/livekit-egress

Export and record WebRTC sessions and tracks

Primary LanguageGoApache License 2.0Apache-2.0

The LiveKit icon, the name of the repository and some sample code in the background.

LiveKit Egress

WebRTC is fantastic for last-mile media delivery, but interoperability with other services can be challenging. An application may want to do things like store a session for future playback, relay a stream to a CDN, or process a track through a transcription service – workflows where media travels through a different system or protocol. LiveKit Egress is the solution to these interoperability challenges. It provides a consistent set of APIs that gives you universal export of your LiveKit sessions and tracks.

Capabilities

  1. Room composite for exporting an entire room.
  2. Web egress for recordings that aren't attached to a single LiveKit room.
  3. Track composite for exporting synchronized tracks of a single participant.
  4. Track egress for exporting individual tracks.

Depending on your request type, the egress service will either launch Chrome using a web template (room composite requests) or a supplied url (web requests), or it will use the Go SDK directly (track and track composite requests). Irrespective of method used, when moving between protocols, containers or encodings, LiveKit's egress service will automatically transcode streams for you using GStreamer.

Supported Output

Egress Type MP4 File OGG File WebM File HLS (TS Segments) RTMP(s) Stream SRT Stream WebSocket Stream Thumbnails (JPEGs)
Room Composite
Web
Track Composite
Track

Files can be uploaded to any S3 compatible storage, Azure, or GCP.

Documentation

Full docs available here

Config

The Egress service takes a yaml config file:

# required fields
api_key: livekit server api key. LIVEKIT_API_KEY env can be used instead
api_secret: livekit server api secret. LIVEKIT_API_SECRET env can be used instead
ws_url: livekit server websocket url. LIVEKIT_WS_URL can be used instead
redis:
  address: must be the same redis address used by your livekit server
  username: redis username
  password: redis password
  db: redis db

# optional fields
health_port: port used for http health checks (default 0)
template_port: port used to host default templates (default 7980)
prometheus_port: port used to collect prometheus metrics (default 0)
debug_handler_port: port used to host http debug handlers (default 0)
logging:
  level: debug, info, warn, or error (default info)
  json: true
template_base: can be used to host custom templates (default http://localhost:<template_port>/)
backup_storage: files will be moved here when uploads fail. location must have write access granted for all users
enable_chrome_sandbox: if true, egress will run Chrome with sandboxing enabled. This requires a specific Docker setup, see below.
cpu_cost: # optionally override cpu cost estimation, used when accepting or denying requests
  room_composite_cpu_cost: 3.0
  web_cpu_cost: 3.0
  track_composite_cpu_cost: 2.0
  track_cpu_cost: 1.0
session_limits: # optional egress duration limits - once hit, egress will end with status EGRESS_LIMIT_REACHED
  file_output_max_duration: 1h
  stream_output_max_duration: 90m
  segment_output_max_duration: 3h

# file upload config - only one of the following. Can be overridden per request
s3:
  access_key: AWS_ACCESS_KEY_ID env or IAM role can be used instead
  secret: AWS_SECRET_ACCESS_KEY env or IAM role can be used instead
  session_token: AWS_SESSION_TOKEN env or IAM role can be used instead
  region: AWS_DEFAULT_REGION env or IAM role can be used instead
  endpoint: (optional) custom endpoint
  bucket: bucket to upload files to
  # the following s3 options can only be set in config, *not* per request, they will be added to any per-request options
  proxy_config:
    url: (optional) proxy url
    username: (optional) proxy username
    password: (optional) proxy password
  max_retries: (optional, default=3) number or retries to attempt
  max_retry_delay: (optional, default=5s) max delay between retries (e.g. 5s, 100ms, 1m...)
  min_retry_delay: (optional, default=500ms) min delay between retries (e.g. 100ms, 1s...)
  aws_log_level: (optional, default=LogOff) log level for aws sdk (LogDebugWithRequestRetries, LogDebug, ...) 
azure:
  account_name: AZURE_STORAGE_ACCOUNT env can be used instead
  account_key: AZURE_STORAGE_KEY env can be used instead
  container_name: container to upload files to
gcp:
  credentials_json: GOOGLE_APPLICATION_CREDENTIALS env can be used instead
  bucket: bucket to upload files to
  proxy_config:
    url: (optional) proxy url
    username: (optional) proxy username
    password: (optional) proxy password
alioss:
  access_key: Ali OSS AccessKeyId
  secret: Ali OSS AccessKeySecret
  region: Ali OSS region
  endpoint: (optional) custom endpoint
  bucket: bucket to upload files to

# dev/debugging fields
insecure: can be used to connect to an insecure websocket (default false)
debug:
  enable_profiling: create and upload pipeline dot file and pprof file on pipeline failure
  s3: upload config for dotfiles (see above)
  azure: upload config for dotfiles (see above)
  gcp: upload config for dotfiles (see above)
  alioss: upload config for dotfiles (see above)

The config file can be added to a mounted volume with its location passed in the EGRESS_CONFIG_FILE env var, or its body can be passed in the EGRESS_CONFIG_BODY env var.

