Socialive network & firewall guide

CDNs



APIs



CDNs

Networks that allow TLS traffic by default should not need to explicitly allow CDN properties. However, for more restrictive environments where destinations outside your network must be specified, please reference the table below:

Protocol

Port

Domain(s)

Protocol

https

Port

443

Domain(s)

cc-overlays.s3.amazonaws.com

In-broadcast graphic overlays

Protocol

https

Port

443

Domain(s)

d10pibf47uu4kg.cloudfront.net

Video thumbnails

Protocol

https

Port

443

Domain(s)

d23f9rdkw0nh8n.cloudfront.net

sl-recording-clips.s3.amazonaws.com

Video playback hosts

Protocol

https

Port

443

Domain(s)

cc-static-js.s3.amazonaws.com

Static JavaScript host

Protocol

https

Port

443

Domain(s)

fonts.googleapis.com

Static font host

Protocol

https

Port

443

Domain(s)

webrtc.github.io

Static host for adapter.js shim used for x-browser and x-version adaptability

Protocol

https

Port

443

Domain(s)

cdnjs.cloudflare.com

Static JavaScript host

Protocol

https

Port

443

Domain(s)

www.gstatic.com

Static JavaScript host

APIs

Networks that allow TLS traffic by default should not need to make allowances for API properties. However, for more restrictive environments where destinations outside your network must be specified, please reference the table below:

Protocol

Port

Domain(s)

Protocol

https

Port

443

Domain(s)

api.socialive.us

broker.socialive.us

origin.socialive.us

sfu.socialive.us

sfu2.socialive.us

graphql-gateway.service.socialive.us

firestore.googleapis.com

Domains for REST API and Signaling

Protocol

https

Port

443

Domain(s)

turn.us-east-1.socialive.us

turns.us-east-1.socialive.us

STUN/TURN for NAT traversal

Protocol

https

Port

443

Domain(s)

api-iam.intercom.io

Support and Customer Success communication, in-app notifications and tutorials

Protocol

https

Port

443

Domain(s)

sdk.amazonaws.com

Static JavaScript host

firestore.googleapis.com (signaling service):

Will not function properly if traffic to this domain passes through a proxy. As proxies typically do not handle persistent connections correctly (waiting for a full response from destination before flushing), the proxy should be configured to bypass this domain.

turn.us-east-1.socialive.us (STUN/TURN and NAT traversal):

Will not function properly if traffic to this domain passes through a proxy. The proxy should be configured to bypass this domain.

Streaming

The IPs in the below table are used to facilitate the transmission of real-time media in the browser. In restrictive networks where destinations must be explicitly allowed, all IPs and corresponding port ranges below should be allowed.

Protocol

Port

Domain(s)

Protocol

tcp

Port

1935

Domain(s)

54.221.33.151

52.7.176.185

54.145.113.113

52.2.236.53

Class: TCP Stream
Purpose: Live broadcast monitoring

Protocol

tls, tcp, udp

Port

443

Domain(s)

52.204.129.114

Class: RTP Stream
Purpose: STUN/TURN for NAT traversal

Protocol

udp

Port

5002-65535

Domain(s)

3.228.228.95

3.213.245.201

Class: RTP Stream
Purpose: Real-time streaming

The udp destinations with the large port ranges above are for connections to a fleet of Selective Forwarding Units (real-time streaming). For best performance/quality in your streams, ensure that these destinations and port ranges are allowed.
If your organization uses a proxy, the IP destinations and ports above should be bypassed by the proxy.

FAQs

You specified UDP but you are using SRTP why the difference?

RTP over UDP protocols are addressed in this document. SRTP is not a protocol. It is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, authentication and integrity. Socialive uses SRTP for our WebRTC communications over RTP/UDP.

Socialive network & firewall guide

CDNs

APIs

Streaming

FAQs

Get product updates and inspiration in your inbox every month