_rtsp-simple-server_ is a ready-to-use and zero-dependency server and proxy that allows users to publish, read and proxy live video and audio streams through various protocols: |protocol|description|publish|read|proxy| |--------|-----------|-------|----|-----| |RTSP|fastest way to publish and read streams|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |RTMP|allows to interact with legacy software|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |HLS|allows to embed streams into a web page|:x:|:heavy_check_mark:|:heavy_check_mark:| Features: * Publish live streams to the server * Read live streams from the server * Act as a proxy and serve streams from other servers or cameras, always or on-demand * Each stream can have multiple video and audio tracks, encoded with any codec, including H264, H265, VP8, VP9, MPEG2, MP3, AAC, Opus, PCM, JPEG * Streams are automatically converted from a protocol to another. For instance, it's possible to publish a stream with RTSP and read it with HLS * Serve multiple streams at once in separate paths * Authenticate users; use internal or external authentication * Query and control the server through an HTTP API * Read Prometheus-compatible metrics * Redirect readers to other RTSP servers (load balancing) * Run external commands when clients connect, disconnect, read or publish streams * Reload the configuration without disconnecting existing clients (hot reloading) * Compatible with Linux, Windows and macOS, does not require any dependency or interpreter, it's a single executable [![Test](https://github.com/aler9/rtsp-simple-server/workflows/test/badge.svg)](https://github.com/aler9/rtsp-simple-server/actions?query=workflow:test) [![Lint](https://github.com/aler9/rtsp-simple-server/workflows/lint/badge.svg)](https://github.com/aler9/rtsp-simple-server/actions?query=workflow:lint) [![CodeCov](https://codecov.io/gh/aler9/rtsp-simple-server/branch/main/graph/badge.svg)](https://codecov.io/gh/aler9/rtsp-simple-server/branch/main) [![Release](https://img.shields.io/github/v/release/aler9/rtsp-simple-server)](https://github.com/aler9/rtsp-simple-server/releases) [![Docker Hub](https://img.shields.io/badge/docker-aler9/rtsp--simple--server-blue)](https://hub.docker.com/r/aler9/rtsp-simple-server) [![API Documentation](https://img.shields.io/badge/api-documentation-blue)](https://aler9.github.io/rtsp-simple-server) ## Table of contents * [Installation](#installation) * [Standard](#standard) * [Docker](#docker) * [Basic usage](#basic-usage) * [General](#general) * [Configuration](#configuration) * [Authentication](#authentication) * [Encrypt the configuration](#encrypt-the-configuration) * [Proxy mode](#proxy-mode) * [Remuxing, re-encoding, compression](#remuxing-re-encoding-compression) * [Save published videos to disk](#save-published-videos-to-disk) * [On-demand publishing](#on-demand-publishing) * [Start on boot with systemd](#start-on-boot-with-systemd) * [HTTP API](#http-api) * [Metrics](#metrics) * [pprof](#pprof) * [Compile and run from source](#compile-and-run-from-source) * [Publish to the server](#publish-to-the-server) * [From a webcam](#from-a-webcam) * [From a Raspberry Pi Camera](#from-a-raspberry-pi-camera) * [From OBS Studio](#from-obs-studio) * [From OpenCV](#from-opencv) * [RTSP protocol](#rtsp-protocol) * [RTSP general usage](#rtsp-general-usage) * [TCP transport](#tcp-transport) * [UDP-multicast transport](#udp-multicast-transport) * [Encryption](#encryption) * [Redirect to another server](#redirect-to-another-server) * [Fallback stream](#fallback-stream) * [Corrupted frames](#corrupted-frames) * [RTMP protocol](#rtmp-protocol) * [RTMP general usage](#rtmp-general-usage) * [HLS protocol](#hls-protocol) * [HLS general usage](#hls-general-usage) * [Decrease delay](#decrease-delay) * [Links](#links) ## Installation ### Standard 1. Download and extract a precompiled binary from the [release page](https://github.com/aler9/rtsp-simple-server/releases). 