curtishall/ATAK-UAS-RTSP-README.md

## ATAK-UAS-RTSP-README.md

      
    Raw
  

              ATAK-UAS-RTSP-README.md
            
          
    1/10/2024 - I have linked a slightly newer version, still out of date, but I need to test newer versions to make sure there is no configuration changes.

Some users report having to comment out the following, your mileage may vary:

readBufferSize, runOnPublish, runOnPublishRestart, runOnRead, runOnReadRestart
ATAK users change the observer URL in UAS Tool to point to 554 (or whatever port you decide to use)

Download the latest rtsp-simple-server (0.17.13)

wget https://github.com/bluenviron/mediamtx/releases/download/v0.19.0/rtsp-simple-server_v0.19.0_linux_amd64.tar.gz

Extract the binary and a yaml config file

tar -zxvf rtsp-simple-server_v0.19.0_linux_amd64.tar.gz

Copy the binary to /usr/local/bin/

sudo cp rtsp-simple-server /usr/local/bin/rtsp-simple-server

Copy the configuration file to use with ATAK to /usr/local/etc

sudo curl https://gist.githubusercontent.com/curtishall/77b9dd3660511b7e173fbc4647ccfcb3/raw/be64945dcecad80f02e48c7bd763a1a7a3b77920/rtsp-simple-server.yml -o usr/local/etc/rtsp-simple-config.yml

Create a server file

sudo tee /etc/systemd/system/rtsp-simple-server.service >/dev/null << EOF
[Unit]
After=network.target
[Service]
ExecStart=/usr/local/bin/rtsp-simple-server /usr/local/etc/rtsp-simple-config.yml
[Install]
WantedBy=multi-user.target
EOF

Enable the newly created rtsp-simple-server service

sudo systemctl enable rtsp-simple-server

Start rtsp-simple-server and tail syslog to see how things look
sudo systemctl start rtsp-simple-server && tail -f /var/log/syslog

In ATAK UAS Tool use the following Network Preferences:


Video Broadcast Type: Wowza Video
Destination IP Address:  i.e. - 192.168.86.232
Video Destination Port: 554
Use SSL: No
Video Broadcast Identifier: live/ATAK

(The live/ATAK can be changed, but make sure to not put an ending slash)
Then try to broadcast video, you should see this in /var/log/syslog:


Jan 12 23:55:41 rtsp-atak rtsp-simple-server[17053]: 2022/01/12 23:55:41 INF [RTSP] [conn 192.168.86.60:52250] opened
Jan 12 23:55:41 rtsp-atak rtsp-simple-server[17053]: 2022/01/12 23:55:41 INF [RTSP] [session 343057601] opened by 192.168.86.60:52250
Jan 12 23:55:41 rtsp-atak rtsp-simple-server[17053]: 2022/01/12 23:55:41 INF [RTSP] [session 343057601] is publishing to path 'live/ATAK', 1 track with TCP

Then test with VLC -> Open Network Stream, adjust path name according:

rtsp://ipaddress:554/live/ATAK
HLS instructions coming soon.


## rtsp-simple-server.yml

###############################################
# General parameters

# sets the verbosity of the program; available values are "error", "warn", "info", "debug".
logLevel: info
# destinations of log messages; available values are "stdout", "file" and "syslog".
logDestinations: [stdout]
# if "file" is in logDestinations, this is the file which will receive the logs.
logFile: /tmp/rtsp-simple-server.log

# timeout of read operations.
readTimeout: 10s
# timeout of write operations.
writeTimeout: 10s
# number of read buffers.
# a higher number allows a higher throughput,
# a lower number allows to save RAM.
readBufferCount: 512

# enable the HTTP API.
api: yes
# address of the API listener.
apiAddress: 0.0.0.0:9997

# enable Prometheus-compatible metrics.
metrics: no
# address of the metrics listener.
metricsAddress: 127.0.0.1:9998

# enable pprof-compatible endpoint to monitor performances.
pprof: no
# address of the pprof listener.
pprofAddress: 127.0.0.1:9999

# command to run when a client connects to the server.
# this is terminated with SIGINT when a client disconnects from the server.
# the server port is available in the RTSP_PORT variable.
runOnConnect:
# the restart parameter allows to restart the command if it exits suddenly.
runOnConnectRestart: no

