Jump to content
Search In
  • More options...
Find results that contain...
Find results in...



#0
Guest

User Menu


Sign In

Sign In



Or sign in with one of these services

Sign Up

Forum Menu


Register now to M1GC to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an M1GC account for free today!

  • M1GC

M1GC

How to Secure NGINX/RTMP stream to Facebook using Stunnel

Recommended Posts

Unfortunately, The NGINX module nginx-rtmp-module doesn’t support RTMPS “out-of-the-box”.
The nginx-rtmp-module also doesn't support pushing to an rtmps:// address...
and i don't think the feature will be added in recent releases as it is simple to achieve this...

A easy way to incorporate RTMPS into this module is by using stunnel, a popular “application used to provide a universal TLS/SSL tunneling service”.

How to Secure rtmps push / rtmps stream to Facebook
I'll assume you have some pre-installed version of Nginx installed with the RTMP-Module & ffmpeg (optional)

Using NGINX on Windows 
For this setup, I’m using nginx 1.17.0.1 Crow (download here) on Windows 10.
The subscription version for windows contains the RTMP-Module

(Read here to view free / commercial Nginx modules installed)
Purchase your subscription here.

  • Follow the instructions on How to install and configure Nginx on Windows (Here)

NGINX AND THE RTMP STREAMING SERVER MODULE

MUST BE CONFIGURED FOR WINDOWS STREAMING BEFORE USING STUNNEL

Stunnel for Windows (download here)
After you installed stunnel, you need to edit stunnel.conf which is located in 
C:\\Users\YourUsername\AppData\Local\stunnel\config\stunnel.conf

Stunnel uses SSL certificates to secure its connections, which you can easily create using the OpenSSL package:

On Windows

On windows, during stunnels install / start up,
you will create a default certificate for your server which can be used to secure your server from man in the middle attacks...

Your code will look like so, to use a secure certificate during your live streams.

[fb-live]
client = yes
accept = 127.0.0.1:19350
connect = live-api-s.facebook.com:443
verifyChain = yes
CAfile =  C:\Program Files (x86)\stunnel\config\ca-certs.pem
checkHost = live-api-s.facebook.com
OCSPaia = yes

This creates a session that allows NGINX to send the stream via RTMP and stunnel will then send the stream to Facebook via RTMPS.

 ____________        ____________        ____________        ____________  
| Streaming  |      |            |      |            |      |  Facebook  | 
|   Source   | ---> |   NGINX    | ---> |   stunnel  | ---> |    Live    | 
|____________|      |____________|      |____________|      |____________|
Now modify nginx.conf and replace the old Facebook push instruction (If you had it there before) with the following line:
 
push rtmp://127.0.0.1:19350/rtmp/<your_facebook_stream_key>;

Save those two files and start stunnel via command-line or with the GUI application and then start nginx. 
Test your live stream with OBS or ffmpeg. 

That’s all there is to it!

On Linux
Linux (Ubuntu Server latest)

Again Assuming you have Nginx and RTMP-Module, ffmpeg installed.
If you haven't installed nginx compiled with the RTMP-Module on your ubuntu server system, (Click here for instruction)
 
NGINX AND THE RTMP STREAMING SERVER MODULE
MUST BE COMPILED/CONFIGURED FOR LINUX STREAMING BEFORE USING STUNNEL

I'm installing Stunnel on Ubuntu Server 20.04 - with root user. 
You need to switch root user or use sudo for every commands listed below.
 
Install stunnel
apt install stunnel4

Here is a minimal configuration of stunnel

Create the minimal configuration for stunnel
Using vi or vim text editors.
vi /etc/stunnel/stunnel.conf

or

vim /etc/stunnel/stunnel.conf

Paste in the following and Save

setuid = stunnel4
setgid = stunnel4
pid=/tmp/stunnel.pid
output = /var/log/stunnel4/stunnel.log
include = /etc/stunnel/conf.d

Enable tunnel in /etc/default/stunnel4

vi /etc/default/stunnel4

or

vim /etc/default/stunnel4

Paste

ENABLE=1

Save file

Now create and add a tunnel for Facebook Live address

vi /etc/stunnel/conf.d/fb.conf

or

vim /etc/stunnel/conf.d/fb.conf

PASTE

[fb-live]
client = yes
accept = 127.0.0.1:19350
connect = live-api-s.facebook.com:443
verifyChain = yes
CAfile = /etc/stunnel/ca-certs.pem
checkHost = live-api-s.facebook.com
OCSPaia = yes

Save file

Please Note: If you receive a error creating the above file,
The conf.d directory might not created by default.
Create it, then recreate the file above. 

To create it the conf.d directory

mkdir /etc/stunnel/conf.d/ 
or if not root user
sudo mkdir /etc/stunnel/conf.d/

Start Stunnel

systemctl restart stunnel4 && systemctl status stunnel4
or
Service stunnel4 restart && service stunnel4 status
Assuming FFMPEG is installed,
We can run a ffmpeg command to test pushing a stream, target to local stunnel port :19350
ffmpeg -re -i rtmp://127.0.0.1/live/yourstreamkeyinobs -c:v libx264 -c:a aac -f flv rtmp://127.0.0.1:19350/rtmp/<facebook-live-stream-key>

If your stream goes live on Facebook, The Stunnel is Now ready to work! ?

Now we just need to Replace the URL to the local stunnel port within the NGINX RTMP config.

Change this line in your nginx config (Streaming to Facebook Un-Securely)
push rtmp://live-api-s.facebook.com:80/rtmp/<facebook-live-stream-key>;
to (Streaming to Facebook Securely)
push rtmp://127.0.0.1:19350/rtmp/<facebook-live-stream-key>;

All done!

Again, From a high level
  • Your Streaming Source (OBS/XSplit/Wirecast/etc)
  • NGINX
  • Stunnel
  • Facebook
Your stream should now operate like so:
 ____________        ____________        ____________        ____________  
| Streaming  |      |            |      |            |      |  Facebook  | 
|   Source   | ---> |   NGINX    | ---> |   stunnel  | ---> |    Live    | 
|____________|      |____________|      |____________|      |____________|
That's all there is to it.
Hope this helps out on pushing your streams securely to rtmps servers.
  • Thanks 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Welcome to M1GC

    tenor.gif

    We accept players of all skill levels and help members grow at their own pace.

    We are respectful, determined, and proud to be M1GC members..

  • Guilded_Logomark_Wordmark_Color.png

    Check out M1GC on Guilded

  • Sign up to Restream.io

    M1-Gaming Is Inviting you to Join Restream. The best way to stream video live to 30+ platforms simultaneously for free.

  • M1GC

About Us

M1GC it's a community based on PC and Console Gaming.

Social Links

M1GC Facebook Group Join
M1GC Steam Group Join
M1GC Discord Server Join
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.