chris/frigate
1
0
Fork 0
forked from Github/frigate
Code Pull Requests Packages Activity

Community Supported Boards Framework (#7114)

Browse Source 
* Make main frigate build non rpi specific and build rpi using base image

* Add boards to sidebar

* Fix docker build

* Fix docs build

* Update pr branch for testing

* remove target from rpi build

* Remove manual build

* Add push build for rpi

* fix typos, improve wording

* Add arm build for rpi

* Cleanup and add default github ref name

* Cleanup docker build file system

* Setup to use docker bake

* Add ci/cd for bake

* Fix path

* Fix devcontainer

* Set targets

* Fix build

* Fix syntax

* Add wheels target

* Move dev container to trt

* Update key and fix rpi local

* Move requirements files and set intermediate targets

* Add back --load

* Update docs for community board development

* Update installation docs to reflect different builds available

* Update docs with official and community supported headers

* Update codeowners docs

* Update docs

* Assemble main and standard builds

* Change order of pushes

* Remove community board after successful build

* Fix rpi bake file names
This commit is contained in:
Nicolas Mowen
2023-07-23 15:45:29 -06:00
committed by GitHub
parent d0413e3ea8
commit dc44a6c3b4
82 changed files with 385 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate-log/consumer-for Normal file
View File

@@ -0,0 +1 @@
frigate

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate-log/dependencies.d/log-prepare Normal file
View File

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate-log/pipeline-name Normal file
View File

@@ -0,0 +1 @@
frigate-pipeline

4
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate-log/run Executable file
View File

@@ -0,0 +1,4 @@
#!/command/with-contenv bash
# shellcheck shell=bash
exec logutil-service /dev/shm/logs/frigate

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate-log/type Normal file
View File

@@ -0,0 +1 @@
longrun

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/dependencies.d/go2rtc Normal file
View File

28
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/finish Executable file
View File

@@ -0,0 +1,28 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Take down the S6 supervision tree when the service exits
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
declare exit_code_container
exit_code_container=$(cat /run/s6-linux-init-container-results/exitcode)
readonly exit_code_container
readonly exit_code_service="${1}"
readonly exit_code_signal="${2}"
readonly service="Frigate"
echo "[INFO] Service ${service} exited with code ${exit_code_service} (by signal ${exit_code_signal})"
if [[ "${exit_code_service}" -eq 256 ]]; then
if [[ "${exit_code_container}" -eq 0 ]]; then
echo $((128 + exit_code_signal)) >/run/s6-linux-init-container-results/exitcode
fi
elif [[ "${exit_code_service}" -ne 0 ]]; then
if [[ "${exit_code_container}" -eq 0 ]]; then
echo "${exit_code_service}" >/run/s6-linux-init-container-results/exitcode
fi
fi
exec /run/s6/basedir/bin/halt

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/producer-for Normal file
View File

@@ -0,0 +1 @@
frigate-log

55
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run Executable file
View File

@@ -0,0 +1,55 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Start the Frigate service
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
# Tell S6-Overlay not to restart this service
s6-svc -O .
function migrate_db_path() {
# Find config file in yaml or yml, but prefer yaml
local config_file="${CONFIG_FILE:-"/config/config.yml"}"
local config_file_yaml="${config_file//.yml/.yaml}"
if [[ -f "${config_file_yaml}" ]]; then
config_file="${config_file_yaml}"
elif [[ ! -f "${config_file}" ]]; then
echo "[ERROR] Frigate config file not found"
return 1
fi
unset config_file_yaml
# Use yq to check if database.path is set
local user_db_path
user_db_path=$(yq eval '.database.path' "${config_file}")
if [[ "${user_db_path}" == "null" ]]; then
local previous_db_path="/media/frigate/frigate.db"
local new_db_dir="/config"
if [[ -f "${previous_db_path}" ]]; then
if mountpoint --quiet "${new_db_dir}"; then
# /config is a mount point, move the db
echo "[INFO] Moving db from '${previous_db_path}' to the '${new_db_dir}' dir..."
# Move all files that starts with frigate.db to the new directory
mv -vf "${previous_db_path}"* "${new_db_dir}"
else
echo "[ERROR] Trying to migrate the db path from '${previous_db_path}' to the '${new_db_dir}' dir, but '${new_db_dir}' is not a mountpoint, please mount the '${new_db_dir}' dir"
return 1
fi
fi
fi
}
echo "[INFO] Preparing Frigate..."
migrate_db_path
export LIBAVFORMAT_VERSION_MAJOR=$(ffmpeg -version | grep -Po 'libavformat\W+\K\d+')
echo "[INFO] Starting Frigate..."
cd /opt/frigate || echo "[ERROR] Failed to change working directory to /opt/frigate"
# Replace the bash process with the Frigate process, redirecting stderr to stdout
exec 2>&1
exec python3 -u -m frigate

