|
|
|
|
@ -0,0 +1,727 @@
|
|
|
|
|
#
|
|
|
|
|
# How to update cert:
|
|
|
|
|
#
|
|
|
|
|
# kubectl apply -f k8s-stream.yaml
|
|
|
|
|
# kubectl wait --for=condition=ready=true --timeout=300s -n default certificate stream-cert
|
|
|
|
|
# decrypt_k8s_secret -n default stream-cert | jq -r '.["tls.crt"]' | tee server.crt
|
|
|
|
|
# decrypt_k8s_secret -n default stream-cert | jq -r '.["tls.key"]' | tee server.key
|
|
|
|
|
# kdel -f k8s-stream.yaml
|
|
|
|
|
# gpg_auth scp stream.yml server.crt server.key 172.16.16.251:~/ ; gpg_auth ssh 172.16.16.251 doas install -o root -g root -m 0644 stream.yml server.crt /etc/mediamtx/ ; gpg_auth ssh 172.16.16.251 doas install -o root -g root -m 0600 server.key /etc/mediamtx/
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings
|
|
|
|
|
|
|
|
|
|
# Settings in this section are applied anywhere.
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> General
|
|
|
|
|
|
|
|
|
|
# Verbosity of the program; available values are "error", "warn", "info", "debug".
|
|
|
|
|
logLevel: info
|
|
|
|
|
# Destinations of log messages; available values are "stdout", "file" and "syslog".
|
|
|
|
|
logDestinations: [stdout]
|
|
|
|
|
# If "file" is in logDestinations, this is the file which will receive the logs.
|
|
|
|
|
logFile: mediamtx.log
|
|
|
|
|
|
|
|
|
|
# Timeout of read operations.
|
|
|
|
|
readTimeout: 10s
|
|
|
|
|
# Timeout of write operations.
|
|
|
|
|
writeTimeout: 10s
|
|
|
|
|
# Size of the queue of outgoing packets.
|
|
|
|
|
# A higher value allows to increase throughput, a lower value allows to save RAM.
|
|
|
|
|
writeQueueSize: 512
|
|
|
|
|
# Maximum size of outgoing UDP packets.
|
|
|
|
|
# This can be decreased to avoid fragmentation on networks with a low UDP MTU.
|
|
|
|
|
udpMaxPayloadSize: 1472
|
|
|
|
|
|
|
|
|
|
# Command to run when a client connects to the server.
|
|
|
|
|
# This is terminated with SIGINT when a client disconnects from the server.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * MTX_CONN_TYPE: connection type
|
|
|
|
|
# * MTX_CONN_ID: connection ID
|
|
|
|
|
runOnConnect:
|
|
|
|
|
# Restart the command if it exits.
|
|
|
|
|
runOnConnectRestart: no
|
|
|
|
|
# Command to run when a client disconnects from the server.
|
|
|
|
|
# Environment variables are the same of runOnConnect.
|
|
|
|
|
runOnDisconnect:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> Authentication
|
|
|
|
|
|
|
|
|
|
# Authentication method. Available values are:
|
|
|
|
|
# * internal: users are stored in the configuration file
|
|
|
|
|
# * http: an external HTTP URL is contacted to perform authentication
|
|
|
|
|
# * jwt: an external identity server provides authentication through JWTs
|
|
|
|
|
authMethod: internal
|
|
|
|
|
|
|
|
|
|
# Internal authentication.
|
|
|
|
|
# list of users.
|
|
|
|
|
authInternalUsers:
|
|
|
|
|
# Default unprivileged user.
|
|
|
|
|
# Username. 'any' means any user, including anonymous ones.
|
|
|
|
|
- user: any
|
|
|
|
|
# Password. Not used in case of 'any' user.
|
|
|
|
|
pass:
|
|
|
|
|
# IPs or networks allowed to use this user. An empty list means any IP.
|
|
|
|
|
ips: []
|
|
|
|
|
# List of permissions.
|
|
|
|
|
permissions:
|
|
|
|
|
[]
|
|
|
|
|
# # Available actions are: publish, read, playback, api, metrics, pprof.
|
|
|
|
|
# - action: publish
|
|
|
|
|
# # Paths can be set to further restrict access to a specific path.
|
|
|
|
|
# # An empty path means any path.
|
|
|
|
|
# # Regular expressions can be used by using a tilde as prefix.
|
|
|
|
|
# path:
|
|
|
|
|
# - action: read
|
|
|
|
|
# path:
|
|
|
|
|
# - action: playback
|
|
|
|
|
# path:
|
|
|
|
|
- user: heyheyyouyou
|
|
|
|
|
# Password. Not used in case of 'any' user.
|
|
|
|
|
pass: idontlikeyourgirlfriend
|
|
|
|
|
# IPs or networks allowed to use this user. An empty list means any IP.
|
|
|
|
|
ips: []
|
|
|
|
|
# List of permissions.
|
|
|
|
|
permissions:
|
|
|
|
|
# Available actions are: publish, read, playback, api, metrics, pprof.
|
|
|
|
|
- action: publish
|
|
|
|
|
# Paths can be set to further restrict access to a specific path.
|
|
|
|
|
# An empty path means any path.
|
|
|
|
|
# Regular expressions can be used by using a tilde as prefix.
|
|
|
|
|
path:
|
|
|
|
|
- action: read
|
|
|
|
|
path:
|
|
|
|
|
- action: playback
|
|
|
|
|
path:
|
|
|
|
|
|
|
|
|
|
# Default administrator.
|
|
|
|
|
# This allows to use API, metrics and PPROF without authentication,
|
|
|
|
|
# if the IP is localhost.
|
|
|
|
|
- user: any
|
|
|
|
|
pass:
|
|
|
|
|
ips: ["127.0.0.1", "::1"]
|
|
|
|
|
permissions:
|
|
|
|
|
- action: api
|
|
|
|
|
- action: metrics
|
|
|
|
|
- action: pprof
|
|
|
|
|
|
|
|
|
|
# HTTP-based authentication.
|
|
|
|
|
# URL called to perform authentication. Every time a user wants
|
|
|
|
|
# to authenticate, the server calls this URL with the POST method
|
|
|
|
|
# and a body containing:
|
|
|
|
|
# {
|
|
|
|
|
# "user": "user",
|
|
|
|
|
# "password": "password",
|
|
|
|
|
# "ip": "ip",
|
|
|
|
|
# "action": "publish|read|playback|api|metrics|pprof",
|
|
|
|
|
# "path": "path",
|
|
|
|
|
# "protocol": "rtsp|rtmp|hls|webrtc|srt",
|
|
|
|
|
# "id": "id",
|
|
|
|
|
# "query": "query"
|
|
|
|
|
# }
|
|
|
|
|
# If the response code is 20x, authentication is accepted, otherwise
|
|
|
|
|
# it is discarded.
|
|
|
|
|
authHTTPAddress:
|
|
|
|
|
# Actions to exclude from HTTP-based authentication.
|
|
|
|
|
# Format is the same as the one of user permissions.
|
|
|
|
|
authHTTPExclude:
|
|
|
|
|
- action: api
|
|
|
|
|
- action: metrics
|
|
|
|
|
- action: pprof
|
|
|
|
|
|
|
|
|
|
# JWT-based authentication.
|
|
|
|
|
# Users have to login through an external identity server and obtain a JWT.
|
|
|
|
|
# This JWT must contain the claim "mediamtx_permissions" with permissions,
|
|
|
|
|
# for instance:
|
|
|
|
|
# {
|
|
|
|
|
# ...
|
|
|
|
|
# "mediamtx_permissions": [
|
|
|
|
|
# {
|
|
|
|
|
# "action": "publish",
|
|
|
|
|
# "path": "somepath"
|
|
|
|
|
# }
|
|
|
|
|
# ]
|
|
|
|
|
# }
|
|
|
|
|
# Users are expected to pass the JWT in the Authorization header or as a query parameter.
|
|
|
|
|
# This is the JWKS URL that will be used to pull (once) the public key that allows
|
|
|
|
|
# to validate JWTs.
|
|
|
|
|
authJWTJWKS:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> Control API
|
|
|
|
|
|
|
|
|
|
# Enable controlling the server through the Control API.
|
|
|
|
|
api: no
|
|
|
|
|
# Address of the Control API listener.
|
|
|
|
|
apiAddress: :9997
|
|
|
|
|
# Enable TLS/HTTPS on the Control API server.
|
|
|
|
|
apiEncryption: no
|
|
|
|
|
# Path to the server key. This is needed only when encryption is yes.
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
apiServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate.
|
|
|
|
|
apiServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
|
|
|
|
|
apiAllowOrigin: "*"
|
|
|
|
|
# List of IPs or CIDRs of proxies placed before the HTTP server.
|
|
|
|
|
# If the server receives a request from one of these entries, IP in logs
|
|
|
|
|
# will be taken from the X-Forwarded-For header.
|
|
|
|
|
apiTrustedProxies: []
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> Metrics
|
|
|
|
|
|
|
|
|
|
# Enable Prometheus-compatible metrics.
|
|
|
|
|
metrics: no
|
|
|
|
|
# Address of the metrics HTTP listener.
|
|
|
|
|
metricsAddress: :9998
|
|
|
|
|
# Enable TLS/HTTPS on the Metrics server.
|
|
|
|
|
metricsEncryption: no
|
|
|
|
|
# Path to the server key. This is needed only when encryption is yes.
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
metricsServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate.
