mediamtx/mediamtx.yml

###############################################
# General parameters

# Sets the verbosity of the program; available values are "error", "warn", "info", "debug".
logLevel: info
# Destinations of log messages; available values are "stdout", "file" and "syslog".
logDestinations: [stdout]
# If "file" is in logDestinations, this is the file which will receive the logs.
logFile: mediamtx.log

# Timeout of read operations.
readTimeout: 10s
# Timeout of write operations.
writeTimeout: 10s
# Number of read buffers.
# A higher value allows a wider throughput, a lower value allows to save RAM.
readBufferCount: 512
# Maximum size of payload of outgoing UDP packets.
# This can be decreased to avoid fragmentation on networks with a low UDP MTU.
udpMaxPayloadSize: 1472

# HTTP URL to perform external authentication.
# Every time a user wants to authenticate, the server calls this URL
# with the POST method and a body containing:
# {
#   "ip": "ip",
#   "user": "user",
#   "password": "password",
#   "path": "path",
#   "protocol": "rtsp|rtmp|hls|webrtc",
#   "id": "id",
#   "action": "read|publish",
#   "query": "query"
# }
# If the response code is 20x, authentication is accepted, otherwise
# it is discarded.
externalAuthenticationURL:

# Enable the HTTP API.
api: no
# Address of the API listener.
apiAddress: 127.0.0.1:9997

# Enable Prometheus-compatible metrics.
metrics: no
# Address of the metrics listener.
metricsAddress: 127.0.0.1:9998

# Enable pprof-compatible endpoint to monitor performances.
pprof: no
# Address of the pprof listener.
pprofAddress: 127.0.0.1:9999

# Command to run when a client connects to the server.
# Prepend ./ to run an executable in the current folder (example: "./ffmpeg")
# This is terminated with SIGINT when a client disconnects from the server.
# The following environment variables are available:
# * RTSP_PORT: RTSP server port
runOnConnect:
# Restart the command if it exits.
runOnConnectRestart: no

###############################################
# RTSP parameters

# Disable support for the RTSP protocol.
rtspDisable: no
# List of enabled RTSP transport protocols.
# UDP is the most performant, but doesn't work when there's a NAT/firewall between
# server and clients, and doesn't support encryption.
# UDP-multicast allows to save bandwidth when clients are all in the same LAN.
# TCP is the most versatile, and does support encryption.
# The handshake is always performed with TCP.
protocols: [udp, multicast, tcp]
# Encrypt handshakes and TCP streams with TLS (RTSPS).
# Available values are "no", "strict", "optional".
encryption: "no"
# Address of the TCP/RTSP listener. This is needed only when encryption is "no" or "optional".
rtspAddress: :8554
# Address of the TCP/TLS/RTSPS listener. This is needed only when encryption is "strict" or "optional".
rtspsAddress: :8322
# Address of the UDP/RTP listener. This is needed only when "udp" is in protocols.
rtpAddress: :8000
# Address of the UDP/RTCP listener. This is needed only when "udp" is in protocols.
rtcpAddress: :8001
# IP range of all UDP-multicast listeners. This is needed only when "multicast" is in protocols.
multicastIPRange: 224.1.0.0/16
# Port of all UDP-multicast/RTP listeners. This is needed only when "multicast" is in protocols.
multicastRTPPort: 8002
# Port of all UDP-multicast/RTCP listeners. This is needed only when "multicast" is in protocols.
multicastRTCPPort: 8003
# Path to the server key. This is needed only when encryption is "strict" or "optional".
# This can be generated with:
# openssl genrsa -out server.key 2048
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
serverKey: server.key
# Path to the server certificate. This is needed only when encryption is "strict" or "optional".
serverCert: server.crt
# Authentication methods. Available are "basic" and "digest".
# "digest" doesn't provide any additional security and is available for compatibility reasons only.
authMethods: [basic]

###############################################
# RTMP parameters

# Disable support for the RTMP protocol.
rtmpDisable: no
# Address of the RTMP listener. This is needed only when encryption is "no" or "optional".
rtmpAddress: :1935
# Encrypt connections with TLS (RTMPS).
# Available values are "no", "strict", "optional".
rtmpEncryption: "no"
# Address of the RTMPS listener. This is needed only when encryption is "strict" or "optional".
rtmpsAddress: :1936
# Path to the server key. This is needed only when encryption is "strict" or "optional".
# This can be generated with:
# openssl genrsa -out server.key 2048
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
rtmpServerKey: server.key
# Path to the server certificate. This is needed only when encryption is "strict" or "optional".
rtmpServerCert: server.crt