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/timeout-kill Normal file
View File

@@ -0,0 +1 @@
120000

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/type Normal file
View File

@@ -0,0 +1 @@
longrun

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/dependencies.d/go2rtc Normal file
View File

12
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/finish Executable file
View File

@@ -0,0 +1,12 @@
#!/command/with-contenv bash
# shellcheck shell=bash
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
readonly exit_code_service="${1}"
readonly exit_code_signal="${2}"
readonly service="go2rtc-healthcheck"
echo "[INFO] The ${service} service exited with code ${exit_code_service} (by signal ${exit_code_signal})"

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/producer-for Normal file
View File

@@ -0,0 +1 @@
go2rtc-log

22
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/run Executable file
View File

@@ -0,0 +1,22 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Start the go2rtc-healthcheck service
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
# Give some additional time for go2rtc to start before start pinging
sleep 10s
echo "[INFO] Starting go2rtc healthcheck service..."
while sleep 30s; do
# Check if the service is running
if ! curl --connect-timeout 10 --fail --silent --show-error --output /dev/null http://127.0.0.1:1984/api/streams 2>&1; then
echo "[ERROR] The go2rtc service is not responding to ping, restarting..."
# We can also use -r instead of -t to send kill signal rather than term
s6-svc -t /var/run/service/go2rtc 2>&1
# Give some additional time to go2rtc to restart before start pinging again
sleep 10s
fi
done

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/timeout-kill Normal file
View File

@@ -0,0 +1 @@
5000

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/type Normal file
View File

@@ -0,0 +1 @@
longrun

2
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-log/consumer-for Normal file
View File

@@ -0,0 +1,2 @@
go2rtc
go2rtc-healthcheck

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-log/dependencies.d/log-prepare Normal file
View File

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-log/pipeline-name Normal file
View File

@@ -0,0 +1 @@
go2rtc-pipeline

4
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-log/run Executable file
View File

@@ -0,0 +1,4 @@
#!/command/with-contenv bash
# shellcheck shell=bash
exec logutil-service /dev/shm/logs/go2rtc

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-log/type Normal file
View File

@@ -0,0 +1 @@
longrun

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/dependencies.d/base Normal file
View File

12
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/finish Executable file
View File

@@ -0,0 +1,12 @@
#!/command/with-contenv bash
# shellcheck shell=bash
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
readonly exit_code_service="${1}"
readonly exit_code_signal="${2}"
readonly service="go2rtc"
echo "[INFO] The ${service} service exited with code ${exit_code_service} (by signal ${exit_code_signal})"

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/producer-for Normal file
View File

@@ -0,0 +1 @@
go2rtc-log

72
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/run Executable file
View File

@@ -0,0 +1,72 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Start the go2rtc service
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
function get_ip_and_port_from_supervisor() {
local ip_address
# Example: 192.168.1.10/24
local ip_regex='^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/[0-9]{1,2}$'
if ip_address=$(
curl -fsSL \
-H "Authorization: Bearer ${SUPERVISOR_TOKEN}" \
-H "Content-Type: application/json" \
http://supervisor/network/interface/default/info |
jq --exit-status --raw-output '.data.ipv4.address[0]'
) && [[ "${ip_address}" =~ ${ip_regex} ]]; then
ip_address="${BASH_REMATCH[1]}"
echo "[INFO] Got IP address from supervisor: ${ip_address}"
else
echo "[WARN] Failed to get IP address from supervisor"
return 0
fi
local webrtc_port
local port_regex='^([0-9]{1,5})$'
if webrtc_port=$(
curl -fsSL \
-H "Authorization: Bearer ${SUPERVISOR_TOKEN}" \
-H "Content-Type: application/json" \
http://supervisor/addons/self/info |
jq --exit-status --raw-output '.data.network["8555/tcp"]'
) && [[ "${webrtc_port}" =~ ${port_regex} ]]; then
webrtc_port="${BASH_REMATCH[1]}"
echo "[INFO] Got WebRTC port from supervisor: ${webrtc_port}"
else
echo "[WARN] Failed to get WebRTC port from supervisor"
return 0
fi
export FRIGATE_GO2RTC_WEBRTC_CANDIDATE_INTERNAL="${ip_address}:${webrtc_port}"
}
export LIBAVFORMAT_VERSION_MAJOR=$(ffmpeg -version | grep -Po 'libavformat\W+\K\d+')
if [[ ! -f "/dev/shm/go2rtc.yaml" ]]; then
echo "[INFO] Preparing go2rtc config..."
if [[ -n "${SUPERVISOR_TOKEN:-}" ]]; then
# Running as a Home Assistant add-on, infer the IP address and port
get_ip_and_port_from_supervisor
fi
python3 /usr/local/go2rtc/create_config.py
fi
readonly config_path="/config"
if [[ -x "${config_path}/go2rtc" ]]; then
readonly binary_path="${config_path}/go2rtc"
echo "[WARN] Using go2rtc binary from '${binary_path}' instead of the embedded one"
else
readonly binary_path="/usr/local/go2rtc/bin/go2rtc"
fi
echo "[INFO] Starting go2rtc..."
# Replace the bash process with the go2rtc process, redirecting stderr to stdout
exec 2>&1
exec "${binary_path}" -config=/dev/shm/go2rtc.yaml