2. Start the server: ``` ./rtsp-simple-server ``` ### Docker Download and launch the image: ``` docker run --rm -it --network=host aler9/rtsp-simple-server ``` The `--network=host` flag is mandatory since Docker can change the source port of UDP packets for routing reasons, and this doesn't allow the server to find out the author of the packets. This issue can be avoided by disabling the UDP transport protocol: ``` docker run --rm -it -e RTSP_PROTOCOLS=tcp -p 8554:8554 -p 1935:1935 -p 8888:8888 aler9/rtsp-simple-server ``` Please keep in mind that the Docker image doesn't include _FFmpeg_. if you need to use _FFmpeg_ for an external command or anything else, you need to build a Docker image that contains both _rtsp-simple-server_ and _FFmpeg_, by following instructions [here](https://github.com/aler9/rtsp-simple-server/discussions/278#discussioncomment-549104). ## Basic usage 1. Publish a stream. For instance, you can publish a video/audio file with _FFmpeg_: ``` ffmpeg -re -stream_loop -1 -i file.ts -c copy -f rtsp rtsp://localhost:8554/mystream ``` or _GStreamer_: ``` gst-launch-1.0 rtspclientsink name=s location=rtsp://localhost:8554/mystream filesrc location=file.mp4 ! qtdemux name=d d.video_0 ! queue ! s.sink_0 d.audio_0 ! queue ! s.sink_1 ``` To publish from other hardware / software, take a look at the [Publish to the server](#publish-to-the-server) section. 2. Open the stream. For instance, you can open the stream with _VLC_: ``` vlc rtsp://localhost:8554/mystream ``` or _GStreamer_: ``` gst-play-1.0 rtsp://localhost:8554/mystream ``` or _FFmpeg_: ``` ffmpeg -i rtsp://localhost:8554/mystream -c copy output.mp4 ``` ## General ### Configuration All the configuration parameters are listed and commented in the [configuration file](rtsp-simple-server.yml). There are 3 ways to change the configuration: 1. By editing the `rtsp-simple-server.yml` file, that is * included into the release bundle * available in the root folder of the Docker image (`/rtsp-simple-server.yml`); it can be overridden in this way: ``` docker run --rm -it --network=host -v $PWD/rtsp-simple-server.yml:/rtsp-simple-server.yml aler9/rtsp-simple-server ``` The configuration can be changed dinamically when the server is running (hot reloading) by writing to the configuration file. Changes are detected and applied without disconnecting existing clients, whenever it's possible. 2. By overriding configuration parameters with environment variables, in the format `RTSP_PARAMNAME`, where `PARAMNAME` is the uppercase name of a parameter. For instance, the `rtspAddress` parameter can be overridden in the following way: ``` RTSP_RTSPADDRESS="127.0.0.1:8554" ./rtsp-simple-server ``` Parameters in maps can be overridden by using underscores, in the following way: ``` RTSP_PATHS_TEST_SOURCE=rtsp://myurl ./rtsp-simple-server ``` This method is particularly useful when using Docker; any configuration parameter can be changed by passing environment variables with the `-e` flag: ``` docker run --rm -it --network=host -e RTSP_PATHS_TEST_SOURCE=rtsp://myurl aler9/rtsp-simple-server ``` 3. By using the [HTTP API](#http-api). ### Authentication Edit `rtsp-simple-server.yml` and replace everything inside section `paths` with the following content: ```yml paths: all: publishUser: myuser publishPass: mypass ``` Only publishers that provide both username and password will be able to proceed: ``` ffmpeg -re -stream_loop -1 -i file.ts -c copy -f rtsp rtsp://myuser:mypass@localhost:8554/mystream ``` It's possible to setup authentication for readers too: ```yml paths: all: publishUser: myuser publishPass: mypass readUser: user readPass: userpass ``` If storing plain credentials in the configuration file is a security problem, username and passwords can be stored as sha256-hashed strings; a string must be hashed with sha256 and encoded with base64: ``` echo -n "userpass" | openssl dgst -binary -sha256 | openssl base64 ``` Then stored with the `sha256:` prefix: ```yml paths: all: readUser: sha256:j1tsRqDEw9xvq/D7/9tMx6Jh/jMhk3UfjwIB2f1zgMo= readPass: sha256:BdSWkrdV+ZxFBLUQQY7+7uv9RmiSVA8nrPmjGjJtZQQ= ``` **WARNING**: enable encryption or use a VPN to ensure that no one is intercepting the credentials. Credentials can be sent to an external server: ```yml externalAuthenticationURL: http://myauthserver/auth ``` Each time a user needs to be authenticated, the specified URL will be requested with the POST method and this payload: ```json { "ip": "ip", "user": "user", "password": "password", "path": "path", "action": "read|publish" } ``` If the URL returns a status code that begins with `20` (i.e. `200`), authentication is successful, otherwise it fails. ### Encrypt the configuration The configuration file can be entirely encrypted for security purposes. An online encryption tool is [available here](https://play.golang.org/p/rX29jwObNe4). The encryption procedure is the following: 1. NaCL's `crypto_secretbox` function is applied to the content of the configuration. NaCL is a cryptographic library available for [C/C++](https://nacl.cr.yp.to/secretbox.html), [Go](https://pkg.go.dev/golang.org/x/crypto/nacl/secretbox), [C#](https://github.com/somdoron/NaCl.net) and