Golang Program to Build RTSP / RTMP & HLS Live Video & Audio Streaming Server and Add Proxy to it

  • Post author:
  • Post category:Go
  • Post comments:0 Comments



rtsp-simple-server is a ready-to-use and zero-dependency server and proxy that allows users to publish, read and proxy live video and audio streams through various protocols:

protocol description variants publish read proxy
RTSP fastest way to publish and read streams RTSP, RTSPS ✔️ ✔️ ✔️
RTMP allows to interact with legacy software RTMP, RTMPS ✔️ ✔️ ✔️
HLS allows to embed streams into a web page Low-Latency HLS, standard HLS ✔️ ✔️


  • Publish live streams to the server
  • Read live streams from the server
  • Proxy streams from other servers or cameras, always or on-demand
  • Each stream can have multiple video and audio tracks, encoded with any RTP-compatible codec, including H264, H265, VP8, VP9, MPEG2, MP3, AAC, Opus, PCM, JPEG
  • Streams are automatically converted from a protocol to another. For instance, it’s possible to publish a stream with RTSP and read it with HLS
  • Serve multiple streams at once in separate paths
  • Authenticate users; use internal or external authentication
  • Redirect readers to other RTSP servers (load balancing)
  • Query and control the server through an HTTP API
  • Reload the configuration without disconnecting existing clients (hot reloading)
  • Read Prometheus-compatible metrics
  • Run external commands when clients connect, disconnect, read or publish streams
  • Natively compatible with the Raspberry Pi Camera
  • Compatible with Linux, Windows and macOS, does not require any dependency or interpreter, it’s a single executable

Test Lint CodeCov Release Docker Hub API Documentation

Table of contents



  1. Download and extract a precompiled binary from the release page.

  2. Start the server:


Download and launch the image:

The --network=host flag is mandatory since Docker can change the source port of UDP packets for routing reasons, and this doesn’t allow the server to find out the author of the packets. This issue can be avoided by disabling the UDP transport protocol:

Please keep in mind that the Docker image doesn’t include FFmpeg. if you need to use FFmpeg for an external command or anything else, you need to build a Docker image that contains both rtsp-simple-server and FFmpeg, by following instructions here.

Basic usage

  1. Publish a stream. For instance, you can publish a video/audio file with FFmpeg:

    or GStreamer:

    To publish from other hardware / software, take a look at the Publish to the server section.

  2. Open the stream. For instance, you can open the stream with VLC:

    or GStreamer:

    or FFmpeg:



All the configuration parameters are listed and commented in the configuration file.

There are 3 ways to change the configuration:

  1. By editing the rtsp-simple-server.yml file, that is

    • included into the release bundle

    • available in the root folder of the Docker image (/rtsp-simple-server.yml); it can be overridden in this way:

    The configuration can be changed dynamically when the server is running (hot reloading) by writing to the configuration file. Changes are detected and applied without disconnecting existing clients, whenever it’s possible.

  2. By overriding configuration parameters with environment variables, in the format RTSP_PARAMNAME, where PARAMNAME is the uppercase name of a parameter. For instance, the rtspAddress parameter can be overridden in the following way:

    Parameters that have array as value can be overriden by setting a comma-separated list. For example:

    Parameters in maps can be overridden by using underscores, in the following way:

    This method is particularly useful when using Docker; any configuration parameter can be changed by passing environment variables with the -e flag:

  3. By using the HTTP API.


Edit rtsp-simple-server.yml and replace everything inside section paths with the following content:

Only publishers that provide both username and password will be able to proceed:

It’s possible to setup authentication for readers too:

If storing plain credentials in the configuration file is a security problem, username and passwords can be stored as sha256-hashed strings; a string must be hashed with sha256 and encoded with base64:

Then stored with the sha256: prefix:

WARNING: enable encryption or use a VPN to ensure that no one is intercepting the credentials.

Authentication can be delegated to an external HTTP server:

Each time a user needs to be authenticated, the specified URL will be requested with the POST method and this payload:

If the URL returns a status code that begins with 20 (i.e. 200), authentication is successful, otherwise it fails.

Please be aware that it’s perfectly normal for the authentication server to receive requests with empty users and passwords, i.e.:

This happens because a RTSP client doesn’t provide credentials until it is asked to. In order to receive the credentials, the authentication server must reply with status code 401 – the client will then send credentials.