Filenames

The below templates can also be used in filename/filepath parameters:

Egress Type {room_id} {room_name} {time} {utc} {publisher_identity} {track_id} {track_type} {track_source}
Room Composite
Web
Track Composite
Track
  • If no filename is provided with a request, one will be generated in the form of "{room_name}-{time}".
  • If your filename ends with a /, a file will be generated in that directory.
  • For 1/2/2006, 3:04:05.789 PM, {time} format would display "2006-01-02T150405", and {utc} format "20060102150405789"

Examples:

Request filename Resulting filename
"" testroom-2022-10-04T011306.mp4
"livekit-recordings/" livekit-recordings/testroom-2022-10-04T011306.mp4
"{room_name}/{time}" testroom/2022-10-04T011306.mp4
"{room_id}-{publisher_identity}.mp4" 10719607-f7b0-4d82-afe1-06b77e91fe12-david.mp4
"{track_type}-{track_source}-{track_id}" audio-microphone-TR_SKasdXCVgHsei.ogg

Running locally

These changes are not recommended for a production setup.

To run against a local livekit server, you'll need to do the following:

  • open /usr/local/etc/redis.conf and comment out the line that says bind 127.0.0.1
  • change protected-mode yes to protected-mode no in the same file
  • find your IP as seen by docker
    • ws_url needs to be set using the IP as Docker sees it
    • on linux, this should be 172.17.0.1
    • on mac or windows, run docker run -it --rm alpine nslookup host.docker.internal and you should see something like Name: host.docker.internal Address: 192.168.65.2

These changes allow the service to connect to your local redis instance from inside the docker container.

Create a directory to mount. In this example, we will use ~/egress-test.

Create a config.yaml in the above directory.

  • redis and ws_url should use the above IP instead of localhost
  • insecure should be set to true
log_level: debug
api_key: your-api-key
api_secret: your-api-secret
ws_url: ws://192.168.65.2:7880
insecure: true
redis:
  address: 192.168.65.2:6379

Then to run the service:

docker run --rm \
    -e EGRESS_CONFIG_FILE=/out/config.yaml \
    -v ~/egress-test:/out \
    livekit/egress

You can then use our cli to submit egress requests to your server.

Chrome sandboxing

By default, Room Composite and Web egresses run with Chrome sandboxing disabled. This is because the default docker security settings prevent Chrome from switching to a different kernel namespace, which is needed by Chrome to setup its sandbox.

Chrome sandboxing within Egress can be reenabled by setting the the enable_chrome_sandbox option to true in the egress configuration, and launching docker using the provided seccomp security profile:

docker run --rm \
    -e EGRESS_CONFIG_FILE=/out/config.yaml \
    -v ~/egress-test:/out \
    --security-opt seccomp=chrome-sandboxing-seccomp-profile.json \
    livekit/egress

This profile is based on the default docker seccomp security profile and allows the 2 extra system calls (clone and unshare) that Chrome needs to setup the sandbox.

Note that kubernetes disables seccomp entirely by default, which means that running with Chrome sandboxing enabled is possible on a kubernetes cluster with the default security settings.

FAQ

Can I store the files locally instead of uploading to cloud storage?

  • Yes, you can mount a volume with your docker run command (e.g. -v ~/livekit-egress:/out/), and use the mounted directory in your filenames (e.g. /out/my-recording.mp4). Since egress is not run as the root user, write permissions will need to be enabled for all users.

I get a "no response from egress service" error when sending a request

  • Your livekit server cannot connect to an egress instance through redis. Make sure they are both able to reach the same redis db.
  • If all of your egress instances are full, you'll need to deploy more instances or set up autoscaling.

I get a different error when sending a request

  • Make sure your egress, livekit, server sdk, and livekit-cli are all up to date.

Can I run this without docker?

  • It's possible, but not recommended. To do so, you would need to install gstreamer along with its plugins, chrome, xvfb, and have a pulseaudio server running.

Testing and Development

To run the test against your own LiveKit rooms, a deployed LiveKit server with a secure websocket url is required. First, create egress/test/config.yaml:

log_level: debug
api_key: your-api-key
api_secret: your-api-secret
ws_url: wss://your-livekit-url.com
redis:
  address: 192.168.65.2:6379
room_only: false
web_only: false
track_composite_only: false
track_only: false
file_only: false
stream_only: false
segments_only: false
muting: false
dot_files: false
short: false

Join a room using https://example.livekit.io or your own client, then run mage integration test/config.yaml. This will test recording different file types, output settings, and streams against your room.


LiveKit Ecosystem
Realtime SDKsReact Components · Browser · Swift Components · iOS/macOS/visionOS · Android · Flutter · React Native · Rust · Node.js · Python · Unity (web) · Unity (beta)
Server APIsNode.js · Golang · Ruby · Java/Kotlin · Python · Rust · PHP (community)
Agents FrameworksPython · Playground
ServicesLiveKit server · Egress · Ingress · SIP
ResourcesDocs · Example apps · Cloud · Self-hosting · CLI