upgrading to Lighttpd 1.4.35
- Conclusion
Since August of last year, I have had a problem using the newest version
of Lighttpd in Raspbian
Stretch when trying to implement a secure reverse proxy as done in Secure Webcam streaming with
MJPG-Streamer on a Raspberry Pi. I speculated in Not Everything Works - Lighttpd with Raspbian Stretch that the
older version the web server (version 1.4.35-4+deb8u1 from the Jessie repository) might work in Stretch. It does, although it was a bit more involved than
I expected. From information gleaned from the Web, I thought installing a
previous version of a package would be as simple as entering either of the
next two commands.
pi@orion:~ $ sudo apt-get -t=Jessie install lighttpd
pi@orion:~ $ sudo apt-get install lighttpd=1.4.35-4+deb8u1
Neither worked, and in retrospect I should not have expected those
commands to work. Just as I had to add the backports depository when trying
to install newer versions of packages in Jessie, it
was necessary to add the Jessie repository to get the
older versions. Fortunately, that is not complicated at all; just add a line
to the list of sources used by apt
.
pi@orion:~ $ sudo nano /etc/apt/sources.list
deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi
# Jessie repository used to install older version of Lighttpd
deb http://raspbian.raspberrypi.org/raspbian/ jessie main
The I updated the list of available packages and checked which versions
of Lighttpd using an apt
command that
was new to me.
pi@orion:~ $ sudo apt update
...
pi@orion:~ $ apt-cache showpkg lighttpd
Package: lighttpd
Versions:
1.4.45-1 (/var/lib/apt/lists/raspbian.raspberrypi.org_raspbian_dists_stretch_main_binary-armhf_Packages)
...
1.4.35-4+deb8u1 (/var/lib/apt/lists/raspbian.raspberrypi.org_raspbian_dists_jessie_main_binary-armhf_Packages)
That was quite encouraging but when it came time to install the old
version, there was an unexpected problem.
pi@orion:~ $ sudo apt-get -t=jessie install lighttpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
lighttpd : Depends: libterm-readline-perl-perl but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
Since I was testing things anyway, I just went ahead and manually
installed the missing library, which worked and which made the installation
of the old version of Lighttpd possible.
pi@orion:~ $ sudo apt-get install libterm-readline-perl-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libterm-readkey-perl
The following NEW packages will be installed:
libterm-readkey-perl libterm-readline-perl-perl
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 78.3 kB of archives.
After this operation, 268 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
...
Setting up libterm-readline-perl-perl (1.0303-1) ...
pi@orion:~ $ sudo apt-get -t=jessie install lighttpd
Reading package lists... Done
...
After this operation, 3,052 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
...
Setting up lighttpd (1.4.35-4+deb8u1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/lighttpd.service → /lib/systemd/system/lighttpd.service.
Processing triggers for systemd (232-25+deb9u8) ...
Success, lighttpd
was indeed installed and running as
confirmed with systemctl
.
pi@orion:~ $ sudo systemctl status lighttpd.service
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-01-19 22:01:32 AST; 11s ago
Process: 2144 ExecStartPre=/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf (code=exited, s
Main PID: 2153 (lighttpd)
CGroup: /system.slice/lighttpd.service
└─2153 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
Jan 19 22:01:31 orion systemd[1]: Starting Lighttpd Daemon...
Jan 19 22:01:32 orion lighttpd[2144]: Syntax OK
Jan 19 22:01:32 orion systemd[1]: Started Lighttpd Daemon.
If this version of Lighttpd is to be kept, it
is important to mark the two packages installed in the previous steps as not
upgradable. Otherwise, a apt upgrade
could easily replace
Lighttpd 1.4.35 with the newer version in the
Stretch repository.
pi@orion:~ $ sudo apt-mark hold lighttpd libfam0
lighttpd set on hold.
libfam0 set on hold.
Now when upgrading packages, neither will be touched even if
apt
knows that newer versions exist.
pi@orion:~ $ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
libfam0 lighttpd
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
pi@orion:~ $ sudo apt list --upgradable
Listing... Done
libfam0/stable 2.7.0-17.2 armhf [upgradable from: 2.7.0-17.1]
lighttpd/stable 1.4.45-1 armhf [upgradable from: 1.4.35-4+deb8u1]
Whenever apt update
is run in the future, it will report
that two packages can be upgraded. But, as shown above, there is no point in
upgrading when only these two packages are listed as upgradable. I decided to
remove the jessie
repository from the source list
(/etc/apt/sources.list
). That way, updates should be
quicker.
