From 64e6c37099047884615a41647e5fc1dc3eb8c483 Mon Sep 17 00:00:00 2001 From: spengreb Date: Tue, 27 Sep 2022 20:25:44 +0200 Subject: [PATCH] Add icecast and rtsp-simple-server along side jamulus --- broadcast-install.yml | 121 ++++++++ broadcast.tf | 65 ++++ dns.tf | 9 + main.tf | 8 +- payload/icecast/docker-compose.yml | 15 + payload/rtsp-simple-server/docker-compose.yml | 16 + .../rtsp-simple-server/rtsp-simple-server.yml | 285 ++++++++++++++++++ payload/rtsp-simple-server/server.crt | 91 ++++++ payload/rtsp-simple-server/server.key | 28 ++ 9 files changed, 636 insertions(+), 2 deletions(-) create mode 100644 broadcast-install.yml create mode 100644 broadcast.tf create mode 100644 payload/icecast/docker-compose.yml create mode 100644 payload/rtsp-simple-server/docker-compose.yml create mode 100644 payload/rtsp-simple-server/rtsp-simple-server.yml create mode 100644 payload/rtsp-simple-server/server.crt create mode 100644 payload/rtsp-simple-server/server.key diff --git a/broadcast-install.yml b/broadcast-install.yml new file mode 100644 index 0000000..2ca8d5b --- /dev/null +++ b/broadcast-install.yml @@ -0,0 +1,121 @@ +- become: yes + hosts: all + name: broadcast-install + tasks: + - name: Wait for apt to unlock + become: yes + shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 5; done; + + - name: Install docker deps + apt: + pkg: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - python3-pip + state: latest + update_cache: true + + - name: install docker modules + pip: + name: "{{ item.name }}" + state: present + with_items: + - { name: docker } + - { name: docker-compose } + - { name: boto3 } + + - name: Get node exporter + get_url: + url: https://github.com/prometheus/node_exporter/releases/download/v1.2.2/node_exporter-1.2.2.linux-amd64.tar.gz + dest: /tmp/node_exporter-1.2.2.linux-amd64.tar.gz + + - name: Extract node exporter + unarchive: + src: /tmp/node_exporter-1.2.2.linux-amd64.tar.gz + dest: /tmp/ + remote_src: yes + + - name: Install node exporter + copy: + remote_src: yes + src: /tmp/node_exporter-1.2.2.linux-amd64/node_exporter + dest: /usr/local/bin/node_exporter + + - name: Move node exporter service file + copy: + src: "{{ playbook_dir }}/payload/init.d/node_exporter.service" + dest: /lib/systemd/system/node_exporter.service + + - name: Start node exporter service + systemd: + state: started + name: node_exporter.service + + - name: Install docker + become: yes + shell: curl https://get.docker.com | bash - + + - name: Add ubuntu user to docker group + user: + name: "ubuntu" + group: "docker" + append: yes + + - name: Get docker-compose + get_url: + url: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 + dest: /usr/local/bin/docker-compose + mode: 'u+x,g+x' + + - name: Make broadcast folders + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: /home/ubuntu/icecast } + - { path: /home/ubuntu/icecast/logs } + - { path: /home/ubuntu/rtsp-simple-server } + + - name: Move icecast folder to server + copy: + src: "{{ playbook_dir }}/payload/icecast/" + dest: /home/ubuntu/icecast + owner: ubuntu + directory_mode: + tags: + - dircontent + + - name: Move rtsp-simple-server folder to server + copy: + src: "{{ playbook_dir }}/payload/rtsp-simple-server/" + dest: /home/ubuntu/rtsp-simple-server + owner: ubuntu + directory_mode: + tags: + - dircontent + + - name: Change ownership to ubuntu for rtsp-simple-server files + file: + path: /home/ubuntu/rtsp-simple-server + state: directory + owner: ubuntu + group: ubuntu + recurse: yes + + - name: Change ownership to ubuntu for icecast files + file: + path: /home/ubuntu/icecast + state: directory + owner: ubuntu + group: ubuntu + recurse: yes + + - name: Build and Run icecast + docker_compose: + project_src: /home/ubuntu/icecast/ + + - name: Build and Run rtsp-simple-server + docker_compose: + project_src: /home/ubuntu/rtsp-simple-server/ \ No newline at end of file diff --git a/broadcast.tf b/broadcast.tf new file mode 100644 index 0000000..b524d2a --- /dev/null +++ b/broadcast.tf @@ -0,0 +1,65 @@ +resource "aws_instance" "broadcast" { + ami = "${data.aws_ami.image.id}" + instance_type = "t3.medium" + key_name = "jamulus" + security_groups = [ aws_security_group.ssh.name, aws_security_group.broadcast.name, aws_security_group.node-exporter.name ] # Add your own IP to this group + + provisioner "remote-exec" { + inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"] + connection { + type = "ssh" + user = "ubuntu" + host = self.public_ip + private_key = file("${path.module}/jamulus.pem") + } + } + + provisioner "local-exec" { + command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} broadcast-install.yml" + } + + tags = { + Name = "broadcast.vereto.net" + } +} + +resource "aws_security_group" "broadcast" { + name = "broadcast-port-access" + description = "Allow broadcast inbound traffic" +} + +resource "aws_security_group_rule" "icecast" { + type = "ingress" + to_port = 8000 + from_port = 8000 + protocol = "tcp" + cidr_blocks = [ "0.0.0.0/0"] + security_group_id = aws_security_group.broadcast.id +} + +resource "aws_security_group_rule" "rtmp-1" { + type = "ingress" + to_port = 8554 + from_port = 8554 + protocol = "udp" + cidr_blocks = [ "0.0.0.0/0"] + security_group_id = aws_security_group.broadcast.id +} + +resource "aws_security_group_rule" "rtmp-2" { + type = "ingress" + to_port = 1935 + from_port = 1935 + protocol = "tcp" + cidr_blocks = [ "0.0.0.0/0"] + security_group_id = aws_security_group.broadcast.id +} + +resource "aws_security_group_rule" "rtmp-3" { + type = "ingress" + to_port = 8888 + from_port = 8888 + protocol = "tcp" + cidr_blocks = [ "0.0.0.0/0"] + security_group_id = aws_security_group.broadcast.id +} \ No newline at end of file diff --git a/dns.tf b/dns.tf index ed73e1a..e3898ac 100644 --- a/dns.tf +++ b/dns.tf @@ -17,4 +17,13 @@ resource "digitalocean_record" "jam" { name = "ejam" ttl = 30 value = "${aws_instance.jamulus.public_ip}" +} + + +resource "digitalocean_record" "icecast" { + domain = "vereto.net" + type = "A" + name = "icecast" + ttl = 30 + value = "${aws_instance.broadcast.public_ip}" } \ No newline at end of file diff --git a/main.tf b/main.tf index 3a6cc1f..2d4a752 100644 --- a/main.tf +++ b/main.tf @@ -13,7 +13,7 @@ terraform { resource "aws_instance" "jamulus" { ami = "${data.aws_ami.image.id}" - instance_type = "c6i.xlarge" + instance_type = "t3.medium" key_name = "jamulus" security_groups = [ aws_security_group.ssh.name, aws_security_group.jamulus.name, aws_security_group.node-exporter.name ] # Add your own IP to this group @@ -102,6 +102,10 @@ resource "aws_security_group_rule" "node-exporter" { } -output "instance_ip" { +output "jamulus_ip" { value = "${aws_instance.jamulus.public_ip}" } + +output "broadcast_ip" { + value = "${aws_instance.broadcast.public_ip}" +} \ No newline at end of file diff --git a/payload/icecast/docker-compose.yml b/payload/icecast/docker-compose.yml new file mode 100644 index 0000000..d7a26b0 --- /dev/null +++ b/payload/icecast/docker-compose.yml @@ -0,0 +1,15 @@ +version: '3' + +services: + icecast: + image: moul/icecast + volumes: + - /etc/localtime:/etc/localtime:ro + environment: + - ICECAST_SOURCE_PASSWORD=9C43dtcYPRPb4a5tjskKQRSz + - ICECAST_ADMIN_PASSWORD=BelfastFuckinSucks + - ICECAST_PASSWORD=9C43dtcYPRPb4a5tjskKQRSz + - ICECAST_RELAY_PASSWORD=9C43dtcYPRPb4a5tjskKQRSz + - ICECAST_HOSTNAME=icecast.vereto.net + ports: + - 8000:8000 \ No newline at end of file diff --git