###############################################
# HLS parameters

# Disable support for the HLS protocol.
hlsDisable: no
# Address of the HLS listener.
hlsAddress: :8888
# Enable TLS/HTTPS on the HLS server.
# This is required for Low-Latency HLS.
hlsEncryption: no
# Path to the server key. This is needed only when encryption is yes.
# This can be generated with:
# openssl genrsa -out server.key 2048
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
hlsServerKey: server.key
# Path to the server certificate.
hlsServerCert: server.crt
# By default, HLS is generated only when requested by a user.
# This option allows to generate it always, avoiding the delay between request and generation.
hlsAlwaysRemux: no
# Variant of the HLS protocol to use. Available options are:
# * mpegts - uses MPEG-TS segments, for maximum compatibility.
# * fmp4 - uses fragmented MP4 segments, more efficient.
# * lowLatency - uses Low-Latency HLS.
hlsVariant: lowLatency
# Number of HLS segments to keep on the server.
# Segments allow to seek through the stream.
# Their number doesn't influence latency.
hlsSegmentCount: 7
# Minimum duration of each segment.
# A player usually puts 3 segments in a buffer before reproducing the stream.
# The final segment duration is also influenced by the interval between IDR frames,
# since the server changes the duration in order to include at least one IDR frame
# in each segment.
hlsSegmentDuration: 1s
# Minimum duration of each part.
# A player usually puts 3 parts in a buffer before reproducing the stream.
# Parts are used in Low-Latency HLS in place of segments.
# Part duration is influenced by the distance between video/audio samples
# and is adjusted in order to produce segments with a similar duration.
hlsPartDuration: 200ms
# Maximum size of each segment.
# This prevents RAM exhaustion.
hlsSegmentMaxSize: 50M
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
# This allows to play the HLS stream from an external website.
hlsAllowOrigin: '*'
# List of IPs or CIDRs of proxies placed before the HLS server.
# If the server receives a request from one of these entries, IP in logs
# will be taken from the X-Forwarded-For header.
hlsTrustedProxies: []
# Directory in which to save segments, instead of keeping them in the RAM.
# This decreases performance, since reading from disk is less performant than
# reading from RAM, but allows to save RAM.
hlsDirectory: ''

###############################################
# WebRTC parameters

# Disable support for the WebRTC protocol.
webrtcDisable: no
# Address of the WebRTC listener.
webrtcAddress: :8889
# Enable TLS/HTTPS on the WebRTC server.
webrtcEncryption: no
# Path to the server key.
# This can be generated with:
# openssl genrsa -out server.key 2048
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
webrtcServerKey: server.key
# Path to the server certificate.
webrtcServerCert: server.crt
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
# This allows to play the WebRTC stream from an external website.
webrtcAllowOrigin: '*'
# List of IPs or CIDRs of proxies placed before the WebRTC server.
# If the server receives a request from one of these entries, IP in logs
# will be taken from the X-Forwarded-For header.
webrtcTrustedProxies: []
# List of ICE servers.
webrtcICEServers2:
  # URL can point to a STUN, TURN or TURNS server.
  # STUN servers are used to obtain the public IP of server and clients. They are
  # needed when server and clients are on different LANs.
  # TURN/TURNS servers are needed when a direct connection between server and
  # clients is not possible. All traffic is routed through them.
- url: stun:stun.l.google.com:19302
  # if user is "AUTH_SECRET", then authentication is secret based.
  # the secret must be inserted into the password field.
  username: ''
  password: ''
# List of public IP addresses that are to be used as a host.
# This is used typically for servers that are behind 1:1 D-NAT.
webrtcICEHostNAT1To1IPs: []
# Address of a ICE UDP listener in format host:port.
# If filled, ICE traffic will pass through a single UDP port,
# allowing the deployment of the server inside a container or behind a NAT.
webrtcICEUDPMuxAddress:
# Address of a ICE TCP listener in format host:port.
# If filled, ICE traffic will pass through a single TCP port,
# allowing the deployment of the server inside a container or behind a NAT.
# Setting this parameter forces usage of the TCP protocol, which is not
# optimal for WebRTC.
webrtcICETCPMuxAddress:

###############################################
# Path parameters

# These settings are path-dependent, and the map key is the name of the path.
# It's possible to use regular expressions by using a tilde as prefix,
# for example "~^(test1|test2)$" will match both "test1" and "test2",
# for example "~^prefix" will match all paths that start with "prefix".
# Settings under the path "all" are applied to all paths that do not match
# another entry.
paths:
  all:
    # Source of the stream. This can be:
    # * publisher -> the stream is published by a RTSP or RTMP client
    # * rtsp://existing-url -> the stream is pulled from another RTSP server / camera
    # * rtsps://existing-url -> the stream is pulled from another RTSP server / camera with RTSPS
    # * rtmp://existing-url -> the stream is pulled from another RTMP server / camera
    # * rtmps://existing-url -> the stream is pulled from another RTMP server / camera with RTMPS
    # * http://existing-url/stream.m3u8 -> the stream is pulled from another HLS server
    # * https://existing-url/stream.m3u8 -> the stream is pulled from another HLS server with HTTPS
    # * udp://ip:port -> the stream is pulled from UDP, by listening on the specified IP and port
    # * redirect -> the stream is provided by another path or server
    # * rpiCamera -> the stream is provided by a Raspberry Pi Camera
    source: publisher

    ###############################################
    # General path parameters

    # If the source is a URL, and the source certificate is self-signed
    # or invalid, you can provide the fingerprint of the certificate in order to
    # validate it anyway. It can be obtained by running:
    # openssl s_client -connect source_ip:source_port </dev/null 2>/dev/null | sed -n '/BEGIN/,/END/p' > server.crt
    # openssl x509 -in server.crt -noout -fingerprint -sha256 | cut -d "=" -f2 | tr -d ':'
    sourceFingerprint:
    # If the source is a URL, it will be pulled only when at least
    # one reader is connected, saving bandwidth.
    sourceOnDemand: no
    # If sourceOnDemand is "yes", readers will be put on hold until the source is
    # ready or until this amount of time has passed.
    sourceOnDemandStartTimeout: 10s
    # If sourceOnDemand is "yes", the source will be closed when there are no
    # readers connected and this amount of time has passed.
    sourceOnDemandCloseAfter: 10s

    ###############################################
    # Authentication path parameters

    # Username required to publish.
    # SHA256-hashed values can be inserted with the "sha256:" prefix.
    publishUser:
    # Password required to publish.
    # SHA256-hashed values can be inserted with the "sha256:" prefix.
    publishPass:
    # IPs or networks (x.x.x.x/24) allowed to publish.
    publishIPs: []

    # Username required to read.
    # SHA256-hashed values can be inserted with the "sha256:" prefix.
    readUser:
    # password required to read.
    # SHA256-hashed values can be inserted with the "sha256:" prefix.
    readPass:
    # IPs or networks (x.x.x.x/24) allowed to read.
    readIPs: []

    ###############################################
    # Publisher path parameters (when source is "publisher")

    # do not allow another client to disconnect the current publisher and publish in its place.
    disablePublisherOverride: no
    # if no one is publishing, redirect readers to this path.
    # It can be can be a relative path  (i.e. /otherstream) or an absolute RTSP URL.
    fallback:

    ###############################################
    # RTSP path parameters (when source is a RTSP or a RTSPS URL)

    # protocol used to pull the stream. available values are "automatic", "udp", "multicast", "tcp".
    sourceProtocol: automatic
    # support sources that don't provide server ports or use random server ports. This is a security issue
    # and must be used only when interacting with sources that require it.
    sourceAnyPortEnable: no
    # range header to send to the source, in order to start streaming from the specified offset.
    # available values:
    # * clock: Absolute time
    # * npt: Normal Play Time
    # * smpte: SMPTE timestamps relative to the start of the recording
    rtspRangeType:
    # available values:
    # * clock: UTC ISO 8601 combined date and time string, e.g. 20230812T120000Z
    # * npt: duration such as "300ms", "1.5m" or "2h45m", valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
    # * smpte: duration such as "300ms", "1.5m" or "2h45m", valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
    rtspRangeStart:

    ###############################################
    # Redirect path parameters (when source is "redirect")

    # RTSP URL which clients will be redirected to.
    sourceRedirect:

    ###############################################
    # Raspberry Pi Camera path parameters (when source is "rpiCamera")

