Location

You have to provide the location of the config file by setting the environment variable CORE_CONFIGFILE to path to the config file. Example:

export CORE_CONFIGFILE=./config/config.json

The config file is written in JSON format.

A minimal valid config file must contain at least the config version:

{
    "version": 3
}

Configuration

Configuration values can be changed by either editing the config file directly, or via the JSON API (API for short) or via environment variables (ENV for short). All environment variables have the prefix CORE_ followed by the JSON names in uppercase. Example:

{
   "version": 3,
   "id": "1",
   "name": "super-core-1337",
   "address": ":8080",
   "log": {
      "level": "warn"
   }
}

CORE_ID=1
CORE_NAME=super-core-1337
CORE_ADDRESS=:8080
CORE_LOG_LEVEL=warn

Following, every field of the configuration file will be described in detail:

id (string)

ID of the Core. If not set, a UUIDv4 will be generated. Default: unset

name (string)

Human-readable name of the Core. If not set a custom name will be generated. Default: unset

address (string)

HTTP listening address. Default: :8080

log

Log settings.

db

Database (processes, metadata, ...) endpoint.

host

Configuration to detect or set the host-/domainname.

api

API Security options.

tls

TLS/HTTPS settings (also required for RTMPS).

storage

General configuration, DiskFS, MemFS, and S3.

rtmp

RTMP server for publishing and playing streams.

srt

SRT server for publishing and playing streams.

ffmpeg

General FFmpeg settings.

session

HLS-/MPEG-DASH session management and bandwidth limitations.

metrics

General metrics settings.

route

HTTP/S route configuration (e.g., to inject UI's).

debug

Core / Golang debugging options.

update_check (bool)

All about datarhei Update-Checks and data tracking.

{
   "update_check": true,
   "service": {
      "url": "https://service.datarhei.com"
   }
}

Check for updates and send anonymized data (default: false). Requires service.url.

service.url (string)

URL for the update_check Service API. Default: https://service.datarhei.com

About anonymizied data:

We receive: id, os architecture, uptime, process stats (total: running, failed, killed), viewer count

The data is used exclusively for the further development of the products and error detection. Domains/IP addresses, companies, and persons remain anonymous.

These settings are for configuring the TLS / HTTPS support for datarhei Core.

Configuration

{
   "tls": {
      "address": ":8181",
      "enable": false,
      "auto": false,
      "mail": "cert@datarhei.com",
      "cert_file": "",
      "key_file": "",
   }
}

CORE_TLS_ADDRESS=":8181"
CORE_TLS_ENABLE=false
CORE_TLS_AUTO=false
CORE_TLS_MAIL=cert@datarhei.com
CORE_TLS_CERT_FILE=
CORE_TLS_KEY_FILE=

address (string)

If TLS is enabled, the HTTPS server will listen on this address. The default address is :8181.

enable (bool)

Set this value to true in order to enable TLS / HTTPS support. If enabled you have to either provide your own certificate (see cert_file and key_file) or enable automatic certificate from Let's Encrypt (see auto).

If TLS is enabled, a HTTP server listening on address will be additionally started. This server provides access to everything as the HTTPS server, additionally it will allow ACME http-1 challenges in case Let's Encrypt (auto) certificates are enabled.

By default this is set to false.

auto (bool)

Enable automatic certificate generation from Let's Encrypt. This only works if enable is set to true and at least one public hostname is defined in host.name. All listed hostnames will be included in the certificate. All listed public hostnames is required to point to the host where datarhei Core is running on.

The obtained certificates will be stored in the /cert subdirectory of db.dir to be available after a restart.

Any provided paths in cert_file and key_file will be ignored.

By default this is set to false.

mail (string)

An email address that is required for Let's Encrypt in order to receive a certificate.

By default the email address cert@datarhei.com is used.

cert_file (string)

If you bring your own certificate, provide the path to the certificate file in PEM format.

By default this is not set.

key_file (string)

If you bring your own certificate, provide the path to the key file in PEM format

By default this is not set.

