diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4dafb73..d9e682c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,13 +1,15 @@
 ## Changes from 0.1.0-rc7 to 0.1.0
 
 * switched to Alpine-Linux
-* switched Mutlistage Dockerfiles for AMD64 and ARMHF (req. Docker 17.x)
+* switched to mutlistage Dockerfiles for AMD64 and ARMHF (req. Docker 17.x) and removed old files
   * https://hub.docker.com/r/datarhei/ffmpeg/
   * https://hub.docker.com/r/datarhei/nginx-rtmp/
 * updated to FFmpeg 3.1.10
 * updated NPM/Bower packages
 * fixed public-ip problem
 * disabled FFmpeg "error-detection" for a vlc-like feeling
+* added optional rtmp-token-authentification (default is without token. token can be set with env RS_TOKEN or in the live.json config.)
+* updated NGINX to 1.13.4 and RTMP-Module to latest dev-version
 
 ## Changes from 0.1.0-rc7 to 0.1.0-rc.7.1
 
diff --git a/Dockerfile b/Dockerfile
index a12eeeb..01dba84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM datarhei/nginx-rtmp:1.9.9-1.1.7.10 as builder
+FROM datarhei/nginx-rtmp:1.13.4-dev as builder
 
 FROM node:8.1-alpine
 
diff --git a/Dockerfile-armhf b/Dockerfile-armhf
index f4ec77e..8b9838c 100644
--- a/Dockerfile-armhf
+++ b/Dockerfile-armhf
@@ -1,4 +1,4 @@
-FROM datarhei/nginx-rtmp:1.9.9-1.1.7.10-armhf as builder
+FROM datarhei/nginx-rtmp:1.13.4-dev-armhf as builder
 
 FROM resin/raspberry-pi-alpine-node:8.1-slim
 
@@ -6,9 +6,9 @@ MAINTAINER datarhei <info@datarhei.org>
 
 ENV RS_USERNAME=admin \
     RS_PASSWORD=datarhei \
-    SRC="/usr/local" \
-    LD_LIBRARY_PATH="/usr/local/lib" \
-    PKG_CONFIG_PATH="/usr/local/lib/pkgconfig"
+    SRC=/usr/local \
+    LD_LIBRARY_PATH=/usr/local/lib \
+    PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
 
 COPY --from=builder /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
 COPY --from=builder /usr/local/bin/ffprobe /usr/local/bin/ffprobe
@@ -27,7 +27,7 @@ RUN apk add --no-cache --update git libssl1.0 pcre && \
     npm uninstall -g bower grunt grunt-cli nodemon eslint && \
     npm prune --production && \
     npm cache clean --force && \
-    apk del --purge git && \
+    apk del --no-cache --purge git && \
     rm -rf /var/cache/apk/* && \
     rm -rf /tmp/*
 
diff --git a/conf/live.json b/conf/live.json
index 4f00d29..d98998e 100644
--- a/conf/live.json
+++ b/conf/live.json
@@ -3,7 +3,8 @@
     "jsondb": "db/v1",
     "auth": {
         "username": "admin",
-        "password": "datarhei"
+        "password": "datarhei",
+        "token": ""
     },
     "ffmpeg": {
         "options": {
@@ -31,7 +32,7 @@
         },
         "monitor": {
             "restart_wait": "6000",
-            "retries": 10
+            "retries": 100
         }
     },
     "nginx": {
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 7346204..fdac25c 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -10,6 +10,8 @@ rtmp {
         application live {
             live on;
             idle_streams off;
+            on_publish http://127.0.0.1:3000/token;
+            notify_method get;
         }
         application hls {
             live on;
@@ -20,6 +22,8 @@ rtmp {
             hls_sync 1ms;
             hls_path /tmp/hls;
             idle_streams off;
+            on_publish http://127.0.0.1:3000/token;
+            notify_method get;
         }
     }
 }
diff --git a/src/classes/Restreamer.js b/src/classes/Restreamer.js
index 6e05870..2b42d10 100644
--- a/src/classes/Restreamer.js
+++ b/src/classes/Restreamer.js
@@ -28,8 +28,13 @@ class Restreamer {
      */
     static generateOutputHLSPath () {
         var nginx = config.nginx.streaming;
+        var token = process.env.RS_TOKEN || config.auth.token;
 
-        return 'rtmp://' + nginx.ip + ':' + nginx.rtmp_port + nginx.rtmp_hls_path + 'live.stream';
+        if (token != '') {
+            return 'rtmp://' + nginx.ip + ':' + nginx.rtmp_port + nginx.rtmp_hls_path + 'live.stream' + '?token=' + token;
+        } else {
+            return 'rtmp://' + nginx.ip + ':' + nginx.rtmp_port + nginx.rtmp_hls_path + 'live.stream';
+        }
     }
 
     /**
diff --git a/src/webserver/controllers/index.js b/src/webserver/controllers/index.js
index 4f03e59..652b83a 100644
--- a/src/webserver/controllers/index.js
+++ b/src/webserver/controllers/index.js
@@ -37,4 +37,29 @@ module.exports = (app) => {
         req.session.destroy();
         res.end();
     });
+    /* Handle NGINX-RTMP token */
+    app.get('/token', (req, res) => {
+        var token = process.env.RS_TOKEN || auth.token;
+        if (token != '') {
+            if (req.query.token == token) {
+                res.writeHead(200, {
+                    'Content-Type': 'text/plain'
+                });
+                res.end('Authorized');
+            } else {
+                res.writeHead(401, {
+                    'Content-Type': 'text/plain'
+                });
+                res.end('Unauthorized');
+            }
+        } else {
+            res.writeHead(200, {
+                'Content-Type': 'text/plain'
+            });
+            res.end('Authorized');
+        }
+    });
 };
+
+
+