realms.india

A self-hosted live streaming and gaming platform with real-time chat, game server integration, and media management.

Features

• Live Streaming - RTMP, SRT, and WebRTC ingest with HLS/LLHLS output
• Real-time Chat - WebSocket-based chat with moderation tools
• Game Server - Nakama-powered multiplayer games and social features
• Media Library - E-book hosting and audio/video management
• User Authentication - JWT-based auth with optional PGP key support

---

System Requirements

Minimum

• 4GB RAM
• 2 CPU cores
• 20GB storage

Recommended

• 8GB+ RAM
• 4+ CPU cores
• 100GB+ SSD storage

Software

• Docker 24+
• Docker Compose v2+
• Git

Operating System

• Linux (Ubuntu 22.04 recommended) - best for production
• macOS
• Windows with WSL2

---

Quick Start (Development)

# Clone the repository
git clone <repository-url>
cd realms.india

# Copy environment template
cp .env.example .env

# Generate secrets and edit .env (see Configuration section below)
nano .env

# Build and start all services
docker-compose up --build

Access the application at http://localhost

---

Configuration

Required Environment Variables

Copy .env.example to .env and configure these required variables:

Variable	Description	How to Generate
DB_PASSWORD	PostgreSQL database password	openssl rand -base64 24
JWT_SECRET	Secret key for JWT token signing	openssl rand -base64 32
OME_API_TOKEN	OvenMediaEngine API authentication	openssl rand -hex 32
REDIS_PASSWORD	Redis authentication password	openssl rand -base64 24
NAKAMA_SERVER_KEY	Nakama client authentication key	openssl rand -hex 16
NAKAMA_CONSOLE_PASSWORD	Nakama admin console password	Choose a strong password
VITE_NAKAMA_SERVER_KEY	Frontend Nakama key (must match NAKAMA_SERVER_KEY)	Same as NAKAMA_SERVER_KEY

Optional Environment Variables

Variable	Default	Description
DB_HOST	postgres	PostgreSQL host
DB_NAME	streaming	Database name
DB_USER	streamuser	Database user
DB_PORT	5432	PostgreSQL port
REDIS_HOST	redis	Redis host
REDIS_PORT	6379	Redis port
REDIS_DB	0	Redis database number
CHAT_REDIS_DB	1	Chat service Redis database
APP_ENV	production	Environment mode (development or production)
VITE_NAKAMA_HOST	localhost	Nakama host for frontend
VITE_NAKAMA_PORT	80	Nakama port for frontend
VITE_NAKAMA_USE_SSL	false	Enable SSL for Nakama connection

Generate All Secrets at Once

echo "DB_PASSWORD=$(openssl rand -base64 24)"
echo "JWT_SECRET=$(openssl rand -base64 32)"
echo "OME_API_TOKEN=$(openssl rand -hex 32)"
echo "REDIS_PASSWORD=$(openssl rand -base64 24)"
NAKAMA_KEY=$(openssl rand -hex 16)
echo "NAKAMA_SERVER_KEY=$NAKAMA_KEY"
echo "VITE_NAKAMA_SERVER_KEY=$NAKAMA_KEY"
echo "NAKAMA_CONSOLE_PASSWORD=<choose-a-strong-password>"

---

Services Overview

Service	Description	Internal Port
postgres	PostgreSQL 16 database for persistent storage	5432
redis	Redis 7 for caching, sessions, and message queues	6379
drogon-backend	Main API server (C++ Drogon) - streaming, users, realms	8080
chat-service	Real-time chat WebSocket server (C++ Drogon)	8081
nakama	Game server for multiplayer features	7350
ovenmediaengine	Media streaming server (RTMP/SRT/WebRTC ingest, HLS output)	8081 (API)
openresty	Nginx-based reverse proxy with Lua scripting	80, 443
sveltekit	SvelteKit web frontend	3000
certbot	Automatic SSL certificate management	-

---

Exposed Ports

Web Traffic

Port	Protocol	Description
80	TCP	HTTP
443	TCP	HTTPS
8088	TCP	HLS/LLHLS streaming proxy

Streaming Ingest

Port	Protocol	Description
1935	TCP	RTMP ingest
9999	UDP	SRT ingest

WebRTC

Port	Protocol	Description
3333	TCP	WebRTC signaling
3478	UDP	STUN/TURN server
10000-10009	UDP	WebRTC ICE candidates

---

Streaming Setup

OBS Studio Configuration

1. Open OBS Studio and go to Settings > Stream
2. Set Service to "Custom..."
3. Configure your stream:

RTMP:

Server: rtmp://your-domain:1935/app
Stream Key: <your-stream-key>

SRT:

Server: srt://your-domain:9999

Getting Your Stream Key

Stream keys are generated per-realm in the application. After creating a realm, you can find your stream key in the realm settings.