|
|
|
|
|
metricsServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
|
|
|
|
|
metricsAllowOrigin: "*"
|
|
|
|
|
# List of IPs or CIDRs of proxies placed before the HTTP server.
|
|
|
|
|
# If the server receives a request from one of these entries, IP in logs
|
|
|
|
|
# will be taken from the X-Forwarded-For header.
|
|
|
|
|
metricsTrustedProxies: []
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> PPROF
|
|
|
|
|
|
|
|
|
|
# Enable pprof-compatible endpoint to monitor performances.
|
|
|
|
|
pprof: no
|
|
|
|
|
# Address of the pprof listener.
|
|
|
|
|
pprofAddress: :9999
|
|
|
|
|
# Enable TLS/HTTPS on the pprof server.
|
|
|
|
|
pprofEncryption: no
|
|
|
|
|
# Path to the server key. This is needed only when encryption is yes.
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
pprofServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate.
|
|
|
|
|
pprofServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
|
|
|
|
|
pprofAllowOrigin: "*"
|
|
|
|
|
# List of IPs or CIDRs of proxies placed before the HTTP server.
|
|
|
|
|
# If the server receives a request from one of these entries, IP in logs
|
|
|
|
|
# will be taken from the X-Forwarded-For header.
|
|
|
|
|
pprofTrustedProxies: []
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> Playback server
|
|
|
|
|
|
|
|
|
|
# Enable downloading recordings from the playback server.
|
|
|
|
|
playback: no
|
|
|
|
|
# Address of the playback server listener.
|
|
|
|
|
playbackAddress: :9996
|
|
|
|
|
# Enable TLS/HTTPS on the playback server.
|
|
|
|
|
playbackEncryption: no
|
|
|
|
|
# Path to the server key. This is needed only when encryption is yes.
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
playbackServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate.
|
|
|
|
|
playbackServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
|
|
|
|
|
playbackAllowOrigin: "*"
|
|
|
|
|
# List of IPs or CIDRs of proxies placed before the HTTP server.
|
|
|
|
|
# If the server receives a request from one of these entries, IP in logs
|
|
|
|
|
# will be taken from the X-Forwarded-For header.
|
|
|
|
|
playbackTrustedProxies: []
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> RTSP server
|
|
|
|
|
|
|
|
|
|
# Enable publishing and reading streams with the RTSP protocol.
|
|
|
|
|
rtsp: yes
|
|
|
|
|
# List of enabled RTSP transport protocols.
|
|
|
|
|
# UDP is the most performant, but doesn't work when there's a NAT/firewall between
|
|
|
|
|
# server and clients, and doesn't support encryption.
|
|
|
|
|
# UDP-multicast allows to save bandwidth when clients are all in the same LAN.
|
|
|
|
|
# TCP is the most versatile, and does support encryption.
|
|
|
|
|
# The handshake is always performed with TCP.
|
|
|
|
|
protocols: [udp, multicast, tcp]
|
|
|
|
|
# Encrypt handshakes and TCP streams with TLS (RTSPS).
|
|
|
|
|
# Available values are "no", "strict", "optional".
|
|
|
|
|
encryption: "no"
|
|
|
|
|
# Address of the TCP/RTSP listener. This is needed only when encryption is "no" or "optional".
|
|
|
|
|
rtspAddress: :8554
|
|
|
|
|
# Address of the TCP/TLS/RTSPS listener. This is needed only when encryption is "strict" or "optional".
|
|
|
|
|
rtspsAddress: :8322
|
|
|
|
|
# Address of the UDP/RTP listener. This is needed only when "udp" is in protocols.
|
|
|
|
|
rtpAddress: :8000
|
|
|
|
|
# Address of the UDP/RTCP listener. This is needed only when "udp" is in protocols.
|
|
|
|
|
rtcpAddress: :8001
|
|
|
|
|
# IP range of all UDP-multicast listeners. This is needed only when "multicast" is in protocols.
|
|
|
|
|
multicastIPRange: 224.1.0.0/16
|
|
|
|
|
# Port of all UDP-multicast/RTP listeners. This is needed only when "multicast" is in protocols.
|
|
|
|
|
multicastRTPPort: 8002
|
|
|
|
|
# Port of all UDP-multicast/RTCP listeners. This is needed only when "multicast" is in protocols.
|
|
|
|
|
multicastRTCPPort: 8003
|
|
|
|
|
# Path to the server key. This is needed only when encryption is "strict" or "optional".
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
serverKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate. This is needed only when encryption is "strict" or "optional".
|
|
|
|
|
serverCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Authentication methods. Available are "basic" and "digest".
|
|
|
|
|
# "digest" doesn't provide any additional security and is available for compatibility only.
|
|
|
|
|
rtspAuthMethods: [basic]
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> RTMP server
|
|
|
|
|
|
|
|
|
|
# Enable publishing and reading streams with the RTMP protocol.
|
|
|
|
|
rtmp: yes
|
|
|
|
|
# Address of the RTMP listener. This is needed only when encryption is "no" or "optional".
|
|
|
|
|
rtmpAddress: :1935
|
|
|
|
|
# Encrypt connections with TLS (RTMPS).
|
|
|
|
|
# Available values are "no", "strict", "optional".
|
|
|
|
|
rtmpEncryption: "no"
|
|
|
|
|
# Address of the RTMPS listener. This is needed only when encryption is "strict" or "optional".
|
|
|
|
|
rtmpsAddress: :1936
|
|
|
|
|
# Path to the server key. This is needed only when encryption is "strict" or "optional".
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
rtmpServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate. This is needed only when encryption is "strict" or "optional".