Examples

Let's Encrypt

If you want to use automatic certificates from Let's Encrypt, set tls.enable and tls.auto to true. and host.name has to be set to the domain name this host will be reachable. Otherwise the ACME http-1 challenge will not work.

{
   "address": ":80",
   "host": {
      "name": ["domain.com"],
      "auto": false
   },
   "tls": {
      "address": ":8181",
      "enable": true,
      "auto": true,
      "mail": "cert@domain.com"
   }
}

CORE_ADDRESS=:80
CORE_HOST_NAME=domain.com
CORE_HOST_AUTO=false
CORE_TLS_ADDRESS=:8181
CORE_TLS_ENABLE=true
CORE_TLS_AUTO=true
CORE_TLS_EMAIL=cert@domain.com

Self-Signed certificates

To create a self-signed certificate and key file pair, run this command and provide a reasonable value for the Common Name (CN). The CN is the fully qualified name of the host the instance is running on (e.g., localhost). You can also use an IP address or a wildcard name, e.g., *.example.com.

RSA SSL certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem -subj '/CN=localhost'

ECDSA SSL certificate

openssl ecparam -name secp521r1 -genkey -out key.pem
openssl req -new -x509 -key key.pem -out cert.pem -days 365 -subj '/CN=localhost'

Call openssl ecparam -list_curves to see all available supported curves listed.

{
   "host": {
      "name": ["domain.com"],
      "auto": false
   },
   "tls": {
      "address": ":8181",
      "enable": true,
      "auto": false,
      "cert_file": "/core/config/example.cert",
      "key_file": "/core/config/example.key"
   }
}

CORE_HOST_NAME=domain.com
CORE_HOST_AUTO=false
CORE_TLS_ADDRESS=:8181
CORE_TLS_ENABLE=true
CORE_TLS_AUTO=false
CORE_TLS_CERT_FILE=/core/config/example.cert
CORE_TLS_KEY_FILE=/core/config/example.key

Settings for the database of operational data, e.g. processes, metadata, persisted session summaries, and so on.

Configuration

{
   "db": {
      "dir": "./config"
   },
}

CORE_DB_DIR="./config"

dir (string)

Directory for holding the operational data. The path is relative to where the binary is executed and the directory must exist.

The default value is ./config

Settings for the host datarhei Core is running on.

Configuration

{
   "host": {
        "name": ["domain.com"],
        "auto": true
   }
}

CORE_HOST_NAME=domain.com
CORE_HOST_AUTO=true

name (array)

A list of public host/domain names or IPs this host is reacheable under. For the ENV use a comma separated list of public host/domain names or IPs.

The default is an empty list.

auto (bool)

Enable detection of public IP addresses in case the list of names is empty.

By default this is set to true.

Logging settings for the datarhei Core.

Configuration

{
   "log": {
      "level": "info",
      "topics": [],
      "max_lines": 1000
   }
}

CORE_LOG_LEVEL=info
CORE_LOG_TOPIC=[]
CORE_LOG_MAXLINES=1000

level (string)

The verbosity of the logging. The datarhei Core is writing the logs to stderr. Possible values are:

• silent No logging at all.

• error Only errors will be logged.

• warn Warnings and errors will be logged.

• info General information, warnings, and errors will be logged.

• debug Debug messages and every thing else will be logged. This is very chatty.

The default logging level is info.

topics (array)

Logging topics allow you to restrict what type of messages will be logged. This is practical if you enable debug logging and want to see only the logs you're interested in. An empty list of topics means that all topics will be logged.

An non-exhaustive list of logging topics:

• cleanup

• config

• core

• diskfs

• http

• httpcache

• https

• let's encrypt

• memfs

• process

• processstore

• rtmp

• rtmp/s

• rtmps

• update

• service

• session

• sessionstore

• srt

By default all topics are logged.

max_lines (integer)

The log is also kept in memory for retrieval via the API. This value defines how many lines shoul dbe kept in memory.

The default is 1000 lines.

These are the settings for securing the API from unwanted access.

