Since January 1, 2026, manufacturers in Kazakhstan must provide live online video surveillance at their production facilities to be included in the Registry of Manufacturers and obtain the ST-KZ certificate. The government portal e-ondiris.gov.kz requires a web link to the camera stream that opens in a standard browser.
Sounds simple. In practice — not so much.
The Problem
IP surveillance cameras (Hikvision, Dahua, Uniview, etc.) stream video via RTSP (Real Time Streaming Protocol) — a binary protocol that browsers don't support. You can't just paste rtsp://admin:password@192.168.1.64:554/Streaming/Channels/101 into a government form and expect it to work.
On top of that:
- ~70% of enterprises in Kazakhstan lack a static IP address
- Double NAT — camera behind a router, behind another ISP router
- No IT staff — factory directors don't configure nginx and ffmpeg
We built RTSP.KZ to solve this.
Architecture
We support three connection methods:
1. Pull (RTSP)
If the enterprise has a static IP with port 554 forwarded, our server pulls the RTSP stream directly.
Camera (RTSP:554) → Internet → RTSP.KZ server → HLS → Browser
2. Push (RTMP)
The camera or NVR pushes the stream to our server via RTMP.
Camera → NVR (RTMP push) → RTSP.KZ server → HLS → Browser
3. VPN Tunnel (WireGuard)
For cameras without a static IP. A WireGuard client and lightweight MediaMTX media server run on the enterprise's PC.
Camera (LAN) → PC with MediaMTX → WireGuard VPN → RTSP.KZ server → HLS → Browser
Tech Stack
- MediaMTX — media server for receiving RTSP/RTMP streams and converting to HLS (written in Go, minimal resources)
- FastAPI (Python) — backend API
- React 18 + TypeScript — frontend SPA + static landing for SEO
- PostgreSQL — primary database
- Redis — caching, queues
- Nginx — reverse proxy, SSL termination
- WireGuard — VPN for cameras behind NAT
- Docker Compose — orchestration
RTSP → HLS Conversion
The key process is remuxing RTSP into HLS (HTTP Live Streaming). HLS splits the video stream into short .ts segments described in a .m3u8 playlist. Every modern browser plays HLS natively.
RTSP (H.264/H.265) → MediaMTX → HLS (.m3u8 + .ts segments)
We do no transcoding — just repackaging from RTSP container to MPEG-TS. This allows handling dozens of streams on a single server without a GPU.
The result is a URL like:
https://stream.rtsp.kz/{camera_id}/index.m3u8
This link goes directly into the e-ondiris.gov.kz application form.
Solving NAT with WireGuard
The most common case — no static IP. In Kazakhstan, that's ~70% of enterprises.
Our solution:
- Generate a WireGuard keypair on the server
- Allocate a subnet from the pool (10.13.x.0/24)
- Send the client a WireGuard config
- On the client's PC, run MediaMTX configured to pull from the local camera and relay through VPN
# mediamtx.yml on client PC
paths:
camera1:
source: rtsp://admin:password@192.168.1.64:554/Streaming/Channels/101
sourceProtocol: tcp
WireGuard was chosen for:
- Minimal overhead (~3% bandwidth)
- Works through any NAT, including mobile CGNAT
- Simple setup (single config file)
- Stability during network switches
Camera Monitoring
For each camera, we run a TCP ping every 30 seconds and display status in the dashboard:
- 🟢 Online — camera reachable, stream active
- 🔴 Offline — no connection
- 📊 Latency — 24-hour ping graph
Results
- Average camera setup time: 5-10 minutes
- Stream uptime: 99.5%+
- Latency: under 3 seconds
- Compatible with: Hikvision, Dahua, Trassir, Uniview, TP-Link, Axis, Hanwha, and NVR/DVR devices
Key Takeaways
- MediaMTX is an excellent lightweight alternative to FFmpeg for simple remuxing
- WireGuard solves NAT better than any STUN/TURN for surveillance cameras
- HLS remains the most reliable format for browser-based streaming
- Sometimes a niche government regulation creates a real technical challenge worth solving
Check out RTSP.KZ | Camera setup guides | Pricing
Top comments (0)