srt_proxy_passphrase
The srt_proxy_passphrase directive sets a passphrase for SRT connections used in the NGINX SRT module.
Description
The srt_proxy_passphrase directive is utilized within the contexts of stream and stream server configurations to specify a passphrase that enables encrypted communication over SRT (Secure Reliable Transport). The SRT protocol is designed for low-latency video transport over unreliable networks, and incorporating a passphrase adds a layer of security when establishing SRT connections. It is important to note that this directive ensures that both the server and client sides of the connection share the same passphrase for successful encryption and decryption of data packets sent over the SRT stream.
When configuring the srt_proxy_passphrase directive, it is mandatory to provide a single argument, which is the passphrase string itself. This string should be secure enough to withstand potential brute-force attacks, as it is essential for safeguarding streamed content. If the passphrase is not provided or mismatched on either end of the SRT connection, the connectivity will fail, resulting in interrupted data streams, making it crucial to ensure consistent passphrase settings in both the server and client configurations.
Config Example
stream {
server {
listen 5432;
srt_proxy_pass srt://127.0.0.1:4321;
srt_proxy_passphrase "my_secure_passphrase";
}
}Ensure that the passphrase is identical on both the client and server.
Keep the passphrase secure and not easily guessable to prevent unauthorized access.
If the passphrase is changed after initial connection setup, existing connections will need to be reestablished.