rtsp-simple-server

[![Test](https://github.com/aler9/rtsp-simple-server/workflows/test/badge.svg)](https://github.com/aler9/rtsp-simple-server/actions?query=workflow:test) [![Lint](https://github.com/aler9/rtsp-simple-server/workflows/lint/badge.svg)](https://github.com/aler9/rtsp-simple-server/actions?query=workflow:lint) [![CodeCov](https://codecov.io/gh/aler9/rtsp-simple-server/branch/main/graph/badge.svg)](https://codecov.io/gh/aler9/rtsp-simple-server/branch/main) [![Release](https://img.shields.io/github/v/release/aler9/rtsp-simple-server)](https://github.com/aler9/rtsp-simple-server/releases) [![Docker Hub](https://img.shields.io/badge/docker-aler9/rtsp--simple--server-blue)](https://hub.docker.com/r/aler9/rtsp-simple-server) _rtsp-simple-server_ is a simple, ready-to-use and zero-dependency RTSP / RTMP / HLS server and proxy, a software that allows users to publish, read and proxy live video and audio streams. RTSP, RTMP and HLS are independent protocols that allows to perform these operations with the help of a server, that is contacted by both publishers and readers and relays the publisher's streams to the readers; in particular: * RTSP is the fastest way to publish and receive streams * RTMP allows to interact with legacy server or software (like OBS Studio) * HLS allows to embed streams into a web page Features: * Publish live streams with RTSP (UDP, TCP or TLS mode) or RTMP * Read live streams with RTSP, RTMP or HLS * Pull and serve streams from other RTSP or RTMP servers or cameras, always or on-demand (RTSP proxy) * Streams are automatically converted from a protocol to another (for instance, it's possible to publish with RTSP and read with HLS) * Each stream can have multiple video and audio tracks, encoded with any codec (including H264, H265, VP8, VP9, MPEG2, MP3, AAC, Opus, PCM, JPEG) * Serve multiple streams at once in separate paths * Authenticate readers and publishers * Redirect readers to other RTSP servers (load balancing) * Run custom commands when clients connect, disconnect, read or publish streams * Reload the configuration without disconnecting existing clients (hot reloading) * Compatible with Linux, Windows and macOS, does not require any dependency or interpreter, it's a single executable ## Table of contents * [Installation](#installation) * [Standard](#standard) * [Docker](#docker) * [Basic usage](#basic-usage) * [Advanced usage and FAQs](#advanced-usage-and-faqs) * [Configuration](#configuration) * [Encryption](#encryption) * [Authentication](#authentication) * [Encrypt the configuration](#encrypt-the-configuration) * [Proxy mode](#proxy-mode) * [RTMP protocol](#rtmp-protocol) * [HLS protocol](#hls-protocol) * [Publish from OBS Studio](#publish-from-obs-studio) * [Publish a webcam](#publish-a-webcam) * [Publish a Raspberry Pi Camera](#publish-a-raspberry-pi-camera) * [Remuxing, re-encoding, compression](#remuxing-re-encoding-compression) * [On-demand publishing](#on-demand-publishing) * [Redirect to another server](#redirect-to-another-server) * [Fallback stream](#fallback-stream) * [Start on boot with systemd](#start-on-boot-with-systemd) * [Monitoring](#monitoring) * [Command-line usage](#command-line-usage) * [Compile and run from source](#compile-and-run-from-source) * [Links](#links) ## Installation ### Standard 1. Download and extract a precompiled binary from the [release page](https://github.com/aler9/rtsp-simple-server/releases). 