Production Setup

Here's a quick guide on how to get MoQ running in production.

Relay

moq-relay is the core of the MoQ stack. It's responsible for routing live tracks (payload agnostic) from 1 client to N clients. The relay accepts WebTransport connections from clients, but it can also connect to other relays to fetch upstream. Think of the relay as a HTTP web server like Nginx, but for live content.

There are multiple companies working on MoQ CDNs (like Cloudflare) so eventually it won't be necessary to self-host. However, you do unlock some powerful features by self-hosting, such as running relays within your internal network.

QUIC Requirements

Before we get carried away, we need to cover the QUIC requirements:

QUIC is a client-server protocol, so you MUST have a server with a static IP address.
QUIC requires TLS, so you MUST have a TLS certificate, even if it's self-signed.
QUIC uses UDP, so you MUST configure your firewall to allow UDP traffic.
QUIC load balancers don't exist yet, so you MUST design your own load balancer.

These make it a bit more difficult to deploy, but don't worry we have you covered.

EZ Mode

https://cdn.moq.dev is a free, public MoQ relay. Check out the cdn directory for the source code.

It consists of a relay server in the US, Europe, and Asia. Clients use GeoDNS to connect to the nearest relay, and relays connect to each other to form a global mesh. You can also connect to individual nodes directly:

https://usc.cdn.moq.dev
https://euc.cdn.moq.dev
https://sea.cdn.moq.dev

Here's a quick tl;dr of the setup:

Linode is the VM provider.
GCP is the DNS provider.
OpenTofu (aka Terraform) sets up the infrastructure.
Nix is used to build/cache the binaries.
systemd runs the services.
ssh + rsync are used to deploy.
certbot + Let's Encrypt procures TLS certificates.

Any EC2-like cloud provider will work; we just need a VM with a public IP address. The old setup used to use GCP but was double the cost. We're still using GCP for GeoDNS because there aren't many other options and it's virtually free (unlike Cloudflare).

Read the moq-relay documentation for more details on how to configure the relay server.

Hard Mode

If you don't want to use the EZ Mode, don't worry you can build your own stack. MoQ should work just fine inside your own network or infrastructure provided you understand the QUIC requirements.

You need at least one server with some way to discover its IP address. DNS is the easiest way to do this, but some other way of getting an IP address should also work. QUIC also has really awesome anycast support but that's a bit more advanced; reach out if you're interested.

TLS is where most people get stuck. See my blog post for more details, but here's the important bits:

QUIC uses the same TLS certificate as HTTPS.
However, TLS load balancers currently don't support QUIC, so you need to provision your own TLS certificates.
You can disable TLS verification if you don't care about MITM attacks, but only for native clients.
Web browsers can support self-signed certificates via fingerprint verification, but it's limited to ephemeral certificates (<2 weeks).

And of course, make sure UDP is allowed on your firewall. The default WebTransport port is UDP/443 but anything will work if you put it in the URL.

Web

Whew, the hard part is over. The web client is pretty standard:

@moq/lite: generic network transport
@moq/hang: media library and WebComponents
@moq/hang-ui: optional UI components

Currently, you need to use a bundler and Vite is the only supported option for @moq/hang. It makes me very sad and we're working on a more universal solution, contributions welcome!

NOTE both of these libraries are intended for client-side. However, @moq/lite can run on the server side using Deno or a WebTransport polyfill. Don't even try to run @moq/hang on the server side or you'll run into a ton of issues, especially with Next.js.

Native

Native clients are the easiest to get running, but also the most limited.

We have a few integrations with popular libraries:

obs: OBS Studio plugin for publishing or consuming media
gstreamer: GStreamer plugin for publishing or consuming media
hang-cli: command-line tool for publishing media (from stdin/ffmpeg)

Or you can use the core libraries directly:

moq-lite: generic network transport
hang: media library (no encoding/decoding support yet)
libmoq: C bindings for moq-lite and hang

You just need to make sure UDP is allowed on your firewall. If the server is using a non-standard TLS certificate, you'll need to configure the client to accept it.

What's Next?

Grats on getting MoQ running in production! I knew you could do it.

Check out the concepts and API docs to dive deeper.

Production Setup ​

Relay ​

QUIC Requirements ​

EZ Mode ​

Hard Mode ​

Web ​

Native ​

What's Next? ​