RTMP Tutorial - nginx, RTMP, Oauth Oh My

Recently I wanted to setup a reasonably secure live streaming environment that I can use with my GoPro.

But in the course of trying many popular options I ran into a few snags such as no security or horribly complicated and expensive setups.

I was looking for a simple solution that I could limit access to friends and family, be cheap (preferably free) and reasonably easy to setup.

In the end I found a cheap and secure solution that required a few modifications to nginx, a cloud service providing OAuth authentication and a small python app to glue it all together .

Simple and easy? Sort of. Well yes, if you are like me and like to tinker with software……

Youtube is supported by my GoPro out of the box once access is setup in a few simple steps. Sadly though Youtube no longer suports “the little guy” in that unless you have over a 1000 subscribers you can no longer stream from small handheld devices. Laptops still work for now, but it is not likely I will want to lug that around as I hike through the woods.

Facebook is evil incarnate (IMHO) but is also supported out of the box by GoPro, but unfortunately, it is still evil incarnate. Why would I stream hiking through Castle Rock for my friends only to be inundated with and inundate others with Sneaker ads, backpack ads, water ads, bug repellent ads and anything else the Evil Empire decides everyone absolutely must be interested in. That plus it gives Facebook an unrestricted copy of the videoes I create, and when has giving Facebook control over something ever been a good idea?

RTMP stream servers, like Red5, Wowza and others. Some are written in Java and as such are absolutely annoying to set up and use. Others are trial-ware with free versions that offer little in useful features. Some solutions are also lacking in any ability to be installed, secured or understood by your average monkey.

So I kept looking and found a few interesting ideas on the Internet such as Ben Wilber’s tutorial using nginx and a Django app to secure access. I learned a lot from that tutorial but unfortunately I did not want to use Django as I already had my user credentials in an OAuth system I could use and integrating OAuth into Django, although possible, is just overkill.

For my solution I combined the ideas from a number of sites, including Ben Wilber’s I mentioned above, into my own local application and voila, I now have a home-based RTMP live streaming server with authentication that I can securely share with friends and family.

The technologies I used to build this solution include:

  1. nginx built from source needed to support more features than found in the stock releases
  2. RTMP encrypted streaming with the nginx rtmp module but unlike most solutions, use OAuth to validate the users and control access to the keys
  3. I use Nextcloud (my local cloud server) as my OAuth server giving my home users access to the RTMP service
  4. Then I wrote a simple python Flask application to link all the pieces together
  5. and to quickly access user credentials I use Redis as a credential caching server

Once all put together it turns into a simple solution that valid users of my cloud service can use to both publish and watch live video streams. Of course this is not what everyone would want, but it is good enough for my purposes and might perhaps give someone a clue for configuring their own service.

In the next few posts I will cover fundamentals to building my solution. I do not expect anyone to simply take the examples and run with them as I will likely forget to include little details that glue it together, such as a needed Ubuntu dev package used to build the nginx server. But hopefully there is enough information to get someone started down their own path far enough to figure out the rest.

In the next section I will go over the nginx configuration including the rtmp section, server section and how with a few nginx additions it can be used to control access to the encryption keys.