###############################################
# RTSP parameters

# disable support for the RTSP protocol.
rtspDisable: no
# supported RTSP transport protocols.
# UDP is the most performant, but doesn't work when there's a NAT/firewall between
# server and clients, and doesn't support encryption.
# UDP-multicast allows to save bandwidth when clients are all in the same LAN.
# TCP is the most versatile, and does support encryption.
# The handshake is always performed with TCP.
protocols: [tcp, udp]
# encrypt handshake and TCP streams with TLS (RTSPS).
# available values are "no", "strict", "optional".
encryption: "no"
# address of the TCP/RTSP listener. This is needed only when encryption is "no" or "optional".
rtspAddress: :554
# address of the TCP/TLS/RTSPS listener. This is needed only when encryption is "strict" or "optional".
rtspsAddress: :8555
# address of the UDP/RTP listener. This is needed only when "udp" is in protocols.
rtpAddress: :8000
# address of the UDP/RTCP listener. This is needed only when "udp" is in protocols.
rtcpAddress: :8001
# IP range of all UDP-multicast listeners. This is needed only when "multicast" is in protocols.
multicastIPRange: 224.1.0.0/16
# port of all UDP-multicast/RTP listeners. This is needed only when "multicast" is in protocols.
multicastRTPPort: 8002
# port of all UDP-multicast/RTCP listeners. This is needed only when "multicast" is in protocols.
multicastRTCPPort: 8003
# path to the server key. This is needed only when encryption is "strict" or "optional".
# this can be generated with:
# openssl genrsa -out server.key 2048
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
serverKey: server.key
# path to the server certificate. This is needed only when encryption is "strict" or "optional".
serverCert: server.crt
# authentication methods.
authMethods: [basic, digest]
# read buffer size.
# this doesn't influence throughput and shouldn't be touched unless the server
# reports errors about the buffer size.
readBufferSize: 2048

###############################################
# RTMP parameters

# disable support for the RTMP protocol.
rtmpDisable: no
# address of the RTMP listener.
rtmpAddress: :1935

###############################################
# HLS parameters

# disable support for the HLS protocol.
hlsDisable: no
# address of the HLS listener.
hlsAddress: :8888
# by default, HLS is generated only when requested by a user;
# this option allows to generate it always, avoiding an initial delay.
hlsAlwaysRemux: no
# number of HLS segments to generate.
# increasing segments allows more buffering,
# decreasing segments decreases latency.
hlsSegmentCount: 3
# minimum duration of each segment.
# the final segment duration is also influenced by the interval between IDR frames,
# since the server changes the segment duration to include at least a IDR frame in each one.
hlsSegmentDuration: 1s
# value of the Access-Control-Allow-Origin header provided in every HTTP response.
# This allows to play the HLS stream from an external website.
hlsAllowOrigin: '*'

###############################################
# Path parameters

# these settings are path-dependent.
# it's possible to use regular expressions by using a tilde as prefix.
# for example, "~^(test1|test2)$" will match both "test1" and "test2".
# for example, "~^prefix" will match all paths that start with "prefix".
# the settings under the path "all" are applied to all paths that do not match
# another entry.
paths:
  all:
    # source of the stream - this can be:
    # * publisher -> the stream is published by a RTSP or RTMP client
    # * rtsp://existing-url -> the stream is pulled from another RTSP server
    # * rtsps://existing-url -> the stream is pulled from another RTSP server with RTSPS
    # * rtmp://existing-url -> the stream is pulled from another RTMP server
    # * http://existing-url/stream.m3u8 -> the stream is pulled from another HLS server
    # * https://existing-url/stream.m3u8 -> the stream is pulled from another HLS server with HTTPS
    # * redirect -> the stream is provided by another path or server
    source: publisher

    # if the source is an RTSP or RTSPS URL, this is the protocol that will be used to
    # pull the stream. available values are "automatic", "udp", "multicast", "tcp".
    # the TCP protocol can help to overcome the error "no UDP packets received recently".
    sourceProtocol: automatic

    # if the source is an RTSP or RTSPS URL, this allows to support sources that
    # don't provide server ports or use random server ports. This is a security issue
    # and must be used only when interacting with sources that require it.
    sourceAnyPortEnable: no

