Skip to main content

A video streaming server that allows you to securely share your personal video library over the internet

Project description

MediaRelay

A video streaming server that allows you to securely share your personal video library over the internet. Built with robust security, monitoring, and performance features.

✨ Features

🔒 Security

  • Multi-layer Authentication: HTTP Basic Auth + Session Management
  • Path Traversal Protection: Prevents unauthorized file access
  • Security Headers: XSS, SameSite cookie protection, clickjacking protection
  • Rate Limiting: Configurable request throttling
  • Security Audit Logging: Comprehensive security event tracking
  • Session Management: Secure sessions with configurable timeouts

🎥 Media Streaming

  • Universal Format Support: MP4, MKV, AVI, MOV, WebM, M4V, FLV
  • Subtitle Support: SRT subtitle files
  • Audio Support: MP3, AAC, OGG, WAV
  • Range Requests: Efficient streaming with seek support
  • Mobile Optimized: Responsive design for all devices

📊 Monitoring & Performance

  • Health Check Endpoint: Real-time server status
  • Performance Metrics: Request timing and throughput monitoring
  • Comprehensive Logging: Application, security, error, and performance logs
  • Multi-threaded: Configurable concurrency for high performance
  • Resource Monitoring: CPU, memory, and disk snapshot logged at server startup (log_system_info)

🛠️ Advanced Features

  • Environment Configuration: Full environment variable support
  • 90%+ Test Coverage: Comprehensive test suite with branch coverage and security tests
  • Service Management: System service configurations — see Deployment Guide
  • Log Rotation: Automatic log rotation and archival
  • API Support: RESTful JSON API for integration

📋 Requirements

  • Python: 3.12 or higher
  • Operating System: Windows 10+, macOS 10.15+, or Linux (Ubuntu 20.04+ recommended)
  • Memory: Minimum 2GB RAM, 4GB+ recommended for optimal performance
  • Storage: 1GB for application, additional space for video content
  • Network: Stable internet connection for remote access

🚀 Quick Start

1. Installation

Recommended — install from PyPI:

# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate  # Linux/macOS
venv\Scripts\activate     # Windows

pip install mediarelay

That installs the mediarelay, mediarelay-config, mediarelay-genpass, and mediarelay-validate commands. No need to clone the repository.

Windows users can alternatively download a pre-built executable from GitHub Releases. Place a .env file in the same directory as MediaRelay.exe and run the executable.

From source (development or contributing):

git clone https://github.com/tboy1337/MediaRelay.git
cd MediaRelay

python -m venv venv
source venv/bin/activate  # Linux/macOS
venv\Scripts\activate     # Windows

pip install -e ".[dev]"

Use pip install -e . instead of pip install -e ".[dev]" if you only need the application without test and lint tools.

2. Configuration

# Generate sample configuration
mediarelay-config

# Copy and edit configuration
copy .env.example .env   # Windows
cp .env.example .env     # Linux/macOS
# Edit .env with your settings

3. Security Setup

Generate required security credentials:

# Generate Flask secret key and password hash
mediarelay-genpass

The script will:

  1. Ask for your preferred username (e.g., admin, user, etc.)
  2. Generate or create your password:
    • Choose 'y' to generate a secure 35-character password automatically
    • Choose 'n' to enter your own password (minimum 12 characters)
  3. Generate a Flask secret key (for session security)
  4. Create a password hash (for secure authentication)

Example output:

============================================================
CONFIGURATION VALUES FOR .env FILE
============================================================
VIDEO_SERVER_SECRET_KEY=a1b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef1234567890
VIDEO_SERVER_USERNAME=admin
VIDEO_SERVER_PASSWORD_HASH=scrypt:32768:8:1$abc123$def456...

Important Security Notes:

  • Save your password securely - you'll need it to log in to the web interface
  • Copy all three generated values to your .env file immediately
  • Never share your secret key or password hash - treat them like private keys
  • Regenerate credentials if you suspect they've been compromised
  • The script uses cryptographically secure random generation for maximum security

4. Start the Server

# Start the server
mediarelay

# Or with custom configuration
mediarelay --host 0.0.0.0 --port 8080

Once the server is running, you can access it in your web browser at:

  • Local access: http://localhost:5000
  • Network access: http://YOUR_IP_ADDRESS:5000 (if configured with --host 0.0.0.0)

🔧 Configuration

Step-by-Step Configuration Process

  1. Create your configuration file (if you do not already have .env.example from a source checkout, run mediarelay-config first):

    copy .env.example .env   # Windows
    cp .env.example .env     # Linux/macOS
    
  2. Generate security credentials:

    mediarelay-genpass
    
  3. Update your .env file with the generated values:

    • Replace VIDEO_SERVER_SECRET_KEY=your-secret-key-here with your generated secret key
    • Replace VIDEO_SERVER_USERNAME=tboy1337 with your chosen username
    • Replace VIDEO_SERVER_PASSWORD_HASH=your-password-hash-here with your generated hash
  4. Configure other settings as needed (video directory, port, etc.)