Configuration

{
   "api": {
      "read_only": false,
      "access": {
         "http": {
            "allow": [],
            "block": []
         },
         "https": {
            "allow": [],
            "block": []
         }
      },
      "auth": {
         "enable": fals,
         "disable_localhost": false,
         "username": "",
         "password": "",
         "jwt": {
            "secret": ""
         },
         "auth0": {
            "enable": false,
            "tenants": []
         }
      }
   }
}

CORE_API_READ_ONLY=false
CORE_API_ACCESS_HTTP_ALLOW="127.0.0.1/32,::1/128"
CORE_API_ACCESS_HTTP_BLOCK="127.0.0.1/32,::1/128"
CORE_API_ACCESS_HTTPS_ALLOW="127.0.0.1/32,::1/128"
CORE_API_ACCESS_HTTPS_DENY="127.0.0.1/32,::1/128"
CORE_API_AUTH_ENABLE=true
CORE_API_AUTH_DISABLE_LOCALHOST=true
CORE_API_AUTH_USERNAME=
CORE_API_AUTH_PASSWORD=
CORE_API_AUTH_JWT_SECRET=mySecret
CORE_API_AUTH_AUTH0_ENABLE=false
CORE_API_AUTH_AUTH0_TENANTS=

read_only (bool)

Set this value to true in order to allow only ready access to the API. All API endpoints for writing will not be mounted.

By default this value is set to false.

access.http.allow (array)

A list of IPs that are allowed to access the API via HTTP. Each entry has to be an IP range in CIDR notation, e.g. ["127.0.0.1/32","::1/128"]. Provide the list as comma-separated values for the environment variable, e.g. 127.0.0.1/32,::1/128. If the list is empty, then all IPs are allowed. If the list contains any invalid IP range, the server will refuse to start.

By default the list is empty.

access.http.block (array)

A list of IPs that are not allowed to access the API via HTTP. Each entry has to be an IP range in CIDR notation. Provide the list as comma-separated values for the environment variable. If the list is empty, then no IPs will be blocked. If the list contains any invalid IP range, the server will refuse to start.

By default the list is empty.

access.https.allow (array)

A list of IPs that are allowed to access the API via HTTPS. Each entry has to be an IP range in CIDR notation. Provide the list as comma-separated values for the environment variable. If the list is empty, then all IPs are allowed. If the list contains any invalid IP range, the server will refuse to start.

By default the list is empty.

access.https.block (array)

A list of IPs that are not allowed to access the API via HTTPS. Each entry has to be an IP range in CIDR notation. Provide the list as comma-separated values for the environment variable. If the list is empty, then no IPs will be blocked. If the list contains any invalid IP range, the server will refuse to start.

By default the list is empty.

auth.enable (bool)

Set this value to true to enable JWT authentication for the API. If it is enabled, you have to provide a username and password. The username and password will be sent to the /api/login endpoint in order to obtain an access and refresh JWT.

By default this value is set to false.

auth.disable_localhost (bool)

Set this value to true in order to allow unprotected access from localhost.

Be default this value is set to false.

auth.username (string)

The username for JWT authentication. If JWT authentication is enabled, a username must be defined.

By default this value is empty, i.e. no username defined.

auth.password (string)

The password for JWT authentication. If JWT authentication is enabled, a password must be defined.

By default this value is empty, i.e. no password defined.

auth.jwt.secret (string)

A secret for signing the JWT. If you leave this value empty, a random secret will be generated for you.

By default this value is empty.

auth.auth0.enable (bool)

Set this value to true in order to enable API auth0 protection. With this a valid Auth0 access JWT can be used instead of a username/password in order to obtain the access and refresh JWT. Additionally you have to provide a list of tenants and their users to validate the Auth0 access JWT against.

By default this value is set to false.

auth.auth0.tenants (array)

A list of allowed tenants and their users. A tenant is a JSON object:

{
    "domain": "",
    "audience": "",
    "clientid": "",
    "users": [],
}

You can obtain the domain, audience, and clientid from your Auth0 account. You also have to provide a list of allowed users that are member of that tenant.

For providing the list of tenants and their users as an environement variable you have to provide a comma-separated list of base64 encoded tenant JSON objects.