If ever it is necessary, apt-mark unhold
will cancel the
previously set hold.
The whole point of the exercise was to provide access to the web cam
video stream over a secure HTTPS connection. That means that a TLS certificate
is necessary. In the previous post on the subject, Secure Webcam streaming with MJPG-Streamer
on a Raspberry Pi - Security, I showed how I used the self signed TLS
certificate that came with Domoticz. But it is not
difficult to create one. Following the Lighttpd wiki,
Setting up a simple SSL configuration, the certificate
will be put in the directory named /etc/lighttpd/certs
which may
have to be created. Note how the directory belongs to root
so
the sudo
prefix will need to be used.
pi@orion:~ $ cd /etc/lighttpd
pi@orion:/etc/lighttpd $ ls -l
total 12
drwxr-xr-x 2 root root 4096 Jan 23 12:35 conf-available
drwxr-xr-x 2 root root 4096 Aug 6 2016 conf-enabled
-rw-r--r-- 1 root root 1044 Aug 2 2016 lighttpd.conf
pi@orion:/etc/lighttpd $ sudo mkdir certs
pi@orion:/etc/lighttpd $ cd certs
pi@orion:/etc/lighttpd/certs $ sudo openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
Generating a RSA private key
...................................+++++
..................................................................................................................................................+++++
writing new private key to 'lighttpd.pem'
- - - - -
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
- - - - -
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:.
Email Address []:.
pi@orion:/etc/lighttpd/certs $ ls
lighttpd.pem
That self signed certificate will be good for a year (365 days). As can
be seen, no information needs be entered to create it, although I did
change the default country code.
The Lighttpd configuration file,
/etc/lighttpd/lighttpd.conf
, must be modified. First the proxy
module must be enabled near the top of the file, then HTTPS access at the
standard port 443 is enabled and, finally, HTTPS traffic to and from port
8843 is redirected to port 8085 used by the MJPG-Streamer web server. The connection between the two
web servers is not encrypted.
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_proxy",
"mod_redirect",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
# enable HTTPS access on the default port
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/test.pem"
}
# reverse proxy to provide https wrapper around the mjpg_streamer
# web server on the local host on port 8085 using port 4433. The
# latter must be forwarded by the router.
#
$SERVER["socket"] == ":4433" {
ssl.engine = "enable"
ssl.pemfile = "/home/pi/domoticz/server_cert.pem"
proxy.server = ( "" => ( ("host" => "127.0.0.1", "port" => 8083) ) )
}
As a first test, start a web browser and connect to
https://orion.local
. If orion.local
cannot be
resolved, use the IP address assigned to the Raspberry Pi. The connection
will be refused because it is deemed insecure. Click on the Advanced button or Advanced
Parameters button or something similar depending on the browser. It
will then probably say that the problem is that the security certificate is
self signed or that the certification authority is invalid, which is
obviously true. We just created the certificate a little while ago. You
should also find a link on that page that allows you to add an exception or
to continue on to the "dangerous" site. Do that and confirm if necessary. You
should eventually end up at the default Placeholder Page of the Lighttpd server, unless you created a different default web
page.
Both Firefox and Chromium
show the site as insecure. Other web browsers probably do the same thing. To
be clear, the insecurity is about the lack of a signature from a recognized
authority on the certificate. The connection between the browser and the web
server is nevertheless securely encrypted.
To test the proxy server, restart Lighttpd,
connect the USB webcam to the Raspberry Pi and then start MJPG-Streamer.
pi@orion:~ $ sudo systemctl restart lighttpd
pi@orion:~ $ mjpg_streamer -i "/usr/local/lib/mjpg-streamer/input_uvc.so -n -f 10 -r 1280x720" \
> -o "/usr/local/lib/mjpg-streamer/output_http.so -p 8085 -w /usr/local/share/mjpg-streamer/www"
pi@testbed:~ $ bash stream-video
MJPG Streamer Version.: 2.0
i: Using V4L2 device.: /dev/video0
i: Desired Resolution: 1280 x 720
i: Frames Per Second.: 10
i: Format............: JPEG
i: TV-Norm...........: DEFAULT
o: www-folder-path......: /usr/local/share/mjpg-streamer/www/
o: HTTP TCP port........: 8085
o: HTTP Listen Address..: (null)
o: username:password....: disabled
o: commands.............: enabled
Notice that I did not add a password in the parameters. In practice, I
will, otherwise there is no point to all of this. Direct unsecured access to
the video stream will be possible from any computer on the local network.