  5. Validate configuration before production deployment:

    mediarelay-validate
    
  6. Start the server (configuration is validated on startup):

    mediarelay
    

Key Environment Variables

# Server Configuration
VIDEO_SERVER_HOST=0.0.0.0
VIDEO_SERVER_PORT=5000  
VIDEO_SERVER_DIRECTORY=/path/to/videos
VIDEO_SERVER_THREADS=6

# Security (Required - Generate using mediarelay-genpass)
VIDEO_SERVER_USERNAME=your_username                    # Your chosen username
VIDEO_SERVER_PASSWORD_HASH=your_secure_hash            # Generated password hash
VIDEO_SERVER_SECRET_KEY=your_secret_key                # Generated Flask secret key

# Performance
VIDEO_SERVER_RATE_LIMIT_PER_MIN=60
VIDEO_SERVER_SESSION_TIMEOUT=3600
VIDEO_SERVER_MAX_FILE_SIZE=21474836480  # 20GB default, set to 0 to disable

# Session Cookies (set Secure=true when serving over HTTPS)
VIDEO_SERVER_SESSION_COOKIE_SECURE=true
VIDEO_SERVER_SESSION_COOKIE_HTTPONLY=true
VIDEO_SERVER_SESSION_COOKIE_SAMESITE=Strict

# Reverse proxy (set true ONLY when behind a trusted reverse proxy)
VIDEO_SERVER_BEHIND_PROXY=false

# Account lockout (failed login protection)
VIDEO_SERVER_LOCKOUT_MAX_ATTEMPTS=5
VIDEO_SERVER_LOCKOUT_DURATION=900

# Logging
VIDEO_SERVER_LOG_LEVEL=INFO
VIDEO_SERVER_LOG_DIR=./logs
VIDEO_SERVER_LOG_CONSOLE=true

# Production mode (rejects placeholder credentials)
FLASK_ENV=production

Development

Run the full quality gate locally:

python scripts/verify.py

This runs black, isort, mypy, bandit, pylint, pip-audit, and pytest with 90% branch coverage.

🔒 Security

Authentication & Authorization

# Multi-layer authentication
HTTP_BASIC_AUTH + SESSION_MANAGEMENT + SAMESITE_COOKIES

Security Headers

X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000  # When VIDEO_SERVER_HSTS=true or VIDEO_SERVER_BEHIND_PROXY=true
Content-Security-Policy: default-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
X-Permitted-Cross-Domain-Policies: none

X-XSS-Protection is intentionally omitted (deprecated in modern browsers).

Reverse Proxy Warning

Set VIDEO_SERVER_BEHIND_PROXY=true and VIDEO_SERVER_PROXY_TRUSTED=true only when MediaRelay runs behind a trusted reverse proxy (nginx, Caddy, etc.) and is bound to localhost. Without PROXY_TRUSTED, client IP and rate limits use the direct connection address, not X-Forwarded-For. Direct internet exposure with proxy headers enabled allows IP spoofing. See SECURITY.md.

Security Monitoring

All security events are logged:

  • Authentication attempts (success/failure)
  • Path traversal attempts
  • Rate limit violations
  • File access attempts
  • Account lockout events

📈 Performance

Performance Features

  • Multi-threading: Configurable worker threads
  • Range Requests: Efficient video streaming
  • HTTP Caching: Browser caching for static content
  • Connection Pooling: Supports multiple users simultaneously
  • Memory Management: Automatic resource cleanup

📊 API Usage

Available Endpoints

# Health check (no auth required)
GET /health

# Directory listing  
GET /api/files?path=movies

# File streaming
GET /stream/path/to/video.mp4

# Web interface
GET /
GET /path/to/directory/

Using the API

import requests
from requests.auth import HTTPBasicAuth

auth = HTTPBasicAuth('username', 'password')

# Get file listing
response = requests.get(
    'http://localhost:5000/api/files', 
    auth=auth
)
files = response.json()

# Stream video
video_url = 'http://localhost:5000/stream/movie.mp4'
response = requests.get(video_url, auth=auth, stream=True)

🔧 Troubleshooting

Common Issues

Server won't start: Check logs in logs/error.log Authentication issues:

  • Verify your .env file has all three security values from mediarelay-genpass
  • Ensure you're using the correct username and password you generated
  • Regenerate credentials if needed: mediarelay-genpass Performance problems: Increase thread count (VIDEO_SERVER_THREADS) Network access: Check firewall and port forwarding Missing .env file: Copy .env.example to .env and configure

Debug Mode

VIDEO_SERVER_DEBUG=true
VIDEO_SERVER_LOG_LEVEL=DEBUG
mediarelay

Support

  • Documentation: docs/README.md
  • Logs: Review application logs in logs/
  • Health Check: curl http://localhost:5000/health
  • Security: SECURITY.md
  • Issues: Create GitHub issue with logs and configuration

📄 License

This project is licensed under the CRL License - see the LICENSE.md file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mediarelay-1.0.19.tar.gz (92.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mediarelay-1.0.19-py3-none-any.whl (44.8 kB view details)

Uploaded Python 3

File details

Details for the file mediarelay-1.0.19.tar.gz.

File metadata

  • Download URL: mediarelay-1.0.19.tar.gz
  • Upload date:
  • Size: 92.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for mediarelay-1.0.19.tar.gz
Algorithm Hash digest
SHA256 b0853f17e28ebf874adb3b5306f6fcff46941432912db761dbc0960296d4040a
MD5 94f4af4dce5e82a873c2d304815cfbbf
BLAKE2b-256 32cc8ff2845e179ebf66e0773e19347b900836dbffd0888d5beec3d11987c810

See more details on using hashes here.

File details

Details for the file mediarelay-1.0.19-py3-none-any.whl.

File metadata

  • Download URL: mediarelay-1.0.19-py3-none-any.whl
  • Upload date:
  • Size: 44.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for mediarelay-1.0.19-py3-none-any.whl
Algorithm Hash digest
SHA256 d830c8a8a5e5e1e8ab56be61adc642bf889b19545683d0270290898cc49b2ac0
MD5 607b255775dff6df75e17f69353abd64
BLAKE2b-256 417e8422d5de32d356ea61af9137042b3ccab84248075a641ec4db167a7f058c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page