Add RTMPS server.

Author: winlinvip

i18n/en-us/docusaurus-plugin-content-docs/current/doc/http-api.md

@@ -119,7 +119,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }
@@ -258,7 +258,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }

i18n/en-us/docusaurus-plugin-content-docs/current/doc/http-server.md

@@ -118,7 +118,7 @@ http_server {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # Overwrite by env SRS_HTTP_SERVER_HTTPS_CERT
         # default: ./conf/server.crt
         cert ./conf/server.crt;

i18n/en-us/docusaurus-plugin-content-docs/current/doc/rtmp.md

@@ -50,6 +50,19 @@ SRS supports converting RTMP to other protocols, described in next sections.
 The configuration about RTMP:
 
 ```bash
+# the rtmp listen ports, split by space, each listen entry is <[ip:]port>
+# for example, 192.168.1.100:1935 10.10.10.100:1935
+# where the ip is optional, default to 0.0.0.0, that is 1935 equals to 0.0.0.0:1935
+# Overwrite by env SRS_LISTEN
+listen 1935;
+# the default chunk size is 128, max is 65536,
+# some client does not support chunk size change,
+# however, most clients support it and it can improve
+# performance about 10%.
+# Overwrite by env SRS_CHUNK_SIZE
+# default: 60000
+chunk_size 60000;
+
 vhost __defaultVhost__ {
     # whether enable min delay mode for vhost.
     # for min latency mode:
@@ -247,6 +260,78 @@ vhost __defaultVhost__ {
 > Note: These configurations are for publish and play. Note that there are some other configurations in other sections,
 for example, converting RTMP to [HTTP-FLV](./flv.md#config) or HTTP-TS.
 
+## RTMPS
+
+RTMPS (RTMP over SSL/TLS) provides secure RTMP streaming by encrypting the connection between clients and the server. This is essential for protecting sensitive content and ensuring secure communication in production environments.
+
+SRS (v7.0.56+) supports RTMPS server functionality, allowing publishers and players to connect using encrypted RTMP connections.
+
+To enable RTMPS, you need to configure SRS with SSL certificates and run it with RTMPS support:
+
+```bash
+./objs/srs -c conf/rtmps.conf
+```
+
+Publish RTMPS stream by [FFmpeg](https://ffmpeg.org/download.html):
+
+```bash
+ffmpeg -re -i doc/source.flv -c copy -f flv rtmps://localhost:1443/live/livestream
+```
+
+Play RTMPS stream by [ffplay](https://ffmpeg.org/download.html):
+
+```bash
+ffplay rtmps://localhost:1443/live/livestream
+```
+
+The RTMPS configuration requires SSL certificate setup similar to other HTTPS services in SRS:
+
+```bash
+# the rtmp listen ports, split by space, each listen entry is <[ip:]port>
+# for example, 192.168.1.100:1935 10.10.10.100:1935
+# where the ip is optional, default to 0.0.0.0, that is 1935 equals to 0.0.0.0:1935
+# Overwrite by env SRS_LISTEN
+listen 1935;
+
+# SSL configuration for RTMPS
+rtmps {
+    # Whether rtmps is enabled.
+    # Overwrite by env SRS_RTMPS_ENABLED
+    # default: off
+    enabled         on;
+    # The rtmps listen port
+    # Overwrite by env SRS_RTMPS_LISTEN
+    listen          1443;
+    # The SSL private key file, generated by:
+    #       openssl genrsa -out server.key 2048
+    # Overwrite by env SRS_RTMPS_KEY
+    # default: ./conf/server.key
+    key             ./conf/server.key;
+    # The SSL public cert file, generated by:
+    #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
+    # Overwrite by env SRS_RTMPS_CERT
+    # default: ./conf/server.crt
+    cert            ./conf/server.crt;
+}
+
+vhost __defaultVhost__ {
+    # Standard RTMP vhost configuration applies to RTMPS as well
+}
+```
+
+For testing purposes, you can generate a self-signed certificate:
+
+```bash
+# Generate private key
+openssl genrsa -out server.key 2048
+
+# Generate self-signed certificate
+openssl req -new -x509 -key server.key -out server.crt -days 3650 \
+    -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=localhost"
+```
+
+For production environments, use certificates from a trusted Certificate Authority (CA) or Let's Encrypt.
+
 ## On Demand Live Streaming
 
 In some situations, you might want to start streaming only when someone starts watching:

i18n/zh-cn/docusaurus-plugin-content-docs/current/doc/http-api.md

@@ -118,7 +118,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }
@@ -279,7 +279,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }

i18n/zh-cn/docusaurus-plugin-content-docs/current/doc/http-server.md

@@ -90,7 +90,7 @@ http_server {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # Overwrite by env SRS_HTTP_SERVER_HTTPS_CERT
         # default: ./conf/server.crt
         cert ./conf/server.crt;
@@ -161,7 +161,7 @@ http_server {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # Overwrite by env SRS_HTTP_SERVER_HTTPS_CERT
         # default: ./conf/server.crt
         cert ./conf/server.crt;

i18n/zh-cn/docusaurus-plugin-content-docs/current/doc/rtmp.md

@@ -47,6 +47,19 @@ SRS支持将RTMP转换成其他协议，下面会详细描述。
 RTMP协议相关配置如下：
 
