doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
beeta/README.md
doomtube 1a3930dd87
All checks were successful
Build and Push / build-all (push) Successful in 3m38s
Details
fixes lol
2026-01-07 03:06:39 -05:00

383 lines
9.1 KiB
Markdown
Raw Permalink Blame History

# realms.india
A self-hosted live streaming and gaming platform with real-time chat, game server integration, and media management.
## Features
- **Live Streaming** - RTMP, SRT, and WebRTC ingest with HLS/LLHLS output
- **Real-time Chat** - WebSocket-based chat with moderation tools
- **Game Server** - Nakama-powered multiplayer games and social features
- **Media Library** - E-book hosting and audio/video management
- **User Authentication** - JWT-based auth with optional PGP key support
---
## System Requirements
### Minimum
- 4GB RAM
- 2 CPU cores
- 20GB storage
### Recommended
- 8GB+ RAM
- 4+ CPU cores
- 100GB+ SSD storage
### Software
- Docker 24+
- Docker Compose v2+
- Git
### Operating System
- **Linux** (Ubuntu 22.04 recommended) - best for production
- macOS
- Windows with WSL2
---
## Quick Start (Development)
```bash
# Clone the repository
git clone <repository-url>
cd realms.india
# Copy environment template
cp .env.example .env
# Generate secrets and edit .env (see Configuration section below)
nano .env
# Build and start all services
docker-compose up --build
```
Access the application at **http://localhost**
---
## Configuration
### Required Environment Variables
Copy `.env.example` to `.env` and configure these required variables:
| Variable | Description | How to Generate |
|----------|-------------|-----------------|
| `DB_PASSWORD` | PostgreSQL database password | `openssl rand -base64 24` |
| `JWT_SECRET` | Secret key for JWT token signing | `openssl rand -base64 32` |
| `OME_API_TOKEN` | OvenMediaEngine API authentication | `openssl rand -hex 32` |
| `REDIS_PASSWORD` | Redis authentication password | `openssl rand -base64 24` |
| `NAKAMA_SERVER_KEY` | Nakama client authentication key | `openssl rand -hex 16` |
| `NAKAMA_CONSOLE_PASSWORD` | Nakama admin console password | Choose a strong password |
| `VITE_NAKAMA_SERVER_KEY` | Frontend Nakama key (must match `NAKAMA_SERVER_KEY`) | Same as `NAKAMA_SERVER_KEY` |
### Optional Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `DB_HOST` | `postgres` | PostgreSQL host |
| `DB_NAME` | `streaming` | Database name |
| `DB_USER` | `streamuser` | Database user |
| `DB_PORT` | `5432` | PostgreSQL port |
| `REDIS_HOST` | `redis` | Redis host |
| `REDIS_PORT` | `6379` | Redis port |
| `REDIS_DB` | `0` | Redis database number |
| `CHAT_REDIS_DB` | `1` | Chat service Redis database |
| `APP_ENV` | `production` | Environment mode (`development` or `production`) |
| `VITE_NAKAMA_HOST` | `localhost` | Nakama host for frontend |
| `VITE_NAKAMA_PORT` | `80` | Nakama port for frontend |
| `VITE_NAKAMA_USE_SSL` | `false` | Enable SSL for Nakama connection |
### Generate All Secrets at Once
```bash
echo "DB_PASSWORD=$(openssl rand -base64 24)"
echo "JWT_SECRET=$(openssl rand -base64 32)"
echo "OME_API_TOKEN=$(openssl rand -hex 32)"
echo "REDIS_PASSWORD=$(openssl rand -base64 24)"
NAKAMA_KEY=$(openssl rand -hex 16)
echo "NAKAMA_SERVER_KEY=$NAKAMA_KEY"
echo "VITE_NAKAMA_SERVER_KEY=$NAKAMA_KEY"
echo "NAKAMA_CONSOLE_PASSWORD=<choose-a-strong-password>"
```
---
## Services Overview
| Service | Description | Internal Port |
|---------|-------------|---------------|
| **postgres** | PostgreSQL 16 database for persistent storage | 5432 |
| **redis** | Redis 7 for caching, sessions, and message queues | 6379 |
| **drogon-backend** | Main API server (C++ Drogon) - streaming, users, realms | 8080 |
| **chat-service** | Real-time chat WebSocket server (C++ Drogon) | 8081 |
| **nakama** | Game server for multiplayer features | 7350 |
| **ovenmediaengine** | Media streaming server (RTMP/SRT/WebRTC ingest, HLS output) | 8081 (API) |
| **openresty** | Nginx-based reverse proxy with Lua scripting | 80, 443 |
| **sveltekit** | SvelteKit web frontend | 3000 |
| **certbot** | Automatic SSL certificate management | - |
---
## Exposed Ports
### Web Traffic
| Port | Protocol | Description |
|------|----------|-------------|
| 80 | TCP | HTTP |
| 443 | TCP | HTTPS |
| 8088 | TCP | HLS/LLHLS streaming proxy |
### Streaming Ingest
| Port | Protocol | Description |
|------|----------|-------------|
| 1935 | TCP | RTMP ingest |
| 9999 | UDP | SRT ingest |
### WebRTC
| Port | Protocol | Description |
|------|----------|-------------|
| 3333 | TCP | WebRTC signaling |
| 3478 | UDP | STUN/TURN server |
| 10000-10009 | UDP | WebRTC ICE candidates |
---
## Streaming Setup
### OBS Studio Configuration
1. Open OBS Studio and go to **Settings > Stream**
2. Set **Service** to "Custom..."
3. Configure your stream:
**RTMP:**
```
Server: rtmp://your-domain:1935/app
Stream Key: <your-stream-key>
```
**SRT:**
```
Server: srt://your-domain:9999
```
### Getting Your Stream Key
Stream keys are generated per-realm in the application. After creating a realm, you can find your stream key in the realm settings.
