Skip to main content
Version: v3

Configuration

Neko uses the Viper library to manage configuration. The configuration file is optional and is not required for Neko to run. If a configuration file is present, it will be read in and merged with the default configuration values.

The merge order is as follows:

  • Default configuration values
  • Configuration file
  • Environment variables
  • Command-line arguments
Example merging order
# Default Value: 127.0.0.1:8080

# Config File
cat config.yaml <<EOF
server:
  bind: "127.0.0.1:8081"
EOF

# Environment Variable
export NEKO_SERVER_BIND=127.0.0.1:8082

# Command-line Argument
./neko -config=config.yaml -server.bind=127.0.0.1:8083

The final value of server.bind will be 127.0.0.1:8083.

Configuration File

You have multiple ways to specify the configuration file for the neko server:

  • Command-line argument: -config=/path/to/config.yaml
  • Environment variable: NEKO_CONFIG=/path/to/config.yaml
  • Place the neko.yaml file in the same directory as the neko binary.
  • Place the neko.yaml file to /etc/neko/neko.yaml (ideal for Docker containers).

The configuration file can be specified in YAML, JSON, TOML, HCL, envfile, and Java properties format. Throughout the documentation, we will use the YAML format.

Example configuration files
config.yaml
capture:
  screencast:
    enabled: false

server:
  pprof: true

desktop:
  screen: "1920x1080@60"

member:
  provider: "multiuser"
  multiuser:
  admin_password: "admin"
  user_password: "neko"

session:
  merciful_reconnect: true
  implicit_hosting: false
  inactive_cursors: true
  cookie:
    enabled: false

webrtc:
  icelite: true
  iceservers:
    # Backend servers are ignored if icelite is true.
    backend:
      - urls: [ stun:stun.l.google.com:19302 ]
    frontend:
      - urls: [ stun:stun.l.google.com:19305 ]

Room Configuration

This is the initial configuration of the room that can be modified by an admin in real-time.

config.yaml
session:
  private_mode: false
  locked_logins: false
  locked_controls: false
  control_protection: false
  implicit_hosting: true
  inactive_cursors: false
  merciful_reconnect: true
  heartbeat_interval: 120
  • private_mode whether private mode is enabled, users do not receive the room video or audio.
  • locked_logins whether logins are locked for users, admins can still login.
  • locked_controls whether controls are locked for users, admins can still control.
  • control_protection users can gain control only if at least one admin is in the room.
  • implicit_hosting allows switching control implicitly without the need for explicit control request before
  • inactive_cursors whether to show inactive cursors server-wide (only for users that have it enabled in their profile)
  • merciful_reconnect whether to allow reconnecting to the websocket even if the previous connection was not closed. This means that a new login can kick out the previous one.
  • heartbeat_interval interval in seconds for sending a heartbeat message to the server. This is used to keep the connection alive and to detect when the connection is lost.

Server Configuration

This is the configuration of the neko server.

config.yaml
server:
  bind: "127.0.0.1:8080"
  cert: "/path/to/cert.pem"
  key: "/path/to/key.pem"
  cors: [ "*" ]
  metrics: true
  path_prefix: "/neko"
  pprof: true
  proxy: true
  static: "/var/www/neko"
  • bind address/port/socket to serve neko. For docker you might want to bind to 0.0.0.0 to allow connections from outside the container.
  • cert and key paths to the SSL cert and key used to secure the neko server. If both are empty, the server will run in plain HTTP.
  • cors is a list of allowed origins for CORS.
    • If empty, CORS is disabled, and only same-origin requests are allowed.
    • If * is present, all origins are allowed. Neko will respond always with the requested origin, not with * since credentials are not allowed with wildcard.
    • If a list of origins is present, only those origins are allowed for CORS.
  • metrics when true, prometheus metrics are available at /metrics.
  • path_prefix is the prefix for all HTTP requests. This is useful when running neko behind a reverse proxy and you want to serve neko under a subpath, e.g. /neko.
  • pprof when true, the pprof endpoint is available at /debug/pprof for debugging and profiling. This should be disabled in production.
  • proxy when true, neko will trust the X-Forwarded-For and X-Real-IP headers from the reverse proxy. Make sure your reverse proxy is configured to set these headers and never trust them when not behind a reverse proxy. See Reverse Proxy Setup for more information.
  • static path to the directory containing the neko client files to serve. This is useful if you want to serve the client files on the same domain as the server.