many other languages; 2. The string is prefixed with the nonce; 3. The string is encoded with base64. After performing the encryption, put the base64-encoded result into the configuration file, and launch the server with the `RTSP_CONFKEY` variable: ``` RTSP_CONFKEY=mykey ./rtsp-simple-server ``` ### Proxy mode _rtsp-simple-server_ is also a proxy, that is usually deployed in one of these scenarios: * when there are multiple users that are reading a stream and the bandwidth is limited; the proxy is used to receive the stream once. Users can then connect to the proxy instead of the original source. * when there's a NAT / firewall between a stream and the users; the proxy is installed on the NAT and makes the stream available to the outside world. Edit `rtsp-simple-server.yml` and replace everything inside section `paths` with the following content: ```yml paths: proxied: # url of the source stream, in the format rtsp://user:pass@host:port/path source: rtsp://original-url ``` After starting the server, users can connect to `rtsp://localhost:8554/proxied`, instead of connecting to the original url. The server supports any number of source streams, it's enough to add additional entries to the `paths` section: ```yml paths: proxied1: source: rtsp://url1 proxied2: source: rtsp://url1 ``` It's possible to save bandwidth by enabling the on-demand mode: the stream will be pulled only when at least a client is connected: ```yml paths: proxied: source: rtsp://original-url sourceOnDemand: yes ``` ### Remuxing, re-encoding, compression To change the format, codec or compression of a stream, use _FFmpeg_ or _Gstreamer_ together with _rtsp-simple-server_. For instance, to re-encode an existing stream, that is available in the `/original` path, and publish the resulting stream in the `/compressed` path, edit `rtsp-simple-server.yml` and replace everything inside section `paths` with the following content: ```yml paths: all: original: runOnPublish: ffmpeg -i rtsp://localhost:$RTSP_PORT/$RTSP_PATH -c:v libx264 -preset ultrafast -b:v 500k -max_muxing_queue_size 1024 -f rtsp rtsp://localhost:$RTSP_PORT/compressed runOnPublishRestart: yes ``` ### Save published videos to disk To Save published videos to disk, put an _FFmpeg_ command inside `runOnPublish`: ```yml paths: all: original: runOnPublish: ffmpeg -i rtsp://localhost:$RTSP_PORT/$RTSP_PATH -c copy -f segment -strftime 1 -segment_time 60 -segment_format mp4 saved_%Y-%m-%d_%H-%M-%S.mp4 runOnPublishRestart: yes ``` ### On-demand publishing Edit `rtsp-simple-server.yml` and replace everything inside section `paths` with the following content: ```yml paths: ondemand: runOnDemand: ffmpeg -re -stream_loop -1 -i file.ts -c copy -f rtsp rtsp://localhost:$RTSP_PORT/$RTSP_PATH runOnDemandRestart: yes ``` The command inserted into `runOnDemand` will start only when a client requests the path `ondemand`, therefore the file will start streaming only when requested. ### Start on boot with systemd Systemd is the service manager used by Ubuntu, Debian and many other Linux distributions, and allows to launch rtsp-simple-server on boot. Download a release bundle from the [release page](https://github.com/aler9/rtsp-simple-server/releases), unzip it, and move the executable and configuration in the system: ``` sudo mv rtsp-simple-server /usr/local/bin/ sudo mv rtsp-simple-server.yml /usr/local/etc/ ``` Create the service: ``` sudo tee /etc/systemd/system/rtsp-simple-server.service >/dev/null << EOF [Unit] After=network.target [Service] ExecStart=/usr/local/bin/rtsp-simple-server /usr/local/etc/rtsp-simple-server.yml [Install] WantedBy=multi-user.target EOF ``` Enable and start the service: ``` sudo systemctl enable rtsp-simple-server sudo systemctl start rtsp-simple-server ``` ### HTTP API The server can be queried and controlled with an HTTP API, that must be enabled by setting the `api` parameter in the configuration: ```yml api: yes ``` The API listens on `apiAddress`, that by default is `127.0.0.1:9997`; for instance, to obtain a list of active paths, run: ``` curl http://127.0.0.1:9997/v1/paths/list ``` Full documentation of the API is available on the [dedicated site](https://aler9.github.io/rtsp-simple-server/). ### Metrics A metrics exporter, compatible with Prometheus, can be enabled with the parameter `metrics: yes`; then the server can be queried for metrics with Prometheus or with a simple HTTP request: ``` wget -qO- localhost:9998/metrics ``` Obtaining: ``` paths{name="