Manage HLS playback over SSL for Wowza CDN on Fastly with the Wowza Video REST API

When you broadcast an HLS stream using the Wowza Video™ service, you have complete control over whether or not Secure Socket Layer (SSL) is used to establish a handshake for encrypting the HTTP connections that deliver the stream to viewers. By default, Wowza Video uses relative playlists, which allows streams to be played over HTTP or HTTPS—or both. This provides the greatest flexibility for your viewers. You can, however, require that viewers watch a live stream over HTTPS. Requiring viewers to watch a stream over HTTPS ensures an encrypted connection during playback.

Before you start

You should complete the following tasks:

  • Create a live stream or a transcoder . You'll need the resulting stream_targets_id if you would like to deliver a HLS stream for playback over HTTPS only. View our connect a source topics to learn how to create a live stream or transcoder.

You should choose between the following two workflows:

About SSL playback from Wowza CDN on Fastly stream targets

Live streams delivered from Wowza Video travel across the Internet in two stages to reach their audiences. After Wowza Video transcodes (or passes through) the encoded live source video, it sends the stream to geographically distributed servers called stream targets. Those Wowza CDN on Fastly targets then deliver the live stream to viewers, such as through a hosted webpage or a direct playback URL.

Wowza Video uses the HTTP protocol to make these two outbound network transfers, delivering streams for playback over HLS. For this HTTP delivery, Wowza Video generates a relative playlist, which means that the stream can be viewed over HTTP or HTTPS. The viewer is not restricted to the secured or unsecured protocol.

When you choose to deliver a live stream via Wowza CDN on Fastly stream targets, you can enjoy the default flexibility of relative playlists, or you can control whether the viewer has to use HTTPS to watch the stream.

Live stream workflow

Live stream workflow

Play HLS over HTTP or HTTPS

Depending on how you want to make the stream available, do one of the following using details from the live stream:

  • Use the HLS playback URL returned as the hls_playback_url value to play the stream in a browser or player that supports HLS. Although the playback URL appears as HTTPS, the playback URL can also be accessed using HTTP.
    For example:
    https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8
  • The hosted page can only be viewed using HTTPS.
    For example:
    https://player.video.wowza.com/hosted/[player_id]/player.html
  • If you want to include the stream on an external website (HTTP or HTTPS), use the embed_code value in the player object, which uses a relative URL in the JavaScript call for the player.
    For example:
    <div id='wowza_player'></div><script id='player_embed' src='//player.video.wowza.com/hosted/[player_id]/wowza.js' type='text/javascript'></script>

Deliver an HLS stream for playback over HTTPS only

You can require SSL for HLS playback if desired. This ensures that viewer clients connect securely to view the stream over HTTPS.

  1. Update the Wowza CDN on Fastly targets associated with your live stream to enable force_ssl_playback .

    You can use the following sample request, making sure to:

    • Set force_ssl_playback to true.
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference

    Copy
    Copied
    curl -X PATCH \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${WV_JWT}" \
    -d '{ 
       "stream_target_fastly": { 
         "force_ssl_playback": true 
        } 
    }' "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly/{stream_target_id}"

    Sample response

    Copy
    Copied
    {    
      "stream_target_fastly": {      
        "id": "abc1234",
        "name": "MyLiveStream / Stream Target",
        "state": "activated",
         ...
        "force_ssl_playback": true,      
         ...
      } 
    
    } 
  2. Configure the relativePlaylist property to deliver an HLS stream for playback over HTTPS only.

    Configure the relativePlaylist property to send the stream's chunklists from the target to the player with HTTPS as the protocol prefix.

    You can use the following sample request, making sure to:

    • Set key to relativePlaylists
    • Set section to playlist
    • Set value to false.
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference

    Copy
    Copied
    curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${WV_JWT}" \
    -d '{   
      "property": {     
      "key": "relativePlaylists",     
      "section": "playlist",     
      "value": false  
      } 
    }' "${WV_HOST}/api/${WV_VERSION}/stream_targets/[stream_target_id]/properties"

    Sample response

    Copy
    Copied
    {    
      "property": {      
        "key": "relativePlaylists",      
        "section": "playlist",      
        "value": false 
      } 
    
    } 
  3. Playback over HTTPS only

Do one of the following for playback over HTTPS only, depending on how you want to make your live stream available:

  • Use the HLS playback URL returned as the hls_playback_url value in the player object to play the stream in a browser or player that supports HLS. The playback URL can only be accessed using HTTPS.
    For example:
    https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8
  • The hosted page can only be viewed using HTTPS.
    For example:
    https://player.video.wowza.com/hosted/[player_id]/player.html
  • If you want to include the stream on an external website (HTTPS), use the embed_code value in the player object, which uses a relative URL in the JavaScript call for the player.
    For example:
    Copy
    Copied
    <div id='wowza_player'></div><script id='player_embed'
    src='//player.video.wowza.com/hosted/[player_id]/wowza.js'
    type='text/javascript'></script>

More resources

Transcoder workflow

Transcoder workflow

Play HLS over HTTP or HTTPS

For the playback_url, refer to hls in the playback_urls returned in the stream target details. Use this URL to play the stream in a browser or player that supports HLS. Although the playback URL appears as HTTPS, the playback URL can also be accessed using HTTP.

For example:
https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8

Deliver an HLS stream for playback over HTTPS only

You can require SSL for HLS playback, if desired. This ensures that viewer clients connect securely to view the stream over HTTPS.

  1. Update the Wowza CDN on Fastly targets associated with your transcoder to enable force_ssl_playback .

    You can use the following sample request, making sure to:

    • Set force_ssl_playback to true.
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference

    Copy
    Copied
    curl -X PATCH \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${WV_JWT}" \
    -d '{ 
       "stream_target_fastly": { 
         "force_ssl_playback": true 
        } 
    }' "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly/{stream_target_id}"

    Sample response

    Copy
    Copied
    {    
      "stream_target_fastly": {      
        "id": "abc1234",
        "name": "MyTranscoder / Stream Target",
        "state": "activated",
         ...
        "force_ssl_playback": true,      
         ...
      } 
    
    }
  2. Configure the relativePlaylist property to send the stream's chunklists from the target to the player with HTTPS as the protocol prefix.

    You can use the following sample request, making sure to:

    • Set key to relativePlaylists
    • Set section to playlist
    • Set value to false
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference

    Copy
    Copied
    curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${WV_JWT}" \
    -H "wsc-timestamp: [timestamp]" \
    -H "wsc-signature: [signature]" \
    -d '{   
      "property": {     
      "key": "relativePlaylists",     
      "section": "playlist",     
      "value": false  
      } 
    }' "${WV_HOST}/api/${WV_VERSION}/stream_targets/[stream_target_id]/properties"

    Sample response

    Copy
    Copied
    {    
      "property": {      
        "key": "relativePlaylists",      
        "section": "playlist",      
        "value": false 
      } 
    
    } 

    For more information about configuring stream target properties and related requests, see How to set advanced properties using the Wowza Video REST API.

  3. Playback over HTTPS only

    For the playback over HTTPS only, refer to hls in the playback_urls object returned in the stream target details. Use this URL to play the stream in a browser or player that supports HLS. The playback URL can only be accessed using HTTPS.
    For example:
    https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8

More resources