HTTP providers are lightweight applications that provide an HTTP interface to information about Wowza Streaming Engine™ media server software instances. Wowza Streaming Engine ships with a handful of built-in HTTP providers; you can create custom providers as well. This article describes how HTTP providers are configured and lists the HTTP providers that come with Wowza Streaming Engine.
About HTTP providers
HTTP providers let you see information about Wowza Streaming Engine through an HTTP interface (web page). HTTP providers are configured on a per-port basis in [install-dir]/conf/VHost.xml. An individual HTTP provider can be protected by a user name and password. Multiple HTTP providers can be attached to a single port, and a specific HTTP provider can be selected based on a request filter.
Note: Starting with Wowza Streaming Engine 4.5.0, HTTP providers can host WebSocket sessions for sending asynchronous, bi-directional information to and from Wowza Streaming Engine.
HTTP provider configuration
In VHost.xml, each HTTP provider has four specified properties: BaseClass, RequestFilters, AuthenticationMethod, and PasswordEncodingScheme. For example:
<HTTPProvider> <BaseClass>com.wowza.wms.http.HTTPServerInfoXML</BaseClass> <RequestFilters>serverinfo*</RequestFilters> <AuthenticationMethod>admin-digest</AuthenticationMethod> <PasswordEncodingScheme>sha256</PasswordEncodingScheme> </HTTPProvider>
Where:
- BaseClass is the fully qualified path of the class that overrides the HTTPProvider2Base class and implements the IHTTPProvider interface.
- RequestFilters is list of filters, separated by a pipe ( | ) character, that control when the provider is invoked, based on the HTTP request path. In this example, the request filter is only invoked if the path string in the HTTP request URL starts with serverinfo, for example, http://[wowza-ip-address]:8086/serverinfo.
- AuthenticationMethod specifies the authentication method that's used to control access to the HTTP provider. Valid values are admin-basic, admin-digest, admin-file-digest, and none.
Note: Due to potential vulnerabilities with MD5, we recommend using sha256 with Wowza Streaming Engine.
- admin-basic applies Base64 encoding to the administrator's username and password as they're transmitted in the HTTP request. But although the credentials are encoded, they're not encrypted. As a result, basic HTTP authentication isn't considered secure unless it's used with HTTP over SSL (HTTPS).
- admin-digest uses either md5 or sha256 encryption. An md5 or sha256 hash encodes (digests) a password string into 128 or 256 bits. By default, user names and passwords for admin-digest authentication are stored in the [install-dir]/conf/admin.password file.
- admin-file-digest uses either md5 or sha256 encryption.
- none allows all access to the provider.
- PasswordEncodingScheme sets the encryption method for the password. The valid values are md5 or sha56.
Usernames and passwords
- Wowza Streaming Engine 4.8.8.01 and later allows passwords in the admin.password file to be encoded using md5 or bcrypt hash functions.
- In 4.8.19, Wowza Streaming Engine introduced support for sha256 encryption. The HTTP provider authentication method must be compatible with the password encoding method. For more information, see Manage users with the Wowza Streaming Engine CLI password tool.
The following table lists the available authentication methods and the password encoding method that each supports:
Note: Due to potential vulnerabilities with MD5, we recommend using sha256 with Wowza Streaming Engine.
Authentication method | Password encoding method |
---|---|
admin-basic | plaintext, bcrypt |
admin-digest | md5, sha256 |
admin-file-digest | md5, sha256 |
none | N/A |
Note: Starting in Wowza Streaming Engine 4.5.0, you can specify a custom location to store usernames and passwords for admin-digest authentication. To do this, open the [install-dir]/conf/VHost.xml file in a text editor and then add the passwordFile property to the HTTP provider configuration. For example:<HTTPProvider>
<BaseClass>com.wowza.wms.http.HTTPServerInfoXML</BaseClass>
<RequestFilters>serverinfo*</RequestFilters>
<AuthenticationMethod>admin-digest</AuthenticationMethod>
<PasswordEncodingScheme>sha256</PasswordEncodingScheme>
<Properties>
<Property>
<Name>passwordFile</Name>
<Value>${com.wowza.wms.context.VHostConfigHome}/conf/myPasswordFile.txt</Value>
</Property>
</Properties>
</HTTPProvider>
Built-in HTTP providers
Wowza Streaming Engine includes these built-in HTTP providers in VHost.xml.
HTTP provider | Base Class | Description |
HTTPConnectionCountsXML | com.wowza.wms.http.HTTPConnectionCountsXML | Returns connection information in XML format at http://[wowza-ip-address]:8086/connectioncounts. |
HTTPConnectionInfo | com.wowza.wms.http.HTTPConnectionInfo | Returns detailed connection information in XML format at http://[wowza-ip-address]:8086/connectioninfo. |
HTTPProviderMediaList | com.wowza.wms.http.HTTPProviderMediaList | Dynamically generates adaptive bitrate manifests and playlists from SMIL data. |
HTTPServerInfoXML | com.wowza.wms.http.HTTPServerInfoXML | Returns detailed server and connection information in XML format at http://[wowza-ip-address]:8086/serverinfo. |
HTTPServerVersion | com.wowza.wms.http.HTTPServerVersion | Returns the Wowza Streaming Engine version and build number at http://[wowza-ip-address]:1935/ServerVersion. It's the default HTTP provider on port 1935. |
HTTPTranscoderThumbnail | com.wowza.wms.http.HTTPTranscoderThumbnail | Returns a bitmap image from the source stream being transcoded. Available at http://[wowza-ip-address]:8086/transcoderthumbnail?application=[applicationname]&streamname=[stream-name]&format=[jpeg or png]&size=[widthxheight]. |
Custom HTTP providers
In addition to using Wowza Streaming Engine's built-in HTTP providers, you can create your own. For instructions and a basic example, see Create an HTTP provider with the Wowza Streaming Engine Java API.