/
Security Recommendations
It is recommended that separate firewalls or security groups be created as follows for inbound connections:
Stream Manager Security
Port | Description | Protocol | Access |
---|---|---|---|
22 | SSH | TCP | IP addresses of server admins |
5080 | default web access of Red5 Pro/Websockets for WebRTC | TCP | for node communication |
443 | modified https access of Red5 Pro; secure websockets for WebRTC | TCP | all external API calls |
Database Security
Port | Description | Protocol | Access |
---|---|---|---|
3306 | default MySQL | TCP | stream manager IPs and dbadmin IP |
- note: if you are using a hosted MySQL database on Digital Ocean, the port is
25060
Nodes Security
Port | Description | Protocol | Access |
---|---|---|---|
22 | SSH | TCP | IP addresses of server admins |
5080 | default web access of Red5 Pro/Websockets for WebRTC | TCP | all incoming |
1935 | default Red5 Pro RTMP port | TCP | all incoming |
8554 | default RTSP port | TCP | all incoming |
40000-65535 | TURN/STUN/ICE port range for WebRTC | UDP | all incoming |
For more details on Autoscale communication and security, see this doc