401 on API endpoint

[SKape22]

Question

I have created a docker compose file:

version: "3"

services:
  mediamtx:
    image: bluenviron/mediamtx:latest
    container_name: mediamtx-rtmpserver
    environment: 
      MTX_PROTOCOLS: tcp
      MTX_WEBRTCADDITIONALHOSTS: "x.x.x.x"
    ports:
      - "9997:9997"
      - "8554:8554"  
      - "8000:8000"
      - "8001:8001"
      - "1935:1935" 
      - "8888:8888"  
      - "8889:8889"  
      - "8890:8890/udp"  
      - "8189:8189/udp" 
    volumes:
      - ./mediamtx.yml:/mediamtx.yml:ro 

The server is running that is for sure

[+] Running 2/2
 ✔ Network rtsp-server_default    Created                                                                                                                                                                          0.1s 
 ✔ Container mediamtx-rtmpserver  Created                                                                                                                                                                          0.1s 
Attaching to mediamtx-rtmpserver
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF MediaMTX v1.7.0
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF configuration loaded from /mediamtx.yml
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF [RTSP] listener opened on :8554 (TCP)
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF [RTMP] listener opened on :1935
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF [HLS] listener opened on :8888
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF [WebRTC] listener opened on :8889 (HTTP), :8189 (ICE/UDP)
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF [SRT] listener opened on :8890 (UDP)
mediamtx-rtmpserver  | 2024/04/17 06:36:20 INF [API] listener opened on :9997

Now when i try to access the APIs, namely the add path configuration,

http://127.0.0.1:9997/v3/config/paths/add/{name}

i get 401, unauthorised error and no error messages in the docker logs so cannot debug from there.

But when i used the standalone binary and tried accessing the api it worked.
I plan to use the docker version in the future but cannot get past this error and was also not able find any relevant instructions in the api documentation.

I have enabled the api support and the authMethod is internal and user is any in the configuration file. It's basically the default yml file only change is i have enabled the api.

I am new to streaming projects. Can anyone help me in this?

[aler9]

Hello, you need to edit the configuration in order to allow using the API from IPs different than localhost, therefore:

authInternalUsers:

- user: my_api_user
  pass: my_api_pass
  ips: []
  permissions:
  - action: api

Then you'll be able to use the API by using a set of credentials:

curl http://my_api_user:[email protected]:9997/v3/config/global/get

[sonuame]

I am also stuck at the same issue.
I have setup the nginx proxy to expose the 9997 endpoint. When I call the endpoint from the localhost. it works fine. But gives 401 behind the proxy.

What am I missing ?
This change is not allowing me to upgrade to 1.8. Still running 1.5 for my work

[aler9]

without details on how to replicate your scenario and full server logs it's impossible to assess what the problem is. If you still have problems, create a dedicated question and provide requested data.

[suomi35]

Using the default config file as an example, you can add an entry for api, as I've done at the end of this portion:

# Internal authentication.
# list of users.
authInternalUsers:
  # Default unprivileged user.
  # Username. 'any' means any user, including anonymous ones.
- user: any
  # Password. Not used in case of 'any' user.
  pass:
  # IPs or networks allowed to use this user. An empty list means any IP.
  ips: []
  # List of permissions.
  permissions:
    # Available actions are: publish, read, playback, api, metrics, pprof.
  - action: publish
    # Paths can be set to further restrict access to a specific path.
    # An empty path means any path.
    # Regular expressions can be used by using a tilde as prefix.
    path:
  - action: read
    path:
  - action: playback
    path:
  - action: api
    path:

In a live environment you'll definitely want to add some restrictions though. EG auth user and specify only the minimum paths you need.