Permanently Publish Stream pulled from RTMP Source Efficiently

Hi,

I want to permanently publish a stream (ch_1) on WCS-5 which is pulled from a RTMP Source URL (rtmp://xyz..)

1. I want to permanently publish a Stream with name: "ch_1" to be played view embed_player Iframe/Link
2. Which pulls its video from a RTMP Source URL something like: rtmp://abc.xyz:1935/live/ch_1
3. Occasionally i would need to update RTMP Source URL so a way to publish & update too.
4. Cannot use RTMP Source URL as streamName query param in embed_player URL as i have to keep it secret.
5. Also confirm if we do the above thing whether the end viewer viewing stream via embed_player iframe/link can still hack into the actual RTMP Source URL or it will be impossible, everything is done at server side, please confirm.
6. The other day I was able to publish a stream which pulls rtmp via: /rest-api/pull/rtmp/pull endpoint and was able to play but it got removed once WCS was restarted/stopped/started, i need it permanently.
7. If following your process i am able to publish many stream which pulls its content from rtmp urls, lets say 50 streams, will bandwidth & server will be used when no viewer is viewing via embed_player IFrame/Link (RTMP pulling/WebRTC publishing). I want to publish many streams permanently on my server but would not like it cause issues on the server, so bandwidth & resources should only be consumed when atleast 1 of the viewer of particular stream is viewing via embed_player IFrame/Link.

Thanks waiting for your reply
Ajay Kumar
 

Max

Administrator
Staff member
Good day.
1. I want to permanently publish a Stream with name: "ch_1" to be played view embed_player Iframe/Link
2. Which pulls its video from a RTMP Source URL something like: rtmp://abc.xyz:1935/live/ch_1
3. Occasionally i would need to update RTMP Source URL so a way to publish & update too.
4. Cannot use RTMP Source URL as streamName query param in embed_player URL as i have to keep it secret.
5. Also confirm if we do the above thing whether the end viewer viewing stream via embed_player iframe/link can still hack into the actual RTMP Source URL or it will be impossible, everything is done at server side, please confirm.
You can achieve this using REST API /pull/rtmp/pull:
Code:
POST /rest-api/pull/rtmp/pull HTTP/1.1
Host: localhost:8081
Content-Type: application/json

{
    "uri":"rtmp://abc.xyz:1935/live/ch_1",
    "localStreamName":"ch1_for_viewers"
}
In this case you should use localStreamName (ch1_for_viewers in example above) in Embed Player, so viewers will not ever see source RTMP URL.
6. The other day I was able to publish a stream which pulls rtmp via: /rest-api/pull/rtmp/pull endpoint and was able to play but it got removed once WCS was restarted/stopped/started, i need it permanently.
You should increase this parameter in flashphoner.properties file:
Code:
rtmp_activity_timer_timeout=60000[/ICODE]
By default, RTMP stream pulling will be stopped if there are no subscribers (viewers) in 60 seconds. So you may set it to
[CODE]rtmp_activity_timer_timeout=86400000
to keep the stream pulling in 24 hours
And you can set up cron job to periodically send REST API query to pull RTMP stream if server was restarted.
7. If following your process i am able to publish many stream which pulls its content from rtmp urls, lets say 50 streams, will bandwidth & server will be used when no viewer is viewing via embed_player IFrame/Link (RTMP pulling/WebRTC publishing).
Yes. If you pull RTMP stream from another server and publish it permanently, the bandwidth and server resources will be used even if there are no WebRTC subscribers to it.
 
Hi,

Ok i got it. But some more points/issues to discuss:
1. How to update rtmp source of stream published via /rest-api/pull/rtmp/pull ? Sometimes i would want to update source & sometimes i would want to disable it (than maybe unpublishing/removing the stream could be the answer)
2. So streams (stream which pulls it content from rtmp) can't be published/updated visually via some graphical user interface like WCS Demo Web Interface ?
3. How to secure my stream so only authorized users could watch ? Lets say i have a list of username/password and i want only them to be able to access the stream, protection should be at some level like server,websocket, etc but not at html/php/web-server level so that it could not be workaround.
 