Logging Configuration

This is the configuration of the logging system.

config.yaml
log:
  dir: <string>
  json: true
  level: "info"
  nocolor: true
  time: "unix"
  • dir directory to store logs. If empty, logs are written to stdout. This is useful when running neko in a container.
  • json when true, logs are written in JSON format.
  • level log level to set. Available levels are trace, debug, info, warn, error, fatal, panic, and disabled.
  • nocolor when true, ANSI colors are disabled in non-JSON output. Accepts as well NO_COLOR environment variable.
  • time time format used in logs. Available formats are unix, unixms, and unixmicro.
tip

Shortcut environment variable to enable DEBUG mode: NEKO_DEBUG=true

Full Configuration Reference

Here is a full configuration with default values as shown in the help command. Please refer to the sub-sections for more details.

You can set the following environment variables in your docker-compose.yaml file or in your shell environment.

# audio codec to be used
NEKO_CAPTURE_AUDIO_CODEC: "opus"
# pulseaudio device to capture
NEKO_CAPTURE_AUDIO_DEVICE: "audio_output.monitor"
# gstreamer pipeline used for audio streaming
NEKO_CAPTURE_AUDIO_PIPELINE: <string>
# broadcast audio bitrate in KB/s
NEKO_CAPTURE_BROADCAST_AUDIO_BITRATE: "128"
# automatically start broadcasting when neko starts and broadcast_url is set
NEKO_CAPTURE_BROADCAST_AUTOSTART: "true"
# gstreamer pipeline used for broadcasting
NEKO_CAPTURE_BROADCAST_PIPELINE: <string>
# broadcast speed preset for h264 encoding
NEKO_CAPTURE_BROADCAST_PRESET: "veryfast"
# initial URL for broadcasting, setting this value will automatically start broadcasting
NEKO_CAPTURE_BROADCAST_URL: <string>
# broadcast video bitrate in KB/s
NEKO_CAPTURE_BROADCAST_VIDEO_BITRATE: "4096"
# pulseaudio device used for microphone
NEKO_CAPTURE_MICROPHONE_DEVICE: "audio_input"
# enable microphone stream
NEKO_CAPTURE_MICROPHONE_ENABLED: "true"
# enable screencast
NEKO_CAPTURE_SCREENCAST_ENABLED: "false"
# gstreamer pipeline used for screencasting
NEKO_CAPTURE_SCREENCAST_PIPELINE: <string>
# screencast JPEG quality
NEKO_CAPTURE_SCREENCAST_QUALITY: "60"
# screencast frame rate
NEKO_CAPTURE_SCREENCAST_RATE: "10/1"
# video codec to be used
NEKO_CAPTURE_VIDEO_CODEC: "vp8"
# X display to capture
NEKO_CAPTURE_VIDEO_DISPLAY: <string>
# ordered list of video ids
NEKO_CAPTURE_VIDEO_IDS: <strings>
# pipelines config in JSON used for video streaming
NEKO_CAPTURE_VIDEO_PIPELINES: "[]"
# v4l2sink device used for webcam
NEKO_CAPTURE_WEBCAM_DEVICE: "/dev/video0"
# enable webcam stream
NEKO_CAPTURE_WEBCAM_ENABLED: "false"
# webcam stream height
NEKO_CAPTURE_WEBCAM_HEIGHT: "720"
# webcam stream width
NEKO_CAPTURE_WEBCAM_WIDTH: "1280"
# X display to use for desktop sharing
NEKO_DESKTOP_DISPLAY: <string>
# whether to handle file chooser dialog externally
NEKO_DESKTOP_FILE_CHOOSER_DIALOG: "false"
# whether custom xf86 input driver should be used to handle touchscreen
NEKO_DESKTOP_INPUT_ENABLED: "true"
