Skip to main content

Non-Docker API Deployment on ARM

This article provides the requirements and instructions for deploying the ARM version of Widevine API as a Dockerless installation.

note

We strongly recommend to use Docker. This article gives information on backward compatibility only.

System Requirements​

For deployment, certain system requirements need to be met:

  • Processor: ARMv6Z or a later compatible architecture (e.g. ARMv7-A, ARMv8-A). A VFPv2 floating-point unit and the Thumb (1) instruction set, or later compatible versions, must be supported.
  • Free RAM: 300 MB
  • Free space: 2 GB
  • OS: 32-bit ARM Linux (hard-float) with 3.10+ kernel. The following are supported: Debian 9 (armhf), Ubuntu 16.04 (armhf) and Raspbian 9 Lite, or later.

Deployment​

Software Requirements​

For deployment, the following software requirements need to be met as well:

  • An operating system (see the specific OS requirements above). It’s assumed that the OS is clean, updated, and in default configuration.
  • Mono v5.18.0 or later (the "mono-complete" package is necessary); used to run WidevineApi, which is a .NET console application, acting as a self-hosted web service.
  • "tzdata" - a time-zone data related package; required by Mono to work with the application.
  • Unzip.
  • Widevine API "armhf" deployment package (obtained from Axinom).
  • Widevine API "non-docker" configuration package (obtained from Axinom).

Prepare the System and Install Pre-Requisites​

  1. Update the system with the following command.

    $ sudo apt update && sudo apt -y upgrade

  2. Configure the package manager to use Mono’s repository to obtain the latest stable Mono version. This step depends on the exact Linux distribution used. Instructions for the recommended OS-s are provided below. For other OS versions, see the https://www.mono-project.com/download/stable/#download-lin[Official Mono site] for instructions.

    1. Ubuntu 16.04 (armhf).

      $ sudo apt install apt-transport-https $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF 
      $ echo "deb https://download.mono-project.com/repo /ubuntu stable-xenial main" | sudo tee /etc/apt /sources.list.d/mono-official-stable.list 
      $ sudo apt update

    2. Debian 9 (armhf).

      $ sudo apt install apt-transport-https dirmngr 
      $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF 
      $ echo "deb https://download.mono-project.com/repo /debian stable-stretch main" | sudo tee /etc/apt /sources.list.d/mono-official-stable.list 
      $ sudo apt update

    3. Raspbian 9.

      The current latest Mono v5.16.x package for Raspbian is broken. The following instructions install the latest known working version (v5.14.0.177).

      $ sudo apt install apt-transport-https dirmngr 
      $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF 
      $ echo "deb https://download.mono-project.com/repo /debian stable-raspbianstretch/snapshots/5.14.0.177 main" | sudo tee /etc/apt/sources.list.d/monoofficial-stable.list 
      $ sudo apt update

  3. Install the required software.

    $ sudo apt -y install unzip tzdata mono-complete

  4. It is recommended to create a new user that is used to run the application and own related files and directories. This guide assumes a user/group "axdrm" is used.

    $ sudo useradd --system axdrm

Install Widevine API​

  1. Obtain the required Widevine packages from Axinom.

    1. The Widevine API "armhf" deployment package.
    2. The Widevine API "non-docker" configuration package (Docker deployments use a different package).

  2. Save the Widevine API packages (ZIP archives) to a location on your device and open the location in Unix shell.

  3. Create the application’s installation directory.

    $ sudo mkdir -p /opt/axdrm/WidevineApi

  4. Unzip the deployment package to the installation directory (the exact name of the package may differ).

    $ sudo unzip WidevineApi-6.7.0-armhf-2018-09-17.zip -d /opt/axdrm/WidevineApi

  5. Unzip the configuration package to the installation directory (the exact name of the package may differ).

    $ sudo unzip -o widevine-api-6.7.0-nondocker-testingconfig.zip -d /opt/axdrm/WidevineApi

  6. Give the ownership of the application’s files and directories to the user that is used to run it. It is expected that the application has full access to the directory where it is installed.

    $ sudo chown -R axdrm:axdrm /opt/axdrm/WidevineApi

  7. Run WidevineApi.

    $ sudo su axdrm -c "LD_LIBRARY_PATH=. mono /opt/axdrm/WidevineApi/WidevineApi.exe"

    If the application starts successfully, the output is: "Listening on: http://127.0.0.1:8089".

    note

    By default the application listens on localhost. It is assumed that a full-featured webserver, such as Nginx, is used as a reverse proxy. If there’s a need to expose the WidevineApi directly or to listen on another port, specify the listening URL as a command line parameter. For example:

    $ sudo su axdrm -c "LD_LIBRARY_PATH=. mono /opt/axdrm/WidevineApi/WidevineApi.exe http://192.168.2.15:8080"
    • The current command is intended as a simple example and it starts the application in the foreground. It is recommended to use a process control system, e.g. Supervisor, to run the application in the background, under a specific user, and automatically (re-)start it when needed.

  8. Verify that WidevineApi responds to requests. Open another terminal and send a simple GET request to the license acquisition URL. Here "curl" is used to send the test request. If it is not available, install it with "sudo apt install curl" or use any other client.

    $ curl 127.0.0.1:8089/AcquireLicense

    The response should be: "Use POST to get a license". Now, Widevine API is ready to receive and process license requests.