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/timeout-kill Normal file
View File

@@ -0,0 +1 @@
30000

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/type Normal file
View File

@@ -0,0 +1 @@
longrun

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/log-prepare/dependencies.d/base Normal file
View File

11
docker/main/rootfs/etc/s6-overlay/s6-rc.d/log-prepare/run Executable file
View File

@@ -0,0 +1,11 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Prepare the logs folder for s6-log
set -o errexit -o nounset -o pipefail
dirs=(/dev/shm/logs/frigate /dev/shm/logs/go2rtc /dev/shm/logs/nginx)
mkdir -p "${dirs[@]}"
chown nobody:nogroup "${dirs[@]}"
chmod 02755 "${dirs[@]}"

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/log-prepare/type Normal file
View File

@@ -0,0 +1 @@
oneshot

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/log-prepare/up Normal file
View File

@@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/log-prepare/run

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx-log/consumer-for Normal file
View File

@@ -0,0 +1 @@
nginx

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx-log/dependencies.d/log-prepare Normal file
View File

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx-log/pipeline-name Normal file
View File

@@ -0,0 +1 @@
nginx-pipeline

4
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx-log/run Executable file
View File

@@ -0,0 +1,4 @@
#!/command/with-contenv bash
# shellcheck shell=bash
exec logutil-service /dev/shm/logs/nginx

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx-log/type Normal file
View File

@@ -0,0 +1 @@
longrun

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/frigate Normal file
View File

30
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/finish Executable file
View File

@@ -0,0 +1,30 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Take down the S6 supervision tree when the service fails
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
declare exit_code_container
exit_code_container=$(cat /run/s6-linux-init-container-results/exitcode)
readonly exit_code_container
readonly exit_code_service="${1}"
readonly exit_code_signal="${2}"
readonly service="NGINX"
echo "[INFO] Service ${service} exited with code ${exit_code_service} (by signal ${exit_code_signal})"
if [[ "${exit_code_service}" -eq 256 ]]; then
if [[ "${exit_code_container}" -eq 0 ]]; then
echo $((128 + exit_code_signal)) >/run/s6-linux-init-container-results/exitcode
fi
if [[ "${exit_code_signal}" -eq 15 ]]; then
exec /run/s6/basedir/bin/halt
fi
elif [[ "${exit_code_service}" -ne 0 ]]; then
if [[ "${exit_code_container}" -eq 0 ]]; then
echo "${exit_code_service}" >/run/s6-linux-init-container-results/exitcode
fi
exec /run/s6/basedir/bin/halt
fi

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/producer-for Normal file
View File

@@ -0,0 +1 @@
nginx-log

13
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run Executable file
View File

@@ -0,0 +1,13 @@
#!/command/with-contenv bash
# shellcheck shell=bash
# Start the NGINX service
set -o errexit -o nounset -o pipefail
# Logs should be sent to stdout so that s6 can collect them
echo "[INFO] Starting NGINX..."
# Replace the bash process with the NGINX process, redirecting stderr to stdout
exec 2>&1
exec nginx

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/timeout-kill Normal file
View File

@@ -0,0 +1 @@
30000

1
docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/type Normal file
View File

@@ -0,0 +1 @@
longrun

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frigate-pipeline Normal file
View File

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/go2rtc-pipeline Normal file
View File

0
docker/main/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx-pipeline Normal file
View File

