@apocaliss92/scrypted-onvif-rebroadcast 0.0.12 → 0.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +78 -15
- package/dist/plugin.zip +0 -0
- package/docs/unique-ip-setup.md +39 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -18,17 +18,54 @@ UniFi Protect identifies third-party cameras by MAC address. To add multiple cam
|
|
|
18
18
|
|
|
19
19
|
### Prerequisites
|
|
20
20
|
|
|
21
|
-
-
|
|
22
|
-
- Docker
|
|
23
|
-
- A network interface available for macvlan (e.g. `br0`)
|
|
21
|
+
- The **Rebroadcast plugin** installed in Scrypted
|
|
22
|
+
- Docker installed and the Docker socket accessible at `/var/run/docker.sock`
|
|
23
|
+
- A parent network interface available for macvlan (e.g. `eth0`, `ens3`, `br0`)
|
|
24
24
|
|
|
25
|
-
|
|
25
|
+
#### Scrypted in Docker (bridge networking - recommended)
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
Mount the Docker socket so the plugin can create and manage proxy containers:
|
|
28
28
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
29
|
+
```yaml
|
|
30
|
+
# docker-compose.yml
|
|
31
|
+
services:
|
|
32
|
+
scrypted:
|
|
33
|
+
volumes:
|
|
34
|
+
- /var/run/docker.sock:/var/run/docker.sock
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Or with `docker run`:
|
|
38
|
+
```bash
|
|
39
|
+
docker run -v /var/run/docker.sock:/var/run/docker.sock ...
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
With bridge networking, Scrypted gets a Docker bridge IP (e.g. `172.17.0.2`) in a different subnet from the macvlan cameras. The plugin detects that bridge network and connects each proxy container to it, so ONVIF and RTSP traffic can reach Scrypted without a host-side shim.
|
|
43
|
+
|
|
44
|
+
#### Scrypted in Docker with `--network=host`, or native install
|
|
45
|
+
|
|
46
|
+
When Scrypted shares the host network stack (host networking or bare-metal), it gets the same LAN IP as the host (e.g. `192.168.1.50`). Macvlan containers cannot reach that IP directly due to kernel macvlan-to-host isolation.
|
|
47
|
+
|
|
48
|
+
The plugin detects this automatically when Scrypted's IP is in the same subnet as the macvlan network and tries to create a `macvlan-shim0` interface on the host through a temporary privileged helper container. If your Docker setup does not allow privileged helper containers, create the shim manually with root or `CAP_NET_ADMIN`.
|
|
49
|
+
|
|
50
|
+
**Docker with host networking:**
|
|
51
|
+
```yaml
|
|
52
|
+
cap_add:
|
|
53
|
+
- NET_ADMIN
|
|
54
|
+
network_mode: host
|
|
55
|
+
volumes:
|
|
56
|
+
- /var/run/docker.sock:/var/run/docker.sock
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
**Native install:** Docker must still be installed and `/var/run/docker.sock` must be accessible so the plugin can create proxy containers. Manual shim creation requires root or `CAP_NET_ADMIN` on the host.
|
|
60
|
+
|
|
61
|
+
If automatic shim creation fails, check the plugin logs and run manually on the host:
|
|
62
|
+
```bash
|
|
63
|
+
ip link add macvlan-shim0 link <parent-iface> type macvlan mode bridge
|
|
64
|
+
ip addr add <shim-ip>/<prefix> dev macvlan-shim0
|
|
65
|
+
ip link set macvlan-shim0 up
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
Use the **Macvlan shim IP** plugin setting to control which IP is assigned. Leave it empty unless the auto-selected address conflicts with another device.