  9. Finishing touches:

    1. Optionally, modify the Widevine API configuration (e.g. logging) according to your needs. See the "Configuring Widevine API" section for more details.
    2. It is recommended to set up a process management system to automatically run and monitor the application in the background. We recommend using Supervisor (v3.0 or later). See the optional "Using Supervisor to run and monitor Widevine API" section for an example setup.
    3. It is recommended to set up a full-featured webserver to act as a reverse proxy for the Widevine API web service. For example, to provide HTTPS support or other advanced features. We recommend using Nginx (v1.3.8 or later). See the optional "Using Nginx as a reverse proxy for Widevine API" section for a basic setup.

Configuring Widevine API​

Refer to the "Configuration" section of the Axinom DRM Container Deployment Guide document. Information therein also applies to the current non-docker deployment scenario, with a few differences. The differences are the following:

  • The configuration ("CONFIG") directory is: /opt/axdrm/WidevineApi/App_Data/Configuration
  • The logs ("LOGS") directory is: /opt/axdrm/WidevineApi/App_Data/Logs
  • The NLog configuration file ("NLog.config") location is: /opt/axdrm/WidevineApi/NLog.config
  • For configuration changes to take effect, restart the application (unless it’s specifically mentioned that a specific configuration change takes effect automatically).

(Optional) Using Supervisor to Run and Monitor Widevine API​

Supervisor can be used to automatically start the application under a specific user in the background and to keep it running.

  1. Install Supervisor with the following command.

    $ sudo apt install supervisor

  2. (Ubuntu 16.04) Configure Supervisor to start it together with the operating system.

    $ sudo systemctl enable supervisor
    note

    There is an issue on Ubuntu 16.04: Supervisor is disabled by default. So for this OS, this step is required.

  3. Create a Supervisor configuration file for the application.

    $ sudo nano /etc/supervisor/conf.d/WidevineApi.conf

  4. Write the following contents into the file. It is assumed that the "axdrm" user has been set up and the application runs under this user.

    [program:widevine-api]
    command = mono "/opt/axdrm/WidevineApi/WidevineApi.exe"
    autorestart = true
    user = axdrm
    environment = LD_LIBRARY_PATH=.
    stderr_logfile = /opt/axdrm/WidevineApi/App_Data/Logs/apperr.log
    stdout_logfile = /opt/axdrm/WidevineApi/App_Data/Logs/app.log

  5. Restart Supervisor to start the application.

    $ sudo service supervisor restart

  6. Verify that Supervisor has started Widevine API.

    $ ps aux | grep WidevineApi

The output should contain: "mono /opt/axdrm/WidevineApi/WidevineApi.exe". In case of a problem, run "sudo /usr/bin/supervisord" manually and examine the error messages.

(Optional) Using Nginx as a Reverse Proxy for Widevine API​

A full-featured webserver is recommended to be used as a reverse proxy for the Widevine API web service. For example, to provide HTTPS support or other advanced features. We recommend Nginx (v1.3.8 or later). Here we provide an example configuration.

  1. Install Nginx.

    $ sudo apt install nginx

  2. Disable the default Nginx website.

    $ sudo rm /etc/nginx/sites-enabled/default

  3. Edit Nginx’s configuration file.

    $ sudo nano /etc/nginx/nginx.conf

  4. Replace the default content with the following:

    user www-data; 
    worker_processes auto; 
    worker_rlimit_nofile 131072; 
    pid /run/nginx.pid;

    # No logging by default. It must be explicitly enabled by the user, if needed.
    error_log /dev/null;

    events {        
        worker_connections 4096;        
        accept_mutex off;        
        multi_accept on;        
        use epoll; 
        }

    http {    
        sendfile on;    
        tcp_nopush on;    
        tcp_nodelay on;    
        keepalive_timeout 65;    
        types_hash_max_size 2048;    
        server_tokens off; # No need to advertise the version of Nginx.    
        gzip off; # License responses cannot be compressed efficiently.

        error_page 502 504 =503 /503.html;

        include /etc/nginx/mime.types;    
        default_type application/octet-stream;

        # No HTTPS by default. It must be explicitly enabled by the user, if needed.

        # No logging by default. It must be explicitly enabled by the user, if needed.        
        access_log off;        
        error_log /dev/null;

        # Virtual Host Configs.    
        include /etc/nginx/conf.d/*.conf;    
        include /etc/nginx/sites-enabled/*; 

    }

    Note: HTTPS configuration is not covered here. Configure it according to your needs.

  5. Create a website configuration file for WidevineApi.

    $ sudo nano /etc/nginx/sites-available/WidevineApi

  6. Write the following into the website configuration file.

    server {        
        listen 80;        
        listen [::]:80;

        listen 443 ssl;        
        listen [::]:443 ssl;

        location /WidevineApi/        
        {                
            proxy_pass http://127.0.0.1:8089/;                
            proxy_set_header X-Forwarded-Proto 
    $scheme;                
            proxy_set_header X-Forwarded-For 
    $remote_addr;        
        }

        location /503.html
        {
            return 503;
        }
     }

  7. Enable the Widevine API website.

    $ sudo ln -s /etc/nginx/sites-available/WidevineApi /etc/nginx/sites-enabled/WidevineApi

  8. Restart Nginx for the changes to take effect.

    $ sudo service nginx restart

  9. Verify that Nginx is able to proxy requests to WidevineApi.

    $ curl http://HOSTNAME/WidevineApi/AcquireLicense

    The response should be "Use POST to get a license".