120
docker/main/rootfs/usr/local/go2rtc/create_config.py Normal file
View File

@@ -0,0 +1,120 @@
"""Creates a go2rtc config file."""
import json
import os
import sys
import yaml
sys.path.insert(0, "/opt/frigate")
from frigate.const import BIRDSEYE_PIPE # noqa: E402
from frigate.ffmpeg_presets import ( # noqa: E402
parse_preset_hardware_acceleration_encode,
)
sys.path.remove("/opt/frigate")
FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE_")}
config_file = os.environ.get("CONFIG_FILE", "/config/config.yml")
# Check if we can use .yaml instead of .yml
config_file_yaml = config_file.replace(".yml", ".yaml")
if os.path.isfile(config_file_yaml):
config_file = config_file_yaml
with open(config_file) as f:
raw_config = f.read()
if config_file.endswith((".yaml", ".yml")):
config: dict[str, any] = yaml.safe_load(raw_config)
elif config_file.endswith(".json"):
config: dict[str, any] = json.loads(raw_config)
go2rtc_config: dict[str, any] = config.get("go2rtc", {})
# Need to enable CORS for go2rtc so the frigate integration / card work automatically
if go2rtc_config.get("api") is None:
go2rtc_config["api"] = {"origin": "*"}
elif go2rtc_config["api"].get("origin") is None:
go2rtc_config["api"]["origin"] = "*"
# we want to ensure that logs are easy to read
if go2rtc_config.get("log") is None:
go2rtc_config["log"] = {"format": "text"}
elif go2rtc_config["log"].get("format") is None:
go2rtc_config["log"]["format"] = "text"
if not go2rtc_config.get("webrtc", {}).get("candidates", []):
default_candidates = []
# use internal candidate if it was discovered when running through the add-on
internal_candidate = os.environ.get(
"FRIGATE_GO2RTC_WEBRTC_CANDIDATE_INTERNAL", None
)
if internal_candidate is not None:
default_candidates.append(internal_candidate)
# should set default stun server so webrtc can work
default_candidates.append("stun:8555")
go2rtc_config["webrtc"] = {"candidates": default_candidates}
else:
print(
"[INFO] Not injecting WebRTC candidates into go2rtc config as it has been set manually",
)
# sets default RTSP response to be equivalent to ?video=h264,h265&audio=aac
# this means user does not need to specify audio codec when using restream
# as source for frigate and the integration supports HLS playback
if go2rtc_config.get("rtsp") is None:
go2rtc_config["rtsp"] = {"default_query": "mp4"}
else:
if go2rtc_config["rtsp"].get("default_query") is None:
go2rtc_config["rtsp"]["default_query"] = "mp4"
if go2rtc_config["rtsp"].get("username") is not None:
go2rtc_config["rtsp"]["username"] = go2rtc_config["rtsp"]["username"].format(
**FRIGATE_ENV_VARS
)
if go2rtc_config["rtsp"].get("password") is not None:
go2rtc_config["rtsp"]["password"] = go2rtc_config["rtsp"]["password"].format(
**FRIGATE_ENV_VARS
)
# need to replace ffmpeg command when using ffmpeg4
if int(os.environ["LIBAVFORMAT_VERSION_MAJOR"]) < 59:
if go2rtc_config.get("ffmpeg") is None:
go2rtc_config["ffmpeg"] = {
"rtsp": "-fflags nobuffer -flags low_delay -stimeout 5000000 -user_agent go2rtc/ffmpeg -rtsp_transport tcp -i {input}"
}
elif go2rtc_config["ffmpeg"].get("rtsp") is None:
go2rtc_config["ffmpeg"][
"rtsp"
] = "-fflags nobuffer -flags low_delay -stimeout 5000000 -user_agent go2rtc/ffmpeg -rtsp_transport tcp -i {input}"
for name in go2rtc_config.get("streams", {}):
stream = go2rtc_config["streams"][name]
if isinstance(stream, str):
go2rtc_config["streams"][name] = go2rtc_config["streams"][name].format(
**FRIGATE_ENV_VARS
)
elif isinstance(stream, list):
for i, stream in enumerate(stream):
go2rtc_config["streams"][name][i] = stream.format(**FRIGATE_ENV_VARS)
# add birdseye restream stream if enabled
if config.get("birdseye", {}).get("restream", False):
birdseye: dict[str, any] = config.get("birdseye")
input = f"-f rawvideo -pix_fmt yuv420p -video_size {birdseye.get('width', 1280)}x{birdseye.get('height', 720)} -r 10 -i {BIRDSEYE_PIPE}"
ffmpeg_cmd = f"exec:{parse_preset_hardware_acceleration_encode(config.get('ffmpeg', {}).get('hwaccel_args'), input, '-rtsp_transport tcp -f rtsp {output}')}"
if go2rtc_config.get("streams"):
go2rtc_config["streams"]["birdseye"] = ffmpeg_cmd
else:
go2rtc_config["streams"] = {"birdseye": ffmpeg_cmd}
# Write go2rtc_config to /dev/shm/go2rtc.yaml
with open("/dev/shm/go2rtc.yaml", "w") as f:
yaml.dump(go2rtc_config, f)