a/payload/rtsp-simple-server/docker-compose.yml b/payload/rtsp-simple-server/docker-compose.yml new file mode 100644 index 0000000..342a7f0 --- /dev/null +++ b/payload/rtsp-simple-server/docker-compose.yml @@ -0,0 +1,16 @@ +version: '3' + +services: + rtsp-simple-server: + image: aler9/rtsp-simple-server + volumes: + - ./rtsp-simple-server.yml:/rtsp-simple-server.yml + - ./server.crt:/server.crt + - ./server.key:/server.key + environment: + - RTSP_PROTOCOLS=tcp + ports: + - 8554:8554 + - 1935:1935 + - 8888:8888 + diff --git a/payload/rtsp-simple-server/rtsp-simple-server.yml b/payload/rtsp-simple-server/rtsp-simple-server.yml new file mode 100644 index 0000000..dc6a7a1 --- /dev/null +++ b/payload/rtsp-simple-server/rtsp-simple-server.yml @@ -0,0 +1,285 @@ + +############################################### +# General parameters + +# Sets the verbosity of the program; available values are "error", "warn", "info", "debug". +logLevel: info +# Destinations of log messages; available values are "stdout", "file" and "syslog". +logDestinations: [stdout] +# If "file" is in logDestinations, this is the file which will receive the logs. +logFile: rtsp-simple-server.log + +# Timeout of read operations. +readTimeout: 10s +# Timeout of write operations. +writeTimeout: 10s +# Number of read buffers. +# A higher number allows a wider throughput, a lower number allows to save RAM. +readBufferCount: 512 + +# HTTP URL to perform external authentication. +# Every time a user wants to authenticate, the server calls this URL +# with the POST method and a body containing: +# { +# "ip": "ip", +# "user": "user", +# "password": "password", +# "path": "path", +# "action": "read|publish" +# "query": "url's raw query" +# } +# If the response code is 20x, authentication is accepted, otherwise +# it is discarded. +externalAuthenticationURL: + +# Enable the HTTP API. +api: no +# Address of the API listener. +apiAddress: 127.0.0.1:9997 + +# Enable Prometheus-compatible metrics. +metrics: no +# Address of the metrics listener. +metricsAddress: 127.0.0.1:9998 + +# Enable pprof-compatible endpoint to monitor performances. +pprof: no +# Address of the pprof listener. +pprofAddress: 127.0.0.1:9999 + +# Command to run when a client connects to the server. +# This is terminated with SIGINT when a client disconnects from the server. +# The following environment variables are available: +# * RTSP_PORT: server port +runOnConnect: +# Restart the command if it exits suddenly. +runOnConnectRestart: no + +############################################### +# RTSP parameters + +# Disable support for the RTSP protocol. +rtspDisable: no +# List of enabled RTSP transport protocols. +# UDP is the most performant, but doesn't work when there's a NAT/firewall between +# server and clients, and doesn't support encryption. +# UDP-multicast allows to save bandwidth when clients are all in the same LAN. +# TCP is the most versatile, and does support encryption. +# The handshake is always performed with TCP. +protocols: [udp, multicast, tcp] +# Encrypt handshake and TCP streams with TLS (RTSPS). +# Available values are "no", "strict", "optional". +encryption: "no" +# Address of the TCP/RTSP listener. This is needed only when encryption is "no" or "optional". +rtspAddress: :8554 +# Address of the TCP/TLS/RTSPS listener. This is needed only when encryption is "strict" or "optional". +rtspsAddress: :8322 +# Address of the UDP/RTP listener. This is needed only when "udp" is in protocols. +rtpAddress: :8000 +# Address of the UDP/RTCP listener. This is needed only when "udp" is in protocols. +rtcpAddress: :8001 +# IP range of all UDP-multicast listeners. This is needed only when "multicast" is in protocols. +multicastIPRange: 224.1.0.0/16 +# Port of all