As of version 16.12.0 there's a different syntax available for providing the tenants as environment variable. A list of comma separated URLs of this form:

auth0://[clientid]@[domain]?aud=[audience]&user=...&user=...

By default this list is empty.

Settings for accessing the available storage types. The storages are accessible via HTTP, mounted to different paths.

Configuration

{
   "storage": {
     "mimetypes_file": "./mime.types",
     "cors": {
         "origins": [
            "*"
         ]
     },
     "disk": {...},
     "memory": {...},
     "s3": []
   }
}

CORE_STORAGE_MIMETYPES_FILE="./mime.types"
CORE_STORAGE_CORS_ORIGINS="*"

mimetypes_file (string)

Path to a file with the mime-type definitions. This is a file with the MIME types has one MIME type per line followed by a list of file extensions (including the "."). Files served from the storages will have the matching mime-type associated to it.

Example:

text/plain  .txt
text/html   .htm .html
...

Default: ./mime.types

cors.origins (array)

Define a list of allowed CORS origin for accessing the storages.

By default it contains the only element *, allowing access from anywhere.

Disk

The disk storage is mounted at / via the HTTP server.

In-memory

The memory storage is mounted at /memfs via the HTTP server.

S3

The S3 storage is mounted at the configured path via the HTTP server.

The settings for the built-in SRT server. Check out our for more information.

Configuration

enable (bool)

Set this value to true in order to enable the built-in SRT server.

By default the SRT server is disabled.

address (string)

If the SRT server is enabled, it will listen on this address. The default address is :6000.

passphrase (string)

Define a passphrase in order to enable SRT encryption. If the passphrase is set it is required and applies to all connections.

By default the passphrase is not set (i.e. an empty string).

token (string)

The token is an arbitrary string that needs to be comunicated in the streamid. Only with a valid token it is possible to publish or request streams. If the token is not set, anybody could publish and request streams.

By default the token is not set (i.e. an empty string).

log.enable (bool)

Set this value to true in order to enable logging for the SRT server. This will log events on the SRT protocol level. You have to provide the topics you are interested in, otherwise nothing will be logged.

By default the logging is disabled.

log.topic (array)

Logging topics allow you to define what type of messages will be logged. This is practical if you want to debug a SRT connection. An empty list of topics means that no topics will be logged.

By default no topics are logged (i.e. an empty array).

The settings for the in-memory filesystem. This filesystem is accessible on /memfs via HTTP. This filesystem can only be accessed via HTTP. Writing to and deleting from the filesystem can be restricted by HTTP basic auth.

Configuration

auth.enable (bool)

Set this value to true in order to enable basic auth for PUT, POST, and DELETE operations on /memfs. Read access (GET, HEAD) is not restricted. If enabled, you have to define a username and a password.

By default this value is set to false.

auth.username (string)

Username for Basic-Auth of /memfs. This has to be set if basic auth is enabled.

By default this value is not set, i.e. an empty string.

auth.password (string)

Password for Basic-Auth of /memfs. This has to be set if basic auth is enabled.

By default this value is not set, i.e. an empty string.

max_size_mbytes (unsigned integer)

The maximum amount of data that is allowed to be stored in this filesystem. The value is interpreted as megabytes. A 507 Insufficient Storage will be returned if you hit the limit. Use a value equal to or smaller than 0 to not set any limits. The limit will be the available memory.

By default no limit is set, i.e. a value of 0.

purge (bool)

Whether to automatically remove the oldest files if the filesystem is full.

By default this value is set to false.

The settings for the built-in SRT server. Check out our for more information.

Configuration

enable (bool)

Set this value to true in order to enable the built-in RTMP server.

By default the RTMP server is disabled.

enable_tls (bool)

Set this value to true to enable the RTMPS server that will run in parallel with the RTMP server on a different port. You have to have set to true in order for enabling the RTMPS server because it will use the same certificate as for the HTTPS server.

By default TLS is disabled.

address (string)

If the RTMP server is enabled, it will listen on this address. The default address is :1935.

address_tls (string)

If the RTMPS server is enabled, it will listen on this address. The default address is :1936.

app (string)

Define the app a stream can be published on, e.g. /live to require the path in an RTMP URLs to start with /live.

