Value
The Adaptor.xml file is the configuration file for individual network adaptors. It determines the number of threads that can be used by the adaptor, the communications ports the adaptor binds to, and the IP addresses or domains from which the adaptor can accept connections.
You can also implement SSL with the Adaptor.xml file, if you want to use different digital certificates for different adaptors.
Each adaptor has its own directory inside the server’s conf directory. The name of the directory is the name of the adaptor. Each adaptor directory must contain an Adaptor.xml file. For example, the default adaptor included with the server at installation is named _defaultRoot _and its directory is found in the conf/ directory. To change an adaptor’s settings, edit the elements in its Adaptor.xml file.
To see the element structure and default values in the Adaptor.xml file, see the RootInstall/conf/_defaultRoot_/Adaptor.xml file.
Adaptor
Root element. Contains all the elements in the Adaptor.xml file.
Allow
A comma-delimited list of host names, domain names, and/or full or partial IP addresses from which clients can connect to the server.
Example
<Allow>foo.yourcompany.com, adobe.com, 10.60.1.133, 10.60</Allow>
See also
Deny
A comma-delimited list of host names, domain names, and/or full or partial IP addresses from which clients cannot connect to the server.
Example
<Deny>foo.yourcompany.com, adobe.com, 10.60.1.133, 10.60</Deny>
See also
Edge
Container element.
Contains elements that specify an edge to configure for HTTP tunnelling. Edges are defined in HostPort elements in the HostPortList container. Each edge can have different HTTPTunnel configurations.
Attribute
name
A name identifying an edge. Use the name specified in the HostPort element.
Contained elements
Enable
Specifies whether or not to allow HTTP tunnelling connections.
These are the possible values for the Enable element:
|
Description |
true |
Allow all HTTP tunnelling connections. This is the default value. |
false |
Disallow all HTTP tunnelling connections. |
http1.1only |
Allow only HTTP 1.1 tunnelling connections. |
keepalive |
Allow HTTP 1.1 or HTTP 1.0 keepalive connections. |
Only one application can use a port at a time. For example, if you configure Adobe Media Server to use port 80 for HTTP tunnelling, the web server cannot use port 80.
Example
<Enable>true</Enable>
See also
EnableAltVhost
Determines whether an alternative virtual host may be specified as a part of the RTMP URL as query parameter rtmp://host1/app/?_fcs_vhost=host2. This does not apply to administrative connections, which are always on by default. The default value is false.
<EnableAltVhost>false</EnableAltVhost>
See also
Host
Redirects unknown requests to an external server.
See also
HostPort
Specifies to which IP address and port(s) an adaptor binds. If you want to bind an adaptor to multiple IP addresses, add a HostPort element for each IP address. The format is IP:port,port,...,port. To bind to any IP address, don’t specify anything in front of the colon.
This element is exposed as the ADAPTOR.HOSTPORT parameter in the RootInstall/conf/ams.ini file. The default value is :1935,80,-443. This value instructs the adaptor to bind to any IP address on ports 1935, 80, and 443, where 443 is designated as a secure port that will only receive RTMPS connections.
When assigning port numbers, keep in mind the following:
There is a risk in assigning more than one adaptor to listen on the same IP:port pair. If another process tries to bind to the same IP:port combination, a conflict results. To resolve this conflict, the first adaptor to bind to the specified HostPort wins. Adobe Media Server logs a warning in the Access log file indicating that the specified IP:port is in use.
Only one application can use a port at a time. For example, if you configure Adobe Media Server to use port 80 for HTTP tunnelling, the web server cannot use port 80.
Attributes
name
A name to identify this HostPort element. If there are multiple HostPort elements, each must have a different name.
ctl_channel
The internal port that an AMSEdge (amsedge in Linux) process listens on. When an AMSCore process is started (amscore in Linux), it connects to an AMSEdge process on this internal port to establish a control channel. Each HostPort element corresponds to an AMSEdge process. If there are multiple HostPort elements, each must have a different ctl_channel.
