Security Recommendations
It is recommended that separate firewalls or security groups be created as follows for inbound connections:
Stream Manager Security
Port |
Description |
Protocol |
Access |
22 |
SSH |
TCP |
IP addresses of server admins |
5080 |
default web access of Red5 Pro/Websockets for WebRTC |
TCP |
for node communication |
443 |
modified https access of Red5 Pro; secure websockets for WebRTC |
TCP |
all external API calls |
Database Security
Port |
Description |
Protocol |
Access |
3306 |
default MySQL |
TCP |
stream manager IPs and dbadmin IP |
- note: if you are using a hosted MySQL database on Digital Ocean, the port is
25060
Nodes Security
Port |
Description |
Protocol |
Access |
22 |
SSH |
TCP |
IP addresses of server admins |
5080 |
default web access of Red5 Pro/Websockets for WebRTC |
TCP |
all incoming |
1935 |
default Red5 Pro RTMP port |
TCP |
all incoming |
8554 |
default RTSP port |
TCP |
all incoming |
40000-65535 |
TURN/STUN/ICE port range for WebRTC |
UDP |
all incoming |
For more details on Autoscale communication and security, see this doc