Max

Administrator
Staff member
1. How to update rtmp source of stream published via /rest-api/pull/rtmp/pull ? Sometimes i would want to update source & sometimes i would want to disable it (than maybe unpublishing/removing the stream could be the answer)
You should stop a pulled RTMP stream with /pull/rtmp/terminate REST query
Code:
POST /rest-api/pull/rtmp/terminate HTTP/1.1
Host: locathost:8081
Content-Type: application/json
 
{
    "uri":"rtmp://abc.xyz:1935/live/ch_1"
}
Then you can start a new stream with another source by /pull/rtmp/pull
2. So streams (stream which pulls it content from rtmp) can't be published/updated visually via some graphical user interface like WCS Demo Web Interface ?
There is no ready to use web page REST API usage example. Please check this source code (this example demonstrates SIP as Stream functions, you can use the code as web page example to manage REST API queries)
3. How to secure my stream so only authorized users could watch ? Lets say i have a list of username/password and i want only them to be able to access the stream, protection should be at some level like server,websocket, etc but not at html/php/web-server level so that it could not be workaround.
You should use custom backend handling /connect and /playStream REST hooks. Please read how to authorize user by domain, you can use this as a sample to handle other REST hooks.
 
Hi,

So for implementing Authentication part, beside installing Flashphoner & Java, we have to install Web Server (Apache/Nginx) & PHP for handling Authentication logic ? If so, don't you guys think its an over kill for basic/simple thing ?
 
Last edited:

Max

Administrator
Staff member
So for implementing Authentication part, beside installing Flashphoner & Java, we have to install Web Server (Apache/Nginx) & PHP for handling Authentication logic ?
Yes, this is normal practice to have your own backend.
 
Yes, this is normal practice to have your own backend.
Yes, but maybe adding some code (something like interface that registers itself to WCS to intercept) to already existing code (WCS) on the server in same language as you guys already using to handle http requests would have been a better option ? With WCS installed on server, http requests are being handled & server side code are being executed but than just to add some custom code/logic we got to install Web Server (Apache/Nginx) & PHP ? Any alternative option even if it means editing WCS files ? Which server side language is WCS using ?
 

Max

Administrator
Staff member
With WCS installed on server, http requests are being handled & server side code are being executed but than just to add some custom code/logic we got to install Web Server (Apache/Nginx) & PHP ? Any alternative option even if it means editing WCS files ?
WCS internal HTTP server is intended for admin and demo purposes only. You cannot use custom frontend in this case, and you cannot use it in production under high load (100 viewers and above). So there are no alternative options for now, only custom backend. And this is not a big problem to install web server and PHP engine. This should be done just once, then you can implement any logic as needed.
 
WCS internal HTTP server is intended for admin and demo purposes only. You cannot use custom frontend in this case, and you cannot use it in production under high load (100 viewers and above). So there are no alternative options for now, only custom backend. And this is not a big problem to install web server and PHP engine. This should be done just once, then you can implement any logic as needed.
Ok will do that, was not wanted to do that to avoid more overhead on the server (web server + php) but seems no other option.
 
Ok, regarding implementing user authentication, i see when we publish streams they are automatically available as RTMP stream, for example - rtmp://localhost:1935/live/test is automatically available when publishing stream with name test (which pulls its content from rtmp source).

So the way you are suggesting me to implement authentication will that also prevent unauthorized access via direct rtmp access without going through wcs/websocket/webrtc ?
 

Max

Administrator
Staff member
Ok, regarding implementing user authentication, i see when we publish streams they are automatically available as RTMP stream, for example - rtmp://localhost:1935/live/test is automatically available when publishing stream with name test (which pulls its content from rtmp source).
Yes, WCS can be RTMP server for third party players by default
So the way you are suggesting me to implement authentication will that also prevent unauthorized access via direct rtmp access without going through wcs/websocket/webrtc ?
You can prevent RTMP access at all using this parameters:
Code:
rtmp.address=127.0.0.1
rtmfp.address=127.0.0.1
In this case, WCS will listen RTMP port on local interface only, so RTMP server will not be available for external clients.
Or, if you want to enable this for certain clients, you can pass authentication parameters in RTMP URL
Code:
rtmp://host:1935/live?token=12345/streamName
and use REST hook /connect to authorize RTMP connection. Please read details here.
 
Another issue,

Lets say i have a uncontrolled (external) rtmp url which only works when given some required query parameters for authentication like stuff.

> For example like this -
rtmp://externalhost:1935/live/streamName?username=un&password=pwd

Now i simply want this rtmp to play directly via WCS Embed Player.