UDP-multicast/RTP listeners. This is needed only when "multicast" is in protocols. +multicastRTPPort: 8002 +# Port of all UDP-multicast/RTCP listeners. This is needed only when "multicast" is in protocols. +multicastRTCPPort: 8003 +# Path to the server key. This is needed only when encryption is "strict" or "optional". +# This can be generated with: +# openssl genrsa -out server.key 2048 +# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 +serverKey: server.key +# Path to the server certificate. This is needed only when encryption is "strict" or "optional". +serverCert: server.crt +# Authentication methods. +authMethods: [basic, digest] + +############################################### +# RTMP parameters + +# Disable support for the RTMP protocol. +rtmpDisable: no +# Address of the RTMP listener. +rtmpAddress: :1935 + +############################################### +# HLS parameters + +# Disable support for the HLS protocol. +hlsDisable: no +# Address of the HLS listener. +hlsAddress: :8888 +# By default, HLS is generated only when requested by a user. +# This option allows to generate it always, avoiding the delay between request and generation. +hlsAlwaysRemux: yes +# Variant of the HLS protocol to use. Available options are: +# * mpegts - uses MPEG-TS segments, for maximum compatibility. +# * fmp4 - uses fragmented MP4 segments, more efficient. +# * lowLatency - uses Low-Latency HLS. +hlsVariant: lowLatency +# Number of HLS segments to keep on the server. +# Segments allow to seek through the stream. +# Their number doesn't influence latency. +hlsSegmentCount: 7 +# Minimum duration of each segment. +# A player usually puts 3 segments in a buffer before reproducing the stream. +# The final segment duration is also influenced by the interval between IDR frames, +# since the server changes the duration in order to include at least one IDR frame +# in each segment. +hlsSegmentDuration: 1s +# Minimum duration of each part. +# A player usually puts 3 parts in a buffer before reproducing the stream. +# Parts are used in Low-Latency HLS in place of segments. +# Part duration is influenced by the distance between video/audio samples +# and is adjusted in order to produce segments with a similar duration. +hlsPartDuration: 200ms +# Maximum size of each segment. +# This prevents RAM exhaustion. +hlsSegmentMaxSize: 50M +# Value of the Access-Control-Allow-Origin header provided in every HTTP response. +# This allows to play the HLS stream from an external website. +hlsAllowOrigin: '*' +# Enable TLS/HTTPS on the HLS server. +# This is required for Low-Latency HLS. +hlsEncryption: yes +# Path to the server key. This is needed only when encryption is yes. +# This can be generated with: +# openssl genrsa -out server.key 2048 +# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 +hlsServerKey: server.key +# Path to the server certificate. +hlsServerCert: server.crt +# List of IPs or CIDRs of proxies behind the HLS server. +# If the server receives a request from one of these entries, IP in logs +# will be taken from the X-Forwarded-For header. +hlsTrustedProxies: [] + +############################################### +# Path parameters + +# These settings are path-dependent, and the map key is the name of the path. +# It's possible to use regular expressions by using a tilde as prefix. +# For example, "~^(test1|test2)$" will match both "test1" and "test2". +# For example, "~^prefix" will match all paths that start with "prefix". +# The settings under the path "all" are applied to all paths that do not match +# another entry. +paths: + all: + # Source of the stream. This can be: + # * publisher -> the stream is published by a RTSP or RTMP client + # * rtsp://existing-url -> the