Start a web browser and use the following URL:
http://orion.local:8085/stream.html
. If the
orion.local
cannot be resolved, then use the IP address assigned
to the Raspberry Pi: http://192.168.1.22:8085/stream.html
. In
VLC, use the
following address http://192.168.1.22:8085/?action=stream
when
opening a network stream. As wanted, using my DDNS address
http://modomo.twilightparadox.com:8085/stream.html
will fail
because port 8085 is not and should never be forwarded by the router.
Secure access through the proxy server should now work.
Local access with a web browser will work with the following URL:
https://orion.local:4433/stream.html
or
https://192.168.1.22:4433/stream.html
if orion.local
cannot be resolved. Now secure remote access with my DDNS address is
also possible: https://modomo.twilightparadox.com:4433/stream.html
.
It is now possible to see the video stream from any computer connected to
the internet. Of course to be secure, the Lighttpd
must be started with the -c user:password
parameters.
Given what precedes, it is fairly easy to update to the most recent
version of Lighttpd web server available in the
Raspbian Stretch repository, to see what happens
with a more recent version of the web server
pi@orion:~ $ sudo systemctl stop lighttpd
pi@orion:~ $ sudo mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.bak
pi@orion:~ $ sudo apt-mark unhold lighttpd libfam0
Canceled hold on lighttpd.
Canceled hold on libfam0.
pi@orion:~ $ sudo apt update && sudo apt -y upgrade
...
The following packages will be upgraded:
libfam0 lighttpd
...
Setting up libfam0:armhf (2.7.0-17.2) ...
...
Setting up lighttpd (1.4.45-1) ...
...
Once the upgrade to version 1.4.45 is completed, I compared the
configuration file to the one setup with the previous version. They
are identical except for the additions done to handle HTTPS access and the
reverse proxy. Consequently, the old configuration file will be used.
pi@orion:~ $ cd /etc/lighttpd
pi@orion:/etc/lighttpd $ sudo mv lighttpd.conf lighttpd.org
pi@orion:/etc/lighttpd $ sudo mv lighttpd.bak lighttpd.conf
pi@orion:/etc/lighttpd $ sudo systemctl restart lighttpd
pi@orion:/etc/lighttpd $ sudo systemctl status lighttpd
...
Jan 23 18:01:21 orion systemd[1]: Starting Lighttpd Daemon...
Jan 23 18:01:21 orion systemd[1]: Started Lighttpd Daemon.
Access to the video stream by HTTP,
http://orion.local:8085/stream.html
, works as before as
expected. The HTTPS proxy to static images from MJPG-Streamer,
using the following URL https://orion.local:4433/static.html
,
works. But for some reason which I cannot figure out, the video stream will
not be displayed in the browser. Similarly,
https://192.168.1.22:4433/?action=stream
will not work in VLC.
Launching VLC from the command line turning verbose comments on does
not help me much.
michel@hp:~$ vlc -vv http://192.168.1.22:4433/?action=stream
VLC media player 3.0.6 Vetinari (revision 3.0.6-0-g5803e85)
[00000000015f23b0] main libvlc debug: VLC media player - 3.0.6 Vetinari
[00000000015f23b0] main libvlc debug: Copyright © 1996-2018 the VideoLAN team
[00000000015f23b0] main libvlc debug: revision 3.0.6-0-g5803e85
[00000000015f23b0] main libvlc debug: configured with ./configure '--prefix=/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr' '--disable-wayland' '--enable-merge-ffmpeg' 'CFLAGS= -I/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr/include -I/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/usr/include' 'LDFLAGS= -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/lib -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr/lib -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/lib/x86_64-linux-gnu -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr/lib/x86_64-linux-gnu -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/lib -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/usr/lib -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/lib/x86_64-linux-gnu -L/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/usr/lib/x86_64-linux-gnu' 'CPPFLAGS= -I/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr/include -I/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/usr/include' 'CXXFLAGS= -I/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr/include -I/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/usr/include' 'PKG_CONFIG_PATH=:/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/parts/vlc/install/usr/share/pkgconfig:/home/jenkins/workspace/vlc-release/linux/vlc-release-snap/extras/package/snap/stage/usr/share/pkgconfig'
[00000000015f23b0] main libvlc debug: searching plug-in modules
[00000000015f23b0] main libvlc debug: loading plugins cache file /snap/vlc/770/usr/lib/vlc/plugins/plugins.dat
[00000000015f23b0] main libvlc debug: recursively browsing `/snap/vlc/770/usr/lib/vlc/plugins'
[00000000015f23b0] main libvlc debug: plug-ins loaded: 517 modules
[00000000015f23b0] main libvlc debug: opening config file (/home/michel/snap/vlc/common/vlcrc)
[00000000015f26f0] main logger debug: looking for logger module matching "any": 3 candidates
[00000000015f26f0] main logger debug: using logger module "console"
[00000000015f23b0] main libvlc debug: translation test: code is "fr"
[0000000001693c10] main keystore debug: looking for keystore module matching "memory": 4 candidates
[0000000001693c10] main keystore debug: using keystore module "memory"
[00000000015f23b0] main libvlc debug: CPU has capabilities MMX MMXEXT SSE SSE2 SSE3 SSSE3 SSE4.1 SSE4.2 AVX AVX2 FPU
[000000000168a650] main input debug: Creating an input for 'Médiathèque'
[000000000168a650] main input debug: Input is a meta file: disabling unneeded options
[000000000168a650] main input debug: using timeshift granularity of 50 MiB
[000000000168a650] main input debug: using default timeshift path
[000000000168a650] main input debug: `file/directory:///home/michel/snap/vlc/770/.local/share/vlc/ml.xspf' gives access `file' demux `directory' path `/home/michel/snap/vlc/770/.local/share/vlc/ml.xspf'
[000000000169cd70] main input source debug: creating demux: access='file' demux='directory' location='/home/michel/snap/vlc/770/.local/share/vlc/ml.xspf' file='/home/michel/snap/vlc/770/.local/share/vlc/ml.xspf'
[000000000169ceb0] main demux debug: looking for access_demux module matching "file": 21 candidates
[000000000169ceb0] main demux debug: no access_demux modules matched
[00000000016a3eb0] main stream debug: creating access: file:///home/michel/snap/vlc/770/.local/share/vlc/ml.xspf
[00000000016a3eb0] main stream debug: (path: /home/michel/snap/vlc/770/.local/share/vlc/ml.xspf)
[00000000016a3eb0] main stream debug: looking for access module matching "file": 26 candidates
[00000000016a3eb0] main stream debug: using access module "filesystem"
[00000000016a4c50] main stream debug: looking for stream_filter module matching "prefetch,cache_read": 26 candidates
[00000000016a4c50] cache_read stream debug: Using stream method for AStream*
[00000000016a4c50] cache_read stream debug: starting pre-buffering
[00000000016a4c50] cache_read stream debug: received first data after 0 ms
[00000000016a4c50] cache_read stream debug: pre-buffering done 296 bytes in 0s - 15213 KiB/s
[00000000016a4c50] main stream debug: using stream_filter module "cache_read"
[00000000016a5dd0] main stream debug: looking for stream_filter module matching "any": 26 candidates
[00000000016a5dd0] playlist stream debug: using XSPF playlist reader
[00000000016a5dd0] main stream debug: using stream_filter module "playlist"
[00000000016a5dd0] main stream debug: stream filter added to 0x16a4c50
[00000000016a9140] main stream debug: looking for stream_filter module matching "any": 26 candidates
[00000000016a9140] main stream debug: no stream_filter modules matched
[00000000016a9140] main stream_directory debug: looking for stream_directory module matching "any": 1 candidates