|
|
32
69
|
|
|
33
70
|
### Plugin Settings
|
|
34
71
|
|
|
@@ -37,9 +74,10 @@ The plugin needs access to the Docker socket to create proxy containers. Add thi
|
|
|
37
74
|
| **Username / Password** | ONVIF authentication credentials | `admin` / `password` |
|
|
38
75
|
| **Auto-assign unique IPs** | Enable automatic proxy container creation | `true` |
|
|
39
76
|
| **IP range start** | First IP to assign to cameras | `192.168.1.240` |
|
|
40
|
-
| **Network interface** | Parent interface for the macvlan Docker network | `
|
|
41
|
-
| **Subnet prefix length** | CIDR prefix for the macvlan network | `
|
|
77
|
+
| **Network interface** | Parent interface for the macvlan Docker network | `eth0` |
|
|
78
|
+
| **Subnet prefix length** | CIDR prefix for the macvlan network | `24` |
|
|
42
79
|
| **Gateway** | Default gateway for the macvlan network | `192.168.1.1` |
|
|
80
|
+
| **Macvlan shim IP** | *(Native / host networking only)* IP for the host-side macvlan shim interface. Must be in the same subnet as the IP range and not in use. Leave empty to auto-assign (subnet base + 2). Ignored in Docker bridge mode. | `192.168.1.2` |
|
|
43
81
|
|
|
44
82
|
### IP Range Selection
|
|
45
83
|
|
|
@@ -47,14 +85,26 @@ Choose IPs **outside your DHCP pool** on the same subnet as your UniFi controlle
|
|
|
47
85
|
|
|
48
86
|
### How It Works
|
|
49
87
|
|
|
88
|
+
**Scrypted in Docker (bridge networking):**
|
|
89
|
+
```
|
|
90
|
+
UniFi Protect macvlan proxy container Scrypted container
|
|
91
|
+
(192.168.1.x) (192.168.1.240, unique MAC) (172.17.0.2 / bridge)
|
|
92
|
+
| | |
|
|
93
|
+
|-- ONVIF (port 8000) --->|-- TCP:18000 over bridge ->| ONVIF server
|
|
94
|
+
|-- RTSP (port 554) --->|-- TCP:42917 over bridge ->| RTSP rebroadcast
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
**Scrypted on bare metal / VM:**
|
|
50
98
|
```
|
|
51
|
-
UniFi Protect
|
|
52
|
-
(192.168.1.x)
|
|
53
|
-
|
|
|
54
|
-
|
|
55
|
-
|
|
99
|
+
UniFi Protect macvlan proxy container macvlan-shim0 Scrypted (native)
|
|
100
|
+
(192.168.1.x) (192.168.1.240, unique MAC) (192.168.1.2) (192.168.1.50)
|
|
101
|
+
| | | |
|
|
102
|
+
|-- ONVIF (port 8000) --->|-- TCP:18000 ----------->|-- loopback ------->| ONVIF server
|
|
103
|
+
|-- RTSP (port 554) --->|-- TCP:42917 ----------->|-- loopback ------->| RTSP rebroadcast
|
|
56
104
|
```
|
|
57
105
|
|
|
106
|
+
The macvlan shim (`macvlan-shim0`) is a host-side macvlan interface that breaks kernel-level macvlan-to-host isolation, allowing proxy containers to reach Scrypted on the same machine.
|
|
107
|
+
|
|
58
108
|
Each camera gets its own proxy container with:
|
|
59
109
|
- A unique IP address on your LAN
|
|
60
110
|
- A unique MAC address (deterministic, based on device ID)
|
|
@@ -69,6 +119,19 @@ Each camera gets its own proxy container with:
|
|
|
69
119
|
5. Enter each camera's assigned IP with port `8000`
|
|
70
120
|
6. Enter the ONVIF username/password you configured
|
|
71
121
|
|
|
122
|
+
### Audio in UniFi Protect
|
|
123
|
+
|
|
124
|
+
UniFi Protect audio depends on the RTSP stream codec that Scrypted Rebroadcast serves. This plugin wraps those RTSP URLs in ONVIF and proxies them; it does not transcode audio itself.
|
|
125
|
+
|
|
126
|
+
For third-party camera audio in Protect:
|
|
127
|
+
|
|
128
|
+
1. In Scrypted's Rebroadcast settings for the camera, choose the stream mode that actually exposes working audio in Protect. Some cameras work better with default rebroadcast audio than Improved Compatibility Mode.
|
|
129
|
+
2. Reload or refresh this plugin so the updated rebroadcast stream is discovered.
|
|
130
|
+
3. On the camera's ONVIF Rebroadcast mixin settings, set **Streams to expose via ONVIF** to the working main/sub streams.
|
|
131
|
+
4. Remove and re-add the camera in UniFi Protect if it was already adopted; Protect caches stream/profile metadata.
|
|
132
|
+
|
|
133
|
+
The plugin logs each discovered stream's audio codec so you can compare modes and select the stream that works best with Protect.
|
|
134
|
+
|
|
72
135
|
### Unraid Notes
|
|
73
136
|
|
|
74
137
|
- If your Scrypted container uses `Custom: br0.2` (ipvlan), create the macvlan network on `br0` instead to get unique MACs
|
package/dist/plugin.zip
CHANGED
|
Binary file
|
package/docs/unique-ip-setup.md
CHANGED
|
@@ -4,9 +4,9 @@ UniFi Protect identifies third-party ONVIF cameras by **MAC address**. When mult
|
|
|
4
4
|
|
|
5
5
|
## Prerequisites
|
|
6
6
|
|
|
7
|
-
-
|
|
8
|
-
- Docker
|
|
9
|
-
- A network
|
|
7
|
+
- The **Rebroadcast** plugin installed in Scrypted
|
|
8
|
+
- Docker installed and the Docker socket accessible at `/var/run/docker.sock`
|
|
9
|
+
- A parent network interface available for macvlan (e.g. `eth0`, `ens3`, `br0`)
|
|
10
10
|
|
|
11
11
|
## How It Works
|
|
12
12
|
|
|
@@ -17,16 +17,20 @@ The plugin creates a **Docker macvlan network** and spawns a lightweight **proxy
|
|
|
17
17
|
- TCP proxies for **ONVIF** (port 8000) and **RTSP** (port 554+) traffic
|
|
18
18
|
|
|
19
19
|
```
|
|
20
|
-
UniFi Protect Docker macvlan proxy Scrypted
|
|
21
|
-
(your LAN) (unique IP + MAC) (
|
|
20
|
+
UniFi Protect Docker macvlan proxy Scrypted
|
|
21
|
+
(your LAN) (unique IP + MAC) (bridge or shim IP)
|
|
22
22
|
│ │ │
|
|
23
23
|
│── ONVIF (port 8000) ───────▶│── TCP proxy ─────────────────▶│ ONVIF server
|
|
24
24
|
│── RTSP (port 554) ───────▶│── TCP proxy ─────────────────▶│ RTSP rebroadcast
|
|
25
25
|
```
|
|
26
26
|
|
|
27
|
-
## Step 1:
|
|
27
|
+
## Step 1: Provide Docker Access
|
|
28
28
|
|
|
29
|
-
The plugin needs access to
|
|
29
|
+
The plugin needs Docker access to create macvlan networks and proxy containers.
