rtsp server not connecting


I am attempting to create a rtsp server using gstreamer.
the stream works fine on my jetson-nano with ubuntu(L4T), but when pushing the application on balenaOS, vlc cannot connect.

the ports (rtsp:554, udp:5003) appear to be opened using netstat -tuplen | grep '554\|5003'

is it possible that due to security reasons, some of the ports have been restricted?

Hey, I am assuming you are on a multi-container application, in which case you need to enable the ports from your docker container, you can read more on multi-container networking here.

i am using a single container created without a docker-compose file (so it is privileged)

Hey @jap937, we aren’t blocking any of those ports in balenaOS so they should be available for streaming. Do you have a Dockerfile example you can share with us? Have you tried running this same container on L4T Ubuntu or were you running the app directly on the host in your previous test?


thanks for the answer. It is unfortunate that the issue is not as simple as opening a port.
i run/built the exact same dockerfile on L4T Ubuntu where it works fine.
I also open the stream from a different PC than the server with vlc.

the relevant layers of the dockerfile is:

FROM balenalib/jetson-nano-ubuntu:bionic
# Update to 32.4.4 repository if the base image uses an older one
RUN sed -i 's/r32 main/r32.4 main/g' /etc/apt/sources.list.d/nvidia.list

RUN apt-get update && apt-get install -y wget tar lbzip2 python3 libegl1 && \
    wget https://developer.nvidia.com/embedded/L4T/r32_Release_v4.4/r32_Release_v4.4-GMC3/T210/Tegra210_Linux_R32.4.4_aarch64.tbz2 && \
    tar xf Tegra210_Linux_R32.4.4_aarch64.tbz2 && \
    cd Linux_for_Tegra && \
    sed -i 's/config.tbz2\"/config.tbz2\" --exclude=etc\/hosts --exclude=etc\/hostname/g' apply_binaries.sh && \
    sed -i 's/install --owner=root --group=root \"${QEMU_BIN}\" \"${L4T_ROOTFS_DIR}\/usr\/bin\/\"/#install --owner=root --group=root \"${QEMU_BIN}\" \"${L4T_ROOTFS_DIR}\/usr\/bin\/\"/g' nv_tegra/nv-apply-debs.sh && \
    sed -i 's/chroot . \//  /g' nv_tegra/nv-apply-debs.sh && \
    ./apply_binaries.sh -r / --target-overlay && cd .. \
    rm -rf Tegra210_Linux_R32.4.2_aarch64.tbz2 && \
    rm -rf Linux_for_Tegra && \
    echo "/usr/lib/aarch64-linux-gnu/tegra" > /etc/ld.so.conf.d/nvidia-tegra.conf && ldconfig

RUN echo 'install gstreamer tools' &&\
    apt-get -y install libgstreamer1.0-0 gstreamer1.0-plugins-base \
    gobject-introspection gir1.2-gst-rtsp-server-1.0 \
    gstreamer1.0-plugins-good gstreamer1.0-plugins-bad \
    gstreamer1.0-plugins-ugly gstreamer1.0-libav \
    gstreamer1.0-tools \
    libgstrtspserver-1.0-0 \
    libgstrtspserver-1.0-dev \
    libgstrtspserver-1.0-dev \

Have you also checked that the ports are listening on the host OS as well as in the container?
I ask because the netstat -tuplen | grep '554\|5003' does not run on the current releases of balenaOS but something like lsof -iTCP -sTCP:LISTEN and lsof -iUDP -P -n | egrep -v '(127|::1)' would list listening ports.

it appears the ports are opened. the UDP port 5003 is shown when vlc attempts to connect, but vlc always times out.

$ lsof -iTCP -sTCP:LISTEN`
python3 303234 root 64u IPv4 2074196 0t0 TCP *:rtsp (LISTEN)

$ lsof -iUDP -P -n | egrep -v ‘(127|::1)’`
python3 303234 root 152u IPv4 3174290 0t0 UDP *:5003

Hey there

Can you confirm what address you are using in vlc to access the stream? are you using the device ip or are you trying to access it via the device public url?

I ask because the stream wouldn’t be available over the public url.

Thanks for confirming

the address i use is rtsp://192.168.178.xx/test (this will default to port 554)
it is not a public url, but on my local network.

Is the container running with network_mode: host? We had to do this (outside of balena) to get RTP/UDP working properly

the container appears to be running as host by default

#balena inspect main_3475362_17540

        "NetworkMode": "host",
        "PortBindings": {},
        "RestartPolicy": {
            "Name": "always",
            "MaximumRetryCount": 0

Hi Jasper,

Would you mind creating a docker-compose, to test, just so that we can explicitly set everything you need and discount them? So the service should run with host networking, use the port command to map port 554 and also run the service as privileged. If that still doesn’t work, then I think we need to replace your dockerfile with something simpler that produces an RTSP feed, and narrow down whether this is a docker issue, or something not working with your service.


Hi Jasper,

Have you had a chance to try the suggestion Phil made above?

sorry for the delayed response,
I am currently trying to get the compose file to work(getting familiar with them now).
would this be what you suggested?

version: '2'
        build: ./
            - "resin-data:/data"
        privileged: true
        network_mode: host
            - 80:80
            - 554:554
            - 5003:5003

update: explicitly opening ports did not change the outcome

version: '2.1'
networks: {}
  resin-data: {}
      context: .
      dockerfile: tmp/Dockerfile
      - '80:80'
      - '554:554'
      - '5003:5003'
    privileged: true
    tty: true
    restart: always
    network_mode: host
      - 'resin-data:/data'
      io.resin.features.kernel-modules: '1'
      io.resin.features.firmware: '1'
      io.resin.features.dbus: '1'
      io.resin.features.supervisor-api: '1'
      io.resin.features.resin-api: '1'

Hey Jasper,
yes, that should work, although if you’re using network_mode: host you can’t re-map ports. But as you’re mapping them without changing them, this shouldn’t be a problem.
Maybe you’re just missing the last line, but to be valid YAML the resin-data volume should have some definition or just be {}
Let us know if it works