Encrypt the configuration

The configuration file can be entirely encrypted for security purposes.

An online encryption tool is available here.

The encryption procedure is the following:

  1. NaCL’s crypto_secretbox function is applied to the content of the configuration. NaCL is a cryptographic library available for C/C++GoC# and many other languages;

  2. The string is prefixed with the nonce;

  3. The string is encoded with base64.

After performing the encryption, put the base64-encoded result into the configuration file, and launch the server with the RTSP_CONFKEY variable:

Proxy mode

rtsp-simple-server is also a proxy, that is usually deployed in one of these scenarios:

  • when there are multiple users that are reading a stream and the bandwidth is limited; the proxy is used to receive the stream once. Users can then connect to the proxy instead of the original source.
  • when there’s a NAT / firewall between a stream and the users; the proxy is installed on the NAT and makes the stream available to the outside world.

Edit rtsp-simple-server.yml and replace everything inside section paths with the following content:

After starting the server, users can connect to rtsp://localhost:8554/proxied, instead of connecting to the original url. The server supports any number of source streams, it’s enough to add additional entries to the paths section:

It’s possible to save bandwidth by enabling the on-demand mode: the stream will be pulled only when at least a client is connected:

Remuxing, re-encoding, compression

To change the format, codec or compression of a stream, use FFmpeg or GStreamer together with rtsp-simple-server. For instance, to re-encode an existing stream, that is available in the /original path, and publish the resulting stream in the /compressed path, edit rtsp-simple-server.yml and replace everything inside section paths with the following content:

Save streams to disk

To save available streams to disk, you can use the runOnReady parameter and FFmpeg:

In the example configuration, streams are saved into TS files, that can be read even if the system crashes, while MP4 files can’t.

On-demand publishing

Edit rtsp-simple-server.yml and replace everything inside section paths with the following content:

The command inserted into runOnDemand will start only when a client requests the path ondemand, therefore the file will start streaming only when requested.

Start on boot


Systemd is the service manager used by Ubuntu, Debian and many other Linux distributions, and allows to launch rtsp-simple-server on boot.

Download a release bundle from the release page, unzip it, and move the executable and configuration in the system:

Create the service:

Enable and start the service:


Download the WinSW v2 executable and place it into the same folder of rtsp-simple-server.exe.

In the same folder, create a file named WinSW-x64.xml with this content:

Open a terminal, navigate to the folder and run:

The server is now installed as a system service and will start at boot time.


The server can be queried and controlled with an HTTP API, that must be enabled by setting the api parameter in the configuration:

The API listens on apiAddress, that by default is; for instance, to obtain a list of active paths, run:

Full documentation of the API is available on the dedicated site.


A metrics exporter, compatible with Prometheus, can be enabled with the parameter metrics: yes; then the server can be queried for metrics with Prometheus or with a simple HTTP request:



  • paths{name="<path_name>",state="ready"} 1 is replicated for every path and shows the name and state of every path
  • rtsp_sessions{state="idle"} is the count of RTSP sessions that are idle
  • rtsp_sessions{state="read"} is the count of RTSP sessions that are reading
  • rtsp_sessions{state="publish"} is the counf ot RTSP sessions that are publishing
  • rtsps_sessions{state="idle"} is the count of RTSPS sessions that are idle
  • rtsps_sessions{state="read"} is the count of RTSPS sessions that are reading
  • rtsps_sessions{state="publish"} is the counf ot RTSPS sessions that are publishing
  • rtmp_conns{state="idle"} is the count of RTMP connections that are idle
  • rtmp_conns{state="read"} is the count of RTMP connections that are reading
  • rtmp_conns{state="publish"} is the count of RTMP connections that are publishing
  • hls_muxers{name="<name>"} is replicated for every HLS muxer and shows the name and state of every HLS muxer


A performance monitor, compatible with pprof, can be enabled with the parameter pprof: yes; then the server can be queried for metrics with pprof-compatible tools, like:

Compile and run from source

Install Go 1.17, download the repository, open a terminal in it and run:

You can perform the entire operation inside Docker:

Publish to the server

From a webcam

To publish the video stream of a generic webcam to the server, edit rtsp-simple-server.yml and replace everything inside section paths with the following content:

If the platform is Windows:

Where USB2.0 HD UVC WebCam is the name of your webcam, that can be obtained with:

After starting the server, the webcam can be reached on rtsp://localhost:8554/cam.

