/
Security Recommendations
It is recommended that separate firewalls or security groups be created as follows for inbound connections:
Stream Manager Security
| Port | Description | Protocol | Access |
|---|---|---|---|
| 22 | SSH | TCP | IP addresses of server admins |
| 5080 | default web access of Red5 Pro/Websockets for WebRTC | TCP | for node communication |
| 443 | modified https access of Red5 Pro; secure websockets for WebRTC | TCP | all external API calls |
Database Security
| Port | Description | Protocol | Access |
|---|---|---|---|
| 3306 | default MySQL | TCP | stream manager IPs and dbadmin IP |
- note: if you are using a hosted MySQL database on Digital Ocean, the port is
25060
Nodes Security
| Port | Description | Protocol | Access |
|---|---|---|---|
| 22 | SSH | TCP | IP addresses of server admins |
| 5080 | default web access of Red5 Pro/Websockets for WebRTC | TCP | all incoming |
| 1935 | default Red5 Pro RTMP port | TCP | all incoming |
| 8554 | default RTSP port | TCP | all incoming |
| 40000-65535 | TURN/STUN/ICE port range for WebRTC | UDP | all incoming |
For more details on Autoscale communication and security, see this doc