stream is pulled from another RTSP server / camera + # * rtsps://existing-url -> the stream is pulled from another RTSP server / camera with RTSPS + # * rtmp://existing-url -> the stream is pulled from another RTMP server + # * http://existing-url/stream.m3u8 -> the stream is pulled from another HLS server + # * https://existing-url/stream.m3u8 -> the stream is pulled from another HLS server with HTTPS + # * redirect -> the stream is provided by another path or server + source: publisher + + # If the source is an RTSP or RTSPS URL, this is the protocol that will be used to + # pull the stream. available values are "automatic", "udp", "multicast", "tcp". + sourceProtocol: automatic + + # Tf the source is an RTSP or RTSPS URL, this allows to support sources that + # don't provide server ports or use random server ports. This is a security issue + # and must be used only when interacting with sources that require it. + sourceAnyPortEnable: no + + # If the source is a RTSPS or HTTPS URL, and the source certificate is self-signed + # or invalid, you can provide the fingerprint of the certificate in order to + # validate it anyway. It can be obtained by running: + # openssl s_client -connect source_ip:source_port /dev/null | sed -n '/BEGIN/,/END/p' > server.crt + # openssl x509 -in server.crt -noout -fingerprint -sha256 | cut -d "=" -f2 | tr -d ':' + sourceFingerprint: + + # If the source is an RTSP or RTMP URL, it will be pulled only when at least + # one reader is connected, saving bandwidth. + sourceOnDemand: no + # If sourceOnDemand is "yes", readers will be put on hold until the source is + # ready or until this amount of time has passed. + sourceOnDemandStartTimeout: 10s + # If sourceOnDemand is "yes", the source will be closed when there are no + # readers connected and this amount of time has passed. + sourceOnDemandCloseAfter: 10s + + # If the source is "redirect", this is the RTSP URL which clients will be + # redirected to. + sourceRedirect: + + # If the source is "publisher" and a client is publishing, do not allow another + # client to disconnect the former and publish in its place. + disablePublisherOverride: no + + # If the source is "publisher" and no one is publishing, redirect readers to this + # path. It can be can be a relative path (i.e. /otherstream) or an absolute RTSP URL. + fallback: + + # Username required to publish. + # SHA256-hashed values can be inserted with the "sha256:" prefix. + publishUser: + # Password required to publish. + # SHA256-hashed values can be inserted with the "sha256:" prefix. + publishPass: + # IPs or networks (x.x.x.x/24) allowed to publish. + publishIPs: [] + + # Username required to read. + # SHA256-hashed values can be inserted with the "sha256:" prefix. + readUser: + # password required to read. + # SHA256-hashed values can be inserted with the "sha256:" prefix. + readPass: + # IPs or networks (x.x.x.x/24) allowed to read. + readIPs: [] + + # Command to run when this path is initialized. + # This can be used to publish a stream and keep it always opened. + # This is terminated with SIGINT when the program closes. + # The following environment variables are available: + # * RTSP_PATH: path name + # * RTSP_PORT: server port + # * G1, G2, ...: regular expression groups, if path name is + # a regular expression. + runOnInit: + # Restart the command if it exits suddenly. + runOnInitRestart: no + + # Command to run when this path is requested. + # This can be used to publish a stream on demand. + # This is terminated with SIGINT when the path is not requested anymore. + # The following environment variables are available: + # * RTSP_PATH: path name + # * RTSP_PORT: server port + # * G1, G2, ...: regular expression groups, if path