Example
The following HostPort value instructs the adaptor to bind to the IP address 127.0.0.1 on ports 1935, 80, and 443, where 443 is designated as a secure port that will only receive RTMPS connections. (A port is marked as secure by specifying a minus sign in front of the port number.) RTMPS connection attempts to ports 1935 or 80 will not succeed. The client will attempt to perform an SSL handshake that the server will fail to complete. Similarly, a regular RTMP connection to port 443 fails because the server tries to perform an SSL handshake that the client fails to complete.
<HostPort>127.0.0.1:1935,80,-443</HostPort>
If there is no colon in the HostPort value, or there is a colon with no ports specified, the data is assumed to be an IP address and binds to port 1935. The following values instruct the adaptor to bind to IP 127.0.0.1 on port 1935:
<HostPort>127.0.0.1</HostPort> <HostPort>127.0.0.1:</HostPort>
See also
HostPortList
Container element.
The elements in this container list HostPort elements associated with this adaptor.
Example
<HostPortList> <HostPort name="edge1" ctl_channel=":19350">${ADAPTOR.HOSTPORT}</HostPort> <HostPort name="edge2" ctl_channel=":19351">:1936,-444</HostPort> </HostPortList>
Contained elements
HTTPIdent
Configures the server to respond to or reject an HTTP identification request from a client. For a response to be returned, the HTTPIdent function must be enabled and the client must do a POST or GET for the "/fcs/ident" resource.
When the server receives an HTTP Identification request, it logs the request to the edge.xx.log file.
Attributes
enable
A Boolean value specifying whether the server responds to an HTTP identification request (true) or not (false). The default value is false. When the enable attribute is set to true, all elements in the HTTPIdent section are returned as a response. The entire response is enclosed in <FCS></FCS> elements, which are added by the server. If the HTTPIdent function is enabled but no content is specified, the <FCS></FCS> response is returned without content.
Example
<HTTPIdent enable="true"> <Company>Adobe System Inc</Company> <Team>Adobe Media Server</Team> </HTTPIdent>
The following is an example request:
http://serverIP:1935/fcs/ident
The following is an example response:
<fcs> <Company>Adobe System Inc</Company> <Team>Adobe Media Server</Team> </fcs>
See also
HTTPIdent2
Configures the server to respond to or reject a special HTTP request from the client before the client attempts to make a RTMPT connection to Adobe Media Server. For a response to be returned, the HTTPIdent2 function must be enabled. This function is available when using Flash Player Update 3 or later.
RTMPT (Tunnelled Real-Time Messaging Protocol) can have difficulties working with load balancers. If a single RTMPT session consists of multiple socket connections, each connection may be sent to any one of many Adobe Media Servers behind load balancers. This causes the session to be split across machines. Using <HTTPIdent2> enables Flash Player to send a special HTTP request before connecting to Adobe Media Server.
Attributes
enabled
A Boolean value specifying whether the server responds to a special HTTP identification request before making a RTMPT connection (true) or not (false). This feature is enabled by default, even if the <HTTPIdent2> tag or the enabled attribute is missing. The IP address can be explicitly configured and does not need to be the IP of the Adobe Media Server machine. (This allows RTMPT connections to be redirected to a different server.) If the tag is left empty, the IP address is determined automatically.
If you are running Adobe Media Server on Linux and have enabled IPv6 but are using an IPv4 hostname (a hostname that resolves to IPv4), then use this tag to resolve RTMPTE and RTMPE connections more quickly: either set the enabled attribute to false or set it to true and set the value of the tag to the IP address to which you’re connecting.
Example
<HTTPIdent2 enabled="true">10.133.128.71</HTTPIdent2>
See also
HTTPNull
Configures the server to respond to or reject an HTTP GET request for the “/” resource from a client. When the enable attribute is set to true, an HTTP 404 response is sent in response to an HTTP GET request. By default, the HTTPNull function is disabled.
If HTTPNull is disabled and the webserver is enabled, requests for the "/" resource are passed to the webserver.
Attributes
enable
A Boolean value. The default value is false.
Example
<HTTPNull enable="false">
HttpProxy
Specifies whether the server proxies unknown requests to an external server. For proxying to work, HTTPTunnel/Enable must be set to true.