---
## Production Deployment
### Prerequisites
1. A server with the recommended specifications
2. A domain name pointed to your server
3. Ports 80, 443, 1935, 9999, 3333, 3478, and 10000-10009 open in your firewall
### Deployment Steps
#### 1. Prepare the Server
```bash
# Create application directory
sudo mkdir -p /opt/realms
cd /opt/realms
# Copy required files
# - docker-compose.prod.yml (rename to docker-compose.yml)
# - .env (configured with your secrets)
# - init.sql (from database/init.sql)
# - Server.xml (from ovenmediaengine/Server.xml)
# - config.json (from backend/config.json.example)
```
#### 2. Configure Environment
```bash
# Copy and configure environment
cp .env.example .env
nano .env
# Update these for production:
# - Set all secrets (see Configuration section)
# - Set VITE_NAKAMA_HOST to your domain
# - Set VITE_NAKAMA_USE_SSL=true
# - Set APP_ENV=production
```
#### 3. Configure SSL
The Certbot container handles automatic SSL certificate generation. Ensure:
- Your domain's DNS A record points to your server
- Ports 80 and 443 are accessible from the internet
```bash
# Set your email for Let's Encrypt notifications
export CERTBOT_EMAIL=admin@your-domain.com
```
#### 4. Start Services
```bash
# Pull images and start
docker-compose -f docker-compose.prod.yml up -d
# Check status
docker-compose -f docker-compose.prod.yml ps
# View logs
docker-compose -f docker-compose.prod.yml logs -f
```
### Firewall Configuration (UFW)
```bash
# Allow web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Allow streaming
sudo ufw allow 1935/tcp # RTMP
sudo ufw allow 9999/udp # SRT
sudo ufw allow 8088/tcp # HLS proxy
# Allow WebRTC
sudo ufw allow 3333/tcp # Signaling
sudo ufw allow 3478/udp # STUN/TURN
sudo ufw allow 10000:10009/udp # ICE candidates
# Enable firewall
sudo ufw enable
```
### Updating
```bash
cd /opt/realms
# Pull latest images
docker-compose -f docker-compose.prod.yml pull
# Restart with new images
docker-compose -f docker-compose.prod.yml up -d
```
---
## Troubleshooting
### Health Checks
Check if services are healthy:
```bash
# View service status
docker-compose ps
# Check specific service health
docker inspect --format='{{.State.Health.Status}}' realms-drogon-backend-1
```
### Health Check Endpoints
| Service | Endpoint |
|---------|----------|
| Backend API | `http://localhost:8080/api/health` |
| Chat Service | `http://localhost:8081/` |
| Nakama | `http://localhost:7350/healthcheck` |
### Viewing Logs
```bash
# All services
docker-compose logs -f
# Specific service
docker-compose logs -f drogon-backend
docker-compose logs -f chat-service
docker-compose logs -f nakama
# Last 100 lines
docker-compose logs --tail=100 drogon-backend
```
### Common Issues
#### Services won't start
```bash
# Check for port conflicts
sudo lsof -i :80
sudo lsof -i :443
# Verify .env file exists and has all required variables
cat .env | grep -v "^#" | grep -v "^$"
# Rebuild containers
docker-compose down
docker-compose up --build
```
#### Database connection errors
```bash
# Check PostgreSQL is healthy
docker-compose logs postgres
# Verify database credentials match .env
docker-compose exec postgres psql -U streamuser -d streaming -c "SELECT 1"
```
#### Stream not working
```bash
# Check OvenMediaEngine logs
docker-compose logs ovenmediaengine
# Verify stream key is correct
# Check that RTMP port 1935 is accessible
nc -zv your-domain 1935
```
#### SSL certificate issues
```bash
# Check Certbot logs
docker-compose logs certbot
# Manually request certificate
docker-compose exec certbot certbot certonly --webroot \
--webroot-path=/var/www/certbot \
-d your-domain.com
```
### Reset Everything
```bash
# Stop all containers and remove volumes (WARNING: deletes all data)
docker-compose down -v
# Remove all images
docker-compose down --rmi all
# Fresh start
docker-compose up --build
```
---
## Security Notes
1. **Never commit `.env`** - Keep your secrets out of version control
2. **Rotate secrets regularly** - Recommended every 90 days
3. **Restrict file permissions** - `chmod 600 .env`
4. **Use strong passwords** - Minimum 16 characters with mixed case, numbers, and symbols
5. **Keep Docker updated** - Regularly update Docker and base images
6. **Enable firewall** - Only expose necessary ports
7. **Use HTTPS** - Always use SSL in production
---
## License
See LICENSE file for details.
Reference in a new issue View git blame Copy permalink