    # if the source is a RTSPS or HTTPS URL, and the source certificate is self-signed
    # or invalid, you can provide the fingerprint of the certificate in order to
    # validate it anyway.
    # the fingerprint can be obtained by running:
    # openssl s_client -connect source_ip:source_port </dev/null 2>/dev/null | sed -n '/BEGIN/,/END/p' > server.crt
    # openssl x509 -in server.crt -noout -fingerprint -sha256 | cut -d "=" -f2 | tr -d ':'
    sourceFingerprint:

    # if the source is an RTSP or RTMP URL, it will be pulled only when at least
    # one reader is connected, saving bandwidth.
    sourceOnDemand: no
    # if sourceOnDemand is "yes", readers will be put on hold until the source is
    # ready or until this amount of time has passed.
    sourceOnDemandStartTimeout: 10s
    # if sourceOnDemand is "yes", the source will be closed when there are no
    # readers connected and this amount of time has passed.
    sourceOnDemandCloseAfter: 10s

    # if the source is "redirect", this is the RTSP URL which clients will be
    # redirected to.
    sourceRedirect:

    # if the source is "publisher" and a client is publishing, do not allow another
    # client to disconnect the former and publish in its place.
    disablePublisherOverride: no

    # if the source is "publisher" and no one is publishing, redirect readers to this
    # path. It can be can be a relative path  (i.e. /otherstream) or an absolute RTSP URL.
    fallback:

    # username required to publish.
    # sha256-hashed values can be inserted with the "sha256:" prefix.
    publishUser:
    # password required to publish.
    # sha256-hashed values can be inserted with the "sha256:" prefix.
    publishPass:
    # ips or networks (x.x.x.x/24) allowed to publish.
    publishIPs: []

    # username required to read.
    # sha256-hashed values can be inserted with the "sha256:" prefix.
    readUser:
    # password required to read.
    # sha256-hashed values can be inserted with the "sha256:" prefix.
    readPass:
    # ips or networks (x.x.x.x/24) allowed to read.
    readIPs: []

    # command to run when this path is initialized.
    # this can be used to publish a stream and keep it always opened.
    # this is terminated with SIGINT when the program closes.
    # the path name is available in the RTSP_PATH variable.
    # the server port is available in the RTSP_PORT variable.
    runOnInit:
    # the restart parameter allows to restart the command if it exits suddenly.
    runOnInitRestart: no

    # command to run when this path is requested.
    # this can be used to publish a stream on demand.
    # this is terminated with SIGINT when the path is not requested anymore.
    # the path name is available in the RTSP_PATH variable.
    # the server port is available in the RTSP_PORT variable.
    runOnDemand:
    # the restart parameter allows to restart the command if it exits suddenly.
    runOnDemandRestart: no
    # readers will be put on hold until the runOnDemand command starts publishing
    # or until this amount of time has passed.
    runOnDemandStartTimeout: 10s
    # the runOnDemand command will be closed when there are no
    # readers connected and this amount of time has passed.
    runOnDemandCloseAfter: 10s

    # command to run when a client starts publishing.
    # this is terminated with SIGINT when a client stops publishing.
    # the path name is available in the RTSP_PATH variable.
    # the server port is available in the RTSP_PORT variable.
    runOnPublish:
    # the restart parameter allows to restart the command if it exits suddenly.
    runOnPublishRestart: no

    # command to run when a clients starts reading.
    # this is terminated with SIGINT when a client stops reading.
    # the path name is available in the RTSP_PATH variable.
    # the server port is available in the RTSP_PORT variable.
    runOnRead:
    # the restart parameter allows to restart the command if it exits suddenly.
    runOnReadRestart: no

	###############################################
	# General parameters

	# sets the verbosity of the program; available values are "error", "warn", "info", "debug".
	logLevel: info
	# destinations of log messages; available values are "stdout", "file" and "syslog".
	logDestinations: [stdout]
	# if "file" is in logDestinations, this is the file which will receive the logs.
	logFile: /tmp/rtsp-simple-server.log

	# timeout of read operations.
	readTimeout: 10s
	# timeout of write operations.
	writeTimeout: 10s
	# number of read buffers.
	# a higher number allows a higher throughput,
	# a lower number allows to save RAM.
	readBufferCount: 512