Request proxying to a specific host can be further controlled based upon port on which the request arrived. Flow control kicks in when the buffer in either direction fills up, automatically handling the case when producers and consumers differ widely in bandwidth.
Attributes
enable
A Boolean value. The default value is true.
maxbuf
The size of the io buffers. The default value is 16384.
Example
In the default Adaptor.xml file, the value of the Host element is a variable from the ams.ini file. You can set the value of HTTPPROXY.HOST in the ams.ini file, or replace the variable in the Adaptor.xml file. The following is from the default Adaptor.xml file:
<HttpProxy enable="true" maxbuf="16384"> <Host port="80">${HTTPPROXY.HOST}</Host> </HttpProxy>
The IP address and port to which the server proxies unknown HTTP requests.HTTPPROXY.HOST = webfarm.example.com:80
If you do not specify an IP address or domain name, the server uses a localhost port, as in the following:
HTTPPROXY.HOST = :8134
HTTPTunnel
Container element.
The elements in this section configure the incoming HTTP tunnelling connections to the adaptor. You can use the contained Edge element to configure each edge individually.
Contained elements
HTTPUserInfo
Container element.
The elements in this section configure the absolute path to XML files and the cache settings.
Contained elements
IdleAckInterval
Specifies the maximum time in milliseconds the server waits before it sends an acknowledgement code for a client idle post. An acknowledgement code is a transmission control character used to indicate that a transmitted message was received uncorrupted and without errors, and that the receiving server is ready to accept transmissions. The default value is 512 milliseconds, which provides medium latency.
The values for this element and the IdlePostInterval element affect the latency observed by a client tunnelling into the server. These elements should be configured at the same time.
Lower values reduce latency but increase the network bandwidth overhead. Applications desiring low latency may configure the combination of values 128/256 for the IdlePostInterval and IdleAckInterval elements. For applications not sensitive to high latencies, use the combination 1024/2048.
<IdleAckInterval>512</IdleAckInterval>
See also
IdlePostInterval
Specifies the interval in milliseconds at which the client sends idle posts to the server to indicate that Flash Player has no data to send.
The default settings for the IdleAckInterval and IdlePostInterval elements provide medium latency and are set to 512/512 milliseconds.
Low values reduce the latency but increase the network bandwidth overhead. Applications desiring low latency may configure the combination of values 128/256 for IdlePostInterval and IdleAckInterval elements. Applications that do not have high latencies can use the configuration 1024/2048.
Example
<IdlePostInterval>512</IdlePostInterval>
See also
IdleTimeout
Specifies the maximum inactivity time, in seconds, for a tunnel session before it is closed.
When a client using HTTP tunnelling disconnects unexpectedly, their session may remain open for a long period of time after disconnecting. The value of IdleTimeout indicates the maximum time, in seconds, that such a session may remain idle before it will be automatically disconnected. An IdleTimeout of -1 indicates that idle tunnel sessions will not be disconnected. The default setting for IdleTimeout is 8 seconds. Values that are too low may cause clients with very high latencies to become disconnected. Values that are too high may result in disconnected sessions consuming server resources for longer than necessary.
Example
<IdleTimeout>8</IdleTimeout>
See also
MaxFailures
Specifies the maximum number of failures an edge server may incur before it restarts.
The default number of failures is 2.
Example
<MaxFailures>2</MaxFailures>
See also
MaxHeaderLineLength
The maximum size of an HTTP header line, in bytes, that the server can accept. The default value is 8192. To accept longer header lines, increase this value.
See also
MaxPipelinedRequests
Configures the maximum number of requests Flash Player will allow to be pipelined. The value must be greater than or equal to 1.
The default value is 5.
Example
<MaxPipelinedRequests>6</MaxPipelinedRequests>
MaxSize
Specifies the maximum number of HTTP requests the server keeps in the cache. When the cache size reaches the maximum size, the server reduces the cache. By default, the value is 100.
Example
<MaxSize>100</MaxSize>
See also
MimeType
Specifies the default MIME (Multi-purpose Internet Mail Extensions) type header sent on tunnel responses.
