nginx, RTMP, Oauth Oh My

Recently I wanted to setup a reasonably secure live streaming environment that I can use with my GoPro. But in the course of trying many popular options I ran into a few snags. I was looking for a simple solution that I could limit access to friends and family, be cheap and reasonably easy to setup. In the end I found simple, and I found secure.

Simple and easy? Sort of. Well yes, if you are like me……

Youtube: out of the box the GoPro supports streaming to a Youtube account once you setup access in a few simple steps.

Sadly though Youtube no longer suports “the little guy” in that unless you have over a 1000 subscribers you can no longer stream from small handheld devices.

Laptops still work for now, but it is not likely I will want to lug that around as I hike through the woods

Facebook, evil incarnate, is also supported out of the box by GoPro, but unfortunately, it is still evil incarnate.

Why would I stream hiking through Castle Rock for my friends only to be inundated with Sneaker ads, backpack ads, water ads, bug repellent ads and anything else the Evil Empire decides I absolutely must be interested in.

I’m not interested.

RTMP stream servers, like Red5, Wowza and others. Some are written in Java and as such are absolutely annoying to set up and use. Others are trial-ware with free versions that offer little in useful features. Some solutions are also lacking in any ability to be installed, secured or understood by your average monkey.

So I kept looking and found a few interesting ideas on the Internet such as Ben Wilber’s tutorial using django to secure access. I learned a lot from that but unfortunately did not want to use django as I already had my user credentials in an OAuth system I could use.

I combined the ideas from a number of sites into my own solution and voila, I now have a home-based RTMP live streaming server with authentication that I can share with friends and family.

The technologies I used to build this solution include:

  1. nginx built from source in order to support more features than found in the stock releases
  2. RTMP encrypted streaming using the nginx rtmp module but unlike most solutions, mine uses OAuth to validate the users and control access to the keys
  3. In leveraging OAuth I was able to link my application to my personal cloud server (Nextcloud) so only users I trust can view the streams, except Nextcloud’s OAuth implementation is busted so I had to fix that too
  4. A simple python Flask application to link it all together
  5. and to quickly store user access credentials I brought in Redis as a credential caching server

Once all put together it turns into a simple solution that valid users of my cloud server can take advantage of to both publish streams and to watch. Of course this is not what everyone would want, but it is enough to get people started building out their own solutions.

In the next few posts I will cover fundamentals to building my solution. I do not expect anyone to simply take the examples and run with them as I will likely forget to include little details that glue it together. But hopefully there will be enough information to get someone started down their own path.

  • Introduction: What this project is about <== YOU ARE HERE
  • Section 1: The nginx config and how it controls access
  • Section 2: Dealing with the missing nginx pieces (Coming Soon)
  • Section 3: Designing an application to glue it together (Coming Soon)
  • Section 4: Integrating OAuth authentication using Nextcloud (Coming Soon)
  • Section 5: Session storage with Redis (cool Enterprise scaling option) (Coming Soon)
  • Section 6: Streaming with my GoPro or with ffmpeg (Coming Soon)

In the next section I will go over the nginx configuration including the rtmp section, server section and how with a few nginx additions it can be used to control access to the encryption keys.