[00000000016a9140] main stream_directory debug: no stream_directory modules matched
[000000000169cd70] main input source debug: attachment of directory-extractor failed for file:///home/michel/snap/vlc/770/.local/share/vlc/ml.xspf
[00000000016a9140] main stream debug: looking for stream_filter module matching "record": 26 candidates
[00000000016a9140] main stream debug: using stream_filter module "record"
[000000000169cd70] main input source debug: creating demux: access='file' demux='directory' location='/home/michel/snap/vlc/770/.local/share/vlc/ml.xspf' file='/home/michel/snap/vlc/770/.local/share/vlc/ml.xspf'
[00000000016ab0c0] main demux debug: looking for demux module matching "directory": 56 candidates
[00000000016ab0c0] main demux debug: using demux module "directory"
[00000000016abb50] main demux meta debug: looking for meta reader module matching "any": 2 candidates
[00000000016abb50] lua demux meta debug: Trying Lua scripts in /home/michel/snap/vlc/770/.local/share/vlc/lua/meta/reader
[00000000016abb50] lua demux meta debug: Trying Lua scripts in /snap/vlc/770/usr/lib/vlc/lua/meta/reader
[00000000016abb50] lua demux meta debug: Trying Lua playlist script /snap/vlc/770/usr/lib/vlc/lua/meta/reader/filename.luac
[00000000016abb50] lua demux meta debug: Trying Lua scripts in /snap/vlc/770/usr/share/vlc/lua/meta/reader
[00000000016abb50] main demux meta debug: no meta reader modules matched
[000000000168a650] main input debug: `file/directory:///home/michel/snap/vlc/770/.local/share/vlc/ml.xspf' successfully opened
[00000000016c7250] main xml reader debug: looking for xml reader module matching "any": 1 candidates
[00000000016c7250] main xml reader debug: using xml reader module "xml"
[000000000168a650] main input debug: EOF reached
[00000000016ab0c0] main demux debug: removing module "directory"
[00000000016a9140] main stream debug: removing module "record"
[00000000016a5dd0] main stream debug: removing module "playlist"
[00000000016a4c50] main stream debug: removing module "cache_read"
[00000000016a3eb0] main stream debug: removing module "filesystem"
[00000000016877a0] main playlist debug: creating audio output
[00000000016a8c80] main audio output debug: looking for audio output module matching "any": 6 candidates
[00000000016a8c80] vlcpulse audio output debug: using library version 8.0.0
[00000000016a8c80] vlcpulse audio output debug: (compiled with version 8.0.0, protocol 30)
[00000000016a8c80] vlcpulse audio output debug: connected locally to unix:/run/user/1000/snap.vlc/../pulse/native as client #44
[00000000016a8c80] vlcpulse audio output debug: using protocol 30, server protocol 32
[00000000016a8c80] pulse audio output debug: adding sink 0: alsa_output.pci-0000_01_00.1.hdmi-stereo-extra1 (GK208 HDMI/DP Audio Controller Digital Stereo (HDMI 2))
[00000000016a8c80] pulse audio output debug: adding sink 1: alsa_output.pci-0000_00_1b.0.analog-stereo (Audio interne Stéréo analogique)
[00000000016a8c80] main audio output debug: using audio output module "pulse"
[00000000016877a0] main playlist debug: keeping audio output
[00000000016c6170] main interface debug: looking for interface module matching "dbus,none": 17 candidates
[00000000016c6170] dbus interface debug: listening on dbus as: org.mpris.MediaPlayer2.vlc
[00000000016c6170] main interface debug: using interface module "dbus"
[00000000016cec00] main interface debug: looking for interface module matching "hotkeys,none": 17 candidates
[00000000016cec00] main interface debug: using interface module "hotkeys"
[00000000016cf700] main interface debug: looking for interface module matching "globalhotkeys,none": 17 candidates
[00000000016cf700] main interface debug: using interface module "xcb_hotkeys"
[00000000015f23b0] main libvlc: Lancement de vlc avec l'interface par défaut. Utilisez « cvlc » pour démarrer VLC sans interface.
