Forum

Protection for incoming streams

Gabriel 2017-10-11 04:55:28 UTC in Nimble Streamer

Hi!

I test nimble streamer.

I need accept only incoming stream from created applications, as wowza does.

Actually any publishers can push any streams to my server through the specified port.

Try to follow this guide, but still anyone can send signal to my server:

http://blog.wmspanel.com/2015/10/rtsp-publish-control-framework-overview.html

Thanks

Gabriel 2017-10-11 05:01:27 UTC 

Sorry, anyone is a error word (I use google traslate).

All people can send signal to my server when nimble is running, I need solve this.

Alex Pokotilo 2017-10-11 05:42:37 UTC 

Please check
http://blog.wmspanel.com/2014/06/rtmp-hls-transmuxing.html
if you need to setup publish password please fill Push Login/Push password in "Global" settings so nobody without password can push.
In addition you can setup per Application login/password.

Gabriel 2017-10-11 05:51:51 UTC 

sure, but we are a streaming provider. If we use the push password, it would be the same for all clients. Upon termination of a client, the client could continue to log in with the global password. What I need, is to only accept the incoming stream of the applications that I activate. And when you delete an application, it can not continue to connect.

Denis Slobodskoy 2017-10-11 07:01:45 UTC 

Hello Gabriel.
You can set up publish control with signature (you will need to generate signature for client and put it in publish URL) or authorization handler (providing authentication procedure on your own server). These procedures are described in http://blog.wmspanel.com/2015/12/rtsp-publish-control-setup.html in "Using publish signature" and "Using publish authorization handler" sections.

Gabriel 2017-10-11 15:12:24 UTC 

And it is.

But the password is only for the application that I configure.

Anyone can send signal to the server, in other applications.

Maybe there is something I am not understanding well. I apologize.

What I need is that they can only send signals to the server, in the applications that I activate.

As in wowza, it only receives signal when I create the application.

Alex Pokotilo 2017-10-11 23:09:38 UTC 

Hi,
1)you should specify random login and password in Nimble Streamer->Live Streams Settings->Global. This way your users will not be able to publish streams to "nonexistent" application.
2)if you can create separate application settings for all your clients just create application for every client and specify exact password. Please note that if you delete application after that this will block new publishing request but currently publishing streams will work till restart
3)if you need ability to block any stream during publishing you need to setup "Publish control" from "Control"->"Publish control" menu. You need to specify unique password for each application and specify your handler as well.

Please note that to prevent unauthorized publishing you need to specify "Nimble Streamer->Live Streams Settings->Global->Login|Password" in anyway. If you don't anyone can publish to our server using any application name. Nimble and Wowza works differently. When you setup Nimble don't use experience you had with another media server.

Gabriel 2017-10-12 00:40:53 UTC 

Thank you

Yes, but if I specify "push login" and "push password" (in live stream settings -> Global), all my clients must use same user and password to connect.

Anyone who has that user and password, will be able to connect without my authorization.

I need only accept incoming stream for autorized users (applications).

Thanks

Gabriel 2017-10-12 02:33:16 UTC 

For example in Wowza is:

<Property>
<Name>limitPublishedStreamBandwidthMaxBitrate</Name>
<Value>1300</Value>
<Type>Integer</Type>
</Property>

Gabriel 2017-10-12 02:34:28 UTC 

Solved another question (protect incoming stream)

Thank you!

Denis Slobodskoy 2017-10-12 10:48:30 UTC 

Hi Gabriel
Sorry for delay.
There is a method to limit bitrate, but it pretty complicated.
You must follow procedure decribed at "Controlling streaming process" section in http://blog.wmspanel.com/2015/12/rtsp-publish-control-setup.html

First, you will need to enable management API on you Nimble instance, as it described here:
https://wmspanel.com/nimble/api#toggler=0 and http://blog.wmspanel.com/p/nimble-streamer-configuration.html
In a brief: add line "management_listen_interfaces = 127.0.0.1" in /etc/nimble/nimble.conf file and you can send management requests to port 8082 from same host.
Then you should create some serivice that will periodically repeat following steps:
1) Get URL http://127.0.0.1:8082/manage/rtmp_status for a list of opened streams. Sample response:
[{"app":"live","streams":[{"strm":"one","publish_time":"1507804598","bandwidth":"630820","resolution":"424x240","vcodec":"avc1.42c01e","acodec":"mp4a.40.2","protocol":"RTMP"},{"strm":"two","publish_time":"1507804448","bandwidth":"125340","resolution":"1200x720","vcodec":"avc1.42c015","acodec":"mp4a.40.2","protocol":"ENCODER"}]}]
2) Get list of streams with ID's with http://127.0.0.1:8082/manage/publish_control/status . Sample response:
{"PublishControlStatus":[{"key":"1", "id":"ID_1", "ip":"192.168.1.1","stream":"live/one"}, {"key":"2", "id":"ID_2", "ip":"192.168.1.2","stream":"live/two"}]}
3) Match streams from rtmp_status with streams from publish_control/status and do POST list of clients you want to deny to
http://127.0.0.1:8082/manage/publish_control/deny . Sample request:
{"PublishControlDenyRequest":["2"]}

Gabriel 2017-10-12 14:31:34 UTC 

Of course, it's not simple.