The server generally uses the MIME type specified by the incoming requests. The server uses the entry for the MIMEType element only if it is unable to determine the MIME type from the incoming requests.
Example
<MimeType>application/x-fcs</Mimetype>
See also
NeedClose
A Boolean value specifying whether or not HTTP 1.0 non-keepalive connections are closed once the response is written. The default value is true, which closes the connections.
Example
<NeedClose>true</NeedClose>
NodeID
Specifies a unique node identification that supports the implementation of load balancers.
If the NodeID element is used, a following string of up to nine characters is prefixed to the tunnel session IDs and can be used by the load balancers to uniquely identify each node in the cluster.
The ID must contain URL-safe characters: alphanumerical A-Z, a-z, and 0-9, and the special characters $-_.+!*'()
See also
Order
Specifies the sequence in which the server evaluates the Allow and Deny elements. The following is the default sequence:
<Order>Allow,Deny</Order>
The default sequence indicates that access to a server is denied unless it is specified in the Allow element.
The alternative sequence Deny,Allow indicates that access to a server is allowed unless specified in the Deny element and not specified in the Allow element.
Example
The following is the default sequence:
<Order>Allow,Deny</Order>
See also
Path
Specifies the absolute path of the folder where the server looks for XML files. By default, it is set to uInfo/ in the Adobe Media Server installation directory.
See also
RecoveryTime
Specifies the number of seconds an edge server waits before restarting after a failure.
When an edge server fails, it waits for the interval specified here before it restarts. The wait time is specified in seconds.
The number of failures is specified by the MaxFailures element.
Example
<RecoveryTime>30</RecoveryTime>
See also
Redirect
Specifies whether or not the adaptor redirects unknown requests to an external server.
For redirection to work, HTTP tunnelling must be enabled.
An unknown request may connect only when it is the first request on a newly accepted connection. At any other time, the request is considered an error and the connection is closed.
The maxbuf attribute determines how big the IO buffers are. Flow control automatically handles the request when the bandwidth resources for producers and consumers differ widely. Flow control begins when the buffer in either direction fills up.
Example
This example instructs the server to redirect unknown requests to the specified redirect host.
<Redirect enable="false" maxbuf="16384"> <Host port="80">:8080</Host> <Host port="443">:8443</Host> </Redirect>
See also
ResourceLimits
Container element.
The elements in this container configure the resource limits for the edge server.
Contained elements
RTMP
Container element.
The elements in this container determine whether encrypted RTMP (RTMPE) and encrypted tunnelling RTMP (RTMPTE) can be used.
Contained elements
RTMPE
Specifies whether encrypted RTMP (RTMPE) can be used. RTMPE is the encrypted RTMP protocol covering both RTMPE and RTMPTE. This element is enabled by default; setting enabled to false will not allow RTMPE or RTMPTE on this adaptor.
Example
<RTMPE enabled="true"></RTMPE>
See also
SetCookie
Specifies whether or not the server sets a cookie.
If the server does not have an externally visible IP address, then for HTTP tunnelling to work, you should enable cookies when you deploy servers behind a load balancer. The load balancer checks the cookie and sends requests with this cookie to the same server. Keep in mind that the cookie adds to the HTTP header size and increases the bandwidth overhead.
For tunnelling connections, cookies are currently supported only on Flash Player 9.0.28 or later, in Windows only.
Example
<SetCookie>false</SetCookie>
See also
SSL
Container element.
The elements in this section configure the incoming connections via the Secure Sockets Layer protocol, known as SSL. The SSL elements in Adaptor.xml configure the server to act as an SSL-enabled server to accept incoming SSL connections.
You need to acquire a digital certificate to use SSL. Once you get your SSL certificate through a certificate authority, such as Verisign, or by creating it yourself with a product such as OpenSSL, you then use the SSL elements to configure the server for SSL.
The following is a quick start to allowing SSL-enabled connections to the server:
to the SSL section of the Adaptor.xml file.
Specify the location of the certificate in the SSLCertificateFile element.
