#!/bin/bash

# This script sets up an Nginx server with RTMP module for live streaming. 
# It allows you to stream to platforms like Twitch and YouTube, while also allowing local testing.
# It also configures a firewall to restrict access to the RTMP server.

# Update the package list
apt update

# Install Nginx
sudo apt install -y nginx || exit 1 # Stop if there's an installation error

# Enable Nginx on startup
sudo systemctl enable nginx

# Install the RTMP module for Nginx
sudo apt install -y libnginx-mod-rtmp || exit 1

# Install necessary tools to compile Nginx from source
sudo apt install build-essential libpcre3-dev libssl-dev zlib1g-dev git glances -y || exit 1

# Clone the RTMP module repository
sudo git clone https://github.com/arut/nginx-rtmp-module.git || exit 1

# Clone the Nginx repository
sudo git clone https://github.com/nginx/nginx.git || exit 1

# Go into the Nginx directory
cd nginx

# Configure Nginx to include the RTMP module
./auto/configure --add-module=../nginx-rtmp-module || exit 1

# Compile Nginx
make || exit 1

# Install Nginx (this will replace the previous installation)
sudo make install || exit 1

# Prompt for streaming keys and allowed IP
read -p "Enter your Twitch streaming key: " TWITCH_KEY
read -p "Enter your YouTube streaming key: " YOUTUBE_KEY
read -p "Enter the IP address allowed to publish streams: " ALLOWED_IP

# Write the RTMP configuration to the nginx.conf file
sudo tee -a /etc/nginx/nginx.conf > /dev/null << EOL

rtmp {
    server {
        listen 1935;
        chunk_size 4096;

        # Allow publishing only from the specified IP
        allow publish ${ALLOWED_IP}; 

        application live {
            live on;
            record off;

            # Stream to Twitch 
            push rtmp://live-cdg.twitch.tv/app/${TWITCH_KEY};

            # Stream to YouTube
            push rtmp://a.rtmp.youtube.com/live2/${YOUTUBE_KEY};

            # Stream locally
            push rtmp://127.0.0.1/live;
        }

        # Application for local testing 
        application local {
            live on;
            record off;
        }
    }
}
EOL

echo "The RTMP configuration has been added to nginx.conf"

# Test the Nginx configuration for errors
sudo nginx -t && echo "Nginx configuration OK" || exit 1

# Reload Nginx to apply the changes
sudo nginx -s reload

# Install iptables and the persistent module
sudo apt install -y iptables iptables-persistent || exit 1

# Configure the firewall

# Allow traffic from the specified IP on port 1935
sudo iptables -A INPUT -p tcp --dport 1935 -s ${ALLOWED_IP} -j ACCEPT

# Block all other incoming traffic on port 1935
sudo iptables -A INPUT -p tcp --dport 1935 -j DROP

# Allow traffic from the specified IP on port 22 (SSH)
sudo iptables -A INPUT -p tcp --dport 22 -s ${ALLOWED_IP} -j ACCEPT

# Block all other incoming traffic on port 22
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

# Allow outgoing traffic on port 1935
sudo iptables -A OUTPUT -p tcp --sport 1935 -j ACCEPT

# Allow incoming traffic on ephemeral ports (used for return traffic)
sudo iptables -A INPUT -p tcp --match multiport --dports 32768:61000 -j ACCEPT

# Save the iptables rules
sudo netfilter-persistent save

# Confirm the location of the configuration file
echo "Nginx configuration file is located at: /etc/nginx/nginx.conf"