[00000000016d0900] main interface debug: looking for interface module matching "any": 17 candidates
[00000000016c6170] dbus interface debug: Getting All properties
[00000000016c6170] dbus interface debug: Getting All properties
[00000000016c6170] dbus interface debug: Getting All properties
Qt: Session management error: None of the authentication protocols specified are supported
[00007f8b888893f0] main generic debug: looking for extension module matching "any": 1 candidates
[00007f8b888893f0] lua generic debug: Opening Lua Extension module
[00007f8b888893f0] lua generic debug: Trying Lua scripts in /home/michel/snap/vlc/770/.local/share/vlc/lua/extensions
[00007f8b888893f0] lua generic debug: Trying Lua scripts in /snap/vlc/770/usr/lib/vlc/lua/extensions
[00007f8b888893f0] lua generic debug: Trying Lua playlist script /snap/vlc/770/usr/lib/vlc/lua/extensions/VLSub.luac
[00007f8b888893f0] lua generic debug: Scanning Lua script /snap/vlc/770/usr/lib/vlc/lua/extensions/VLSub.luac
[00007f8b888893f0] lua generic debug: Script /snap/vlc/770/usr/lib/vlc/lua/extensions/VLSub.luac has the following capability flags: 0x5
[00007f8b888893f0] lua generic debug: Trying Lua scripts in /snap/vlc/770/usr/share/vlc/lua/extensions
[00007f8b888893f0] main generic debug: using extension module "lua"
[00000000016d0900] main interface debug: using interface module "qt"
[00000000016877a0] main playlist debug: processing request item: null, node: Liste de lecture, skip: 0
[00000000016877a0] main playlist debug: rebuilding array of current - root Liste de lecture
[00000000016877a0] main playlist debug: rebuild done - 1 items, index -1
[00000000016877a0] main playlist debug: starting playback of new item
[00000000016877a0] main playlist debug: resyncing on ?action=stream
[00000000016877a0] main playlist debug: ?action=stream is at 0
[00000000016877a0] main playlist debug: creating new input thread
[00007f8b780009e0] main input debug: Creating an input for '?action=stream'
[00000000016877a0] main playlist debug: requesting art for new input thread
[00007f8b780009e0] main input debug: using timeshift granularity of 50 MiB
[00007f8b780009e0] main input debug: using default timeshift path
[00007f8b780009e0] main input debug: `http://192.168.1.22:4433/?action=stream' gives access `http' demux `any' path `192.168.1.22:4433/?action=stream'
[00007f8b70000d50] main input source debug: creating demux: access='http' demux='any' location='192.168.1.22:4433/?action=stream' file='(null)'
[00007f8b70000ef0] main demux debug: looking for access_demux module matching "http": 21 candidates
[00007f8b68000980] main meta fetcher debug: looking for meta fetcher module matching "any": 1 candidates
[00000000016d0900] qt interface debug: IM: Setting an input
[00007f8b70000ef0] main demux debug: no access_demux modules matched
[00007f8b68000980] lua meta fetcher debug: Trying Lua scripts in /home/michel/snap/vlc/770/.local/share/vlc/lua/meta/fetcher
[00007f8b70001250] main stream debug: creating access: http://192.168.1.22:4433/?action=stream
[00007f8b68000980] lua meta fetcher debug: Trying Lua scripts in /snap/vlc/770/usr/lib/vlc/lua/meta/fetcher
[00007f8b70001250] main stream debug: looking for access module matching "http": 26 candidates
[00007f8b68000980] lua meta fetcher debug: Trying Lua scripts in /snap/vlc/770/usr/share/vlc/lua/meta/fetcher
[00007f8b68000980] main meta fetcher debug: no meta fetcher modules matched
[00007f8b68000980] main art finder debug: looking for art finder module matching "any": 2 candidates
[00007f8b68000980] lua art finder debug: Trying Lua scripts in /home/michel/snap/vlc/770/.local/share/vlc/lua/meta/art
[00007f8b68000980] lua art finder debug: Trying Lua scripts in /snap/vlc/770/usr/lib/vlc/lua/meta/art
[00007f8b68000980] lua art finder debug: Trying Lua playlist script /snap/vlc/770/usr/lib/vlc/lua/meta/art/00_musicbrainz.luac
[00007f8b68000980] lua art finder debug: skipping script (unmatched scope) /snap/vlc/770/usr/lib/vlc/lua/meta/art/00_musicbrainz.luac
[00007f8b68000980] lua art finder debug: Trying Lua playlist script /snap/vlc/770/usr/lib/vlc/lua/meta/art/01_googleimage.luac
[00007f8b68000980] lua art finder debug: skipping script (unmatched scope) /snap/vlc/770/usr/lib/vlc/lua/meta/art/01_googleimage.luac
[00007f8b68000980] lua art finder debug: Trying Lua playlist script /snap/vlc/770/usr/lib/vlc/lua/meta/art/02_frenchtv.luac
[00007f8b68000980] lua art finder debug: skipping script (unmatched scope) /snap/vlc/770/usr/lib/vlc/lua/meta/art/02_frenchtv.luac
[00007f8b68000980] lua art finder debug: Trying Lua playlist script /snap/vlc/770/usr/lib/vlc/lua/meta/art/03_lastfm.luac
[00007f8b68000980] lua art finder debug: skipping script (unmatched scope) /snap/vlc/770/usr/lib/vlc/lua/meta/art/03_lastfm.luac
[00007f8b68000980] lua art finder debug: Trying Lua scripts in /snap/vlc/770/usr/share/vlc/lua/meta/art
[00007f8b68000980] main art finder debug: no art finder modules matched
[00007f8b70001250] http stream debug: resolving 192.168.1.22 ...
