Failed to publish a HLS stream via the nginx HTTPS server with ffmpeg.

Francis Daly francis at
Thu Feb 4 10:16:42 UTC 2021

On Thu, Feb 04, 2021 at 10:25:08AM +0800, Hongyi Zhao wrote:
> On Thu, Feb 4, 2021 at 10:03 AM Maxim Dounin <mdounin at> wrote:

Hi there,

> # Watch the stream:
> # http:
> $ ffplay http://localhost:8000/live/surveillance.m3u8
> # https:
> $ ffplay https://localhost:8443/live/surveillance.m3u8

You report that "ffplay" successfully plays both http and https streams.

That suggests that the nginx side is fundamentally good.

> But I still failed to watch the stream with HTTP or HTTPS protocol
> using VLC player as shown below:
> $ cvlc https://localhost:8443/live/surveillance.m3u8
> VLC media player Vetinari (revision

> [00007f55a40024b0] gnutls tls client error: Certificate verification
> failure: The certificate is NOT trusted. The certificate issuer is
> unknown. The certificate chain uses expired certificate. The name in
> the certificate does not match the expected.

Your "cvlc" client fails to play the https stream because that client
does not like this certificate.

Tell the client to accept your certificate; or change your certificate
to one that both clients will accept. No obvious nginx-side changes
needed here.

> $ cvlc http://localhost:8000/live/surveillance.m3u8
> VLC media player Vetinari (revision

> [00007fd7e8001610] http stream error: cannot resolve localhost: Name
> or service not known

Here the cvlc client reports that it cannot resolve the name
localhost. Your ffplay client could resolve that name; what is different
about cvlc?

> [00007fd7e8001610] main stream error: cannot resolve localhost port
> 844000 : Name or service not known
> [00007fd7e8001610] http stream error: cannot connect to localhost:844000

And here it reports that it is trying to connect to port 844000 instead
of the 8000 that is in the request that you showed.

> [00007fd7f4000c80] main input error: VLC is unable to open the MRL
> 'http://localhost:844000/live/surveillance.m3u8'. Check the log for
> details.

What part of the system turned

"cvlc http://localhost:8000/live/surveillance.m3u8" into a request for

Perhaps "tcpdump" the port-8000 traffic to see if there is something
about 844000 in the response? The "ffplay" output did not indicate any
issue like that, though.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list