The default app is /.

token (string)

To prevent anybody from publish or playing streams, define token to be a secret only known to the publishers and subscribers. The token has to be put in the query of the stream URL, e.g. /live/stream?token=abc123.

As of version 16.12.0 the token can be appended to the path instead of a query parameter, e.g. /live/stream/abc123. With this the token corresponds to a stream key.

By default the token is not set (i.e. an empty string).

Settings for the FFmpeg binary.

Configuration

binary (string)

Path to the ffmpeg binary. The system's %PATH will be searched for the ffmpeg binary. You can also provide an absolute or relative path to the binary.

By default this value is set to ffmpeg.

max_processes (integer)

The maximum number of simultaneously running ffmpeg instances. Set this value to 0 in order to not impose any limit.

By default this value is set to 0.

access.*

To control where FFmpeg can read from and where FFmpeg can write from, you can define patterns that matches the input addresses or the output addresses. These patterns are regular expressions that can be provided here. For the respective environment variables the expressions need to be space-separated, e.g. https?:// rtsp:// rtmp://.

It will be rejected if the address is outside the storage.disk.dir directory. Otherwise, the protocol file: will be prepended. If you want to explicitely allow or block access to the filesystem, use file: as pattern in the respective list.

Special cases are the output addresses - (which will be rewritten to pipe:), and /dev/null, which will be allowed even though it's outside of storage.disk.dir.

access.input.allow (array)

List of patterns for allowed inputs.

By default this list is empty, i.e. all inputs are allowed.

access.input.block (array)

List of patterns for disallowed inputs.

By default this list is empty, i.e. no inputs are blocked.

access.output.allow (array)

List of patterns for allowed outputs.

By default this list is empty, i.e. all outputs are allowed.

access.output.block (array)

List of patterns for disallowed outputs.

By default this list is empty, i.e. no outputs are blocked.

log.max_lines (integer)

The number of latest FFmpeg log lines for each process to keep.

By default this value is set to 50 lines.

log.max_history (integer)

The number of historic logs for each process to keep.

By default this value is set to 3.

The settings for the disk filesystem. This filesystem is accessible on / via HTTP. This filesystem can only be accessed for reading via HTTP. Writing to and deleting from the filesystem is possible .

Configuration

dir (string)

Path to a directory on disk. It will be exposed on / for reading.

By default it is set to ./data.

max_size_mbytes (unsigned integer)

The maximum amount of data that is allowed to be stored in this filesystem. The value is interpreted as megabytes. A 507 Insufficient Storage will be returned if you hit the limit. Use a value equal to or smaller than 0 to not impose any limits. Then all the available space on the disk is the limit.

By default no limit is set, i.e. a value of 0.

cache.enable (bool)

Set this value to true in order to enable the cache for the disk. The cache is an LRU cache, i.e. the least recently accessed files in the cache will be removed in case the cache is full and a new file wants to be added.

By default the value is set to true.

cache.max_size_mbytes (unsigned integer)

Limit for the size of the cache in megabytes. A value of 0 doesn't impose any limit. The limit will be the available memory.

By default no limit is set, i.e. a value of 0.

cache.ttl_seconds (integer)

Number of seconds to keep a file in the cache.

By default this value is set to 300 seconds.

cache.max_file_size_mbytes (unsigned integer)

Limit for the size of a file to be allowed to be put in the cache in megabytes.

By default this value is set to 1 megabyte.

cache.types.allow (array)

A list of file extensions to cache, e.g. [".ts", ".mp4"]. Leave the list empty in order to cache all files. Use a space-separated list of extensions for the environment variable, e.g. .ts .mp4.

By default the list is empty.

cache.types.block (array)

A list of file extensions not to cache, e.g. [".m3u8", ".mpd"]. Leave the list empty in order to block no extension. Use a space-separated list of extensions for the environment variable, e.g. .m3u8 .mpd.

By default the manifest files for HLS and DASH are blocked from caching, i.e. [".m3u8", ".mpd"].

The settings for the S3 filesystem. This filesystem is accessible on the configured path via HTTP. This filesystem can only be accessed via HTTP. Writing to and deleting from the filesystem can be restricted by HTTP basic auth.