[00007f8b70001250] http stream debug: outgoing request:
GET /?action=stream HTTP/1.1
Host: 192.168.1.22:4433
Accept: */*
Accept-Language: fr
User-Agent: VLC/3.0.6 LibVLC/3.0.6
Range: bytes=0-
VLC showing cone icon and its time line marker is bouncing back and forth
After pressing CtrlC the following is displayed
[00000000014433b0] main libvlc debug: exiting
[00000000014433b0] main libvlc debug: removing all interfaces
[0000000001521900] main interface debug: removing module "qt"
[00000000014d87a0] main playlist debug: deactivating the playlist
[00000000014d87a0] main playlist debug: incoming request - stopping current input
[00007f2f48001210] http stream debug: connection failed
[00007f2f48001210] access stream error: HTTP connection failure
[00007f2f48001210] http stream debug: querying proxy for http://192.168.1.22:4433/?action=stream
[00007f2f48001210] http stream debug: no proxy
[00007f2f48001210] http stream debug: http: server='192.168.1.22' port=4433 file='/'
[00007f2f48001210] main stream debug: net: connecting to 192.168.1.22 port 4433
[00007f2f48001210] http stream error: cannot connect to 192.168.1.22:4433
[00007f2f48001210] main stream debug: no access modules matched
[00000000014d87a0] main playlist debug: dead input
[00000000014d87a0] main playlist debug: nothing to play
[00000000014f9c80] main audio output debug: removing module "pulse"
[0000000001521900] qt interface debug: requesting exit...
[0000000001521900] qt interface debug: waiting for UI thread...
[0000000001521900] qt interface debug: IM: Deleting the input
[00000000014433b0] main libvlc debug: exiting
[0000000001521900] qt interface debug: QApp exec() finished
[0000000001521900] qt interface debug: Video is not needed anymore
[0000000001521900] qt interface debug: Killing extension dialog provider
[0000000001521900] qt interface debug: ExtensionsDialogProvider is quitting...
[00007f2f588ff220] main generic debug: removing module "lua"
[0000000001520700] main interface debug: removing module "xcb_hotkeys"
[000000000151fc00] main interface debug: removing module "hotkeys"
[0000000001517170] main interface debug: removing module "dbus"
[00000000014d87a0] main playlist debug: destroying
[000000000151ccf0] main playlist export debug: saving media library to file /home/michel/snap/vlc/770/.local/share/vlc/ml.xspf.tmp13977
[000000000151ccf0] main playlist export debug: looking for playlist export module matching "export-xspf": 4 candidates
[000000000151ccf0] main playlist export debug: using playlist export module "export"
[000000000151ccf0] main playlist export debug: removing module "export"
[00000000014d87a0] main playlist debug: deleting item `Médiathèque'
[00000000014d87a0] main playlist debug: deleting item `?action=stream'
[00000000014d87a0] main playlist debug: deleting item `Liste de lecture'
[00000000014e4c10] main keystore debug: removing module "memory"
QObject::~QObject: Timers cannot be stopped from another thread
michel@hp:~$
The request is sent on to MJPG-Streamer but
nothing transpires. Since the reverse proxy does work with static pages, it
would appear that this has nothing to do with HTTPS. In any case, I obtained
a valid signed certificate from Let's Encrypt and that did nothing to improve the
problem.
Update. It turns out that the video is streamed in part and with
a considerable delay. While writing this last bit, I caught Firefox displaying the video stream through the proxy on a
local connection. So I restarted the stream and the delay before the first
images was about 13 minutes which is unacceptable by my reckoning.
Furthermore, after some time the stream freezes with half a frame showing. It
does not seem to want to restart on its own. This is becoming even more
strange!
I had hoped to get Lighttp 1.4.35 installed
on Rasbian Stretch which as shown can be done.
Its reverse proxy works with MJPG-Streamer.
Reverse proxy appears to work somewhat in version 1.4.45 of
Lighttp as obtained from the Stretch
repository. However there is a bug of some sort that makes streaming
video from MJPG-Streamer all but impossible.
Version 1.4.52 of Lighttp is available since
November 28, 2018. And I believe that proxy handling has changed since
version 1.4.50. But as far as I can tell, being at the bleeding edge would
mean installing from source. I am just not willing to spend more time on this
to see how that would work out. As often stated before, I think hosting a VPN
on the Raspberry Pi is a better solution.