Skip to content

Sapsan configuration

All of Sapsan's configuration lives in a single YAML file, sapsan.yaml. This page describes its sections and reload rules.

File structure

listeners:        # ports the server listens on
  http:
    - port: 80
  rtsp:
    - port: 554
  rtmp:
    - port: 1935
  webrtc:
    - port: 5005

streams:          # named streams
  cam1:
    inputs:
    - rtsp:
        url: rtsp://admin:password@10.0.0.5/stream0
    dvr: {}

dvr:              # shared archive storage
  root: /storage
  disks:
  - path: d1

auth: {}            # playback and publish authorization
config_external: {} # external configuration management
rproxy: {}          # Peeklio gateway
api_auth:           # Admin API login/password
  login: admin
  password: secret
Section What it configures Details
listeners HTTP, RTSP, RTMP, and WebRTC server ports this page
streams streams: sources, transcoder, DVR, pushes, screenshots ingest
dvr on-disk archive storage DVR recording
auth tokens and auth backends authorization
config_external fetching configuration from an external server external configuration
rproxy Peeklio gateway for agents Peeklio gateway
api_auth Admin API access Admin API

Validation

Sapsan validates the configuration on load and refuses to start with an invalid one:

  • unknown fields are an error (protects against typos);
  • every stream input must contain exactly one protocol;
  • ports cannot be reused across listeners and streams;
  • if a stream has dvr enabled, the global dvr section must exist.

Hot reload

On SIGHUP Sapsan re-reads sapsan.yaml and applies changes without restarting the process:

  • streams, authorization, and DVR are reconfigured in place;
  • listeners are rebound only when a port changes;
  • the rproxy gateway keeps agent connections across reloads (but changing streampoint_key / endpoint_auth_url requires a process restart).
kill -HUP $(pidof sapsan)