Detailed instructions for use are in the User's Guide.
[. . . ] Managing Flash Media Server
Trademarks 1 Step RoboPDF, ActiveEdit, ActiveTest, Authorware, Blue Sky Software, Blue Sky, Breeze, Breezo, Captivate, Central, ColdFusion, Contribute, Database Explorer, Director, Dreamweaver, Fireworks, Flash, FlashCast, FlashHelp, Flash Lite, FlashPaper, Flash Video Encoder, Flex, Flex Builder, Fontographer, FreeHand, Generator, HomeSite, JRun, MacRecorder, Macromedia, MXML, RoboEngine, RoboHelp, RoboInfo, RoboPDF, Roundtrip, Roundtrip HTML, Shockwave, SoundEdit, Studio MX, UltraDev, and WebHelp are either registered trademarks or trademarks of Macromedia, Inc. and may be registered in the United States or in other jurisdictions including internationally. Other product names, logos, designs, titles, words, or phrases mentioned within this publication may be trademarks, service marks, or trade names of Macromedia, Inc. or other entities and may be registered in certain jurisdictions including internationally. [. . . ] Syntax
<SecureProxyInfo>[hostname/IP]:[port]</SecureProxyInfo>
SegmentsPool
Container tag.
Description
The tags in this section configure how the segments pool caches segments of FLV (Flash Video) files within Flash Media Server to increase performance of FLV streaming and keep frequently used FLV files in memory.
Contained tags
FreeMemRatio, FreeRatio, GlobalRatio, MaxAge, MaxCacheSize, MaxUnitSize, UpdateInterval
See also
The LargeMemPool, MessageCache, and SmallMemPool containers.
Server
Container tag.
Description
The tags next within the Server tag contains the tags that configure the server.
XML configuration files
117
Contained tags
AdminServer, AutoDiscovery, Logging, Mask, Process, ResourceLimits,
and SSL
containers
ServerDomain
This tag specifies the host name (with the domain) of the server computer.
Description
You set this tag in the referrer header tag when a connection is established with a remote server using NetConnection. Set this tag to the server's domain name so that it can pass the domain name to any application servers it connects to. For security purposes, some application servers require this information as a part of incoming connection requests. If this tag is not set, the host name field is not supplied in the referrer header.
Services
Container tag.
Description
The tags in this section control the IPC message queue used by the edge and core processes to communicate with each other.
Contained tags
HeapSize, MaxQueueSize
SmallMemPool
Container tag.
Description
The tags in this section configure the small memory pool, which saves small chunks of memory within Flash Media Server to increase performance of small allocations.
Contained tags
FreeMemRatio, FreeRatio, GlobalRatio, MaxAge, MaxCacheSize, MaxUnitSize, UpdateInterval
See also
The LargeMemPool, MessageCache, and SegmentsPool containers.
118
Configuration Files
SocketGC
Description
This tag specifies in seconds how often Flash Media Server checks for and removes inactive sockets. Located in the AdminServer and ResourceLimits containers.
SocketOverflowBuckets
This tag specifies the number of overflow buckets if all slots in the socket table are in use.
Description
The default number of buckets is 16. Located in the ACCP, Admin, Core, ECCP containers, and in the RTMP (Protocol) container within the Protocol container.
See also
SocketTableSize
SocketTableSize
This tag specifies the size of the direct-access socket table for quick lookup.
Description
The default size is 200. Located in the ACCP, Admin, Core, ECCP containers, and in the RTMP (Protocol) container within the Protocol container.
See also
SocketOverflowBuckets
SSL
Container tag.
Description
The SSL tags in Server. xml configure Flash Media Server to act as an SSL-enabled client by securing the outgoing connections.
XML configuration files
119
The following is a quick-start to enable SSL connections with Flash Media Server.
Specify the location of the certificate in the SSLCertificateFile tag. If the private key file is encrypted, specify the passphrase to use for decrypting the private key file in the SSLPassPhrase tag. Save the modified Server. xml file.
Contained tags
SSLClientCtx SSLSessionCacheGC
container and the SSLRandomSeed, SSLRandomSeed, and tags.
See also
SSLClientCtx
SSLCACertificateFile
This tag specifies the name of one or more digital certificates that Flash Media Server uses for SSL-based secured communications.
Description
This tag specifies the name of a file that contains one or more CA (Certificate Authority) digital certificates in PEM (privacy enhanced mail) encryption format.
See also
SSLCACertificatePath
SSLCACertificatePath
This tag specifies the directory containing one or more CA certificates.
Description
This tag specifies the directory containing CA certificates. Note that each file in the directory can contain only a single CA certificate, and the files must be named by the subject name's hash, and an extension of . 0. The following information is for Windows systems only: Because Microsoft Windows installs certificates in the registry, there is no file system directory that contains all the trusted root certificates. You must import the certificates previously installed in the Windows certificate store into individual certificates and place them in a directory accessible by OpenSSL.
120
Configuration Files
To import these certificates, run FMSmaster > Console > Initialize [directory]. This action imports all current certificates into a certs directory in the Flash Media Server installation directory. When verifying a certificate, Flash Media Server will look for trusted root certificates in the file specified by the SSLCACertificateFile tag or in the directory specified by the SSLCACertificatePath tag. If the SSLCACertificatePath tag is empty, Flash Media Server tries to find the root certificate in the default certs directory.
See also
SSLCACertificateFile
SSLCipherSuite
This tag specifies the suite of encryption ciphers that Flash Media Server uses to secure communications.
Description
This tag is a colon-delimited list of encryption resources, such as a key exchange algorithm, authentication method, encryption method, digest type, or one of a selected number of aliases for common groupings. Each item in the cipher list specifies the inclusion or exclusion of an algorithm or cipher. For example, the keyword "ALL" specifies all ciphers, and the prefix "!" removes the cipher from the list. The default cipher string is:
<SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
The default cipher list instructs Flash Media Server to accept all ciphers, but block those using anonymous Diffie-Hellman authentication, block low-strength ciphers, block export ciphers, block MD5 hashing, and sort ciphers by strength from highest to lowest level of encryption.
Contact Flash Media Server Technical Support before changing the default settings.
N OT E
XML configuration files
121
The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally used. The string of ciphers string can take several different forms.
It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all ciphers suites using the digest algorithm SHA1, and SSLv3 represents all SSL v3 algorithms.
Lists of cipher suites can be combined in a single cipher string using the + character as a logical and operation. [. . . ] For more information about writing server-side scripts, see Developing Media Applications.
Use server-side script precautions In server-side scripts do not use procedures that can be called by a malicious application, which could then fill a hard disk, consume the processor, or do other damage. Procedures to be aware of include writing to the hard disk without checking the quantity of data being written, procedures that can be infinitely looped, and so on. Confirm the location of the client SWF
Flash Media Server Security
Send sensitive data via HTTPS If you need to send sensitive data such as credit card information, you can use HTTPS to communicate simultaneously between your Flash client application and a separate application server that processes the data. (For more information, see the ActionScript 2. 0 Language Reference. )
About privacy
The technology in Flash Media Server enables the capture of client audio and video streams. [. . . ]