There should be some easy method to set the maximum bitrate of a stream.

It's basic.

Any simpler alternative? At least to set a default value for all streams.

Alex Pokotilo 2017-10-12 22:27:12 UTC 

No, it's the only one way

Gabriel 2017-10-13 03:28:33 UTC 

Will it be available in a future update?

Alex Pokotilo 2017-10-13 03:33:54 UTC 

You can do what you need following provided method. You will get simple script with your business logic and you will probably even like you can control your publisher completely implementing any logic you want.

We don't have any plans to implement it in the way you propose. This doen't mean we will not. This doesn't mean we will though.
We got nothing to say more on the subject. If you want to have it now you already got reply.

Post a reply


Post a new question

Categories:

Tags:

nimbleNimble StreamerFAQHLSnimble streamerDVRRTMPhlsSRTsrtABRrtmpcacheNimblewmsauthAPItranscoderdvrffmpegapisldpudpVODaudioRTSPfailoverrtspDASHwmspanelUDPvodpaywallstreamingabrSLDPyoutubemp4DispersastreamerandroidsslmulticastLarixsubtitlesliveNDIvideolivestreamingplaylistWMSAuthMPEG-DASHpay-per-viewerrorgeoMPEG-TSre-streamingdashcorsWMSPaneledgebandwidththumbnaillarix broadcasterWindowshttpswhite labelconfigsmilFFMPEGencryptionCORSperformancechunksraspberry pimpeg-dashpublish controlcloudfrontDRMRepublishingvlcAWSS3advertisinguser agentadvertizerristrepublishingrules.confipv6MPEGTSFastSpringRecordingRAMwms panelfileFMLEVATcrossdomainSMILmpegtsaespushakamaimobilewowzaPullserverscodecmanifestSSLchromecastbalancedrmTranscodem3u8TranscoderbugWowzaIDreportingconfigurationsnapshotdownloadawsAndroidnimblestreamerdomaintranscoderaspianloopscte35streamroutesamazonupdateipVidillionHttpsmpeg-tsBroadcastplaylist_dvrVLCPIDerrorsEncoderoriginscte-35issuechunklimitsecurityLarix BroadcasterIPCDNthumbnailsUIRegistration Issuedirect link32-bit Windowstwitchcache_controlitworkmecudalive abr support mpeg-dashwmspanelapibeirutreloadWWDCdubaideep statsCentOS v6.4logIIS Smooth StreamingcloudmediaIPTVprofilelarix abrTSReaderAbrHTTPSHot-linking protectionHDSvaddioalertsMuxjwplayer websitewhmcsbaselinetimelineVaddioAV BridgePI3 Ubuntuview timeAuthentication in HLSNimble Streamer APIPi4streamsinterfacesHLS Meta Tag editing.encrytpionloadbalancingwmsattachmentHEVCmetadatamod_rewritewmsauthsignpricehighresourcehds streamOld logsciscolocalscreencastID3 tagsgbpsAxis.net hotlinkRTMP republishattaching domainssdpshoutcastno internetInterlacedocumentationofflinecontainerNimble streamer upgradeMulticast*concurrent-connectionsTrancoderrecordingrtmp abranalisysresumeniblerhls restreamingServer-siderestreamstoppedMPEG2TSNimble Streamer versionmainWMSCONFIG_HOMEdissapointmentdatmessagegentoo install server nimbletranscoding using NvidiaPublic IpPaywall AuthwildcardobsTCOno WMSPanelVideo Playertransocding republishingdecoderAliaspay per viewlost trafficdvr_archivesmpeg dashnginx rtmp nimbleRaspian Bustericecast urlexportopensslchangelimuxamazon web servicenginxPlayReadydvr stream twiceLarix GroveamfIOSAXVVGhot-linkExpression EncoderblocknvenconSteam stopped workingadaptiveAV1 codecHLS PlayerJWPLAYERNGINX-RTMPDASH PlayerHLS voddvr export to mp47analyticsapplicationpaywalbrandingtrialCablemicrosoft streamMP4rocksoftlog traffic statsjpegscreen freezecan't registeraccuracyprivate networkLarge DVR fileslive videodebianTelegraminterleavingSLDP PLayerseekingmac osx installwotermarklive video on demandbandwithnimblesessionidFFmpegmultiple originsvimeohelp errorserverload balancezabbixheadercache expirycdnvsomlog nimble analysertmp playbacklive streamsourceViewer StatsAdsvideojsLive Streamingbitrate#restreamMP4 not playedspaceServer-Side-Task-Controlvideo stopaes encryptionsubscriptionvod no soundconcurrent