diff --git a/doc/docker-compose.yml b/doc/docker-compose.yml
index f996bc2..96605ae 100644
--- a/doc/docker-compose.yml
+++ b/doc/docker-compose.yml
@@ -38,7 +38,7 @@ services:
       - ./ovenmediaengine/conf/Server-docker.xml:/opt/ovenmediaengine/bin/origin_conf/Server.xml:ro
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.ovenmediaengine.rule=Host(`stream.example.com`) && PathPrefix(`/app/`)"
+      - "traefik.http.routers.ovenmediaengine.rule=Host(`stream.example.com`) && PathPrefix(`/play/`)"
       - "traefik.http.routers.ovenmediaengine.priority=101"
       - "traefik.http.routers.ovenmediaengine.entrypoints=websecure"
       - "traefik.http.routers.ovenmediaengine.tls.certresolver=mytlschallenge"
@@ -54,7 +54,7 @@ services:
       - ./nginx/nginx-docker.conf:/etc/nginx/nginx.conf:ro
     labels:
       - "traefik.enable=true"
-      - "traefik.tcp.routers.rtmp.rule=Host(`stream.example.com`)"
+      - "traefik.tcp.routers.rtmp.rule=HostSNI(`stream.example.com`)"
       - "traefik.tcp.routers.rtmp.entrypoints=rtmpsecure"
       - "traefik.tcp.routers.rtmp.tls.certresolver=mytlschallenge"
       - "traefik.tcp.services.rtmp.loadbalancer.server.port=1925"
diff --git a/doc/nginx/modules-available/60-ghostream.conf b/doc/nginx/modules-available/60-ghostream.conf
index ae34515..f8a7cba 100644
--- a/doc/nginx/modules-available/60-ghostream.conf
+++ b/doc/nginx/modules-available/60-ghostream.conf
@@ -18,19 +18,36 @@ stream {
     }
 }
 
-# Authenticate then stream RTMP
-# This RTMP server will be used when clients play directly RTMPS.
-# It also push RTMP stream to OvenMediaEngine to generate WebRTC stream.
 rtmp {
     server {
         listen 127.0.0.1:1925;
-
         chunk_size 4096;
-        application app {
+
+        # Application to authenticate incoming stream
+        application stream {
+            # Publish only
+            allow publish all;
+            deny play all;
+
             live on;
             record off;
-            push rtmp://127.0.0.1:1915;
+
+            # if publish succeed, it will redirect to /play/
             on_publish http://127.0.0.1:8080/rtmp/auth;
         }
+
+        # Application to play stream
+        application play {
+            # Playback only
+            allow publish 127.0.0.1;
+            deny publish all;
+            allow play all;
+
+            live on;
+            record off;
+
+            # Send to OvenMediaEngine
+            push rtmp://127.0.0.1:1915;
+        }
     }
 }
diff --git a/doc/nginx/nginx-docker.conf b/doc/nginx/nginx-docker.conf
index 23a5ac1..05a37cb 100644
--- a/doc/nginx/nginx-docker.conf
+++ b/doc/nginx/nginx-docker.conf
@@ -10,19 +10,36 @@ events {
 	worker_connections 768;
 }
 
-# Authenticate then stream RTMP
-# This RTMP server will be used when clients play directly RTMPS.
-# It also push RTMP stream to OvenMediaEngine to generate WebRTC stream.
 rtmp {
     server {
         listen 0.0.0.0:1925;
-
         chunk_size 4096;
-        application app {
+
+        # Application to authenticate incoming stream
+        application stream {
+            # Publish only
+            allow publish all;
+            deny play all;
+
             live on;
             record off;
-            push rtmp://ovenmediaengine:1915;
+
+            # if publish succeed, it will redirect to /play/
             on_publish http://ghostream:8080/rtmp/auth;
         }
+
+        # Application to play stream
+        application play {
+            # Playback only
+            allow publish 127.0.0.1;
+            deny publish all;
+            allow play all;
+
+            live on;
+            record off;
+
+            # Send to OvenMediaEngine
+            push rtmp://ovenmediaengine:1915;
+        }
     }
 }
diff --git a/doc/nginx/sites-available/ghostream b/doc/nginx/sites-available/ghostream
index a06d3b3..f097441 100644
--- a/doc/nginx/sites-available/ghostream
+++ b/doc/nginx/sites-available/ghostream
@@ -56,7 +56,7 @@ server {
     }
 