2. Start the server: ``` ./rtsp-simple-server ``` ### Docker Download and launch the image: ``` docker run --rm -it --network=host aler9/rtsp-simple-server ``` The `--network=host` flag is mandatory since Docker can change the source port of UDP packets for routing reasons, and this doesn't allow to find out the publisher of the packets. This issue can be avoided by disabling UDP and exposing the RTSP port: ``` docker run --rm -it -e RTSP_PROTOCOLS=tcp -p 8554:8554 -p 1935:1935 aler9/rtsp-simple-server ``` ## Basic usage 1. Publish a stream. For instance, you can publish a video/audio file with _FFmpeg_: ``` ffmpeg -re -stream_loop -1 -i file.ts -c copy -f rtsp rtsp://localhost:8554/mystream ``` or _GStreamer_: ``` gst-launch-1.0 rtspclientsink name=s location=rtsp://localhost:8554/mystream filesrc location=file.mp4 ! qtdemux name=d d.video_0 ! queue ! s.sink_0 d.audio_0 ! queue ! s.sink_1 ``` 2. Open the stream. For instance, you can open the stream with _VLC_: ``` vlc rtsp://localhost:8554/mystream ``` or _GStreamer_: ``` gst-launch-1.0 rtspsrc location=rtsp://localhost:8554/mystream name=s s. ! application/x-rtp,media=video ! decodebin ! autovideosink s. ! application/x-rtp,media=audio ! decodebin ! audioconvert ! audioresample ! autoaudiosink ``` or _FFmpeg_: ``` ffmpeg -i rtsp://localhost:8554/mystream -c copy output.mp4 ``` ## Advanced usage and FAQs ### Configuration All the configuration parameters are listed and commented in the [configuration file](rtsp-simple-server.yml). There are two ways to change the configuration: * By editing the `rtsp-simple-server.yml` file, that is * included into the release bundle * available in the root folder of the Docker image (`/rtsp-simple-server.yml`); it can be overridden in this way: ``` docker run --rm -it --network=host -v $PWD/rtsp-simple-server.yml:/rtsp-simple-server.yml aler9/rtsp-simple-server ``` * By overriding configuration parameters with environment variables, in the format `RTSP_PARAMNAME`, where `PARAMNAME` is the uppercase name of a parameter. For instance, the `rtspAddress` parameter can be overridden in the following way: ``` RTSP_RTSPADDRESS="127.0.0.1:8554" ./rtsp-simple-server ``` Parameters in maps can be overridden by using underscores, in the following way: ``` RTSP_PATHS_TEST_SOURCE=rtsp://myurl ./rtsp-simple-server ``` This method is particularly useful when using Docker; any configuration parameter can be changed by passing environment variables with the `-e` flag: ``` docker run --rm -it --network=host -e RTSP_PATHS_TEST_SOURCE=rtsp://myurl aler9/rtsp-simple-server ``` The configuration can be changed dinamically when the server is running (hot reloading) by writing to the configuration file. Changes are detected and applied without disconnecting existing clients, whenever it's possible. ### Encryption Incoming and outgoing streams can be encrypted with TLS (obtaining the RTSPS protocol). A self-signed TLS certificate is needed and can be generated with openSSL: ``` openssl genrsa -out server.key 2048 openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 ``` Edit `rtsp-simple-server.yml`, and set the `protocols`, `encrypt`, `serverKey` and `serverCert` parameters: ```yml protocols: [tcp] encryption: optional serverKey: server.key serverCert: server.crt ``` Streams can then be published and read with the `rtsps` scheme and the `8555` port: ``` ffmpeg -i rtsps://ip:8555/... ``` If the client is _GStreamer_, disable the certificate validation: ``` gst-launch-1.0 rtspsrc location=rtsps://ip:8555/... tls-validation-flags=0 ``` If the client is _VLC_, encryption can't be deployed, since _VLC_ doesn't support it. ### Authentication Edit `rtsp-simple-server.yml` and replace everything inside section `paths` with the following content: ```yml paths: all: publishUser: myuser publishPass: mypass ``` Only publishers that provide both username and password will be able to proceed: ``` ffmpeg -re -stream_loop -1 -i file.ts -c copy -f rtsp rtsp://myuser:mypass@localhost:8554/mystream ``` It's possible to setup authentication for readers too: ```yml paths: all: publishUser: myuser publishPass: mypass readUser: user readPass: userpass ``` If storing plain credentials in the configuration file is a security problem, username and passwords can be stored as sha256-hashed strings; a string must be hashed with sha256 and encoded with base64: ``` echo -n "userpass" | openssl dgst -binary -sha256 | openssl base64 ``` Then stored with the `sha256:` prefix: ```yml paths: all: readUser: sha256:j1tsRqDEw9xvq/D7/9tMx6Jh/jMhk3UfjwIB2f1zgMo= readPass: sha256:BdSWkrdV+ZxFBLUQQY7+7uv9RmiSVA8nrPmjGjJtZQQ= ``` **WARNING**: enable encryption or use a VPN to ensure that no one is intercepting the credentials. ### Encrypt the configuration The configuration file can be entirely encrypted for security purposes. An online encryption tool is [available here](https://play.golang.org/p/rX29jwObNe4). The encryption procedure is the following: 1. NaCL's `crypto_secretbox` function is applied to the content of the configuration. NaCL is a cryptographic library available for [C/C++](https://nacl.cr.yp.to/secretbox.html), [Go](https://pkg.go.dev/golang.org/x/crypto/nacl/secretbox), [C#](https://github.com/somdoron/NaCl.net) and many other languages; 2. The string is prefixed with the nonce; 3. The string is encoded with base64. After performing the encryption, it's enough to put the base64-encoded result into the configuration file, and launch the server with the `RTSP_CONFKEY` variable: ``` RTSP_CONFKEY=mykey ./rtsp-simple-server ``` ### Proxy mode _rtsp-simple-server_ is also a RTSP and RTMP proxy, that is usually deployed in one of these scenarios: * when there are multiple users that are receiving a stream and the bandwidth is limited; the proxy is used to receive the stream once. Users can then connect to the proxy instead of the original source. * when there's a NAT / firewall between a stream and the users; the proxy is installed on the NAT and makes the stream available to the outside world. Edit `rtsp-simple-server.yml` and replace everything inside section `paths` with the following content: ```yml paths: proxied: # url of the source stream, in the format rtsp://user:pass@host:port/path source: rtsp://original-url ``` After starting the server, users can connect to `rtsp://localhost:8554/proxied`, instead of connecting to the original url. The server supports any number of source streams, it's enough to add additional entries to the `paths` section: ```yml paths: proxied1: source: rtsp://url1 proxied2: source: rtsp://url1 ``` It's possible to save bandwidth by enabling the on-demand mode: the stream will be pulled only when at least a client is connected: ```yml paths: proxied: source: rtsp://original-url sourceOnDemand: yes ``` ### RTMP protocol RTMP is a protocol that is used to read and publish streams, but is less versatile and less efficient than RTSP (doesn't support UDP, encryption, doesn't support most RTSP codecs, doesn't support feedback mechanism). It is used when there's need of publishing or reading streams from a software that supports only RTMP (for instance, OBS Studio and DJI drones). At the moment, only the H264 and AAC codecs can be used with the RTMP protocol. Streams can be published or read with the RTMP protocol, for instance with _FFmpeg_: ``` ffmpeg -re -stream_loop -1 -i file.ts -c copy -f flv rtmp://localhost/mystream ``` or _GStreamer_: ``` gst-launch-1.0 -v flvmux name=s ! rtmpsink location=rtmp://localhost/mystream filesrc location=file.mp4 ! qtdemux name=d d.video_0 ! queue ! s.video d.audio_0 ! queue ! s.audio ``` Credentials can be provided by appending to the URL the `user` and `pass` parameters: ``` ffmpeg -re -stream_loop -1 -i file.ts -c copy -f flv rtmp://localhost:8554/mystream?user=myuser&pass=mypass ``` ### HLS protocol HLS is a media format that allows to embed live streams into web pages, inside standard `