302
docker/main/rootfs/usr/local/nginx/conf/nginx.conf Normal file
View File

@@ -0,0 +1,302 @@
daemon off;
user root;
worker_processes auto;
error_log /dev/stdout warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
# send headers in one piece, it is better than sending them one by one
tcp_nopush on;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/javascript image/svg+xml image/x-icon image/bmp image/png image/gif image/jpeg image/jpg;
gzip_proxied no-cache no-store private expired auth;
gzip_vary on;
upstream frigate_api {
server 127.0.0.1:5001;
keepalive 1024;
}
upstream mqtt_ws {
server 127.0.0.1:5002;
keepalive 1024;
}
upstream jsmpeg {
server 127.0.0.1:8082;
keepalive 1024;
}
upstream go2rtc {
server 127.0.0.1:1984;
keepalive 1024;
}
server {
listen 5000;
# vod settings
vod_base_url '';
vod_segments_base_url '';
vod_mode mapped;
vod_max_mapping_response_size 1m;
vod_upstream_location /api;
vod_align_segments_to_key_frames on;
vod_manifest_segment_durations_mode accurate;
vod_ignore_edit_list on;
vod_segment_duration 10000;
vod_hls_mpegts_align_frames off;
vod_hls_mpegts_interleave_frames on;
# file handle caching / aio
open_file_cache max=1000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
aio on;
# https://github.com/kaltura/nginx-vod-module#vod_open_file_thread_pool
vod_open_file_thread_pool default;
# vod caches
vod_metadata_cache metadata_cache 512m;
vod_mapping_cache mapping_cache 5m 10m;
# gzip manifests
gzip on;
gzip_types application/vnd.apple.mpegurl;
location /vod/ {
aio threads;
vod hls;
secure_token $args;
secure_token_types application/vnd.apple.mpegurl;
add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range';
add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
add_header Access-Control-Allow-Origin '*';
add_header Cache-Control "no-store";
expires off;
}
location /stream/ {
add_header Cache-Control "no-store";
expires off;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Length';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
types {
application/dash+xml mpd;
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
image/jpeg jpg;
}
root /tmp;
}
location /clips/ {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Length';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
types {
video/mp4 mp4;
image/jpeg jpg;
}
autoindex on;
root /media/frigate;
}
location /cache/ {
internal; # This tells nginx it's not accessible from the outside
alias /tmp/cache/;
}
location /recordings/ {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Length';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
types {
video/mp4 mp4;
}
autoindex on;
autoindex_format json;
root /media/frigate;
}
location /exports/ {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Length';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
types {
video/mp4 mp4;
}
autoindex on;
autoindex_format json;
root /media/frigate;
}
location /ws {
proxy_pass http://mqtt_ws/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /live/jsmpeg/ {
proxy_pass http://jsmpeg/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /live/mse/ {
proxy_pass http://go2rtc/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /live/webrtc/ {
proxy_pass http://go2rtc/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location ~* /api/go2rtc([/]?.*)$ {
proxy_pass http://go2rtc;
rewrite ^/api/go2rtc(.*)$ /api$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location ~* /api/.*\.(jpg|jpeg|png)$ {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
rewrite ^/api/(.*)$ $1 break;
proxy_pass http://frigate_api;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/ {
add_header Cache-Control "no-store";
expires off;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
proxy_pass http://frigate_api/;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
add_header Cache-Control "no-store";
expires off;
location /assets/ {
access_log off;
expires 1y;
add_header Cache-Control "public";
}
sub_filter 'href="/BASE_PATH/' 'href="$http_x_ingress_path/';
sub_filter 'url(/BASE_PATH/' 'url($http_x_ingress_path/';
sub_filter '"/BASE_PATH/dist/' '"$http_x_ingress_path/dist/';
sub_filter '"/BASE_PATH/js/' '"$http_x_ingress_path/js/';
sub_filter '"/BASE_PATH/assets/' '"$http_x_ingress_path/assets/';
sub_filter '"/BASE_PATH/monacoeditorwork/' '"$http_x_ingress_path/assets/';
sub_filter 'return"/BASE_PATH/"' 'return window.baseUrl';
sub_filter '<body>' '<body><script>window.baseUrl="$http_x_ingress_path/";</script>';
sub_filter_types text/css application/javascript;
sub_filter_once off;
root /opt/frigate/web;
try_files $uri $uri/ /index.html;
}
}
}
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish 127.0.0.1;
deny publish all;
allow play all;
application live {
live on;
record off;
meta copy;
}
}
}