OME and RTMPS

[bchah]

As you may know, OME does not have a built-in RTMPS provider. However it is easy to work around this in HTTPS environments with a very simple tool called stunnel.

First install using apt-get or the package manager of your choosing:

apt-get install stunnel4

Then create a config under /etc/stunnel/stunnel.conf indicating the RTMPS port (1936 in the example), the domain:port to forward incoming requests to, and the path to the certificate matching that domain:

[rtmps]
accept = 1936
connect = yourOMEserver.com:1935
cert=/path/to/fullchain.pem
key=/path/to/privkey.pem

Finally:

service stunnel4 start

... and just like magic, you can stream to OME using RTMPS. Using stunnel adds no perceivable latency either. Happy to have found this and I hope it helps somebody out there too!

[PanterSoft]

Is there a way to check if the stream goes over RTMPS ? because I am facing the issue that I don't know if its working or not but I can't tell

[bchah]

@PanterSoft there is no official support for RTMPS in OME but there are some tricks you can play to either only allow RTMPS or narrow down if a stream is coming through stunnel installed on the same server (or container) as OME:

To only allow RTMPS, use SignedPolicy and limit the IP of the inbound stream to the public IP of the server itself. Since the stunnel instance is on the server, streams from external IPs would need to pass through there first to meet the requirements of the SignedPolicy.

To check if a stream is RTMPS, the API will tell you in the "sourceUrl" property what the IP address of the sender is. If this matches the public IP of the server (and the stunnel workaround is in place), it's a good bet the stream is RTMPS. E.g. /v1/vhosts/default/apps/live/streams/yourstreamkey -> {"sourceUrl":"TCP://1.2.3.4:5678"}

[PanterSoft]

okay thanks I will try and see if that works