Fix audio, routing, auth, and stream lifecycle
- Switch OBS output to RTMP; add FFmpeg AAC->Opus transcoding via MediaMTX runOnReady so WebRTC can carry audio (WebRTC requires Opus, not AAC) - Enable RTSP on localhost so FFmpeg reads game path without publisher conflict; viewers connect to game-opus path (H264+Opus) - Fix WHEP/HLS path prefix stripping in NPM advanced config; move all custom locations (/whep, /hls, /v3) out of NPM GUI and into advanced conf so trailing-slash proxy_pass correctly strips prefixes before hitting MediaMTX - Fix MediaMTX API port 49997->19997 (49997 was in Windows ephemeral range) - Add /status proxy endpoint to OBS HTTP server so frontend can poll stream readiness without hitting /v3/ through NPM where auth_request blocked it - Fix authInternalUsers: split publish (localhost only) from read (any IP) so WHEP viewers are not challenged with Basic Auth by MediaMTX - Remove muted attribute from video element; show unmute/play button on autoplay block so viewers get audio after one click - Fix webrtcAdditionalHosts to include LAN IP 192.168.50.254 - Fix hlsAllowOrigin->hlsAllowOrigins deprecation warning - Move MediaMTX/HTTP server startup to script_load (not streaming started) so MediaMTX is ready before OBS attempts RTMP connection - Log MediaMTX output to bin/mediamtx.log for easier debugging Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+41
-25
@@ -16,30 +16,22 @@ writeQueueSize: 512
|
||||
###############################################################################
|
||||
|
||||
api: yes
|
||||
apiAddress: 127.0.0.1:49997
|
||||
apiAddress: 127.0.0.1:19997
|
||||
|
||||
###############################################################################
|
||||
# WebRTC (WHIP ingest + WHEP playback)
|
||||
###############################################################################
|
||||
|
||||
webrtc: yes
|
||||
# HTTP listener for WHIP/WHEP signaling (SDP exchange).
|
||||
# NPM proxies /whep/* and the OBS WHIP target (localhost) to this.
|
||||
webrtcAddress: :48889
|
||||
webrtcEncryption: no # TLS is handled at NPM; this listener is LAN/localhost only
|
||||
# Dedicated UDP port for SRTP media. NPM Stream forwards public UDP 48189 here.
|
||||
webrtcEncryption: no
|
||||
webrtcLocalUDPAddress: :48189
|
||||
# No TCP fallback - we only want a single UDP path for simplicity.
|
||||
webrtcLocalTCPAddress: ''
|
||||
# Tell browsers to send media to the public hostname.
|
||||
# Replace stream.hetherman.cloud if your public hostname differs.
|
||||
webrtcAdditionalHosts:
|
||||
- stream.hetherman.cloud
|
||||
# Public STUN helps browsers discover their own reflexive candidates when
|
||||
# behind NAT; the server side does not need it but it speeds up ICE.
|
||||
- 192.168.50.254
|
||||
webrtcICEServers2:
|
||||
- url: stun:stun.l.google.com:19302
|
||||
# Disable trickle handshake complications - plain offer/answer is enough.
|
||||
webrtcHandshakeTimeout: 10s
|
||||
webrtcTrackGatherTimeout: 2s
|
||||
|
||||
@@ -56,15 +48,22 @@ hlsSegmentCount: 7
|
||||
hlsSegmentDuration: 200ms
|
||||
hlsPartDuration: 200ms
|
||||
hlsSegmentMaxSize: 50M
|
||||
hlsAllowOrigin: '*'
|
||||
hlsAllowOrigins: ['*']
|
||||
hlsTrustedProxies: []
|
||||
|
||||
###############################################################################
|
||||
# Disabled protocols (reduce attack surface)
|
||||
# Protocols
|
||||
###############################################################################
|
||||
|
||||
rtsp: no
|
||||
rtmp: no
|
||||
# RTSP on localhost only - used internally so FFmpeg can read the game path
|
||||
# as a consumer (not a publisher) without conflicting with OBS.
|
||||
rtsp: yes
|
||||
rtspAddress: 127.0.0.1:8554
|
||||
|
||||
# RTMP for OBS ingest. Localhost only.
|
||||
rtmp: yes
|
||||
rtmpAddress: 127.0.0.1:1935
|
||||
|
||||
srt: no
|
||||
|
||||
###############################################################################
|
||||
@@ -72,18 +71,35 @@ srt: no
|
||||
###############################################################################
|
||||
|
||||
pathDefaults:
|
||||
# Drop publishers that connect but never send media.
|
||||
sourceOnDemand: no
|
||||
|
||||
authInternalUsers:
|
||||
- user: any
|
||||
pass: ""
|
||||
ips: [127.0.0.1/32, ::1/128]
|
||||
permissions:
|
||||
- action: publish
|
||||
- action: api
|
||||
- user: any
|
||||
pass: ""
|
||||
ips: []
|
||||
permissions:
|
||||
- action: read
|
||||
|
||||
paths:
|
||||
# The single stream path. OBS publishes here via WHIP
|
||||
# (http://localhost:48889/game/whip), friends watch via WHEP
|
||||
# (https://stream.hetherman.cloud/whep/game/whep).
|
||||
# OBS publishes H264+AAC here via RTMP.
|
||||
# runOnReady spawns FFmpeg which reads via RTSP (as a reader, no publisher
|
||||
# conflict) and re-publishes to game-opus with audio transcoded to Opus.
|
||||
game:
|
||||
source: publisher
|
||||
# Only the local OBS instance is allowed to publish.
|
||||
# External hijack attempts are blocked at this layer, independent of NPM.
|
||||
publishIPs:
|
||||
- 127.0.0.1/32
|
||||
- ::1/128
|
||||
# No reader restrictions - NPM + Authentik gate reads at the edge.
|
||||
runOnReady: >-
|
||||
ffmpeg
|
||||
-i rtsp://127.0.0.1:8554/game
|
||||
-c:v copy
|
||||
-c:a libopus -b:a 128k -ar 48000 -ac 2
|
||||
-f rtsp rtsp://127.0.0.1:8554/game-opus
|
||||
runOnReadyRestart: yes
|
||||
|
||||
# Transcoded path: H264 + Opus. Viewers connect here via WHEP/HLS.
|
||||
game-opus:
|
||||
source: publisher
|
||||
|
||||
Reference in New Issue
Block a user