> Embed Player link will be like this (should be url encoded, right ? only for demonstration not encoded) -

Whether url encoded or not, the query params are not passed to pulled rtmp server (externalhost), maybe these parameters are consumed by WCS Server as paramaters to internal callbacks (on_connect, on_play, etc).

So how can i modify embed url so instead of consuming those paramaters, it instead forward those paramaters to externalhost (pulled rtmp).
 

Max

Administrator
Staff member
You can pull external RTMP stream using REST API
Code:
POST /rest-api/pull/rtmp/pull HTTP/1.1
Host: localhost:8081
Content-Type: application/json

{
    "uri":"rtmp://externalhost:1935/live/streamName?username=un&password=pwd",
    "localStreamName":"rtmp_for embed_player"
}
Then, you can play it via Embed Player by name
Code:
https://wcshost.com:8888/embed_player?urlServer=wss://wcshost.com:8443&mediaProviders=WebRTC,Flash,MSE,WSPlayer&streamName=rtmp_for_embed_player
Another option is to use URI encoding for reserved characters
Code:
https://wcshost.com:8888/embed_player?urlServer=wss://wcshost.com:8443&mediaProviders=WebRTC,Flash,MSE,WSPlayer&streamName=rtmp://externalhost:1935/live/streamName%3Fusername=un%26password=pwd
 
You can pull external RTMP stream using REST API
Code:
POST /rest-api/pull/rtmp/pull HTTP/1.1
Host: localhost:8081
Content-Type: application/json

{
    "uri":"rtmp://externalhost:1935/live/streamName?username=un&password=pwd",
    "localStreamName":"rtmp_for embed_player"
}
Then, you can play it via Embed Player by name
Code:
https://wcshost.com:8888/embed_player?urlServer=wss://wcshost.com:8443&mediaProviders=WebRTC,Flash,MSE,WSPlayer&streamName=rtmp_for_embed_player
Another option is to use URI encoding for reserved characters
Code:
https://wcshost.com:8888/embed_player?urlServer=wss://wcshost.com:8443&mediaProviders=WebRTC,Flash,MSE,WSPlayer&streamName=rtmp://externalhost:1935/live/streamName%3Fusername=un%26password=pwd
Hi,

Thanks for quick reply.

I wanted to use that last option (modify url to make it work). I tried both of these things - URI encode whole RTMP url or just those 2 characters as you stated (? &) but none works, in neither case query paramaters are forwarded to external server hosting that RTMP.

Can the issue could be that WCS trying to pull that encoded rtmp url as it is (without url decoding before pulling) - i believe before pulling (directly calling rtmp), wcs server has to url decode it and than call it for pulling. Is this could be the issue or what ?
 
Hi,

Thanks for quick reply.

I wanted to use that last option (modify url to make it work). I tried both of these things - URI encode whole RTMP url or just those 2 characters as you stated (? &) but none works, in neither case query paramaters are forwarded to external server hosting that RTMP.

Can the issue could be that WCS trying to pull that encoded rtmp url as it is (without url decoding before pulling) - i believe before pulling (directly calling rtmp), wcs server has to url decode it and than call it for pulling. Is this could be the issue or what ?
Probably that cannot be the issue otherwise external server hosting RTMP would consider it as a part StreamName and wouldn't have identified StreamName properly but is able to identify just cannot get those query params at external server so to authenticate (that external url is mine hosting rtmp - i wan't this authentication to work).

So most likely WCS not forwarding i guess ? Can this be confirmed at your end ?
 

Max

Administrator
Staff member
This is not Embed Player problem, this is server side issue, we confirm it for REST API too. We raised the ticket WCS-3358 to fix it and let you know results here.
 
This is not Embed Player problem, this is server side issue, we confirm it for REST API too. We raised the ticket WCS-3358 to fix it and let you know results here.
Hi,

Where i can monitor ticket status ? I see you have added WCS-3358 tag to this thread.
 

Max

Administrator
Staff member
Good day.
Since build 5.2.1069 it is possible to pass authentication parameters after stream name
Code:
rtmp://server:1935/live/streamKey?user=username&password=password
Also, WCS supports Adobe authentication on RTMP server while capturing a stream from it using RTMP URL parameters
Code:
rtmp://username:password@server:1935/live/streamKey
 
Top