1

I have a custom RTMP server powered by nginx-rtmp.

This is my configuration:

server {
    listen 1935;
    chunk_size 4000;
    ping 10s;
    ping_timeout 5s;

    application live {
        live on;
        wait_key on;
        play_restart on;
    }
}

When a broadcaster wants to start a live stream, s/he will publish the content to rtmp://myserver.com/live/someUserDefinedStreamName.

When a viewer wants to watch a live stream, s/he will get the stream url from an API endpoint, and this is the problem.

The someUserDefinedStreamName is literally "public", which means everyone can publish content to this url to pretend as the broadcaster.

Any suggestion on this problem to prevent the viewers from knowing the original stream url?

For example, broadcaster publishes content to rtmp://myserver.com/live/someUserDefinedStreamName while viewers can watch the stream with rtmp://myserver.com/live?someHashString, but how?

kitlee
  • 110
  • 8

3 Answers3

0

Apparently you can add some callbacks to php scripts in your configuration file to be triggered when a user is publishing a video.

Using the callback you can check for user & password.

I found this article

Juan
  • 5,525
  • 2
  • 15
  • 26
0

You can easily protect your rtmp resource with options in nginx-rtmp module, using on_play to protect resource from playing ( by checking permision in your custom backend) and on_publish to restrict publishing users.

rtmp{ 

  application appname{

      # a url to your custom backend
      on_play http://localhost:9090/check_user;
      # backend server should return 200 for allowing otherwise return 401 or 403
      # you can also return 301 or 302 like redirection for redirecting to 
      # other stream
      on_publish http://localhost:9090/check_publish_perm;
      # same conditions as on_play
  }
}
Renjith Thankachan
  • 4,178
  • 1
  • 30
  • 47
0

This is an older question, so an answer may no longer be needed by the publisher, but here's what we currently do to protect from unauthorized publishers to our rtmp stream. It's not the most ideal solution if your publishers have dynamic ip addresses.

rtmp {
        server {
                listen 1935;
                chunk_size 4096;

                application live {
                        live on;
                        meta copy;
                        hls on;
                        hls_path /mnt/hls/live;
                        hls_fragment 5s;
                        hls_playlist_length 10s;

                allow publish IP_ADDRESS_GOES_HERE;
                deny publish all;
        }
}

The allow publish and deny publish lines restrict the incoming sources to those in the allow and deny all others.

Currently looking for a better solution on the stack

Jesse York
  • 21
  • 3