From 32f304df0f463c08c93a22d67da6335bec2b3fbe Mon Sep 17 00:00:00 2001 From: yum Date: Tue, 14 Oct 2025 19:22:10 -0700 Subject: switch to rtmps --- etc/nginx/modules-available/rtmp.conf | 48 +++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 etc/nginx/modules-available/rtmp.conf (limited to 'etc/nginx/modules-available') diff --git a/etc/nginx/modules-available/rtmp.conf b/etc/nginx/modules-available/rtmp.conf new file mode 100644 index 0000000..2e852a1 --- /dev/null +++ b/etc/nginx/modules-available/rtmp.conf @@ -0,0 +1,48 @@ +# RTMP ingest pipeline with TLS termination via the stream module. +# - External publishers connect over RTMPS on tcp/1935. +# - The stream module terminates TLS and forwards plain RTMP to nginx-rtmp on 127.0.0.1:1936. +# - nginx-rtmp still triggers publish callbacks consumed by obsproxy. + +rtmp { + server { + listen 1936; # internal plain RTMP listener + chunk_size 4096; + + application live { + live on; + record off; + + # Allow publish/play; obsproxy enforces the ingest PSK. + allow publish all; + allow play all; + + on_publish http://127.0.0.1:5000/rtmp_callbacks/on_publish; + on_publish_done http://127.0.0.1:5000/rtmp_callbacks/on_publish_done; + } + } +} + +stream { + log_format stream_basic '$remote_addr:$remote_port -> $server_addr:$server_port ' + 'sent=$bytes_sent received=$bytes_received ' + 'time=$session_time'; + + upstream rtmp_backend { + server 127.0.0.1:1936; + } + + server { + listen 1935 ssl; + proxy_pass rtmp_backend; + access_log /var/log/nginx/rtmp_stream_access.log stream_basic; + error_log /var/log/nginx/rtmp_stream_error.log debug; + + ssl_certificate /etc/letsencrypt/live/yummers.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/yummers.dev/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_session_cache shared:rtmp_stream_cache:10m; + ssl_session_timeout 10m; + proxy_timeout 5m; + } +} -- cgit v1.2.3