MOQ Configuration
All plugin settings are in conf/moq-plugin.properties within your Red5 Pro installation. The plugin properties mirror the relay’s server.properties — changes to one should be reflected in the other when running the relay standalone.
Enable / Disable
# Enable or disable the MOQ plugin
enable=true
Server and Port Configuration
# Unified mode: native MoQ and WebTransport on a single QUIC port (recommended)
server.unified.enabled=true
# Bind address (0.0.0.0 listens on all interfaces)
server.host=0.0.0.0
# QUIC port for unified mode, or native MoQ port in dual-port mode
server.port=4433
# WebTransport port — only used when server.unified.enabled=false
webtransport.server.port=4433
webtransport.server.enabled=true
webtransport.max.sessions=100
webtransport.allowed.origins=*
Unified vs Dual-Port Mode
| Setting | Unified (default) | Dual-Port |
|---|---|---|
server.unified.enabled |
true |
false |
| Native MoQ port | server.port |
server.port |
| WebTransport port | server.port (same) |
webtransport.server.port |
TLS Certificates
# Paths to PEM-encoded certificate and private key
# If not set, a self-signed certificate is auto-generated at startup
server.cert.file=/etc/letsencrypt/live/your-domain.com/fullchain.pem
server.key.file=/etc/letsencrypt/live/your-domain.com/privkey.pem
Draft Version Negotiation
# Accept MoQ Transport drafts in this range
# Set both to the same value to pin to a single draft version
server.min.draft=14
server.max.draft=16
MoQ Lite versions are always accepted when moq.lite.enabled=true, regardless of this range.
MoQ Lite
moq.lite.enabled=false
moq.lite.default.priority=128
moq.lite.max.broadcast.paths=1000
Media Processing Mode
Controls how the relay handles media payloads:
# TRANSPARENT: Zero-copy relay, no payload inspection (fastest, default)
# SELECTIVE: Codec extraction for catalog generation only
# FULL: Complete format validation and codec extraction
media.processing.mode=TRANSPARENT
Forwarding Preference
# How media objects are delivered to subscribers:
# DATAGRAM: Low latency, best-effort via QUIC datagrams
# TRACK: Reliable, one stream per track (default)
# GROUP: Reliable, one stream per group
# OBJECT: Per-object streams with full headers
moq.default.forwarding.preference=TRACK
Object Cache
The Caffeine-backed cache supports FETCH requests, catalog generation, and stream replay:
cache.enabled=true
# Maximum objects stored per track
cache.max.objects.per.track=300
# Total cache size limit in bytes (100 MB default)
cache.max.size.bytes=104857600
# Time-to-live for cached objects in seconds
cache.ttl.seconds=60
# Cache only keyframes to reduce memory usage
cache.keyframes.only=false
Internal Recording Subscriber
The recording subscriber passively captures all published tracks:
recording.subscriber.enabled=true
recording.file.enabled=false
recording.directory=recordings/
recording.queue.capacity=1000
WebSocket Tunnel (TCP Fallback)
Provides MoQ over WebSocket when QUIC/UDP is unavailable. Clients connect with Sec-WebSocket-Protocol: moq to ws[s]://host:port/appName.
websocket.tunnel.enabled=false
websocket.tunnel.protocol=moq
QUIC Transport Parameters
server.max.idle.timeout=30
server.enable.0rtt=true
server.initial.max.data=10000000
server.initial.max.stream.data.bidi.local=1000000
server.initial.max.stream.data.bidi.remote=1000000
server.initial.max.stream.data.uni=1000000
server.max.streams.bidi=200
server.max.streams.uni=1000
server.datagram.recv.queue=1000
server.datagram.send.queue=1000
server.datagram.max.frame.size=65535
server.h3.datagram.enabled=true
server.shutdown.timeout=10000
CORS / HTTP Headers
WebTransport requires specific cross-origin security headers. Configure the corsConfig bean in conf/red5pro-activation.xml:
<bean name="corsConfig" id="corsConfig" class="com.red5pro.servlet.filter.CorsConfig">
<property name="allowedOrigins" value="*" />
<property name="allowedMethods" value="HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS" />
<property name="allowedHeaders" value="Authorization, Accept, Content-Type, Link, Location, Origin,
X-Requested-With, Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy,
Cross-Origin-Resource-Policy" />
<property name="exposeAllHeaders" value="true" />
<property name="maxAge" value="3600" />
<property name="allowCredentials" value="false" />
<property name="coepValue" value="require-corp" />
<property name="coopValue" value="same-origin" />
<property name="corpValue" value="cross-origin" />
</bean>
Without coepValue, coopValue, and corpValue, browser WebTransport connections will be blocked by cross-origin isolation requirements.