MOQ Beta | Now Open For Enterprises / Learn More

Red5 Documentation

MOQ Configuration

All plugin settings are in conf/moq-plugin.properties within your Red5 Pro installation. The plugin properties mirror the relay’s server.properties — changes to one should be reflected in the other when running the relay standalone.

Enable / Disable

# Enable or disable the MOQ plugin
enable=true

Server and Port Configuration

# Unified mode: native MoQ and WebTransport on a single QUIC port (recommended)
server.unified.enabled=true

# Bind address (0.0.0.0 listens on all interfaces)
server.host=0.0.0.0

# QUIC port for unified mode, or native MoQ port in dual-port mode
server.port=4433

# WebTransport port — only used when server.unified.enabled=false
webtransport.server.port=4433
webtransport.server.enabled=true
webtransport.max.sessions=100
webtransport.allowed.origins=*

Unified vs Dual-Port Mode

Setting Unified (default) Dual-Port
server.unified.enabled true false
Native MoQ port server.port server.port
WebTransport port server.port (same) webtransport.server.port

TLS Certificates

# Paths to PEM-encoded certificate and private key
# If not set, a self-signed certificate is auto-generated at startup
server.cert.file=/etc/letsencrypt/live/your-domain.com/fullchain.pem
server.key.file=/etc/letsencrypt/live/your-domain.com/privkey.pem

Draft Version Negotiation

# Accept MoQ Transport drafts in this range
# Set both to the same value to pin to a single draft version
server.min.draft=14
server.max.draft=16

MoQ Lite versions are always accepted when moq.lite.enabled=true, regardless of this range.

MoQ Lite

moq.lite.enabled=false
moq.lite.default.priority=128
moq.lite.max.broadcast.paths=1000

Media Processing Mode

Controls how the relay handles media payloads:

# TRANSPARENT: Zero-copy relay, no payload inspection (fastest, default)
# SELECTIVE:   Codec extraction for catalog generation only
# FULL:        Complete format validation and codec extraction
media.processing.mode=TRANSPARENT

Forwarding Preference

# How media objects are delivered to subscribers:
# DATAGRAM: Low latency, best-effort via QUIC datagrams
# TRACK:    Reliable, one stream per track (default)
# GROUP:    Reliable, one stream per group
# OBJECT:   Per-object streams with full headers
moq.default.forwarding.preference=TRACK

Object Cache

The Caffeine-backed cache supports FETCH requests, catalog generation, and stream replay:

cache.enabled=true

# Maximum objects stored per track
cache.max.objects.per.track=300

# Total cache size limit in bytes (100 MB default)
cache.max.size.bytes=104857600

# Time-to-live for cached objects in seconds
cache.ttl.seconds=60

# Cache only keyframes to reduce memory usage
cache.keyframes.only=false

Internal Recording Subscriber

The recording subscriber passively captures all published tracks:

recording.subscriber.enabled=true
recording.file.enabled=false
recording.directory=recordings/
recording.queue.capacity=1000

WebSocket Tunnel (TCP Fallback)

Provides MoQ over WebSocket when QUIC/UDP is unavailable. Clients connect with Sec-WebSocket-Protocol: moq to ws[s]://host:port/appName.

websocket.tunnel.enabled=false
websocket.tunnel.protocol=moq

QUIC Transport Parameters

server.max.idle.timeout=30
server.enable.0rtt=true
server.initial.max.data=10000000
server.initial.max.stream.data.bidi.local=1000000
server.initial.max.stream.data.bidi.remote=1000000
server.initial.max.stream.data.uni=1000000
server.max.streams.bidi=200
server.max.streams.uni=1000
server.datagram.recv.queue=1000
server.datagram.send.queue=1000
server.datagram.max.frame.size=65535
server.h3.datagram.enabled=true
server.shutdown.timeout=10000

CORS / HTTP Headers

WebTransport requires specific cross-origin security headers. Configure the corsConfig bean in conf/red5pro-activation.xml:

<bean name="corsConfig" id="corsConfig" class="com.red5pro.servlet.filter.CorsConfig">
    <property name="allowedOrigins" value="*" />
    <property name="allowedMethods" value="HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS" />
    <property name="allowedHeaders" value="Authorization, Accept, Content-Type, Link, Location, Origin,
        X-Requested-With, Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy,
        Cross-Origin-Resource-Policy" />
    <property name="exposeAllHeaders" value="true" />
    <property name="maxAge" value="3600" />
    <property name="allowCredentials" value="false" />
    <property name="coepValue" value="require-corp" />
    <property name="coopValue" value="same-origin" />
    <property name="corpValue" value="cross-origin" />
</bean>

Without coepValue, coopValue, and corpValue, browser WebTransport connections will be blocked by cross-origin isolation requirements.