I am attempting to create a rtsp server using gstreamer.
the stream works fine on my jetson-nano with ubuntu(L4T), but when pushing the application on balenaOS, vlc cannot connect.
the ports (rtsp:554, udp:5003) appear to be opened using netstat -tuplen | grep '554\|5003'
is it possible that due to security reasons, some of the ports have been restricted?
Hey, I am assuming you are on a multi-container application, in which case you need to enable the ports from your docker container, you can read more on multi-container networking here.
Hey @jap937, we aren’t blocking any of those ports in balenaOS so they should be available for streaming. Do you have a Dockerfile example you can share with us? Have you tried running this same container on L4T Ubuntu or were you running the app directly on the host in your previous test?
thanks for the answer. It is unfortunate that the issue is not as simple as opening a port.
i run/built the exact same dockerfile on L4T Ubuntu where it works fine.
I also open the stream from a different PC than the server with vlc.
the relevant layers of the dockerfile is:
FROM balenalib/jetson-nano-ubuntu:bionic
# Update to 32.4.4 repository if the base image uses an older one
RUN sed -i 's/r32 main/r32.4 main/g' /etc/apt/sources.list.d/nvidia.list
RUN apt-get update && apt-get install -y wget tar lbzip2 python3 libegl1 && \
wget https://developer.nvidia.com/embedded/L4T/r32_Release_v4.4/r32_Release_v4.4-GMC3/T210/Tegra210_Linux_R32.4.4_aarch64.tbz2 && \
tar xf Tegra210_Linux_R32.4.4_aarch64.tbz2 && \
cd Linux_for_Tegra && \
sed -i 's/config.tbz2\"/config.tbz2\" --exclude=etc\/hosts --exclude=etc\/hostname/g' apply_binaries.sh && \
sed -i 's/install --owner=root --group=root \"${QEMU_BIN}\" \"${L4T_ROOTFS_DIR}\/usr\/bin\/\"/#install --owner=root --group=root \"${QEMU_BIN}\" \"${L4T_ROOTFS_DIR}\/usr\/bin\/\"/g' nv_tegra/nv-apply-debs.sh && \
sed -i 's/chroot . \// /g' nv_tegra/nv-apply-debs.sh && \
./apply_binaries.sh -r / --target-overlay && cd .. \
rm -rf Tegra210_Linux_R32.4.2_aarch64.tbz2 && \
rm -rf Linux_for_Tegra && \
echo "/usr/lib/aarch64-linux-gnu/tegra" > /etc/ld.so.conf.d/nvidia-tegra.conf && ldconfig
RUN echo 'install gstreamer tools' &&\
apt-get -y install libgstreamer1.0-0 gstreamer1.0-plugins-base \
gobject-introspection gir1.2-gst-rtsp-server-1.0 \
gstreamer1.0-plugins-good gstreamer1.0-plugins-bad \
gstreamer1.0-plugins-ugly gstreamer1.0-libav \
gstreamer1.0-tools \
libgstrtspserver-1.0-0 \
libgstrtspserver-1.0-dev \
libgstrtspserver-1.0-dev \
libgstreamer-plugins-base1.0-dev
Have you also checked that the ports are listening on the host OS as well as in the container?
I ask because the netstat -tuplen | grep '554\|5003' does not run on the current releases of balenaOS but something like lsof -iTCP -sTCP:LISTEN and lsof -iUDP -P -n | egrep -v '(127|::1)' would list listening ports.
Can you confirm what address you are using in vlc to access the stream? are you using the device ip or are you trying to access it via the device public url?
I ask because the stream wouldn’t be available over the public url.
Would you mind creating a docker-compose, to test, just so that we can explicitly set everything you need and discount them? So the service should run with host networking, use the port command to map port 554 and also run the service as privileged. If that still doesn’t work, then I think we need to replace your dockerfile with something simpler that produces an RTSP feed, and narrow down whether this is a docker issue, or something not working with your service.
sorry for the delayed response,
I am currently trying to get the compose file to work(getting familiar with them now).
would this be what you suggested?
Hey Jasper,
yes, that should work, although if you’re using network_mode: host you can’t re-map ports. But as you’re mapping them without changing them, this shouldn’t be a problem.
Maybe you’re just missing the last line, but to be valid YAML the resin-data volume should have some definition or just be {}
Let us know if it works
Hello Jasper,
it’s hard to say without knowing the rest of your network setup.
But can you connect to those ports from the host where your VLC is running? E.g. just by doing a curl YOUR_DEVICE_IP:554? As it’s not HTTP there will be an error, but at least there shouldn’t be a timeout.
If there is a timeout, then you have a problem with your network setup, as BalenaOS does not setup any firewall that would block that traffic.
You can try checking your host’s firewall and look into routing setup, but that’s somewhat out side of what we can help with