Any S3 compatible service can be used, e.g. Amazon, Minio, Backblaze, ...

Configuration

name (string)

The name for this storage. The name will be used in placeholders, e.g. {fs:aws}, and for accessing the filesystem via the api, e.g. /api/v3/fs/aws. The name memfs is reserved for the in-memory filesystem.

By default this value is not set, but is required.

mountpoint (string)

The path where the filesystem will be mounted in the HTTP server. It needs to be an absolute path. A mountpoint is required.

By default this value is not set, but is required.

auth.enable (bool)

Set this value to true in order to enable basic auth for PUT, POST, and DELETE operations on the configured mountpoint. Read access (GET, HEAD) is not restricted. If enabled, you have to define a username and a password.

By default this value is set to false.

auth.username (string)

Username for Basic-Auth of the configured mountpoint. This has to be set if basic auth is enabled.

By default this value is not set, i.e. an empty string.

auth.password (string)

Password for Basic-Auth of the configured mountpoint. This has to be set if basic auth is enabled.

By default this value is not set, i.e. an empty string.

endpoint (string)

The endpoint for the S3 storage. For Amazon AWS S3 it would be e.g. s3.amazonaws.com. Ask your S3 storage provider to the necessary credentials.

By default this value is not set, i.e. an empty string.

access_key_id (string)

Your access key ID for the S3 storage. Ask your S3 storage provider to the necessary credentials.

By default this value is not set, i.e. an empty string.

secret_access_key (string)

Your secret access key for the S3 storage. Ask your S3 storage provider to the necessary credentials.

By default this value is not set, i.e. an empty string.

bucket (string)

The name of the bucket you want to use. If the bucket does not exist already it will be created.

By default this value is not set, i.e. an empty string.

region (string)

Identifier for the region the storage is located, e.g. eu, us-west1, ... . If your S3 storage provider doesn't support regions, leave this field empty.

By default this value is not set, i.e. an empty string.

use_ssl (bool)

Whether to use HTTPS or HTTP. It is strongly recommended to enable this setting.

By default this is set to false.

Settings for static HTTP routes.

Configuration

{
   "router": {
      "blocked_prefixes": [
         "/api"
      ],
      "routes": {},
      "ui_path": ""
   }
}

CORE_ROUTER_BLOCKED_PREFIXES="/api"
CORE_ROUTER_ROUTES=
CORE_ROUTER_UI_PATH=

blocked_prefixes (array)

List of path prefixes that are not allowed to be overwritten by a static route. If a static route would overwrite one of the blocked prefixes, an error will be thrown at startup. For the environment variable, provide a comma-separated list of prefixes, e.g. /prefix1,/prefix2.

By default this value is set to ["/api"].

routes (map)

A list of static routes. This maps a path to a different path and results in a HTTP redirect, e.g. {"/foo.txt": "/bar.txt"} will redirect requests from /foo.txt to /bar.txt. Path have to start with a / and they are based on storage.disk.dir on the filesystem.

The special suffix /* of a route allows you to serve whole directories from another root than storage.disk.dir, e.g. {"/ui/*", "/path/to/ui"}. If you use a relative path as target, then it will be added to the current working directory.

By default no routes are defined.

ui_path (string)

A path to a directory holding UI files. This will be mounted as /ui.

By default this value is not set, i.e. an empty string.

The debugging settings can help to find and solve issues with the datarhei Core.

Configuration

{
   "debug": {
      "profiling": false,
      "force_gc": 0,
      "memory_limit_mbytes": 0,
   }
}

CORE_DEBUG_PROFILING=false
CORE_DEBUG_FORCE_GC=0
CORE_DEBUG_MEMORY_LIMIT_MBYTES=0

profiling (bool)

By setting this to true, the endpoint /profiling will be established where you can access different diagnostic solutions as described in https://go.dev/doc/diagnostics.

By default this setting is set to false.

force_gc (integer)

Golang is usually quite greedy when it comes to claim memory to itself. This settings lets you define the number of seconds between forcing the garbage collector to run in order return memory to the OS. If this is not set, the runtime will decide on its own when to run the garbage collector.