# socket path for custom xf86 input driver connection
NEKO_DESKTOP_INPUT_SOCKET: "/tmp/xf86-input-neko.sock"
# default screen size and framerate
NEKO_DESKTOP_SCREEN: "1280x720@30"
# automatically unminimize window when it is minimized
NEKO_DESKTOP_UNMINIMIZE: "true"
# whether drop upload is enabled
NEKO_DESKTOP_UPLOAD_DROP: "true"
# member file provider: whether to hash passwords using sha256 (recommended)
NEKO_MEMBER_FILE_HASH: "true"
# member file provider: storage path
NEKO_MEMBER_FILE_PATH: <string>
# member multiuser provider: admin password
NEKO_MEMBER_MULTIUSER_ADMIN_PASSWORD: "admin"
# member multiuser provider: admin profile in JSON format
NEKO_MEMBER_MULTIUSER_ADMIN_PROFILE: "{}"
# member multiuser provider: user password
NEKO_MEMBER_MULTIUSER_USER_PASSWORD: "neko"
# member multiuser provider: user profile in JSON format
NEKO_MEMBER_MULTIUSER_USER_PROFILE: "{}"
# member object provider: users in JSON format
NEKO_MEMBER_OBJECT_USERS: "[]"
# choose member provider
NEKO_MEMBER_PROVIDER: "multiuser"
# path to neko plugins to load
NEKO_PLUGINS_DIR: "./bin/plugins"
# load plugins in runtime
NEKO_PLUGINS_ENABLED: "false"
# if true, neko will exit if there is an error when loading a plugin
NEKO_PLUGINS_REQUIRED: "false"
# address/port/socket to serve neko
NEKO_SERVER_BIND: "127.0.0.1:8080"
# path to the SSL cert used to secure the neko server
NEKO_SERVER_CERT: <string>
# list of allowed origins for CORS, if empty CORS is disabled, if '*' is present all origins are allowed
NEKO_SERVER_CORS: <strings>
# path to the SSL key used to secure the neko server
NEKO_SERVER_KEY: <string>
# enable prometheus metrics available at /metrics
NEKO_SERVER_METRICS: "true"
# path prefix for HTTP requests
NEKO_SERVER_PATH_PREFIX: "/"
# enable pprof endpoint available at /debug/pprof
NEKO_SERVER_PPROF: "false"
# trust reverse proxy headers
NEKO_SERVER_PROXY: "false"
# path to neko client files to serve
NEKO_SERVER_STATIC: <string>
# API token for interacting with external services
NEKO_SESSION_API_TOKEN: <string>
# users can gain control only if at least one admin is in the room
NEKO_SESSION_CONTROL_PROTECTION: "false"
# domain of the cookie
NEKO_SESSION_COOKIE_DOMAIN: <string>
# whether cookies authentication should be enabled
NEKO_SESSION_COOKIE_ENABLED: "true"
# expiration of the cookie
NEKO_SESSION_COOKIE_EXPIRATION: "24h0m0s"
# use http only cookies
NEKO_SESSION_COOKIE_HTTP_ONLY: "true"
# name of the cookie that holds token
NEKO_SESSION_COOKIE_NAME: "NEKO_SESSION"
# path of the cookie
NEKO_SESSION_COOKIE_PATH: <string>
# use secure cookies
NEKO_SESSION_COOKIE_SECURE: "true"
# if sessions should be stored in a file, otherwise they will be stored only in memory
NEKO_SESSION_FILE: <string>
# interval in seconds for sending heartbeat messages
NEKO_SESSION_HEARTBEAT_INTERVAL: "120"
# allow implicit control switching
NEKO_SESSION_IMPLICIT_HOSTING: "true"
# show inactive cursors on the screen
NEKO_SESSION_INACTIVE_CURSORS: "false"