connectionlebanonlocationdvr streamconnectivityUbuntu 20 ARM - AWSunique visitorstereo to monoscreen capturelive pull settingsWMSPanel settingsABR HLS Bitratesrtmp for YouTube4Kcrossdomain more then 1 domainWidevineFairplaycpunot foundCPU LoadpullAS3loggingnimble streamer vod hls transmuxingbuttAWS 3Cross Domaininsert logoinstall players setup ready to goDVRSettingstwitch larix broadcaster androidicecast metadataDVRStreamsAppleDelete recordspremium featureControl APIProgressivenimble streamer web server php script pageautomationLive streamingvideo loopUbuntu artful 17.10Transcoder MPEG DASHinvalidMPEG DASHstarttime duration seekpointadd_chunk failedPost processingfake extensionstatus:errorrebootdroppingmobile app live streamingmonitoroutrateudp streamingapi accessDeep statsicecastMPEG-Dashloadbalancerweb playercontent-dispositionpaymentstatsNimble ServerAVCaptureMovieFileOutputblock downloadrestartdvr streamsavoid refreshlivestreamABR DVR problemNimble CapacityHotlinking ProtectionStreaming routehotlinkfacebookcontentRTMP RepublishSecurityLive Switcherdemandnot to stealLive BroadcastMultiple Audio trackssecure streaminglow_bandwidthwmsAuthSignnimble streamer mpeg-ts multiple inputsLoad-Balancingvp9adsounddisk migrationThumbnailsserver incorrect timeLIVELivelearnernimble webcam html5ssaiDVR Setting limitpausemosaicHow to do live stream with multiple audio trackrmtptranscoder nimblereportsdvr on wmspanelfpsVideo cant be playedS3 AWSraspberryPaywalllivestreamintransocderstorage space availablediskcredentialsdvr to livewebhookautomateuser_agentvbv-maxratedomain lockUsers limitoutputcloudflareVOD HLS streaming on public IPlarixscteInvalid frame headerno soundincoming streamSubtitleslivestream bitratedockerDVRRecordingAuthGopDVR SettingPORTdelaympeg4storagealias route.movartifactsrtsp push androidmultiviewRAM Loadhttp serverLatencywirecasta recordruleshow-tomanage_dvrError when installingVP9server ip21Nimble connectionsabr fallbackno audiolatencyaliasdata slicesplayer sldpmp2 audioNimble streamerfastspringsoftware versionadjustSO_RCVBUFbuffering videodistributionbufferqataritworkscdnvideo.jsmultiplexcompatibility protocolsCentos 8pay-per-minuteTeradek Decoderubuntu 183.6.1-1UDP MulticastMax connectionincomingmulti-viewerFallbackhelpmultiple audio udphotlink protectionRaspberryPi4ultra low latencyaws amazonhls to multicast udpnoobSSL requestsha265broadcasterOSXmd5analyseStreamIDprerollnimble on cloudrtmp sldp nimblepluginfallbacktasks-controlRaspberryRTMP to SRTLinuxgpu{stream}Connections count limitNimble_Crushwebrtc4GRIST Bondingplayoutsrt-live-transmitWowza AgentRemote StorageSSAItuningAmazonTVfireOBSvideo and audio not matchLarix broadcasterNetworkspeedup my videoiOSPerformanceSnapshotsSRT RTMPre-publishingletsencryptTonydowntranscodingFFMPEG;RTMP;I/O errorLL-HLSHTML5 playerAddendaABR DASHprogressive downloadeventLL-HLS DVRav1 codecconnectionsNimbleStreamernimble aliasesNimble StreambuildABR bitratesPacketizingcountrist set fecmultiple audioOBS StudioWMSAUTHIVSDelaympeg2tsIIS Media Servicsrtmp republishing transcodenimble.confinterfacetrackbindprogressivebroadcast videovideo audioSRT protocoldvbduplicatingpcdynamic linksTLSV 1.2 CertificatesubfolderbrowserurlGoogle DriveHLS Streamingrtmpscostnimble abr hlsthumbnail dvr-thumbnailaudio languageVR-360Failovergoogle cloud storagepricingoverlayhot linkingTRANSCODErtpnimble dvrBandwidthdurationYadifportsRokuContinuitywordpressJetson NanoSecureLarix PlayerramfairplayNginxpublish streamStream Delayhd25trafficAArch64video streamingQuickTimeCloud StorageRistmultistreamingmultipleserver ssl erroractionscript 3dropped framesCSSMPEG2 VideoPCRlogo in streammultipointrulerepublishconcurrent

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.