voc/rtmp-auth
35
0
Fork 0
Code Activity
Mainly on GitHub! TOOD: Add Github CI which pushes to Foregejo (or migrate issues over here and close GH repo) https://github.com/voc/rtmp-auth
38 commits 3 branches 2 tags 188 KiB
  • CSS 64.1%
  • Go 32.9%
  • JavaScript 2.3%
  • Makefile 0.7%
Find a file
Exact
Anton Schubert 388bc9340b cleanup css
2023-04-17 22:34:50 +02:00
cmd/rtmp-auth add config, add consul storage backend 2021-10-31 21:24:37 +01:00
http make linter happy by not copying proto objects 2023-04-17 22:29:25 +02:00
public cleanup css 2023-04-17 22:34:50 +02:00
storage Add stream Blocking in frontend 2021-10-29 00:58:39 +02:00
store make linter happy by not copying proto objects 2023-04-17 22:29:25 +02:00
.gitignore update dependencies 2023-04-17 15:44:33 +02:00
config.toml.example add config, add consul storage backend 2021-10-31 21:24:37 +01:00
go.mod update dependencies 2023-04-17 15:44:33 +02:00
go.sum update dependencies 2023-04-17 15:44:33 +02:00
LICENSE Add License 2020-04-19 03:24:25 +02:00
Makefile build static executable 2021-12-18 00:50:39 +01:00
modd.conf cleanup css 2023-04-17 22:34:50 +02:00
README.md Readme: Update for go 1.16 2023-04-12 16:50:08 +02:00

README.md

rtmp-auth

Simple stream auth backend for:

  • nginx-rtmp
  • srtrelay
  • srs

Features

  • Expiring auth
  • Single static binary
  • Persists state to simple file (no database required)
  • Web-UI with subpath support

In the future I might also add support for removing active streams when they expire.

Build Dependencies

  • protoc with go-support
  • statik go install github.com/rakyll/statik

Usage

Build the daemon with

make

Then start it

./rtmp-auth -app "myrtmp" -apiAddr "localhost:8000" -frontendAddr "localhost:8082"

It will now authenticate streams for the rtmp-app "myrtmp" (the app is the "directory" part of a rtmp url) like rtmp://<host>/<app>/<stream>

Nginx-RTMP

Add on_publish/on_publish_done callbacks to your nginx-rtmp config

application myrtmp {
  live on;
  meta copy;

  hls off;

  allow publish all;
  allow play all;

  # add this for authentication
  on_publish http://127.0.0.1:8080/publish;
  on_publish_done http://127.0.0.1:8080/unpublish;
}

srtrelay

Change the auth to "http" in your srtrelay config and add the api url:

[auth]
type = "http"

[auth.http]
url = "http://localhost:8080/publish"

srtrelay doesn't currently support unpublish.

SRS

Add the http_hooks config inside your srs vhost config:

vhost __defaultVhost__ {
    ...
    http_hooks {
        enabled         on;
        on_publish      http://172.17.0.1:8080/publish;
        on_unpublish    http://172.17.0.1:8080/unpublish;
    }
    ...
}

WebUI

Note: You will need to set the -insecure flag when testing over http.

After reloading your nginx/srs the rtmp publish-requests will be authenticated against the daemon. You can visit http://localhost:8082 to add streams.

For production usage you will want to deploy the frontend behind a Reverse-Proxy with TLS-support like nginx.

Publish a stream

Now that you have set up your software you can start publishing streams

# publish without auth
ffmpeg -i test.mp4 -c copy -f flv rtmp://server/app/stream

# publish with auth
ffmpeg -i test.mp4 -c copy -f flv rtmp://server/app/stream?auth=foobar2342