    # ID of the camera
    rpiCameraCamID: 0
    # width of frames
    rpiCameraWidth: 1920
    # height of frames
    rpiCameraHeight: 1080
    # flip horizontally
    rpiCameraHFlip: false
    # flip vertically
    rpiCameraVFlip: false
    # brightness [-1, 1]
    rpiCameraBrightness: 0
    # contrast [0, 16]
    rpiCameraContrast: 1
    # saturation [0, 16]
    rpiCameraSaturation: 1
    # sharpness [0, 16]
    rpiCameraSharpness: 1
    # exposure mode.
    # values: normal, short, long, custom
    rpiCameraExposure: normal
    # auto-white-balance mode.
    # values: auto, incandescent, tungsten, fluorescent, indoor, daylight, cloudy, custom
    rpiCameraAWB: auto
    # denoise operating mode.
    # values: off, cdn_off, cdn_fast, cdn_hq
    rpiCameraDenoise: "off"
    # fixed shutter speed, in microseconds.
    rpiCameraShutter: 0
    # metering mode of the AEC/AGC algorithm.
    # values: centre, spot, matrix, custom
    rpiCameraMetering: centre
    # fixed gain
    rpiCameraGain: 0
    # EV compensation of the image [-10, 10]
    rpiCameraEV: 0
    # Region of interest, in format x,y,width,height
    rpiCameraROI:
    # whether to enable HDR on Raspberry Camera 3.
    rpiCameraHDR: false
    # tuning file
    rpiCameraTuningFile:
    # sensor mode, in format [width]:[height]:[bit-depth]:[packing]
    # bit-depth and packing are optional.
    rpiCameraMode:
    # frames per second
    rpiCameraFPS: 30
    # period between IDR frames
    rpiCameraIDRPeriod: 60
    # bitrate
    rpiCameraBitrate: 1000000
    # H264 profile
    rpiCameraProfile: main
    # H264 level
    rpiCameraLevel: '4.1'
    # Autofocus mode
    # values: auto, manual, continuous
    rpiCameraAfMode: auto
    # Autofocus range
    # values: normal, macro, full
    rpiCameraAfRange: normal
    # Autofocus speed
    # values: normal, fast
    rpiCameraAfSpeed: normal
    # Lens position (for manual autofocus only), will be set to focus to a specific distance
    # calculated by the following formula: d = 1 / value
    # Examples: 0 moves the lens to infinity.
    #           0.5 moves the lens to focus on objects 2m away.
    #           2 moves the lens to focus on objects 50cm away.
    rpiCameraLensPosition: 0.0
    # Specifies the autofocus window, in the form x,y,width,height where the coordinates
    # are given as a proportion of the entire image.
    rpiCameraAfWindow:
    # enables printing text on each frame.
    rpiCameraTextOverlayEnable: false
    # text that is printed on each frame.
    # format is the one of the strftime() function.
    rpiCameraTextOverlay: '%Y-%m-%d %H:%M:%S - MediaMTX'

    ###############################################
    # external commands path parameters

    # Command to run when this path is initialized.
    # This can be used to publish a stream and keep it always opened.
    # Prepend ./ to run an executable in the current folder (example: "./ffmpeg")
    # This is terminated with SIGINT when the program closes.
    # The following environment variables are available:
    # * MTX_PATH: path name
    # * RTSP_PORT: RTSP server port
    # * G1, G2, ...: regular expression groups, if path name is
    #   a regular expression.
    runOnInit:
    # Restart the command if it exits.
    runOnInitRestart: no

    # Command to run when this path is requested.
    # This can be used to publish a stream on demand.
    # Prepend ./ to run an executable in the current folder (example: "./ffmpeg")
    # This is terminated with SIGINT when the path is not requested anymore.
    # The following environment variables are available:
    # * MTX_PATH: path name
    # * RTSP_PORT: RTSP server port
    # * G1, G2, ...: regular expression groups, if path name is
    #   a regular expression.
    runOnDemand:
    # Restart the command if it exits.
    runOnDemandRestart: no
    # Readers will be put on hold until the runOnDemand command starts publishing
    # or until this amount of time has passed.
    runOnDemandStartTimeout: 10s
    # The command will be closed when there are no
    # readers connected and this amount of time has passed.
    runOnDemandCloseAfter: 10s

    # Command to run when the stream is ready to be read, whether it is
    # published by a client or pulled from a server / camera.
    # Prepend ./ to run an executable in the current folder (example: "./ffmpeg")
    # This is terminated with SIGINT when the stream is not ready anymore.
    # The following environment variables are available:
    # * MTX_PATH: path name
    # * RTSP_PORT: RTSP server port
    # * G1, G2, ...: regular expression groups, if path name is
    #   a regular expression.
    runOnReady:
    # Restart the command if it exits.
    runOnReadyRestart: no

    # Command to run when a clients starts reading.
    # Prepend ./ to run an executable in the current folder (example: "./ffmpeg")
    # This is terminated with SIGINT when a client stops reading.
    # The following environment variables are available:
    # * MTX_PATH: path name
    # * RTSP_PORT: RTSP server port
    # * G1, G2, ...: regular expression groups, if path name is
    #   a regular expression.
    runOnRead:
    # Restart the command if it exits.
    runOnReadRestart: no