MOQ Beta | Now Open For Enterprises / Learn More

Red5 Documentation

MOQ Installation

Prerequisites

  • Red5 Pro Server with MOQ plugin support (see release notes for the minimum version)
  • Java 21 or later
  • UDP port 4433 open in your firewall (default QUIC port for MOQ and WebTransport)
  • A valid TLS certificate for production deployments (see TLS Certificates below)

Standard Installation

The moq-plugin ships with Red5 Pro Server distributions that include MOQ support.

The plugin is enabled by default (enable=true in conf/moq-plugin.properties). To disable it without uninstalling, set enable=false and restart.

TLS Certificates

MOQ and WebTransport require TLS. The plugin auto-generates a self-signed certificate at startup if no certificate paths are configured. For production, provide your own certificate:

# conf/moq-plugin.properties
server.cert.file=/etc/letsencrypt/live/your-domain.com/fullchain.pem
server.key.file=/etc/letsencrypt/live/your-domain.com/privkey.pem

Accepted private key formats: PKCS#8, traditional RSA/EC, or encrypted PKCS#8 (PEM-encoded).

Local Development Certificate

For local testing, a helper script generates a self-signed certificate and prints the certificate hash needed for browser client pinning:

cd moq-plugin
chmod +x create-local-tls.sh
./create-local-tls.sh

The certificate hash is also printed to the server console at startup in multiple formats (Uint8Array, hex, compact hex). Use it in the certHash field of the test client page.

Verifying the Installation

After startup, these log lines confirm the relay is running and accepting connections:

INFO  o.r.s.n.p.PicoquicMoqBridge - Picoquic session established: sessionId=1, type=webtransport, path=/moq
INFO  o.r.s.n.p.PicoquicMoqBridge - Picoquic-MoQ bridge created: picoquicSessionId=1, moqSessionId=picoquic-1, type=webtransport
INFO  o.r.s.n.p.PicoquicMoqBridge - WebTransport connection: stream 4 will be control stream

If the plugin fails to start, see Troubleshooting.