	# enable the HTTP API.
	api: yes
	# address of the API listener.
	apiAddress: 0.0.0.0:9997

	# enable Prometheus-compatible metrics.
	metrics: no
	# address of the metrics listener.
	metricsAddress: 127.0.0.1:9998

	# enable pprof-compatible endpoint to monitor performances.
	pprof: no
	# address of the pprof listener.
	pprofAddress: 127.0.0.1:9999

	# command to run when a client connects to the server.
	# this is terminated with SIGINT when a client disconnects from the server.
	# the server port is available in the RTSP_PORT variable.
	runOnConnect:
	# the restart parameter allows to restart the command if it exits suddenly.
	runOnConnectRestart: no

	###############################################
	# RTSP parameters

	# disable support for the RTSP protocol.
	rtspDisable: no
	# supported RTSP transport protocols.
	# UDP is the most performant, but doesn't work when there's a NAT/firewall between
	# server and clients, and doesn't support encryption.
	# UDP-multicast allows to save bandwidth when clients are all in the same LAN.
	# TCP is the most versatile, and does support encryption.
	# The handshake is always performed with TCP.
	protocols: [tcp, udp]
	# encrypt handshake and TCP streams with TLS (RTSPS).
	# available values are "no", "strict", "optional".
	encryption: "no"
	# address of the TCP/RTSP listener. This is needed only when encryption is "no" or "optional".
	rtspAddress: :554
	# address of the TCP/TLS/RTSPS listener. This is needed only when encryption is "strict" or "optional".
	rtspsAddress: :8555
	# address of the UDP/RTP listener. This is needed only when "udp" is in protocols.
	rtpAddress: :8000
	# address of the UDP/RTCP listener. This is needed only when "udp" is in protocols.
	rtcpAddress: :8001
	# IP range of all UDP-multicast listeners. This is needed only when "multicast" is in protocols.
	multicastIPRange: 224.1.0.0/16
	# port of all UDP-multicast/RTP listeners. This is needed only when "multicast" is in protocols.
	multicastRTPPort: 8002
	# port of all UDP-multicast/RTCP listeners. This is needed only when "multicast" is in protocols.
	multicastRTCPPort: 8003
	# path to the server key. This is needed only when encryption is "strict" or "optional".
	# this can be generated with:
	# openssl genrsa -out server.key 2048
	# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
	serverKey: server.key
	# path to the server certificate. This is needed only when encryption is "strict" or "optional".
	serverCert: server.crt
	# authentication methods.
	authMethods: [basic, digest]
	# read buffer size.
	# this doesn't influence throughput and shouldn't be touched unless the server
	# reports errors about the buffer size.
	readBufferSize: 2048

	###############################################
	# RTMP parameters

	# disable support for the RTMP protocol.
	rtmpDisable: no
	# address of the RTMP listener.
	rtmpAddress: :1935

	###############################################
	# HLS parameters

	# disable support for the HLS protocol.
	hlsDisable: no
	# address of the HLS listener.
	hlsAddress: :8888
	# by default, HLS is generated only when requested by a user;
	# this option allows to generate it always, avoiding an initial delay.
	hlsAlwaysRemux: no
	# number of HLS segments to generate.
	# increasing segments allows more buffering,
	# decreasing segments decreases latency.
	hlsSegmentCount: 3
	# minimum duration of each segment.
	# the final segment duration is also influenced by the interval between IDR frames,
	# since the server changes the segment duration to include at least a IDR frame in each one.
	hlsSegmentDuration: 1s
	# value of the Access-Control-Allow-Origin header provided in every HTTP response.
	# This allows to play the HLS stream from an external website.
	hlsAllowOrigin: '*'

	###############################################
	# Path parameters

	# these settings are path-dependent.
	# it's possible to use regular expressions by using a tilde as prefix.
	# for example, "~^(test1\|test2)$" will match both "test1" and "test2".
	# for example, "~^prefix" will match all paths that start with "prefix".
	# the settings under the path "all" are applied to all paths that do not match
	# another entry.
	paths:
	all:
	# source of the stream - this can be:
	# * publisher -> the stream is published by a RTSP or RTMP client
	# * rtsp://existing-url -> the stream is pulled from another RTSP server
	# * rtsps://existing-url -> the stream is pulled from another RTSP server with RTSPS
	# * rtmp://existing-url -> the stream is pulled from another RTMP server
	# * http://existing-url/stream.m3u8 -> the stream is pulled from another HLS server
	# * https://existing-url/stream.m3u8 -> the stream is pulled from another HLS server with HTTPS
	# * redirect -> the stream is provided by another path or server
	source: publisher

