From c23e8799fe394b80e44b11a13d0d92fe6054e742 Mon Sep 17 00:00:00 2001 From: Brian Date: Sun, 5 Apr 2026 20:52:50 -0400 Subject: [PATCH] chore: shift all ports by +40000 to avoid defaults 8080->48080, 8889->48889, 8888->48888, 9997->49997, 8189->48189 Co-Authored-By: Claude Sonnet 4.6 --- config/mediamtx.yml | 12 ++++++------ docs/npm-setup.md | 24 ++++++++++++------------ docs/obs-setup.md | 26 +++++++++++++------------- obs-script/game_stream.py | 12 ++++++------ scripts/install.ps1 | 6 +++--- 5 files changed, 40 insertions(+), 40 deletions(-) diff --git a/config/mediamtx.yml b/config/mediamtx.yml index e423c77..38fefc2 100644 --- a/config/mediamtx.yml +++ b/config/mediamtx.yml @@ -16,7 +16,7 @@ writeQueueSize: 512 ############################################################################### api: yes -apiAddress: 127.0.0.1:9997 +apiAddress: 127.0.0.1:49997 ############################################################################### # WebRTC (WHIP ingest + WHEP playback) @@ -25,10 +25,10 @@ apiAddress: 127.0.0.1:9997 webrtc: yes # HTTP listener for WHIP/WHEP signaling (SDP exchange). # NPM proxies /whep/* and the OBS WHIP target (localhost) to this. -webrtcAddress: :8889 +webrtcAddress: :48889 webrtcEncryption: no # TLS is handled at NPM; this listener is LAN/localhost only -# Dedicated UDP port for SRTP media. NPM Stream forwards public UDP 8189 here. -webrtcLocalUDPAddress: :8189 +# Dedicated UDP port for SRTP media. NPM Stream forwards public UDP 48189 here. +webrtcLocalUDPAddress: :48189 # No TCP fallback - we only want a single UDP path for simplicity. webrtcLocalTCPAddress: '' # Tell browsers to send media to the public hostname. @@ -48,7 +48,7 @@ webrtcTrackGatherTimeout: 2s ############################################################################### hls: yes -hlsAddress: :8888 +hlsAddress: :48888 hlsEncryption: no hlsAlwaysRemux: no hlsVariant: lowLatency @@ -77,7 +77,7 @@ pathDefaults: paths: # The single stream path. OBS publishes here via WHIP - # (http://localhost:8889/game/whip), friends watch via WHEP + # (http://localhost:48889/game/whip), friends watch via WHEP # (https://stream.hetherman.cloud/whep/game/whep). game: source: publisher diff --git a/docs/npm-setup.md b/docs/npm-setup.md index 6c94163..28f3c97 100644 --- a/docs/npm-setup.md +++ b/docs/npm-setup.md @@ -4,7 +4,7 @@ Configures NPM to: 1. Serve `https://stream.hetherman.cloud` with TLS + Authentik forward auth, reverse-proxying HTTP traffic to the Windows gaming PC. -2. Forward public UDP 8189 (WebRTC media) to the gaming PC via an NPM +2. Forward public UDP 48189 (WebRTC media) to the gaming PC via an NPM **Stream** (L4 UDP proxy). Replace `` with the LAN IP of the Windows gaming PC @@ -22,9 +22,9 @@ Make sure your router forwards these to NPM (not to the PC directly): | Proto | External port | Internal target | |-------|--------------|-------------------| | TCP | 443 | NPM host, 443 | -| UDP | 8189 | NPM host, 8189 | +| UDP | 48189 | NPM host, 48189 | -(TCP 443 is probably already forwarded for your other services; UDP 8189 is +(TCP 443 is probably already forwarded for your other services; UDP 48189 is the new one for this app.) ## 3. NPM Proxy Host (HTTP) @@ -38,7 +38,7 @@ In NPM, **Hosts -> Proxy Hosts -> Add Proxy Host**. | Domain Names | `stream.hetherman.cloud` | | Scheme | `http` | | Forward Hostname | `` | -| Forward Port | `8080` | +| Forward Port | `48080` | | Cache Assets | off | | Block Common Exploits | on | | Websockets Support | **on** (WebRTC signaling works without this, but it costs nothing) | @@ -49,9 +49,9 @@ forward-auth gating). | Location | Scheme | Forward Hostname | Forward Port | |----------|--------|------------------|--------------| -| `/whep` | `http` | `` | `8889` | -| `/hls` | `http` | `` | `8888` | -| `/v3` | `http` | `` | `9997` | +| `/whep` | `http` | `` | `48889` | +| `/hls` | `http` | `` | `48888` | +| `/v3` | `http` | `` | `49997` | **SSL tab:** @@ -72,13 +72,13 @@ In NPM, **Hosts -> Streams -> Add Stream**. | Field | Value | |-------------------|---------------| -| Incoming Port | `8189` | +| Incoming Port | `48189` | | Forward Host | `` | -| Forward Port | `8189` | +| Forward Port | `48189` | | TCP | **off** | | UDP | **on** | -Save. NPM (nginx `stream` module) now forwards public UDP 8189 to MediaMTX +Save. NPM (nginx `stream` module) now forwards public UDP 48189 to MediaMTX on the gaming PC. This is the path WebRTC media takes after ICE negotiation. ## 5. Verify @@ -95,7 +95,7 @@ on the gaming PC. This is the path WebRTC media takes after ICE negotiation. `/hls/game/index.m3u8`, and `/v3/paths/get/game` all return 200 (and not 401/302). 4. **UDP stream:** with OBS streaming, tail the NPM container logs - you - should see entries from the stream module for UDP connections on 8189. + should see entries from the stream module for UDP connections on 48189. Alternatively, from the NPM host run - `tcpdump -n -i any udp port 8189` and confirm packets flow while a + `tcpdump -n -i any udp port 48189` and confirm packets flow while a viewer is connected. diff --git a/docs/obs-setup.md b/docs/obs-setup.md index 0ebf1c4..781dacb 100644 --- a/docs/obs-setup.md +++ b/docs/obs-setup.md @@ -8,7 +8,7 @@ Prerequisites: - OBS Studio 30.0 or newer (WHIP output is built in from 30.x onward). - You already ran `.\scripts\install.ps1` in an elevated PowerShell, so - `bin\mediamtx.exe` exists and the `GameStream-UDP-8189` firewall rule is + `bin\mediamtx.exe` exists and the `GameStream-UDP-48189` firewall rule is registered (in the disabled state). ## 1. Load the OBS script @@ -22,10 +22,10 @@ Prerequisites: | MediaMTX binary | `\bin\mediamtx.exe` | | MediaMTX config | `\config\mediamtx.yml` | | Frontend directory | `\frontend` | - | Frontend HTTP port | `8080` (default) | - | Firewall rule name | `GameStream-UDP-8189` (must match the rule created by install.ps1) | + | Frontend HTTP port | `48080` (default) | + | Firewall rule name | `GameStream-UDP-48189` (must match the rule created by install.ps1) | | Public URL | `https://stream.hetherman.cloud` | - | MediaMTX API URL | `http://127.0.0.1:9997` | + | MediaMTX API URL | `http://127.0.0.1:49997` | 4. Check the **Script Log** at the bottom - you should see `[game_stream] game_stream.py loaded`. @@ -79,7 +79,7 @@ generous headroom. Push to 12000-15000 Kbps if you want higher quality. |----------|-----------------------------------------------| | Service | Custom | | Protocol | **WHIP** | -| Server | `http://localhost:8889/game/whip` | +| Server | `http://localhost:48889/game/whip` | | Bearer Token | (leave blank) | Save. @@ -88,9 +88,9 @@ Save. 1. Click **Start Streaming**. 2. Check the OBS Script Log - you should see: - - `Firewall rule 'GameStream-UDP-8189' ENABLED` + - `Firewall rule 'GameStream-UDP-48189' ENABLED` - `MediaMTX started (pid=...)` - - `Frontend HTTP server listening on 0.0.0.0:8080` + - `Frontend HTTP server listening on 0.0.0.0:48080` - `Viewers can watch at: https://stream.hetherman.cloud` 3. Open `https://stream.hetherman.cloud` from another device, log in with Authentik, and verify video plays. @@ -101,12 +101,12 @@ Click **Stop Streaming** in OBS. The script will: - Stop the MediaMTX subprocess - Stop the frontend HTTP server -- Disable the firewall rule (`GameStream-UDP-8189` -> disabled) +- Disable the firewall rule (`GameStream-UDP-48189` -> disabled) Verify the firewall