# whether controls should be locked for users initially
NEKO_SESSION_LOCKED_CONTROLS: "false"
# whether logins should be locked for users initially
NEKO_SESSION_LOCKED_LOGINS: "false"
# allow reconnecting to websocket even if previous connection was not closed
NEKO_SESSION_MERCIFUL_RECONNECT: "true"
# whether private mode should be enabled initially
NEKO_SESSION_PRIVATE_MODE: "false"
# limits the pool of ephemeral ports that ICE UDP connections can allocate from
NEKO_WEBRTC_EPR: <string>
# enables debug logging for the bandwidth estimator
NEKO_WEBRTC_ESTIMATOR_DEBUG: "false"
# how bigger the difference between estimated and stream bitrate must be to trigger upgrade/downgrade
NEKO_WEBRTC_ESTIMATOR_DIFF_THRESHOLD: "0.15"
# how long to wait before downgrading again after previous downgrade
NEKO_WEBRTC_ESTIMATOR_DOWNGRADE_BACKOFF: "10s"
# enables the bandwidth estimator
NEKO_WEBRTC_ESTIMATOR_ENABLED: "false"
# initial bitrate for the bandwidth estimator
NEKO_WEBRTC_ESTIMATOR_INITIAL_BITRATE: "1000000"
# passive estimator mode, when it does not switch pipelines, only estimates
NEKO_WEBRTC_ESTIMATOR_PASSIVE: "false"
# how often to read and process bandwidth estimation reports
NEKO_WEBRTC_ESTIMATOR_READ_INTERVAL: "2s"
# how long to wait for stable connection (upward or neutral trend) before upgrading
NEKO_WEBRTC_ESTIMATOR_STABLE_DURATION: "12s"
# how long to wait for stalled bandwidth estimation before downgrading
NEKO_WEBRTC_ESTIMATOR_STALLED_DURATION: "24s"
# how long to wait for stalled connection (neutral trend with low bandwidth) before downgrading
NEKO_WEBRTC_ESTIMATOR_UNSTABLE_DURATION: "6s"
# how long to wait before upgrading again after previous upgrade
NEKO_WEBRTC_ESTIMATOR_UPGRADE_BACKOFF: "5s"
# configures whether or not the ICE agent should be a lite agent
NEKO_WEBRTC_ICELITE: "false"
# Backend only STUN and TURN servers in JSON format with urls, `username` and `credential` keys
NEKO_WEBRTC_ICESERVERS_BACKEND: "[]"
# Frontend only STUN and TURN servers in JSON format with urls, `username` and `credential` keys
NEKO_WEBRTC_ICESERVERS_FRONTEND: "[]"
# configures whether cadidates should be sent asynchronously using Trickle ICE
NEKO_WEBRTC_ICETRICKLE: "true"
# URL address used for retrieval of the external IP address
NEKO_WEBRTC_IP_RETRIEVAL_URL: "https://checkip.amazonaws.com"
# sets a list of external IP addresses of 1:1 (D)NAT and a candidate type for which the external IP address is used
NEKO_WEBRTC_NAT1TO1: <strings>
# single TCP mux port for all peers
NEKO_WEBRTC_TCPMUX: <int>
# single UDP mux port for all peers, replaces EPR
NEKO_WEBRTC_UDPMUX: <int>
# configuration file path
NEKO_CONFIG: <string>
# enable debug mode
NEKO_DEBUG: "false"
# logging directory to store logs
NEKO_LOG_DIR: <string>
# logs in JSON format
NEKO_LOG_JSON: "false"
# set log level (trace, debug, info, warn, error, fatal, panic, disabled)
NEKO_LOG_LEVEL: "info"
# no ANSI colors in non-JSON output
NEKO_LOG_NOCOLOR: "false"
# time format used in logs (unix, unixms, unixmicro)
NEKO_LOG_TIME: "unix"

Next Steps