---

Production Deployment

Prerequisites

1. A server with the recommended specifications
2. A domain name pointed to your server
3. Ports 80, 443, 1935, 9999, 3333, 3478, and 10000-10009 open in your firewall

Deployment Steps

1. Prepare the Server

# Create application directory
sudo mkdir -p /opt/realms
cd /opt/realms

# Copy required files
# - docker-compose.prod.yml (rename to docker-compose.yml)
# - .env (configured with your secrets)
# - init.sql (from database/init.sql)
# - Server.xml (from ovenmediaengine/Server.xml)
# - config.json (from backend/config.json.example)

2. Configure Environment

# Copy and configure environment
cp .env.example .env
nano .env

# Update these for production:
# - Set all secrets (see Configuration section)
# - Set VITE_NAKAMA_HOST to your domain
# - Set VITE_NAKAMA_USE_SSL=true
# - Set APP_ENV=production

3. Configure SSL

The Certbot container handles automatic SSL certificate generation. Ensure:

• Your domain's DNS A record points to your server
• Ports 80 and 443 are accessible from the internet

# Set your email for Let's Encrypt notifications
export CERTBOT_EMAIL=admin@your-domain.com

4. Start Services

# Pull images and start
docker-compose -f docker-compose.prod.yml up -d

# Check status
docker-compose -f docker-compose.prod.yml ps

# View logs
docker-compose -f docker-compose.prod.yml logs -f

Firewall Configuration (UFW)

# Allow web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Allow streaming
sudo ufw allow 1935/tcp   # RTMP
sudo ufw allow 9999/udp   # SRT
sudo ufw allow 8088/tcp   # HLS proxy

# Allow WebRTC
sudo ufw allow 3333/tcp   # Signaling
sudo ufw allow 3478/udp   # STUN/TURN
sudo ufw allow 10000:10009/udp  # ICE candidates

# Enable firewall
sudo ufw enable

Updating

cd /opt/realms

# Pull latest images
docker-compose -f docker-compose.prod.yml pull

# Restart with new images
docker-compose -f docker-compose.prod.yml up -d

---

Troubleshooting

Health Checks

Check if services are healthy:

# View service status
docker-compose ps

# Check specific service health
docker inspect --format='{{.State.Health.Status}}' realms-drogon-backend-1

Health Check Endpoints

Service	Endpoint
Backend API	http://localhost:8080/api/health
Chat Service	http://localhost:8081/
Nakama	http://localhost:7350/healthcheck

Viewing Logs

# All services
docker-compose logs -f

# Specific service
docker-compose logs -f drogon-backend
docker-compose logs -f chat-service
docker-compose logs -f nakama

# Last 100 lines
docker-compose logs --tail=100 drogon-backend

Common Issues

Services won't start

# Check for port conflicts
sudo lsof -i :80
sudo lsof -i :443

# Verify .env file exists and has all required variables
cat .env | grep -v "^#" | grep -v "^$"

# Rebuild containers
docker-compose down
docker-compose up --build

Database connection errors

# Check PostgreSQL is healthy
docker-compose logs postgres

# Verify database credentials match .env
docker-compose exec postgres psql -U streamuser -d streaming -c "SELECT 1"

Stream not working

# Check OvenMediaEngine logs
docker-compose logs ovenmediaengine

# Verify stream key is correct
# Check that RTMP port 1935 is accessible
nc -zv your-domain 1935

SSL certificate issues

# Check Certbot logs
docker-compose logs certbot

# Manually request certificate
docker-compose exec certbot certbot certonly --webroot \
  --webroot-path=/var/www/certbot \
  -d your-domain.com

Reset Everything

# Stop all containers and remove volumes (WARNING: deletes all data)
docker-compose down -v

# Remove all images
docker-compose down --rmi all

# Fresh start
docker-compose up --build

---

Security Notes

1. Never commit .env - Keep your secrets out of version control
2. Rotate secrets regularly - Recommended every 90 days
3. Restrict file permissions - chmod 600 .env
4. Use strong passwords - Minimum 16 characters with mixed case, numbers, and symbols
5. Keep Docker updated - Regularly update Docker and base images
6. Enable firewall - Only expose necessary ports
7. Use HTTPS - Always use SSL in production

---

License

See LICENSE file for details.