state from PowerShell: ```powershell -Get-NetFirewallRule -DisplayName "GameStream-UDP-8189" | Select-Object Enabled +Get-NetFirewallRule -DisplayName "GameStream-UDP-48189" | Select-Object Enabled ``` Should report `False` while not streaming, `True` while streaming. @@ -116,17 +116,17 @@ Should report `False` while not streaming, `True` while streaming. - **"MediaMTX binary not found"** in the script log: the path in the script properties panel is wrong. Re-select it with the file picker. - **OBS cannot connect to WHIP**: MediaMTX did not start. Check the script - log for the actual reason; most commonly a port conflict on 8889 or 8189 + log for the actual reason; most commonly a port conflict on 48889 or 48189 (another process is already using them). - **Viewers see "Stream offline"** even after you click Start Streaming: - Check that the MediaMTX API returns `ready: true`: - `curl http://localhost:9997/v3/paths/get/game` + `curl http://localhost:49997/v3/paths/get/game` - Check OBS's own streaming indicator - if it's red, OBS is not actually sending to WHIP. Verify the URL and that the custom service / WHIP protocol is selected. - **Viewers connect but playback freezes after a few seconds:** the UDP port path is broken. Verify the firewall rule is enabled (`Get-NetFirewallRule`), - the router port-forward to NPM for UDP 8189 is correct, and the NPM Stream - entry points at `:8189`. + the router port-forward to NPM for UDP 48189 is correct, and the NPM Stream + entry points at `:48189`. - **Autoplay is blocked / no audio:** browsers start the video muted so autoplay works. There is a "Click to unmute" button in the status bar. diff --git a/obs-script/game_stream.py b/obs-script/game_stream.py index d3db804..a760e45 100644 --- a/obs-script/game_stream.py +++ b/obs-script/game_stream.py @@ -47,10 +47,10 @@ CONFIG = { "mediamtx_binary": "", "mediamtx_config": "", "frontend_dir": "", - "http_port": 8080, - "firewall_rule_name": "GameStream-UDP-8189", + "http_port": 48080, + "firewall_rule_name": "GameStream-UDP-48189", "public_url": "https://stream.hetherman.cloud", - "api_url": "http://127.0.0.1:9997", + "api_url": "http://127.0.0.1:49997", } @@ -401,15 +401,15 @@ def script_defaults(settings): obs.obs_data_set_default_string(settings, "mediamtx_binary", "") obs.obs_data_set_default_string(settings, "mediamtx_config", "") obs.obs_data_set_default_string(settings, "frontend_dir", "") - obs.obs_data_set_default_int(settings, "http_port", 8080) + obs.obs_data_set_default_int(settings, "http_port", 48080) obs.obs_data_set_default_string( - settings, "firewall_rule_name", "GameStream-UDP-8189", + settings, "firewall_rule_name", "GameStream-UDP-48189", ) obs.obs_data_set_default_string( settings, "public_url", "https://stream.hetherman.cloud", ) obs.obs_data_set_default_string( - settings, "api_url", "http://127.0.0.1:9997", + settings, "api_url", "http://127.0.0.1:49997", ) diff --git a/scripts/install.ps1 b/scripts/install.ps1 index c57e705..44909dd 100644 --- a/scripts/install.ps1 +++ b/scripts/install.ps1 @@ -19,8 +19,8 @@ [CmdletBinding()] param( - [string]$FirewallRuleName = "GameStream-UDP-8189", - [int]$UdpPort = 8189 + [string]$FirewallRuleName = "GameStream-UDP-48189", + [int]$UdpPort = 48189 ) $ErrorActionPreference = 'Stop' @@ -110,6 +110,6 @@ Write-Host " Frontend dir : $(Join-Path $projectRoot 'frontend')" Write-Host " 3. Configure OBS Stream output:" Write-Host " Service : Custom" Write-Host " Protocol : WHIP" -Write-Host " Server : http://localhost:8889/game/whip" +Write-Host " Server : http://localhost:48889/game/whip" Write-Host " 4. See docs/ for NPM + Authentik setup on your reverse proxy host." Write-Host ""