|
|
|
|
|
rtmpServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> HLS server
|
|
|
|
|
|
|
|
|
|
# Enable reading streams with the HLS protocol.
|
|
|
|
|
hls: yes
|
|
|
|
|
# Address of the HLS listener.
|
|
|
|
|
hlsAddress: :8888
|
|
|
|
|
# Enable TLS/HTTPS on the HLS server.
|
|
|
|
|
# This is required for Low-Latency HLS.
|
|
|
|
|
hlsEncryption: yes
|
|
|
|
|
# Path to the server key. This is needed only when encryption is yes.
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
hlsServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate.
|
|
|
|
|
hlsServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
|
|
|
|
|
# This allows to play the HLS stream from an external website.
|
|
|
|
|
hlsAllowOrigin: "*"
|
|
|
|
|
# List of IPs or CIDRs of proxies placed before the HLS server.
|
|
|
|
|
# If the server receives a request from one of these entries, IP in logs
|
|
|
|
|
# will be taken from the X-Forwarded-For header.
|
|
|
|
|
hlsTrustedProxies: []
|
|
|
|
|
# By default, HLS is generated only when requested by a user.
|
|
|
|
|
# This option allows to generate it always, avoiding the delay between request and generation.
|
|
|
|
|
hlsAlwaysRemux: no
|
|
|
|
|
# Variant of the HLS protocol to use. Available options are:
|
|
|
|
|
# * mpegts - uses MPEG-TS segments, for maximum compatibility.
|
|
|
|
|
# * fmp4 - uses fragmented MP4 segments, more efficient.
|
|
|
|
|
# * lowLatency - uses Low-Latency HLS.
|
|
|
|
|
hlsVariant: lowLatency
|
|
|
|
|
# Number of HLS segments to keep on the server.
|
|
|
|
|
# Segments allow to seek through the stream.
|
|
|
|
|
# Their number doesn't influence latency.
|
|
|
|
|
hlsSegmentCount: 7
|
|
|
|
|
# Minimum duration of each segment.
|
|
|
|
|
# A player usually puts 3 segments in a buffer before reproducing the stream.
|
|
|
|
|
# The final segment duration is also influenced by the interval between IDR frames,
|
|
|
|
|
# since the server changes the duration in order to include at least one IDR frame
|
|
|
|
|
# in each segment.
|
|
|
|
|
hlsSegmentDuration: 1s
|
|
|
|
|
# Minimum duration of each part.
|
|
|
|
|
# A player usually puts 3 parts in a buffer before reproducing the stream.
|
|
|
|
|
# Parts are used in Low-Latency HLS in place of segments.
|
|
|
|
|
# Part duration is influenced by the distance between video/audio samples
|
|
|
|
|
# and is adjusted in order to produce segments with a similar duration.
|
|
|
|
|
hlsPartDuration: 200ms
|
|
|
|
|
# Maximum size of each segment.
|
|
|
|
|
# This prevents RAM exhaustion.
|
|
|
|
|
hlsSegmentMaxSize: 50M
|
|
|
|
|
# Directory in which to save segments, instead of keeping them in the RAM.
|
|
|
|
|
# This decreases performance, since reading from disk is less performant than
|
|
|
|
|
# reading from RAM, but allows to save RAM.
|
|
|
|
|
hlsDirectory: ""
|
|
|
|
|
# The muxer will be closed when there are no
|
|
|
|
|
# reader requests and this amount of time has passed.
|
|
|
|
|
hlsMuxerCloseAfter: 60s
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> WebRTC server
|
|
|
|
|
|
|
|
|
|
# Enable publishing and reading streams with the WebRTC protocol.
|
|
|
|
|
webrtc: yes
|
|
|
|
|
# Address of the WebRTC HTTP listener.
|
|
|
|
|
webrtcAddress: :8889
|
|
|
|
|
# Enable TLS/HTTPS on the WebRTC server.
|
|
|
|
|
webrtcEncryption: yes
|
|
|
|
|
# Path to the server key.
|
|
|
|
|
# This can be generated with:
|
|
|
|
|
# openssl genrsa -out server.key 2048
|
|
|
|
|
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
|
|
|
|
webrtcServerKey: /etc/mediamtx/server.key
|
|
|
|
|
# Path to the server certificate.
|
|
|
|
|
webrtcServerCert: /etc/mediamtx/server.crt
|
|
|
|
|
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
|
|
|
|
|
# This allows to play the WebRTC stream from an external website.
|
|
|
|
|
webrtcAllowOrigin: "*"