name is + # a regular expression. + runOnDemand: + # Restart the command if it exits suddenly. + runOnDemandRestart: no + # Readers will be put on hold until the runOnDemand command starts publishing + # or until this amount of time has passed. + runOnDemandStartTimeout: 10s + # The command will be closed when there are no + # readers connected and this amount of time has passed. + runOnDemandCloseAfter: 10s + + # Command to run when the stream is ready to be read, whether it is + # published by a client or pulled from a server / camera. + # This is terminated with SIGINT when the stream is not ready anymore. + # The following environment variables are available: + # * RTSP_PATH: path name + # * RTSP_PORT: server port + # * G1, G2, ...: regular expression groups, if path name is + # a regular expression. + runOnReady: + # Restart the command if it exits suddenly. + runOnReadyRestart: no + + # Command to run when a clients starts reading. + # This is terminated with SIGINT when a client stops reading. + # The following environment variables are available: + # * RTSP_PATH: path name + # * RTSP_PORT: server port + # * G1, G2, ...: regular expression groups, if path name is + # a regular expression. + runOnRead: + # Restart the command if it exits suddenly. + runOnReadRestart: no diff --git a/payload/rtsp-simple-server/server.crt b/payload/rtsp-simple-server/server.crt new file mode 100644 index 0000000..a80935c --- /dev/null +++ b/payload/rtsp-simple-server/server.crt @@ -0,0 +1,91 @@ +-----BEGIN CERTIFICATE----- +MIIFIDCCBAigAwIBAgISA4IQk7aYjvIHehgWYCN89Q6QMA0GCSqGSIb3DQEBCwUA +MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD +EwJSMzAeFw0yMjA4MTEyMDM5MjdaFw0yMjExMDkyMDM5MjZaMBgxFjAUBgNVBAMT +DWEzLnZlcmV0by5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ +PrvO/UCugkLD+Yxlf96mZmCs0VY0FF98aHM7iSegYTd9vwjGvfJFpth3Sj5l4Vdk +FF49LCWgO9QFWJ2ec0BZnvEKHVhoatAEZKuPNlI0813XgILoB7MBUFQFznjxlKsL +aumcsv+6fsI6YZBozYnWrJFqHm64DCzCgqAg0RkMggbK+KSY0sljt8ClWaByjTDs +u2Ozl6RgzUgpF1bIuqciKZzOgRozHF2aeWY2RfeRbDvFVatF7Aoo1XJllcIhJqyf +Cijscgy/knty5pVO9Te/L8chlP1FKTlpS2EtF7BLJGBBKjKq1YiMGUvwDUo4EDRa +dvm7dYQkQi1WYwShtiJjAgMBAAGjggJIMIICRDAOBgNVHQ8BAf8EBAMCBaAwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O +BBYEFJnzE6StGMvatWVZNrZcmpVsUwWmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ +QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz +Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv +MBgGA1UdEQQRMA+CDWEzLnZlcmV0by5uZXQwTAYDVR0gBEUwQzAIBgZngQwBAgEw +NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j +cnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBByMqx3yJGShDGoToJ +QodeTjGLGwPr60vHaPCQYpYG9gAAAYKO2RVHAAAEAwBHMEUCIQC0VJT7UazPoyon +9MAWrdPIGbCOSenpLG+f9vMDLQ/pzgIgbd2BuNleJE67h6EqG5pqLP8tLnzyLipg +K4Xa0CN9NHIAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAYKO +2RUvAAAEAwBHMEUCIQDyxecvpl4kietoWZI7SpdT0BCyehzTxIzopXtil6Qa4wIg +TYkuRerDhUxl206+MrKZDebxn1yDz6tk66yZu9soBJQwDQYJKoZIhvcNAQELBQAD +ggEBAEYgzJHikTaWlBuT/xdmpEiXk5coVctYIRuAVVeg5mg1Ln/A4QpRUyjRrKCa +Ct6TSR6ziSxr1poDhjSknOcJopGfmGdUtmOV7xGE351Vy0OAWh4G4F4yvbS3dey2 +3tnhrhdQONrE0yK3dgC6zdLr9LmCz+HfIBh6cmO/n5oCIwfBKquAons4JNnpqoZ2 +lkO8CXXbIK67Kag3LzdCpnJfsNqVoiUHkIorK1AqjYDR1IQzLM7voe89excu4LBF +tDOveONWvmPCModcX2hNpUd0FuM0nwkTX+kRgFOT8E5W/4yulThHyWFGzEVySph4 ++c7PKB1E/UduFLV5Sx6Z1mPRSvM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP +R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx +sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm +NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg +Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG +/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W +PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl +ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz +CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm +lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 +avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 +yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O +yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids +hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ +HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv +MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX +nLRbwHOoq7hHwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC +ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL +wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D +LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK +4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 +bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y +sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ +Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 +FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc +SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql +PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND +TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 +c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx ++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB +ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu +b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E +U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu +MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC +5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW +9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG +WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O +he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC +Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 +-----END CERTIFICATE----- diff --git a/payload/rtsp-simple-server/server.key b/payload/rtsp-simple-server/server.key new file mode 100644 index 0000000..4865b2a --- /dev/null +++ b/payload/rtsp-simple-server/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+PrvO/UCugkLD ++Yxlf96mZmCs0VY0FF98aHM7iSegYTd9vwjGvfJFpth3Sj5l4VdkFF49LCWgO9QF +WJ2ec0BZnvEKHVhoatAEZKuPNlI0813XgILoB7MBUFQFznjxlKsLaumcsv+6fsI6 +YZBozYnWrJFqHm64DCzCgqAg0RkMggbK+KSY0sljt8ClWaByjTDsu2Ozl6RgzUgp +F1bIuqciKZzOgRozHF2aeWY2RfeRbDvFVatF7Aoo1XJllcIhJqyfCijscgy/knty +5pVO9Te/L8chlP1FKTlpS2EtF7BLJGBBKjKq1YiMGUvwDUo4EDRadvm7dYQkQi1W +YwShtiJjAgMBAAECggEAQD5JB54H4KZGS42StpfWpRR/YvySAqY6lHVlLF6ljggm +SAVhvlNYY+LyyF2+8oKFE1u5cyjcT97EO0XwfBhpS5pbxVGhkCk5s7IXKRZr7kuc +jfBsxFQNQ81PgmJ1/wZ4ODPTTcI4j07M4hAeRvXZrS+7Lz21n9skpk6cKljR/6G3 +uRXHjCAUvWJhUbCLwQDNMoeAJBA6iYvxJXmXQGU9RV1lmRnSemqtX9ix/yrufTCk +y7P4StzevaV6UZ21BZH3DeeAsKZTigIEXv21DfLrGi/tRKVgg+z31yqJe3cjz01V +LuhLMoJOEEpHr2xyghoJzP3ho7WqFo55hhN/B2x5kQKBgQDq3cl4Kg5PfE4qMyqf +ePg0bY7w4J/x0YhBlPqHgwXd9J+y9P9iSIInqbjFrzCfMyg1/m5pVFXCZrUdBBFP +vBvPFeBkQJ/xsyxCA+ymElPwbyhmVijcK4RGT6LO1SPqxkgHCVdCoFNAGYMms1/L +E0AMXECbk8NlG6OkB/J26pvO+QKBgQDPXRUR684CZRd/JfeOQ/Fik3R1voAbG/Kl +R5XJG2L8BYThzfIoxBqfry/od6otKYoiHQC6r+HATA3xDheltHEaZ8jWYRVAslz3 +SmA5qn+PCpbAdnCvXXtm46JLaWZ+o9BNF7IPyNWhtP3QRAWDse4bBoh3bFVu7X+j +gBlAp1GnOwKBgQDpdxIgKt4S0SP5+uaxo1RG+WkPtJoJjRl+55KqRen9Gn/tKnD6 +x8zplGKhz2XrurSMB6DFfxnIpsP+Vd7Hfdu+3KYzwbG8Vzj1XmVNKAbciAKGx7rS +MUfJhLv4EhMj+3n51KUzC5/1peai/8eHXFlccA+hFx8yUGk4UtYIs2myMQKBgQCw +yGpuHNpEsGqXu4aRgtsHby6aMw6EDg+PWLgZ+38n3Iys9Sa+GnGYMYJmbZ5nYkKh +UpiMj+WmSzCXkawXWP4TxOcz3RCBV45qRL5Ea1bUW/Kpok/vMYNC9E4ofHMlBANR +tiHX0yBN/D9mjpck70xPPgKZzYIIT/HBMjRVKlAygQKBgQDJBQWXkQtbYYnOpFMd +1kl3E7O8R8ijilHrsgQ4ryO/DeU95ELSBnE2LCztCCHB39Lt1jiskhXfUG6ZmQqR +5ArUVjUTsyBq1oVME3rPAgdzAxz6ZszZOaSp+Q/0VxiKlrg9PscnZFBm0AH15PVn +lCTbRddQ3pw3QjF0c1r6FhjA1Q== +-----END PRIVATE KEY-----