Lib.rs

Network programming | Multimedia
#quic #http-3 #live-media #media-live

app moq-relay

Media over QUIC

by Luke Curley and 27 contributors

55 releases

new 0.9.6 Oct 28, 2025
0.9.3 Sep 5, 2025
0.8.6 Jul 31, 2025
0.6.24 Mar 16, 2025
0.3.0 Mar 22, 2024

#155 in Multimedia

Download history 6/week @ 2025-07-09 559/week @ 2025-07-16 400/week @ 2025-07-23 262/week @ 2025-07-30 18/week @ 2025-08-06 131/week @ 2025-08-13 203/week @ 2025-08-20 12/week @ 2025-08-27 614/week @ 2025-09-03 24/week @ 2025-09-10 75/week @ 2025-09-17 14/week @ 2025-09-24 23/week @ 2025-10-01 102/week @ 2025-10-15 219/week @ 2025-10-22

349 downloads per month

MIT/Apache

335KB
8K SLoC

moq-relay

moq-relay is a server that forwards subscriptions from publishers to subscribers, caching and deduplicating along the way. It's designed to be run in a datacenter, relaying media across multiple hops to deduplicate and improve QoS.

The only argument is the path to a TOML configuration file. See dev.toml for an example configuration.

HTTP

Primarily for debugging, you can also connect to the relay via HTTP.

  • GET /certificate.sha256: Returns the fingerprint of the TLS certificate.
  • GET /announced/*prefix: Returns all of the announced tracks with the given (optional) prefix.
  • GET /fetch/*path: Returns the latest group of the given track.

The HTTP server listens on the same bind address, but TCP instead of UDP. The default is http://localhost:4443. HTTPS is currently not supported.

Clustering

In order to scale MoQ, you will eventually need to run multiple moq-relay instances potentially in different regions. This is called clustering, where the goal is that a user connects to the closest relay and they magically form a mesh behind the scenes.

moq-relay uses a simple clustering scheme using moq-lite. This is both dog-fooding and a surprisingly ueeful way to distribute live metadata at scale.

We currently use a single "root" node that is used to discover members of the cluster and what broadcasts they offer. This is a normal moq-relay instance, potentially serving public traffic, unaware of the fact that it's in charge of other relays.

The other moq-relay instances accept internet traffic and consult the root for routing. They can then advertise their internal ip/hostname to other instances when publishing a broadcast.

Cluster arguments:

  • --cluster-root <HOST>: The hostname/ip of the root node. If missing, this node is a root.
  • --cluster-node <HOST>: The hostname/ip of this instance. There needs to be a corresponding valid TLS certificate, potentially self-signed. If missing, published broadcasts will only be available on this specific relay.

Authentication

The relay supports JWT-based authentication and authorization with path-based access control.

For detailed authentication setup, including token generation and configuration examples, see: Authentication Documentation

Key features:

  • JWT tokens passed via query parameters (?jwt=<token>)
  • Path-based authorization with root, pub, and sub claims
  • Anonymous access support for public content
  • Symmetric key cryptography (HMAC-SHA256/384/512)

Quick example configuration in your .toml file:

[auth]
key = "dev/root.jwk"    # JWT signing key
public = "anon"         # Allow anonymous access to /anon prefix

Dependencies

~108MB
~2.5M SLoC