 ```bash
+# the rtmp listen ports, split by space, each listen entry is <[ip:]port>
+# for example, 192.168.1.100:1935 10.10.10.100:1935
+# where the ip is optional, default to 0.0.0.0, that is 1935 equals to 0.0.0.0:1935
+# Overwrite by env SRS_LISTEN
+listen 1935;
+# the default chunk size is 128, max is 65536,
+# some client does not support chunk size change,
+# however, most clients support it and it can improve
+# performance about 10%.
+# Overwrite by env SRS_CHUNK_SIZE
+# default: 60000
+chunk_size 60000;
+
 vhost __defaultVhost__ {
     # whether enable min delay mode for vhost.
     # for min latency mode:
@@ -243,6 +256,78 @@ vhost __defaultVhost__ {
 
 > Note: 这里只是推流和拉流的配置，还有些其他的配置是在其他地方的，比如RTMP转[HTTP-FLV](./flv.md#config)或HTTP-TS等。
 
+## RTMPS
+
+RTMPS（基于SSL/TLS的RTMP）通过加密客户端和服务器之间的连接来提供安全的RTMP流传输。这对于保护敏感内容和确保生产环境中的安全通信至关重要。
+
+SRS（v7.0.56+）支持RTMPS服务器功能，允许推流端和播放器使用加密的RTMP连接。
+
+要启用RTMPS，您需要使用SSL证书配置SRS并运行RTMPS支持：
+
+```bash
+./objs/srs -c conf/rtmps.conf
+```
+
+使用[FFmpeg](https://ffmpeg.org/download.html)推送RTMPS流：
+
+```bash
+ffmpeg -re -i doc/source.flv -c copy -f flv rtmps://localhost:1443/live/livestream
+```
+
+使用[ffplay](https://ffmpeg.org/download.html)播放RTMPS流：
+
+```bash
+ffplay rtmps://localhost:1443/live/livestream
+```
+
+RTMPS配置需要SSL证书设置，类似于SRS中的其他HTTPS服务：
+
+```bash
+# the rtmp listen ports, split by space, each listen entry is <[ip:]port>
+# for example, 192.168.1.100:1935 10.10.10.100:1935
+# where the ip is optional, default to 0.0.0.0, that is 1935 equals to 0.0.0.0:1935
+# Overwrite by env SRS_LISTEN
+listen 1935;
+
+# SSL configuration for RTMPS
+rtmps {
+    # Whether rtmps is enabled.
+    # Overwrite by env SRS_RTMPS_ENABLED
+    # default: off
+    enabled         on;
+    # The rtmps listen port
+    # Overwrite by env SRS_RTMPS_LISTEN
+    listen          1443;
+    # The SSL private key file, generated by:
+    #       openssl genrsa -out server.key 2048
+    # Overwrite by env SRS_RTMPS_KEY
+    # default: ./conf/server.key
+    key             ./conf/server.key;
+    # The SSL public cert file, generated by:
+    #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
+    # Overwrite by env SRS_RTMPS_CERT
+    # default: ./conf/server.crt
+    cert            ./conf/server.crt;
+}
+
+vhost __defaultVhost__ {
+    # Standard RTMP vhost configuration applies to RTMPS as well
+}
+```
+
+对于测试目的，您可以生成自签名证书：
+
+```bash
+# Generate private key
+openssl genrsa -out server.key 2048
+
+# Generate self-signed certificate
+openssl req -new -x509 -key server.key -out server.crt -days 3650 \
+    -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=localhost"
+```
+
+对于生产环境，请使用来自受信任证书颁发机构（CA）或Let's Encrypt的证书。
+
 ## On Demand Live Streaming
 
 有些场景下，是有需要播放时，才会邀请开始推流：

i18n/zh-cn/docusaurus-plugin-content-docs/version-4.0/doc/delivery-http-flv.md

@@ -158,7 +158,7 @@ http_server {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }

i18n/zh-cn/docusaurus-plugin-content-docs/version-4.0/doc/http-api.md

@@ -93,7 +93,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }
@@ -254,7 +254,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }

i18n/zh-cn/docusaurus-plugin-content-docs/version-5.0/doc/http-api.md

@@ -118,7 +118,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }
@@ -279,7 +279,7 @@ http_api {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # default: ./conf/server.crt
         cert ./conf/server.crt;
     }

i18n/zh-cn/docusaurus-plugin-content-docs/version-5.0/doc/http-server.md

@@ -128,7 +128,7 @@ http_server {
         # default: ./conf/server.key
         key ./conf/server.key;
         # The SSL public cert file, generated by:
-        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CA/ST=Toronto/L=Toronto/O=Me/OU=Me/CN=ossrs.io"
         # Overwrite by env SRS_HTTP_SERVER_HTTPS_CERT
         # default: ./conf/server.crt
         cert ./conf/server.crt;