|
|
|
|
|
# List of IPs or CIDRs of proxies placed before the WebRTC server.
|
|
|
|
|
# If the server receives a request from one of these entries, IP in logs
|
|
|
|
|
# will be taken from the X-Forwarded-For header.
|
|
|
|
|
webrtcTrustedProxies: []
|
|
|
|
|
# Address of a local UDP listener that will receive connections.
|
|
|
|
|
# Use a blank string to disable.
|
|
|
|
|
webrtcLocalUDPAddress: :8189
|
|
|
|
|
# Address of a local TCP listener that will receive connections.
|
|
|
|
|
# This is disabled by default since TCP is less efficient than UDP and
|
|
|
|
|
# introduces a progressive delay when network is congested.
|
|
|
|
|
webrtcLocalTCPAddress: ""
|
|
|
|
|
# WebRTC clients need to know the IP of the server.
|
|
|
|
|
# Gather IPs from interfaces and send them to clients.
|
|
|
|
|
webrtcIPsFromInterfaces: no
|
|
|
|
|
# List of interfaces whose IPs will be sent to clients.
|
|
|
|
|
# An empty value means to use all available interfaces.
|
|
|
|
|
webrtcIPsFromInterfacesList: []
|
|
|
|
|
# List of additional hosts or IPs to send to clients.
|
|
|
|
|
webrtcAdditionalHosts: [68.197.252.15, stream.fizz.buzz]
|
|
|
|
|
# webrtcAdditionalHosts: []
|
|
|
|
|
# ICE servers. Needed only when local listeners can't be reached by clients.
|
|
|
|
|
# STUN servers allows to obtain and share the public IP of the server.
|
|
|
|
|
# TURN/TURNS servers forces all traffic through them.
|
|
|
|
|
webrtcICEServers2:
|
|
|
|
|
[]
|
|
|
|
|
# - url: stun:stun.cloudflare.com:3478
|
|
|
|
|
# - url: stun:stun.l.google.com:19302
|
|
|
|
|
# if user is "AUTH_SECRET", then authentication is secret based.
|
|
|
|
|
# the secret must be inserted into the password field.
|
|
|
|
|
# username: ''
|
|
|
|
|
# password: ''
|
|
|
|
|
# clientOnly: false
|
|
|
|
|
# Time to wait for the WebRTC handshake to complete.
|
|
|
|
|
webrtcHandshakeTimeout: 10s
|
|
|
|
|
# Maximum time to gather video tracks.
|
|
|
|
|
webrtcTrackGatherTimeout: 2s
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Global settings -> SRT server
|
|
|
|
|
|
|
|
|
|
# Enable publishing and reading streams with the SRT protocol.
|
|
|
|
|
srt: yes
|
|
|
|
|
# Address of the SRT listener.
|
|
|
|
|
srtAddress: :8890
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings
|
|
|
|
|
|
|
|
|
|
# Settings in "pathDefaults" are applied anywhere,
|
|
|
|
|
# unless they are overridden in "paths".
|
|
|
|
|
pathDefaults:
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> General
|
|
|
|
|
|
|
|
|
|
# Source of the stream. This can be:
|
|
|
|
|
# * publisher -> the stream is provided by a RTSP, RTMP, WebRTC or SRT client
|
|
|
|
|
# * rtsp://existing-url -> the stream is pulled from another RTSP server / camera
|
|
|
|
|
# * rtsps://existing-url -> the stream is pulled from another RTSP server / camera with RTSPS
|
|
|
|
|
# * rtmp://existing-url -> the stream is pulled from another RTMP server / camera
|
|
|
|
|
# * rtmps://existing-url -> the stream is pulled from another RTMP server / camera with RTMPS
|
|
|
|
|
# * http://existing-url/stream.m3u8 -> the stream is pulled from another HLS server / camera
|
|
|
|
|
# * https://existing-url/stream.m3u8 -> the stream is pulled from another HLS server / camera with HTTPS
|
|
|
|
|
# * udp://ip:port -> the stream is pulled with UDP, by listening on the specified IP and port
|
|
|
|
|
# * srt://existing-url -> the stream is pulled from another SRT server / camera
|
|
|
|
|
# * whep://existing-url -> the stream is pulled from another WebRTC server / camera
|
|
|
|
|
# * wheps://existing-url -> the stream is pulled from another WebRTC server / camera with HTTPS
|
|
|
|
|
# * redirect -> the stream is provided by another path or server
|
|
|
|
|
# * rpiCamera -> the stream is provided by a Raspberry Pi Camera
|
|
|
|
|
# If path name is a regular expression, $G1, G2, etc will be replaced
|
|
|
|
|
# with regular expression groups.
|
|
|
|
|
source: publisher
|
|
|
|
|
# If the source is a URL, and the source certificate is self-signed
|
|
|
|
|
# or invalid, you can provide the fingerprint of the certificate in order to
|
|
|
|
|
# validate it anyway. It can be obtained by running:
|
|
|
|
|
# openssl s_client -connect source_ip:source_port </dev/null 2>/dev/null | sed -n '/BEGIN/,/END/p' > server.crt
|
|
|
|
|
# openssl x509 -in server.crt -noout -fingerprint -sha256 | cut -d "=" -f2 | tr -d ':'
|
|
|
|
|
sourceFingerprint:
|
|
|
|
|
# If the source is a URL, it will be pulled only when at least
|
|
|
|
|
# one reader is connected, saving bandwidth.
|
|
|
|
|
sourceOnDemand: no
|
|
|
|
|
# If sourceOnDemand is "yes", readers will be put on hold until the source is
|
|
|
|
|
# ready or until this amount of time has passed.
|
|
|
|
|
sourceOnDemandStartTimeout: 10s
|
|
|
|
|
# If sourceOnDemand is "yes", the source will be closed when there are no
|
|
|
|
|
# readers connected and this amount of time has passed.
|
|
|
|
|
sourceOnDemandCloseAfter: 10s
|
|
|
|
|
# Maximum number of readers. Zero means no limit.
|
|
|
|
|
maxReaders: 0
|
|
|
|
|
# SRT encryption passphrase require to read from this path
|
|
|
|
|
srtReadPassphrase:
|
|
|
|
|
# If the stream is not available, redirect readers to this path.
|
|
|
|
|
# It can be can be a relative path (i.e. /otherstream) or an absolute RTSP URL.
|
|
|
|
|
fallback:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> Record
|
|
|
|
|
|
|
|
|
|
# Record streams to disk.
|
|
|
|
|
record: no
|
|
|
|
|
# Path of recording segments.
|
|
|
|
|
# Extension is added automatically.
|
|
|
|
|
# Available variables are %path (path name), %Y %m %d %H %M %S %f %s (time in strftime format)
|
|
|
|
|
recordPath: ./recordings/%path/%Y-%m-%d_%H-%M-%S-%f
|
|
|
|
|
# Format of recorded segments.
|
|
|
|
|
# Available formats are "fmp4" (fragmented MP4) and "mpegts" (MPEG-TS).
|
|
|
|
|
recordFormat: fmp4
|
|
|
|
|
# fMP4 segments are concatenation of small MP4 files (parts), each with this duration.
|
|
|
|
|
# MPEG-TS segments are concatenation of 188-bytes packets, flushed to disk with this period.
|
|
|
|
|
# When a system failure occurs, the last part gets lost.
|
|
|
|
|
# Therefore, the part duration is equal to the RPO (recovery point objective).
|
|
|
|
|
recordPartDuration: 1s
|
|
|
|
|
# Minimum duration of each segment.
|
|
|
|
|
recordSegmentDuration: 1h
|
|
|
|
|
# Delete segments after this timespan.
|
|
|
|
|
# Set to 0s to disable automatic deletion.
|
|
|
|
|
recordDeleteAfter: 24h
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> Publisher source (when source is "publisher")
|
|
|
|
|
|
|
|
|
|
# Allow another client to disconnect the current publisher and publish in its place.
|
|
|
|
|
overridePublisher: yes
|
|
|
|
|
# SRT encryption passphrase required to publish to this path
|
|
|
|
|
srtPublishPassphrase:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> RTSP source (when source is a RTSP or a RTSPS URL)
|
|
|
|
|
|
|
|
|
|
# Transport protocol used to pull the stream. available values are "automatic", "udp", "multicast", "tcp".
|
|
|
|
|
rtspTransport: automatic
|
|
|
|
|
# Support sources that don't provide server ports or use random server ports. This is a security issue
|
|
|
|
|
# and must be used only when interacting with sources that require it.
|
|
|
|
|
rtspAnyPort: no
|
|
|
|
|
# Range header to send to the source, in order to start streaming from the specified offset.
|
|
|
|
|
# available values:
|
|
|
|
|
# * clock: Absolute time
|
|
|
|
|
# * npt: Normal Play Time
|
|
|
|
|
# * smpte: SMPTE timestamps relative to the start of the recording
|
|
|
|
|
rtspRangeType:
|
|
|
|
|
# Available values:
|
|
|
|
|
# * clock: UTC ISO 8601 combined date and time string, e.g. 20230812T120000Z
|
|
|
|
|
# * npt: duration such as "300ms", "1.5m" or "2h45m", valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
|
|
|
|
|
# * smpte: duration such as "300ms", "1.5m" or "2h45m", valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
|
|
|
|
|
rtspRangeStart:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> Redirect source (when source is "redirect")
|
|
|
|
|
|
|
|
|
|
# RTSP URL which clients will be redirected to.
|
|
|
|
|
sourceRedirect:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> Raspberry Pi Camera source (when source is "rpiCamera")