From a Raspberry Pi Camera

rtsp-simple-server natively support the Raspberry Pi Camera, enabling high-quality and low-latency video streaming from the camera to any user. To make the video stream of a Raspberry Pi Camera available on the server:

  1. The server must be installed on a Raspberry Pi, with Raspberry Pi OS bullseye or newer as operative system, and must be installed by using the standard method (Docker is not actually supported). If you’re using the 64-bit version of the operative system, you need to pick the arm64 variant of the server.

  2. Make sure that the legacy camera stack is disabled. Type:

    Then go to Interfacing optionsenable/disable legacy camera support, choose no. Reboot the system.

  3. edit rtsp-simple-server.yml and replace everything inside section paths with the following content:

After starting the server, the camera can be reached on rtsp://raspberry-pi:8554/cam or http://raspberry-pi:8888/cam.

From OBS Studio

OBS Studio can publish to the server by using the RTMP protocol. In Settings -> Stream (or in the Auto-configuration Wizard), use the following parameters:

  • Service: Custom...
  • Server: rtmp://localhost
  • Stream key: mystream

If credentials are in use, use the following parameters:

  • Service: Custom...
  • Server: rtmp://localhost
  • Stream key: mystream?user=myuser&pass=mypass

From OpenCV

To publish a video stream from OpenCV to the server, OpenCV must be compiled with GStreamer support, by following this procedure:

Videos can be published with VideoWriter:

Read from the server

From VLC and Ubuntu

The VLC shipped with Ubuntu 21.10 doesn’t support playing RTSP due to a license issue (see here and here).

To overcome the issue, remove the default VLC instance and install the snap version:

Then use it to read the stream:

RTSP protocol

General usage

RTSP is a standardized protocol that allows to publish and read streams; in particular, it supports different underlying transport protocols, that are chosen by clients during the handshake with the server:

  • UDP: the most performant, but doesn’t work when there’s a NAT/firewall between server and clients. It doesn’t support encryption.
  • UDP-multicast: allows to save bandwidth when clients are all in the same LAN, by sending packets once to a fixed multicast IP. It doesn’t support encryption.
  • TCP: the most versatile, does support encryption.

The default transport protocol is UDP. To change the transport protocol, you have to tune the configuration of your client of choice.

TCP transport

The RTSP protocol supports the TCP transport protocol, that allows to receive packets even when there’s a NAT/firewall between server and clients, and supports encryption (see Encryption).

You can use FFmpeg to publish a stream with the TCP transport protocol:

You can use FFmpeg to read that stream with the TCP transport protocol:

You can use GStreamer to read that stream with the TCP transport protocol:

You can use VLC to read that stream with the TCP transport protocol:

UDP-multicast transport

The RTSP protocol supports the UDP-multicast transport protocol, that allows a server to send packets once, regardless of the number of connected readers, saving bandwidth.

This mode must be requested by readers when handshaking with the server; once a reader has completed a handshake, the server will start sending multicast packets. Other readers will be instructed to read existing multicast packets. When all multicast readers have disconnected from the server, the latter will stop sending multicast packets.

If you want to use the UDP-multicast protocol in a Wireless LAN, please be aware that the maximum bitrate supported by multicast is the one that corresponds to the lowest enabled WiFi data rate. For instance, if the 1 Mbps data rate is enabled on your router (and it is on most routers), the maximum bitrate will be 1 Mbps. To increase the maximum bitrate, use a cabled LAN or change your router settings.

To request and read a stream with UDP-multicast, you can use FFmpeg:

or GStreamer:

or VLC (append ?vlcmulticast to the URL):


Incoming and outgoing RTSP streams can be encrypted with TLS (obtaining the RTSPS protocol). A TLS certificate is needed and can be generated with OpenSSL:

Edit rtsp-simple-server.yml, and set the protocolsencryptionserverKey and serverCert parameters:

Streams can be published and read with the rtsps scheme and the 8322 port:

If the client is GStreamer, disable the certificate validation:

At the moment VLC doesn’t support reading encrypted RTSP streams. A workaround consists in launching an instance of rtsp-simple-server on the same machine in which VLC is running, using it for reading the encrypted stream with the proxy mode, and reading the proxied stream with VLC.

