On Linux, the default installation of Wowza Streaming Engine™ media server software 4.0 and later runs as the root user. If you want to run Wowza Streaming Engine as a different user, you need to create a new user and then configure the server to run as that new user.
Notes:
- For security, most Linux and Unix distributions only allow the root user to bind to port numbers lower than 1024. If you plan to run Wowza Streaming Engine on a lower-numbered port such as 80 (HTTP), 443 (HTTPS, RTMPS), or 554 (RTSP), then Wowza Streaming Engine must continue to run as the root user. However, Linux doesn't allow non-root users to start ports under 1024. To work around this, start Wowza Streaming Engine on port 1935, then redirect the port:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 1935
- Some Wowza Streaming Engine updates may replace these files. Back up any modified startup scripts before performing this update, and then carefully redo your changes after applying the update.
Linux configuration
Notes:
- You must be the root user in order to perform the following procedure.
- These instructions are for Wowza Streaming Engine 4.0.1. You may need to adjust the paths to suit the installation paths of your Wowza media server software version.
- Create a new user and group named wowza.
groupadd wowza useradd -g wowza wowza passwd wowza
- Change ownership and permissions on the Wowza Streaming Engine installation files. For example:
cd /usr/local chown -h wowza:wowza WowzaStreamingEngine chown -R wowza:wowza WowzaStreamingEngine-4.0.1 chmod -R 775 WowzaStreamingEngine-4.0.1 rm -f /var/run/WowzaStreamingEngine*
- Change the command that's used to start the server so that it runs as the new wowza user.
- Change directory to the /usr/local/WowzaStreamingEngine/bin directory.
- Edit the standalone startup script and remove or comment out the following lines:
# check for root access. If not, put up message and exit if [ "$(/usr/bin/id -u)" -ne "0" ] ; then echo "The Wowza Streaming Engine requires root access to start. Please run script again using sudo." exit fi
This allows any user to start Wowza Streaming Engine in standalone mode. To make it start as a specific user that is not the logged-in user, also make the following changes. To run the services as a specific user, skip to step 4.
- Locate the following line (line 43 in the Wowza Streaming Engine 4.0.1 startup.sh file) and add sudo -u wowza to the begining of the line. It should look like this:
sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap start
- To have the service run as a specific user, edit the service startup script wms.sh and locate the same line (currently line 29 in the Wowza Streaming Engine 4.0.1 wms.sh file), and then make the same change.
Note: The lines in each script are slightly different so don't copy and paste the entire line from one script to the other.sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="service" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap $WMSCOMMAND > /dev/null 2>&1 &
- When you use sudo to run a process, the returned process pid is the pid for sudo; it's not the pid for the Wowza process. To change this, locate the following:
if [ "$WMSCOMMAND" = "start" ]; then echo $! > ${WMSPIDFILE} wait $PID fiand change the code to look like the following:
if [ "$WMSCOMMAND" = "start" ]; then while [ -z "$WOWZA_PID" ] do WOWZA_PID=$(ps --no-headers -o pid --ppid $PID) done echo $WOWZA_PID > ${WMSPIDFILE} wait $! fiThis ensures that the pid that's saved will be the correct one, the one that will be needed to shut down the server later.
- Locate the following line and add sudo -u wowza to the beginning of the line:
sudo -u wowza $_EXECJAVA -cp "$WMSAPP_HOME/lib/slf4j-api-1.6.4.jar:$WMSAPP_HOME/lib/slf4j-log4j12-1.6.4.jar:$WMSAPP_HOME/lib/wms-xstream-1.4.5.jar:$WMSAPP_HOME/lib/wms-jax.validation.jar:$WMSAPP_HOME/lib/wms-core.jar:$WMSAPP_HOME/lib/bcprov-jdk15on-149.jar:$WMSAPP_HOME/lib/commons-lang-2.6.jar:$WMSAPP_HOME/lib/wms-license-rest.jar:$WMSAPP_HOME/lib/wms-rest.jar:$WMSAPP_HOME/lib/wms-server.jar:$WMSAPP_HOME/lib/wms-bootstrap.jar:$WMSAPP_HOME/lib/wms-restlet-2.1.6.jar:$WMSAPP_HOME/lib/wms-restlet-2.1.6.org.restlet.ext.simple.jar:$WMSAPP_HOME/lib/log4j-1.2.17.jar" -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" com.wowza.wms.standalone.rest.LicenseUpdateServer
- Allow the non-root user to set maximum number of open files.
The non-root user has system applied ulimit values. Wowza Streaming Engine 4.0 (or later) requires a specific value.
As the root user, edit /etc/security/limits.conf and add the following entries:
wowza soft nofile 20000 wowza hard nofile 20000
This assumes the non-root user is wowza.
-
Allow the use of sudo without a tty
To allow the use of sudo during system startup we need to allow it to start a shell without a tty (for example, a display).
As the root user run this command: visudo
Find the line beginningDefaults requiretty
and comment it out
#Defaults requiretty
- Start Wowza Streaming Engine in standalone or service mode, and then verify that it's running as the user wowza by opening Terminal and executing the command ps -ja to see the list of running processes.
- Change directory to the /usr/local/WowzaStreamingEngine/bin directory.
- To make the manager run as the same user, navigate to the /usr/local/WowzaStreamingEngine/manager/bin folder and edit startmgr.sh.
- Locate the following lines:
if [ "$WMSMGRCOMMAND" = "start" ]; then $RUNCMD $CMD $BACKGRND & else $CMD fiand change them to the following:
if [ "$WMSMGRCOMMAND" = "start" ]; then $RUNCMD sudo -u wowza $CMD $BACKGRND & else sudo -u wowza $CMD fiThe first line controls how the service is run and the second controls how standalone mode is run.
- You also need to make the same changes for the main Wowza Streaming Engine service so that the Wowza Streaming Engine Manager service pid is saved correctly. Locate the following lines:
# Linux if [ "$WMSMGRCOMMAND" = "start" ]; then echo $! > ${WMSMGRPID_FILE} wait $PID fiand change them to the following:
# Linux if [ "$WMSMGRCOMMAND" = "start" ]; then while [ -z "$WOWZA_PID" ] do WOWZA_PID=$(ps --no-headers -o pid --ppid $PID) done echo $WOWZA_PID > ${WMSMGRPID_FILE} wait $PID fi - Modify the Wowza Streaming Engine Manager startup script to set the values of WMSMGRPID_FILE and WMSMGRLOCK_FILE to a location that is writeable to a non-root user.
Edit /usr/local/WowzaStreamingEngine/manager/bin/WowzaStreamingEngineManager (this is symlinked at /etc/init.d/WowzaStreamingEngineManager)
Find the definition of the variables:
WMSMGRPID_FILE="/var/run/$WMSMGRBASE_NAME.pid" WMSMGRLOCK_FILE="/var/run/$WMSMGRBASE_NAME"
Modify the file path to somewhere that the non-root user can write to:
WMSMGRPID_FILE="/tmp/$WMSMGRBASE_NAME.pid" WMSMGRLOCK_FILE="/tmp/$WMSMGRBASE_NAME"
- Start Wowza Streaming Engine Manager in standalone or service mode and verify that it's running as the user wowza by opening Terminal and executing the command ps -ja to see the list of running processes.
- Locate the following lines:
Note: You may need to edit /etc/sudoers to comment out the Defaults requiretty.