	# if the source is an RTSP or RTSPS URL, this is the protocol that will be used to
	# pull the stream. available values are "automatic", "udp", "multicast", "tcp".
	# the TCP protocol can help to overcome the error "no UDP packets received recently".
	sourceProtocol: automatic

	# if the source is an RTSP or RTSPS URL, this allows to support sources that
	# don't provide server ports or use random server ports. This is a security issue
	# and must be used only when interacting with sources that require it.
	sourceAnyPortEnable: no

	# if the source is a RTSPS or HTTPS URL, and the source certificate is self-signed
	# or invalid, you can provide the fingerprint of the certificate in order to
	# validate it anyway.
	# the fingerprint can be obtained by running:
	# openssl s_client -connect source_ip:source_port </dev/null 2>/dev/null \| sed -n '/BEGIN/,/END/p' > server.crt
	# openssl x509 -in server.crt -noout -fingerprint -sha256 \| cut -d "=" -f2 \| tr -d ':'
	sourceFingerprint:

	# if the source is an RTSP or RTMP URL, it will be pulled only when at least
	# one reader is connected, saving bandwidth.
	sourceOnDemand: no
	# if sourceOnDemand is "yes", readers will be put on hold until the source is
	# ready or until this amount of time has passed.
	sourceOnDemandStartTimeout: 10s
	# if sourceOnDemand is "yes", the source will be closed when there are no
	# readers connected and this amount of time has passed.
	sourceOnDemandCloseAfter: 10s

	# if the source is "redirect", this is the RTSP URL which clients will be
	# redirected to.
	sourceRedirect:

	# if the source is "publisher" and a client is publishing, do not allow another
	# client to disconnect the former and publish in its place.
	disablePublisherOverride: no

	# if the source is "publisher" and no one is publishing, redirect readers to this
	# path. It can be can be a relative path (i.e. /otherstream) or an absolute RTSP URL.
	fallback:

	# username required to publish.
	# sha256-hashed values can be inserted with the "sha256:" prefix.
	publishUser:
	# password required to publish.
	# sha256-hashed values can be inserted with the "sha256:" prefix.
	publishPass:
	# ips or networks (x.x.x.x/24) allowed to publish.
	publishIPs: []

	# username required to read.
	# sha256-hashed values can be inserted with the "sha256:" prefix.
	readUser:
	# password required to read.
	# sha256-hashed values can be inserted with the "sha256:" prefix.
	readPass:
	# ips or networks (x.x.x.x/24) allowed to read.
	readIPs: []

	# command to run when this path is initialized.
	# this can be used to publish a stream and keep it always opened.
	# this is terminated with SIGINT when the program closes.
	# the path name is available in the RTSP_PATH variable.
	# the server port is available in the RTSP_PORT variable.
	runOnInit:
	# the restart parameter allows to restart the command if it exits suddenly.
	runOnInitRestart: no

	# command to run when this path is requested.
	# this can be used to publish a stream on demand.
	# this is terminated with SIGINT when the path is not requested anymore.
	# the path name is available in the RTSP_PATH variable.
	# the server port is available in the RTSP_PORT variable.
	runOnDemand:
	# the restart parameter allows to restart the command if it exits suddenly.
	runOnDemandRestart: no
	# readers will be put on hold until the runOnDemand command starts publishing
	# or until this amount of time has passed.
	runOnDemandStartTimeout: 10s
	# the runOnDemand command will be closed when there are no
	# readers connected and this amount of time has passed.
	runOnDemandCloseAfter: 10s

	# command to run when a client starts publishing.
	# this is terminated with SIGINT when a client stops publishing.
	# the path name is available in the RTSP_PATH variable.
	# the server port is available in the RTSP_PORT variable.
	runOnPublish:
	# the restart parameter allows to restart the command if it exits suddenly.
	runOnPublishRestart: no

	# command to run when a clients starts reading.
	# this is terminated with SIGINT when a client stops reading.
	# the path name is available in the RTSP_PATH variable.
	# the server port is available in the RTSP_PORT variable.
	runOnRead:
	# the restart parameter allows to restart the command if it exits suddenly.
	runOnReadRestart: no