Redirect to another server

To redirect to another server, use the redirect source:

Fallback stream

If no one is publishing to the server, readers can be redirected to a fallback path or URL that is serving a fallback stream:

Corrupted frames

In some scenarios, when reading RTSP from the server, decoded frames can be corrupted or incomplete. This can be caused by multiple reasons:

  • the packet buffer of the server is too small and can’t keep up with the stream throughput. A solution consists in increasing its size:

  • The stream throughput is too big and the stream can’t be sent correctly with the UDP transport. UDP is more performant, faster and more efficient than TCP, but doesn’t have a retransmission mechanism, that is needed in case of streams that need a large bandwidth. A solution consists in switching to TCP:

    In case the source is a camera:

RTMP protocol

General usage

RTMP is a protocol that allows to read and publish streams, but is less versatile and less efficient than RTSP (doesn’t support UDP, encryption, doesn’t support most RTSP codecs, doesn’t support feedback mechanism). It is used when there’s need of publishing or reading streams from a software that supports only RTMP (for instance, OBS Studio and DJI drones).

At the moment, only the H264 and AAC codecs can be used with the RTMP protocol.

Streams can be published or read with the RTMP protocol, for instance with FFmpeg:

or GStreamer:

Credentials can be provided by appending to the URL the user and pass parameters:


RTMP connections can be encrypted with TLS, obtaining the RTMPS protocol. A TLS certificate is needed and can be generated with OpenSSL:

Edit rtsp-simple-server.yml, and set the rtmpEncryptionrtmpServerKey and rtmpServerCert parameters:

Streams can be published and read with the rtmps scheme and the 1937 port:

Please be aware that RTMPS is currently unsupported by VLCFFmpeg and GStreamer. However, you can use a proxy like stunnel or nginx to allow RTMP clients to access RTMPS resources.

HLS protocol

General usage

HLS is a protocol that allows to embed live streams into web pages. It works by splitting streams into segments, and by serving these segments with the HTTP protocol. Every stream published to the server can be accessed by visiting:

where mystream is the name of a stream that is being published.

Please be aware that HLS only supports a single H264 video track and a single AAC audio track due to limitations of most browsers. If you want to use HLS with streams that use other codecs, you have to re-encode them, for instance by using FFmpeg:


The simples way to embed a live stream into a web page consists in using an iframe tag:

Alternatively you can create a video tag that points directly to the stream playlist:

Please note that most browsers don’t support HLS directly (except Safari); a Javascript library, like hls.js, must be used to load the stream. You can find a working example by looking at the source code of the HLS muxer.

Low-Latency variant

Low-Latency HLS is a recently standardized variant of the protocol that allows to greatly reduce playback latency. It works by splitting segments into parts, that are served before the segment is complete.

LL-HLS is disabled by default. To enable it, a TLS certificate is needed and can be generated with OpenSSL:

Set the hlsVarianthlsEncryptionhlsServerKey and hlsServerCert parameters in the configuration file:

Every stream published to the server can be read with LL-HLS by visiting:

If the stream is not shown correctly, try tuning the hlsPartDuration parameter, for instance:

Decreasing latency

in HLS, latency is introduced since a client must wait for the server to generate segments before downloading them. This latency amounts to 1-15secs depending on the duration of each segment, and to 500ms-3s if the Low-Latency variant is enabled.

To decrease the latency, you can:

  • enable the Low-Latency variant of the HLS protocol, as explained in the previous section;

  • if Low-latency is enabled, try decreasing the hlsPartDuration parameter;

  • try decreasing the hlsSegmentDuration parameter;

  • The segment duration is influenced by the interval between the IDR frames of the video track. An IDR frame is a frame that can be decoded independently from the others. The server changes the segment duration in order to include at least one IDR frame into each segment. Therefore, you need to decrease the interval between the IDR frames. This can be done in two ways:

    • if the stream is being hardware-generated (i.e. by a camera), there’s usually a setting called Key-Frame Interval in the camera configuration page

    • otherwise, the stream must be re-encoded. It’s possible to tune the IDR frame interval by using ffmpeg’s -g option:


Related projects







Leave a Reply