Installation Instructions

Instructional for installing MediaMTX on Linux Virtual Server. Written for Rocky8

The github site for MediatMTX is at https://github.com/bluenviron/mediamtx


Download MediaMTX executable


Go to https://github.com/bluenviron/mediamtx/releases and download the latest version of mediamtx for Linux amd64.tar.gz 


Unzip the file on to your local machine


Download the mediamtx_create_systemd_firewall.sh script from folder below 

*** if you plan to do share out HLS streams via web browser then also download the letsecrypt_ssl_mediamtx.sh and the mediamtx_renewLECerts.sh - We will get to that a bit later....

Launch local or virtual machine and get to the command line interface

Create a user named mediamtx

Set the password for the mediamtx user

Enter the password for mediamtx user

you will get this message;

“BAD PASSWORD: The password contains the user name in some form” 

it’s ok just paste mediamtx again.


You will know you did it right when you get this message in return;


“all authentication tokens updated successfully.”

By creating this user named mediamtx this also made a folder called mediamtx under the home folder. 

This will become important in a few more steps.


Make mediamtx user a 'sudo user'

Switch from the Root user to the mediamtx user

Now its time to install MediaMTX 


Transfer the mediamtx.yml, mediamtx executable file and the MediaMTX Firewall config script to the mediamtx folder. I use filezilla. Use what you like.


Get to the mediamtx folder where the mediamtx installer is located.

Queue up the MediaMTX install

Enter password if asked for MediaMTX user

Execute the MediatMTX insall 


Output should look like this

Type Control C to exit the MediaMTX Service

Create service to start on boot and configure firewall.

Queue Script

Enter password if asked for MediaMTX user

Execute Script

Check Firewall 

Settings should look like picture below. 

AT THIS POINT YOUR SERVER IS INTALLED

But we are going to go into the the yml file (pronounced "YAMAL") and add some security preferences. Do to that we need a text editor. I like NANO. 


Now we are going install NANO.

Command to install NANO 


Enter password if asked for MediaMTX user

At prompt for installing package entter "y" hit enter


A successful instalation will return the version installed and a "Complete !" message 

The reason we are going to install the following security preferences is because out of the box other than some firewall settings for the server anyone could point their video to the server if they had the ip address and the port number.
We are going to add a username and password to be required to stream to keep someone from hijacking the video server.

First change director to the location of the yml file.


Edit the file with nano


Adding a security with a username and password to the server

Now we are going to scroll down to the "authMethod: internal" section and edit the file

Adding a user name in the "user:" section - pay attention to a space after the colon.

Adding a password in the "pass:" section - pay attention to the space after the colon

Example Below.

After we are done we are going to whats called "Write Out" which saves the changes - hit control O

Next hit enter to save the changes.

Now hit control X to exit out of NANO

After we are done we are going to whats called "Write Out" which saves the changes - hit control O

Next hit enter to save the changes.

Now hit control X to exit out of NANO

To get back to view the MediaMTX service copy and paste this command. It will bring up the current available services and show current activity.

Enter password if asked for MediaMTX user

This is what the service looks like. Current activity will stream at the bottom. Type control c to exit. 

Type control c to exit. 

Restart the MediaMtx service to enforce file change

Get back to view the MediaMTX service so we can monitor the service as we connect to it.

Now your server is set up to stream from ATAK clients through the UASTool and TAK-ICU plugins using RTSP.

You can use the ip address of your server or if you have set up an A record for DNS you could use a domain name. 

Under Construction

How to add an SSL Certificate from LetsEncrypt

and use FFmpeg to send an HLS video stream to watch in a web browser using Rocky 8

To use LetsEncrypt you must have a FQDN (Fully Qualified Domain Name) with an A record pointing to your server. So you need to get to your service provider whom ever that is GoDaddy as an example and make that change now. It can take up to 30 minutes for this to be active through out the internet. 

Download the letsecrypt_ssl_mediamtx.sh and the mediamtx_renewLECerts.sh - If you already did this at the beginning then go ahead and skip this.

Now we are going to install FFMPEG. This program is just going to run in the background and interact with commands from mediamtx.

Get to the command line and execute the following commands

FFMPEG is installed and now we will install LetsEncrypt.

Transfer the letsecrypt_ssl_mediamtx.sh and the mediamtx_renewLECerts.sh to the mediamtx folder. I use filezilla. Use what you like.

Get to the mediamtx folder where the mediamtx installer is located.

Queue up the Letsencrypt script

Enter the password for mediamtx user

Execute the scripts

There will be a series of prompts

On completion you will get a return like this -


Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/videotest.taktical.net/fullchain.pem

Key is saved at:         /etc/letsencrypt/live/videotest.taktical.net/privkey.pem

This certificate expires on 2024-06-29.

These files will be updated when the certificate renews.

Certbot has set up a scheduled task to automatically renew this certificate in the background.

We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

Next the script will make a cronjob which will automatically renew this certificate.

We are now done with LetsEncrypt and we need to get to the yml file and make some edits using Nano. 

I have attached an example yml file in the google drive link above that can be downloaded and replaced on to your machine and you can edit that if you want instead of copy and pasting all of these things

Steps to do this would rename it from Example_LetsEncrypt_mediamtx.yml to mediamtx.yml and place it in the /usr/local/etc file. 

FileZilla will ask if you want to replace it and choose yes.

You can then nano that file and you would need to change the username, password (covered in the first section/original video) and then rename the pathway to your LetsEncrypt folder. Then save the changes and restart mediamtx.

You can watch this video, see what I edit do to make all this happen first. You can make a decision from there on how you want to roll. 

....here we go.

Change director to the location of the yml file.


Edit the file with nano


Adding permissions for localhost viewing

Scroll down to the "authMethod: internal" section and edit the file

Adding in the actions of publish and read.

Edit the Global settings for the RTSP server

Now we are going to scroll down to the "Global settings -> RTSP server" section and edit the file

We are going to add [tcp] to the protocol

Edit the Global settings for the HLS server

Now we are going to scroll down to the "Global settings -> HLS server" section and edit the file

Enabling hlsEncrytion by adding "yes"

Adding the file path for the "hlsServerKey:" section - This will be the LetsEncrypt privkey.pem

Adding the file path for the "hlsServerCert:" section - This will be the LetsEncrypt fullchain.pem

Adding mpegts into the "hlsVariant"

Edit the Path Settings by pasting in the following lines below #    source:  rtsp://my_camera. 

Pay close attention to spaces. For example runOnReady for example is two spaces in from the line above. 

The line below it for runOnReadyRestart its also two spaces in. 

Example picture below.

After we are done we are going to whats called "Write Out" which saves the changes - hit control O

Next hit enter to save the changes.

Now hit control X to exit out of NANO

Now the videos can be viewed in a web browser by going to https://yoururl:8888/hls/streamname 

You will be prompted for username and password for your server which we went over in the first video.

The browser will save this so subsequent views will not require it.