By default, the web UI and REST API are open — any client that can reach port 6070 can view and modify your stream configuration. Setting the BASIC_AUTH_USER and BASIC_AUTH_PASS environment variables enables HTTP Basic Authentication, requiring a username and password on every request to the dashboard and API.

How it works

When both environment variables are set, Simple RTMP Restreamer enforces HTTP Basic Auth on all incoming requests. Browsers display a native credentials prompt when you navigate to the dashboard. API clients must include an Authorization header with every request. If either variable is empty or unset, authentication is disabled entirely.

Enable authentication

Set both variables in your docker-compose.yml:
docker-compose.yml
services:
  restreamer:
    image: ghcr.io/kbats183/simple-rtmp-restreamer:latest
    ports:
      - "6070:6070"
      - "1935:1935"
    environment:
      - BASIC_AUTH_USER=live
      - BASIC_AUTH_PASS=your-secure-password
After restarting the container, every request to the web UI and API will require the credentials you set.

Authenticate API requests

When auth is enabled, include the credentials using HTTP Basic Auth. With curl, use the -u flag: 
curl -u live:yourpassword http://your-server:6070/api/streams/-/status
For other HTTP clients, encode the credentials as base64(user:pass) and pass them in the Authorization header: 
Authorization: Basic bGl2ZTp5b3VycGFzc3dvcmQ=
HTTP Basic Auth transmits credentials in base64, which is not encrypted. Over plain HTTP, credentials are exposed to anyone who can intercept the traffic. Use a reverse proxy that terminates TLS in production environments.
See the deployment page for guidance on setting up a reverse proxy with HTTPS in front of Simple RTMP Restreamer.