     # Pass WebSocket to OvenMediaEngine for WebRTC signalling
-    location /app/ {
+    location /play/ {
         proxy_pass http://127.0.0.1:3333;
         proxy_redirect off;
         proxy_http_version 1.1;
diff --git a/ghostream/__init__.py b/ghostream/__init__.py
index 0fc774a..092a653 100644
--- a/ghostream/__init__.py
+++ b/ghostream/__init__.py
@@ -39,8 +39,8 @@ def auth():
         connect.bind_s(bind_dn, password)
         connect.unbind_s()
         app.logger.info("%s logged in successfully", name)
-        # Remove "?pass=xxx" from RTMP URL
-        return redirect(f"rtmp://127.0.0.1:1925/app/{name}", code=302)
+        # Remove "?pass=xxx" from RTMP URL and redirect to new name
+        return redirect(f"rtmp://127.0.0.1:1925/play/{name}", code=302)
     except Exception:
         app.logger.warning("%s failed to log in", name)
         return 'Incorrect credentials', 401
diff --git a/ghostream/templates/index.html b/ghostream/templates/index.html
index c7fb8ab..c2084e6 100644
--- a/ghostream/templates/index.html
+++ b/ghostream/templates/index.html
@@ -23,7 +23,7 @@
   <ul>
     <li>
       <b>Serveur :</b>
-      <code>rtmps://{{ config.SITE_HOSTNAME }}:1935/app</code>,
+      <code>rtmps://{{ config.SITE_HOSTNAME }}:1935/stream</code>,
     </li>
     <li>
       <b>Clé de stream :</b>
@@ -51,7 +51,7 @@
     <code>
       ffmpeg -re -i mavideo.webm -vcodec libx264 -vprofile baseline
       -acodec aac -strict -2 -f flv
-      rtmps://{{ config.SITE_HOSTNAME }}:1935/app/IDENTIFIANT?pass=MOT_DE_PASSE
+      rtmps://{{ config.SITE_HOSTNAME }}:1935/stream/IDENTIFIANT?pass=MOT_DE_PASSE
     </code>
   </p>
 
diff --git a/ghostream/templates/viewer.html b/ghostream/templates/viewer.html
index bf1f928..34e9ae0 100644
--- a/ghostream/templates/viewer.html
+++ b/ghostream/templates/viewer.html
@@ -14,7 +14,7 @@
         <path fill-rule="evenodd" d="M1.5 13A1.5 1.5 0 0 0 3 14.5h8a1.5 1.5 0 0 0 1.5-1.5V9a.5.5 0 0 0-1 0v4a.5.5 0 0 1-.5.5H3a.5.5 0 0 1-.5-.5V5a.5.5 0 0 1 .5-.5h4a.5.5 0 0 0 0-1H3A1.5 1.5 0 0 0 1.5 5v8zm7-11a.5.5 0 0 1 .5-.5h5a.5.5 0 0 1 .5.5v5a.5.5 0 0 1-1 0V2.5H9a.5.5 0 0 1-.5-.5z"/>
         <path fill-rule="evenodd" d="M14.354 1.646a.5.5 0 0 1 0 .708l-8 8a.5.5 0 0 1-.708-.708l8-8a.5.5 0 0 1 .708 0z"/>
       </svg>
-      <code>rtmps://{{ config.SITE_HOSTNAME }}:1935/app/{{ path }}</code>
+      <code>rtmps://{{ config.SITE_HOSTNAME }}:1935/play/{{ path }}</code>
       <a href="#" id="chatToggle" title="Cacher/Afficher le chat">»</a>
     </p>
   </div>
@@ -47,7 +47,7 @@ player = OvenPlayer.create("player", {
   expandFullScreenUI: true,
   sources: [
     {
-      "file": "wss://{{ config.SITE_HOSTNAME }}/app/{{ path }}",
+      "file": "wss://{{ config.SITE_HOSTNAME }}/play/{{ path }}",
       "type": "webrtc",
       "label": "WebRTC Source"
     }