datarhei-dragonfork-core/deploy/truenas/core/docker-compose.yml

# Dragon Fork datarhei Core — M2 deployment with WebRTC egress.
#
# This replaces the M1 webrtc-poc stack. It runs the real root Core
# binary with the WebRTC subsystem wired into the restream manager, so
# every process whose config has `webrtc.enabled=true` will have its
# output fanned out to WHEP subscribers automatically.
#
# Host networking is required for the same reason as M1: ICE encodes
# host:port pairs into SDP candidates, and bridge-mode port mapping
# breaks that.
#
# Copy this file to /mnt/NVME/Docker/dragonfork-core/ alongside a .env:
#
#   PUBLIC_IP=10.0.0.25
#   API_AUTH_USERNAME=admin
#   API_AUTH_PASSWORD=change-me-please
#   API_AUTH_JWT_SECRET=<32+ random bytes, base64>
#
# Then:
#   docker compose up -d --build
#   docker compose logs -f

services:
  core:
    build:
      context: ../../..                  # repo root (where go.mod lives)
      dockerfile: deploy/truenas/core/Dockerfile
    container_name: dragonfork-core
    restart: unless-stopped
    network_mode: host
    environment:
      # --- API ---
      CORE_ADDRESS: ":${CORE_HTTP_PORT:-8080}"
      CORE_API_AUTH_ENABLE: "true"
      CORE_API_AUTH_USERNAME: "${API_AUTH_USERNAME:?set in .env}"
      CORE_API_AUTH_PASSWORD: "${API_AUTH_PASSWORD:?set in .env}"
      CORE_API_AUTH_JWT_SECRET: "${API_AUTH_JWT_SECRET:?set in .env}"

      # --- WebRTC egress ---
      CORE_WEBRTC_ENABLE: "true"
      CORE_WEBRTC_PUBLIC_IP: "${PUBLIC_IP:?set in .env}"
      # Leave NAT1To1_IPS empty unless you need multiple advertised IPs.
      # CORE_WEBRTC_NAT_1_TO_1_IPS: "10.0.0.25 203.0.113.10"

      # --- RTMP / RTMPS / SRT / TLS port overrides ---
      # Default Datarhei ports (1935, 1936, 6000, 8181) are common
      # and frequently collide with an existing upstream datarhei/
      # restreamer container or other RTMP servers on the same host.
      # Pull these out of .env so operators can remap without editing
      # this file. Empty strings keep the upstream defaults.
      CORE_RTMP_ADDRESS: "${CORE_RTMP_ADDRESS:-:1935}"
      CORE_RTMP_ADDRESS_TLS: "${CORE_RTMP_ADDRESS_TLS:-:1936}"
      CORE_SRT_ADDRESS: "${CORE_SRT_ADDRESS:-:6000}"
      CORE_TLS_ADDRESS: "${CORE_TLS_ADDRESS:-:8181}"

      # --- Storage ---
      # Let the volumes below provide durable paths; defaults are fine.

      # --- Logging ---
      CORE_LOG_LEVEL: "${LOG_LEVEL:-info}"

    volumes:
      - ./config:/core/config
      - ./data:/core/data

    # No ports: host networking exposes whatever the process binds.
    # The WHEP endpoint lives at /api/v3/whep/:id on CORE_HTTP_PORT.
deploy(truenas): Core image + compose for M2 WebRTC rollout Adds a dedicated deploy bundle under deploy/truenas/core/ so the real root Core binary — with the M2 WebRTC subsystem wired in — can replace the M1 webrtc-poc stack on the TrueNAS host. - Dockerfile: two-stage build on golang:1.24-alpine3.20 + alpine:3.20 runtime. FFmpeg is bundled so restream processes have their subprocess path ready. Copies the core binary from core/core (Go places the output file inside the core/ package directory because it can't overwrite a directory with a file) plus import and ffmigrate from the repo root. - docker-compose.yml: host-networked Core service, env-driven config (CORE_ADDRESS, CORE_API_AUTH_*, CORE_WEBRTC_ENABLE, CORE_WEBRTC_PUBLIC_IP), with config/ and data/ bind mounts. - README.md: M1→M2 cutover notes, one-time setup, JWT smoke test against /api/v3/whep/:id, and teardown. Verified: make release + make import + make ffmigrate all cross-compile cleanly for linux/amd64; go build ./... and go test ./... pass on the branch. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-17 14:59:49 -04:00			`# Dragon Fork datarhei Core — M2 deployment with WebRTC egress.`
			`#`
			`# This replaces the M1 webrtc-poc stack. It runs the real root Core`
			`# binary with the WebRTC subsystem wired into the restream manager, so`
			# every process whose config has `webrtc.enabled=true` will have its
			`# output fanned out to WHEP subscribers automatically.`
			`#`
			`# Host networking is required for the same reason as M1: ICE encodes`
			`# host:port pairs into SDP candidates, and bridge-mode port mapping`
			`# breaks that.`
			`#`
			`# Copy this file to /mnt/NVME/Docker/dragonfork-core/ alongside a .env:`
			`#`
			`# PUBLIC_IP=10.0.0.25`
			`# API_AUTH_USERNAME=admin`
			`# API_AUTH_PASSWORD=change-me-please`
			`# API_AUTH_JWT_SECRET=<32+ random bytes, base64>`
			`#`
			`# Then:`
			`# docker compose up -d --build`
			`# docker compose logs -f`

