Keyframe

Technical overview
Login

The Keyframe project is a distribution of multiple components, using a NixOS configuration to define a system which integrates them.

These components are, today:

  1. nginx provides a frontend HTTP server. The HTTP server serves up the Vue application, and proxies to ingestd-httpd and Prosody's BOSH endpoint. It also serves acme challenge responses for TLS certificates. The RTMP server receives input on a "publish" application with a "stream key", which it authenticates using rtmpauth, then translates the incoming stream into HLS for the HTTP server to serve.
  1. ingestd-srt provides stream ingestd. It takes MPEG-TS over SRT, and packages it as a live MPEG-DASH stream using gpac, then sends it to ingestd-httpd. Streams are authenticated by a hash derived from a per-instance secret and the stream's identifier.
  1. ingestd-httpd serves MPEG-DASH streams. It is a custom HTTP server which serves files as they're being pushed from ingestd-srt, with minimal latency.
  1. Prosody XMPP server provides multi-user chatrooms for streams. A few subdomains are used - no subdomain for stream owners, streamguest for anonymous viewers, streamadmin for the stream-muc-manager user, and streamchat for the MUC domain. Users cannot create new rooms on the MUC server themselves. Federation is enabled for stream owners, but not for anonymous viewers.
  1. stream-muc-manager creates and deletes MUC rooms in Prosody. It receives a list of rooms to ensure exist along with their stream owner JIDs, and a list of rooms to remove. It then creates rooms that don't exist, adds the owner JID as a MUC admin, and removes the rooms in the remove list. This is a one-off process - it does not run regularly.
  1. ui is the Vue.js frontend. It integrates dash.js for streaming MPEG-DASH, and Converse.JS for XMPP connections over BOSH.
  1. streams.nix contains a script which attempts to generate stream keys for new streams, create new Prosody users for new stream owners, send emails to new stream owners with their authentication info, and run stream-muc-manager with the correct lists of active and removed streams.
  1. LetsEncrypt is used to generate TLS keys for Prosody and nginx.