|
|
|
|
|
|
|
|
|
|
# ID of the camera
|
|
|
|
|
rpiCameraCamID: 0
|
|
|
|
|
# width of frames
|
|
|
|
|
rpiCameraWidth: 1920
|
|
|
|
|
# height of frames
|
|
|
|
|
rpiCameraHeight: 1080
|
|
|
|
|
# flip horizontally
|
|
|
|
|
rpiCameraHFlip: false
|
|
|
|
|
# flip vertically
|
|
|
|
|
rpiCameraVFlip: false
|
|
|
|
|
# brightness [-1, 1]
|
|
|
|
|
rpiCameraBrightness: 0
|
|
|
|
|
# contrast [0, 16]
|
|
|
|
|
rpiCameraContrast: 1
|
|
|
|
|
# saturation [0, 16]
|
|
|
|
|
rpiCameraSaturation: 1
|
|
|
|
|
# sharpness [0, 16]
|
|
|
|
|
rpiCameraSharpness: 1
|
|
|
|
|
# exposure mode.
|
|
|
|
|
# values: normal, short, long, custom
|
|
|
|
|
rpiCameraExposure: normal
|
|
|
|
|
# auto-white-balance mode.
|
|
|
|
|
# values: auto, incandescent, tungsten, fluorescent, indoor, daylight, cloudy, custom
|
|
|
|
|
rpiCameraAWB: auto
|
|
|
|
|
# auto-white-balance fixed gains. This can be used in place of rpiCameraAWB.
|
|
|
|
|
# format: [red,blue]
|
|
|
|
|
rpiCameraAWBGains: [0, 0]
|
|
|
|
|
# denoise operating mode.
|
|
|
|
|
# values: off, cdn_off, cdn_fast, cdn_hq
|
|
|
|
|
rpiCameraDenoise: "off"
|
|
|
|
|
# fixed shutter speed, in microseconds.
|
|
|
|
|
rpiCameraShutter: 0
|
|
|
|
|
# metering mode of the AEC/AGC algorithm.
|
|
|
|
|
# values: centre, spot, matrix, custom
|
|
|
|
|
rpiCameraMetering: centre
|
|
|
|
|
# fixed gain
|
|
|
|
|
rpiCameraGain: 0
|
|
|
|
|
# EV compensation of the image [-10, 10]
|
|
|
|
|
rpiCameraEV: 0
|
|
|
|
|
# Region of interest, in format x,y,width,height
|
|
|
|
|
rpiCameraROI:
|
|
|
|
|
# whether to enable HDR on Raspberry Camera 3.
|
|
|
|
|
rpiCameraHDR: false
|
|
|
|
|
# tuning file
|
|
|
|
|
rpiCameraTuningFile:
|
|
|
|
|
# sensor mode, in format [width]:[height]:[bit-depth]:[packing]
|
|
|
|
|
# bit-depth and packing are optional.
|
|
|
|
|
rpiCameraMode:
|
|
|
|
|
# frames per second
|
|
|
|
|
rpiCameraFPS: 30
|
|
|
|
|
# period between IDR frames
|
|
|
|
|
rpiCameraIDRPeriod: 60
|
|
|
|
|
# bitrate
|
|
|
|
|
rpiCameraBitrate: 1000000
|
|
|
|
|
# H264 profile
|
|
|
|
|
rpiCameraProfile: main
|
|
|
|
|
# H264 level
|
|
|
|
|
rpiCameraLevel: "4.1"
|
|
|
|
|
# Autofocus mode
|
|
|
|
|
# values: auto, manual, continuous
|
|
|
|
|
rpiCameraAfMode: continuous
|
|
|
|
|
# Autofocus range
|
|
|
|
|
# values: normal, macro, full
|
|
|
|
|
rpiCameraAfRange: normal
|
|
|
|
|
# Autofocus speed
|
|
|
|
|
# values: normal, fast
|
|
|
|
|
rpiCameraAfSpeed: normal
|
|
|
|
|
# Lens position (for manual autofocus only), will be set to focus to a specific distance
|
|
|
|
|
# calculated by the following formula: d = 1 / value
|
|
|
|
|
# Examples: 0 moves the lens to infinity.
|
|
|
|
|
# 0.5 moves the lens to focus on objects 2m away.
|
|
|
|
|
# 2 moves the lens to focus on objects 50cm away.
|
|
|
|
|
rpiCameraLensPosition: 0.0
|
|
|
|
|
# Specifies the autofocus window, in the form x,y,width,height where the coordinates
|
|
|
|
|
# are given as a proportion of the entire image.
|
|
|
|
|
rpiCameraAfWindow:
|
|
|
|
|
# enables printing text on each frame.
|
|
|
|
|
rpiCameraTextOverlayEnable: false
|
|
|
|
|
# text that is printed on each frame.
|
|
|
|
|
# format is the one of the strftime() function.
|
|
|
|
|
rpiCameraTextOverlay: "%Y-%m-%d %H:%M:%S - MediaMTX"
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Default path settings -> Hooks
|
|
|
|
|
|
|
|
|
|
# Command to run when this path is initialized.
|
|
|
|
|
# This can be used to publish a stream when the server is launched.
|
|
|
|
|
# This is terminated with SIGINT when the program closes.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * MTX_PATH: path name
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * G1, G2, ...: regular expression groups, if path name is
|
|
|
|
|
# a regular expression.
|
|
|
|
|
runOnInit:
|
|
|
|
|
# Restart the command if it exits.
|
|
|
|
|
runOnInitRestart: no
|
|
|
|
|
|
|
|
|
|
# Command to run when this path is requested by a reader
|
|
|
|
|
# and no one is publishing to this path yet.
|
|
|
|
|
# This can be used to publish a stream on demand.
|
|
|
|
|
# This is terminated with SIGINT when there are no readers anymore.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * MTX_PATH: path name
|
|
|
|
|
# * MTX_QUERY: query parameters (passed by first reader)
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * G1, G2, ...: regular expression groups, if path name is
|
|
|
|
|
# a regular expression.
|
|
|
|
|
runOnDemand:
|
|
|
|
|
# Restart the command if it exits.
|
|
|
|
|
runOnDemandRestart: no
|
|
|
|
|
# Readers will be put on hold until the runOnDemand command starts publishing
|
|
|
|
|
# or until this amount of time has passed.
|
|
|
|
|
runOnDemandStartTimeout: 10s
|
|
|
|
|
# The command will be closed when there are no
|
|
|
|
|
# readers connected and this amount of time has passed.
|
|
|
|
|
runOnDemandCloseAfter: 10s
|
|
|
|
|
# Command to run when there are no readers anymore.
|
|
|
|
|
# Environment variables are the same of runOnDemand.
|
|
|
|
|
runOnUnDemand:
|
|
|
|
|
|
|
|
|
|
# Command to run when the stream is ready to be read, whenever it is
|
|
|
|
|
# published by a client or pulled from a server / camera.
|
|
|
|
|
# This is terminated with SIGINT when the stream is not ready anymore.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * MTX_PATH: path name
|
|
|
|
|
# * MTX_QUERY: query parameters (passed by publisher)
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * G1, G2, ...: regular expression groups, if path name is
|
|
|
|
|
# a regular expression.
|
|
|
|
|
# * MTX_SOURCE_TYPE: source type
|
|
|
|
|
# * MTX_SOURCE_ID: source ID
|
|
|
|
|
runOnReady:
|
|
|
|
|
# Restart the command if it exits.
|
|
|
|
|
runOnReadyRestart: no
|
|
|
|
|
# Command to run when the stream is not available anymore.
|
|
|
|
|
# Environment variables are the same of runOnReady.
|
|
|
|
|
runOnNotReady:
|
|
|
|
|
|
|
|
|
|
# Command to run when a client starts reading.
|
|
|
|
|
# This is terminated with SIGINT when a client stops reading.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * MTX_PATH: path name
|
|
|
|
|
# * MTX_QUERY: query parameters (passed by reader)
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * G1, G2, ...: regular expression groups, if path name is
|
|
|
|
|
# a regular expression.
|
|
|
|
|
# * MTX_READER_TYPE: reader type
|
|
|
|
|
# * MTX_READER_ID: reader ID
|
|
|
|
|
runOnRead:
|
|
|
|
|
# Restart the command if it exits.
|
|
|
|
|
runOnReadRestart: no
|
|
|
|
|
# Command to run when a client stops reading.
|
|
|
|
|
# Environment variables are the same of runOnRead.
|
|
|
|
|
runOnUnread:
|
|
|
|
|
|
|
|
|
|
# Command to run when a recording segment is created.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * MTX_PATH: path name
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * G1, G2, ...: regular expression groups, if path name is
|
|
|
|
|
# a regular expression.
|
|
|
|
|
# * MTX_SEGMENT_PATH: segment file path
|
|
|
|
|
runOnRecordSegmentCreate:
|
|
|
|
|
|
|
|
|
|
# Command to run when a recording segment is complete.
|
|
|
|
|
# The following environment variables are available:
|
|
|
|
|
# * MTX_PATH: path name
|
|
|
|
|
# * RTSP_PORT: RTSP server port
|
|
|
|
|
# * G1, G2, ...: regular expression groups, if path name is
|
|
|
|
|
# a regular expression.
|
|
|
|
|
# * MTX_SEGMENT_PATH: segment file path
|
|
|
|
|
# * MTX_SEGMENT_DURATION: segment duration
|
|
|
|
|
runOnRecordSegmentComplete:
|
|
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
# Path settings
|
|
|
|
|
|
|
|
|
|
# Settings in "paths" are applied to specific paths, and the map key
|
|
|
|
|
# is the name of the path.
|
|
|
|
|
# Any setting in "pathDefaults" can be overridden here.
|
|
|
|
|
# It's possible to use regular expressions by using a tilde as prefix,
|
|
|
|
|
# for example "~^(test1|test2)$" will match both "test1" and "test2",
|
|
|
|
|
# for example "~^prefix" will match all paths that start with "prefix".
|
|
|
|
|
paths:
|
|
|
|
|
# example:
|
|
|
|
|
# my_camera:
|
|
|
|
|
# source: rtsp://my_camera
|
|
|
|
|
|
|
|
|
|
# Settings under path "all_others" are applied to all paths that
|
|
|
|
|
# do not match another entry.
|
|
|
|
|
all_others:
|
Tom Alexander