			`services:`
			`core:`
			`build:`
			`context: ../../.. # repo root (where go.mod lives)`
			`dockerfile: deploy/truenas/core/Dockerfile`
			`container_name: dragonfork-core`
			`restart: unless-stopped`
			`network_mode: host`
			`environment:`
			`# --- API ---`
			`CORE_ADDRESS: ":${CORE_HTTP_PORT:-8080}"`
			`CORE_API_AUTH_ENABLE: "true"`
			`CORE_API_AUTH_USERNAME: "${API_AUTH_USERNAME:?set in .env}"`
			`CORE_API_AUTH_PASSWORD: "${API_AUTH_PASSWORD:?set in .env}"`
			`CORE_API_AUTH_JWT_SECRET: "${API_AUTH_JWT_SECRET:?set in .env}"`

			`# --- WebRTC egress ---`
			`CORE_WEBRTC_ENABLE: "true"`
			`CORE_WEBRTC_PUBLIC_IP: "${PUBLIC_IP:?set in .env}"`
			`# Leave NAT1To1_IPS empty unless you need multiple advertised IPs.`
			`# CORE_WEBRTC_NAT_1_TO_1_IPS: "10.0.0.25 203.0.113.10"`

deploy(compose): pass RTMP/SRT/TLS port overrides through from .env The compose file's environment: block only forwarded the variables it explicitly referenced — CORE_ADDRESS, CORE_API_AUTH_, CORE_WEBRTC_, CORE_LOG_LEVEL. Everything else got the upstream Core defaults regardless of what was in .env. So 'CORE_RTMP_ADDRESS=:1937' in .env was silently ignored and Core kept binding 1935. Hit on the live TrueNAS host where another datarhei/restreamer container was already on 1935 with active stream state — couldn't just stop it. Adding explicit env passthrough for the four common collision points (RTMP, RTMPS, SRT, TLS) so an operator can remap each individually without editing this file: CORE_RTMP_ADDRESS=:1937 CORE_RTMP_ADDRESS_TLS=:1938 CORE_SRT_ADDRESS=:6002 CORE_TLS_ADDRESS=:8183 Defaults are unchanged — empty .env keeps :1935/:1936/:6000/:8181. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-03 09:30:02 -04:00			`# --- RTMP / RTMPS / SRT / TLS port overrides ---`
			`# Default Datarhei ports (1935, 1936, 6000, 8181) are common`
			`# and frequently collide with an existing upstream datarhei/`
			`# restreamer container or other RTMP servers on the same host.`
			`# Pull these out of .env so operators can remap without editing`
			`# this file. Empty strings keep the upstream defaults.`
			`CORE_RTMP_ADDRESS: "${CORE_RTMP_ADDRESS:-:1935}"`
			`CORE_RTMP_ADDRESS_TLS: "${CORE_RTMP_ADDRESS_TLS:-:1936}"`
			`CORE_SRT_ADDRESS: "${CORE_SRT_ADDRESS:-:6000}"`
			`CORE_TLS_ADDRESS: "${CORE_TLS_ADDRESS:-:8181}"`

deploy(truenas): Core image + compose for M2 WebRTC rollout Adds a dedicated deploy bundle under deploy/truenas/core/ so the real root Core binary — with the M2 WebRTC subsystem wired in — can replace the M1 webrtc-poc stack on the TrueNAS host. - Dockerfile: two-stage build on golang:1.24-alpine3.20 + alpine:3.20 runtime. FFmpeg is bundled so restream processes have their subprocess path ready. Copies the core binary from core/core (Go places the output file inside the core/ package directory because it can't overwrite a directory with a file) plus import and ffmigrate from the repo root. - docker-compose.yml: host-networked Core service, env-driven config (CORE_ADDRESS, CORE_API_AUTH_*, CORE_WEBRTC_ENABLE, CORE_WEBRTC_PUBLIC_IP), with config/ and data/ bind mounts. - README.md: M1→M2 cutover notes, one-time setup, JWT smoke test against /api/v3/whep/:id, and teardown. Verified: make release + make import + make ffmigrate all cross-compile cleanly for linux/amd64; go build ./... and go test ./... pass on the branch. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-17 14:59:49 -04:00			`# --- Storage ---`
			`# Let the volumes below provide durable paths; defaults are fine.`

			`# --- Logging ---`
			`CORE_LOG_LEVEL: "${LOG_LEVEL:-info}"`

			`volumes:`
			`- ./config:/core/config`
			`- ./data:/core/data`

			`# No ports: host networking exposes whatever the process binds.`
			`# The WHEP endpoint lives at /api/v3/whep/:id on CORE_HTTP_PORT.`