Specify where to find the associated private key file in the SSLCertificateKeyFile element.
If the private key file is encrypted, specify the passphrase to use for decrypting the private key file in the SSLPassPhrase element.
Save the modified Adaptor.xml file.
Contained elements
SSLCertificateFile
Specifies the location of the certificate to return to clients who want to make a secure connection to the server.
If an absolute path is not specified, the certificate location is assumed to be relative to the adaptor directory.
Example
<SSLCertificateFile>c:\myCertFile</SSLCertificateFile>
See also
SSLCertificateKeyFile
This specifies the location of the private key file that corresponds to the public key in the certificate specified in SSLCertificateFile element.
If this file is encrypted, a password must be specified for decrypting and placed in the SSLPassPhrase element described below. If an absolute path to the key file is not specified, it is assumed to be relative to the adaptor directory.
Example
<SSLCertificateKeyFile type="PEM"></SSLCertificateKeyFile>
The type attribute specifies the type of encoding used for the certificate key file. The encryption format is either PEM (Privacy Enhanced Mail) or ASN1 (Abstract Syntax Notation 1). The default is PEM.
See also
SSLCipherSuite
Specifies the suite of encryption ciphers that the server uses to secure incoming connections.
This element contains a list of colon-delimited components. A component can be a key exchange algorithm, authentication method, encryption method, digest type, or one of a selected number of aliases for common groupings.
Contact Adobe Support before changing the default settings as listed in this example.
Example
<SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
See also
SSLPassPhrase
Specifies the passphrase to use for encrypting the private key file.
Specifies the password to use for decrypting the key file if the key file is encrypted. If the key file is not encrypted, this element is left blank.
To prevent plain text passwords from appearing in the configuration file, encode the password in base64 format and set the encrypt attribute to true.
Example
<SSLPassPhrase encrypt="true">dGluY2Fu</SSLPassPhrase>
The encrypted password is equivalent to the plain text format:
<SSLPassPhrase>tincan</SSLPassPhrase>
or
<SSLPassPhrase encrypt="false" >tincan</SSLPassPhrase>
Even though the element attribute is named "encrypt", it is not a true encryption. It is a base64 encoding that makes the password less readable.
See also
SSLServerCtx
Container element.
The elements in this section control the incoming SSL configuration for this adaptor.
Contained elements
SSLSessionTimeout
Specifies in minutes how long a SSL-based session remains valid. The default time period is 5 minutes.
SSL sessions are used to improve performance by avoiding the need to perform the full SSL handshake for every connection. When a client connects to a server for the first time, it must perform the full handshake. After that first handshake, the server sends back a session object to the client, which the client can place in the cache and reuse at a later time.
If the client connects to the same server again at a later time, it can send back the cached session object. The server does not require the full SSL handshake if the session is still valid.
Example
<SSLSessionTimeout>5</SSLTimeout>
See also
SSLVerifyClient
Sets the certificate verifcation level for client authentication. The following are valid levels:
none
Server does not send request for client certificate.
optional
The client may send a certificate. If sent, it is checked. If certificate verification fails, TLS/SSL handshake is immediately terminated.
required
Server sends a request for a client certificate. If the client does not send one, TLS/SSL handshake is immediately terminated.
optional_no_ca
Server sends a request for a client cert. But the certificate need not be successfully verifiable. This should not be used in a production deployment, but can be useful for testing/debugging purposes.
The default value is none. The log attribute specifies whether or not to log when client certificate verification passes or fails.
Example
<SSLVerifyClient log="false">none</SSLVerifyClient>
SSLVerifyDepth
The maximum depth of CA certificates allowed in client certificate verification. The value 0 indicates that only self-signed certificates are accepted. The default value is 9.
UpdateInterval
Specifies how often the server refreshes the cache content, in milliseconds. By default, the value is 5000 milliseconds.
Example
<UpdateInterval>5000</UpdateInterval>
See also
WriteBufferSize
Specifies the size of the write buffer in kilobytes. The default size is 16 KB.
Example
<WriteBufferSize>16</WriteBufferSize>
See also