Alternatively, you can set the environment variable GOMEMLIMIT to a value in bytes in order to set a soft memory limit. This will influence the garbage colltector when the consumed memory comes close to this limit. If you use the GOMEMLIMIT environment variable you are advised to leave the force_gc option disabled.

The default for this setting is 0 (i.e. disabled).

memory_limit_mbytes (integer)

As of version 16.12.0 use this valuess to impose a soft limit to the memory consumption of the Core application itselft (i.e. with out the memory consumption of the ffmpeg processes). This has the same effect as setting the GOMEMLIMIT environment variable.

The provided value is the number of megabytes the Core application is allowed to consumed.

The default for this setting is 0 (i.e. no limit).

Settings for session capturing. Sessions for HLS, RTMP, SRT, HTTP, and FFmpeg are captured.

Configurations

{
   "sessions": {
      "enable": true,
      "ip_ignorelist": [
         "127.0.0.1/32",
         "::1/128"
      ],
      "session_timeout_sec": 30,
      "persist": false,
      "persist_interval_sec": 300,
      "max_bitrate_mbit": 0,
      "max_sessions": 0
   }
}

CORE_SESSIONS_ENABLE=false
CORE_SESSIONS_IP_IGNORELIST="127.0.0.1/32,::1/128"
CORE_SESSIONS_SESSION_TIMEOUT_SEC=30
CORE_SESSIONS_PERSIST=false
CORE_SESSIONS_PERSIST_INTERVAL_SEC=300
CORE_SESSIONS_MAXBITRATE_MBIT=0
CORE_SESSIONS_MAXSESSIONS=0

enable (bool)

Set this value to true in order to enable session capturing.

By default this value is set to true.

ip_ignorelist (array)

List of IP ranges in CIDR notation to ignore for session capturing. If either end of a connection falls into this list of IPs, the session will not be captured. For the environment variable provide a comma-separated list of IP ranges in CIDR notation.

By default this value is set to ["127.0.0.1/32","::1/128"].

session_timeout_sec (integer)

The timeout in seconds for an idle session. After this timeout the session is considered as closed. Applies only to HTTP and HLS sessions.

By default this value is set to 30 seconds.

persist (bool)

Whether to persist the session history. The session history is stored as sessions.json in db.dir. If the session history is not persisted it will be kept only in memory.

By default the session history is not persisted, i.e. this value is set to false.

persist_interval_sec (integer)

Interval in seconds in which to persist the current session history. This setting has only effect if persisting the session history is enabled.

By default this value is set to 300 seconds.

max_bitrate_mbit (unsigned integer)

The maximum allowed outgoing bitrate in mbit/s. If the limit is reached, any new HLS sessions will be rejected. A value of 0 means no limitation of the outgoing bitrate.

By default this is value is set to 0, i.e. unlimited.

max_sessions (unsigned integer)

The maximum allowed number of simultaneous sessions. If the limit is reached, any new HLS sessions will be rejected. A value of 0 means no limitation of the number of sessions.

By default this value is set to 0, i.e. unlimited.

Settings for collecting metrics of the core and FFmpeg processes.

Configuration

{
   "metrics": {
      "enable": false,
      "enable_prometheus": false,
      "range_sec": 300,
      "interval_sec": 2
   }
}

CORE_METRICS_ENABLE=false
CORE_METRICS_ENABLE_PROMETHEUS=false
CORE_METRICS_RANGE_SECONDS=300
CORE_METRICS_INTERVAL_SECONDS=2

enable (bool)

Enable collecting metrics data of the datarhei Core itself and the FFmpeg processes. The metrics can be queried via the metrics API endpoint.

By default collecting the metrics is disabled.

enable_prometheus (bool)

Enable prometheus endpoint at /metrics. This requires that collecting metrics is enabled.

By default this is disabled.

range_sec (integer)

Define for how many seconds historic metrics data should be kept.

By default this value is set to 300.

interval_sec (integer)

Define in which interval (in seconds) the metrics should be collected.

By default this value is set to 2.