Autoscale Nodes

Ports Required For Red5 Pro Mobile SDK Clients Only (RTSP)

Inbound Ports

Port	Description	Protocol
5080	default web access of Red5 Pro; communication with Nodes	TCP
1935	default Red5 Pro RTMP port; also used for clustering communication	TCP
8554	default RTSP (mobile) port	TCP

Ports Required For WebRTC, HLS and RTMP

Inbound Ports

Port	Description	Protocol
5080	default web access of Red5 Pro/Websockets for WebRTC	TCP
1935	default Red5 Pro RTMP port	TCP
8554	default RTSP port	TCP
40000-65535	TURN/STUN/ICE port range for WebRTC	UDP

Note that the RTSP port (8554) is necessary for some intra-node communication, even if you are not supporting RTSP clients in your environment

Outbound Ports

By default with most hosting environments, all outbound ports are open to all, and this is usually acceptable. However, if you wish to tighten security even further, you can restrict access to all of the inbound ports listed above.

Server-side Security

Removing WebApp JSP Pages

By default, the Red5 Pro server is distributed with webapps for testing and development. When you go to production, you may want to delete the following to ensure that no one can access the webapps if they were to get the IP address of your server.

First, remove any unused webapps. The only required webapps are root, and live (or your custom webapp).

Secondly, you can remove all of the .jsp and .html pages from the red5pro/webapps/live directory"

broadcast.jsp
index.jsp
playback.jsp
sdp.jsp
streams.jsp
subscribe.jsp
twoway.jsp
viewer-vod.jsp
viewer.jsp
basic-publisher.html
proxy-publisher.html
proxy-screenshare.html
proxy-subscriber.html
sm-proxy-usage.html
wsonly-publisher.html

You can also remove the following .jsp pages from red5pro/webapps/root directory:

license.jsp
index.jsp

Basic Realm Authentication

See this knowledge-base article for instructions on using simple HTTP Basic Realm Authentication. This is another level of web-based authentication that requires a password for accessing the webapps that are modified.