|
|
30
|
+
|
|
31
|
+
### Docker bridge networking
|
|
32
|
+
|
|
33
|
+
Bridge networking is the preferred setup. Mount the Docker socket into Scrypted:
|
|
30
34
|
|
|
31
35
|
| Container Path | Host Path |
|
|
32
36
|
|---|---|
|
|
@@ -46,6 +50,20 @@ volumes:
|
|
|
46
50
|
docker run ... -v /var/run/docker.sock:/var/run/docker.sock ...
|
|
47
51
|
```
|
|
48
52
|
|
|
53
|
+
The plugin detects Scrypted's Docker bridge network and connects each proxy container to it, so no host-side macvlan shim is needed.
|
|
54
|
+
|
|
55
|
+
### Docker host networking or native install
|
|
56
|
+
|
|
57
|
+
If Scrypted runs with `--network=host` or directly on the host, Scrypted's IP is usually on the same LAN subnet as the macvlan proxy IPs. Linux macvlan isolation prevents proxy containers from reaching that host IP directly.
|
|
58
|
+
|
|
59
|
+
In that case, the plugin attempts to create a host-side `macvlan-shim0` interface through a temporary privileged helper container. If your Docker setup does not allow that, create the shim manually on the host:
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
ip link add macvlan-shim0 link <parent-iface> type macvlan mode bridge
|
|
63
|
+
ip addr add <shim-ip>/<prefix> dev macvlan-shim0
|
|
64
|
+
ip link set macvlan-shim0 up
|
|
65
|
+
```
|
|
66
|
+
|
|
49
67
|
## Step 2: Configure Plugin Settings
|
|
50
68
|
|
|
51
69
|
Open the ONVIF Rebroadcast plugin settings in Scrypted and configure the **IP Allocation** section:
|
|
@@ -57,6 +75,7 @@ Open the ONVIF Rebroadcast plugin settings in Scrypted and configure the **IP Al
|
|
|
57
75
|
| **Network interface** | Parent interface for the macvlan Docker network | `br0` |
|
|
58
76
|
| **Subnet prefix length** | CIDR prefix matching your network | `23` or `24` |
|
|
59
77
|
| **Gateway** | Your network's default gateway | `192.168.1.1` |
|
|
78
|
+
| **Macvlan shim IP** | Optional shim address for native / host networking. Leave empty to auto-assign. Ignored in Docker bridge mode. | `192.168.1.2` |
|
|
60
79
|
|
|
61
80
|
### Choosing the Right IP Range
|
|
62
81
|
|
|
@@ -102,6 +121,19 @@ Repeat for each camera IP. Each will be recognized as a separate device with its
|
|
|
102
121
|
|
|
103
122
|
> **Note:** UniFi will display the camera's actual model number (e.g. "Reolink CX410") as reported by the ONVIF device information.
|
|
104
123
|
|
|
124
|
+
## UniFi Protect Audio
|
|
125
|
+
|
|
126
|
+
The proxy only forwards Scrypted's RTSP rebroadcast stream. It cannot add or transcode audio after the fact.
|
|
127
|
+
|
|
128
|
+
If UniFi Protect shows video but no audio:
|
|
129
|
+
|
|
130
|
+
- In Scrypted's Rebroadcast settings, try the available stream modes and keep the one that exposes stable audio in Protect. Some cameras work better with default rebroadcast audio than Improved Compatibility Mode.
|
|
131
|
+
- In the ONVIF Rebroadcast mixin settings, click **Refresh streams**.
|
|
132
|
+
- Select the working main/sub streams under **Streams to expose via ONVIF**.
|
|
133
|
+
- Remove and re-add the camera in UniFi Protect so Protect re-reads the ONVIF profile and RTSP audio metadata.
|
|
134
|
+
|
|
135
|
+
Check the ONVIF Rebroadcast logs after refresh. The selected streams should show audio metadata so you can compare which mode Protect handles best.
|
|
136
|
+
|
|
105
137
|
## Step 5: Verify
|
|
106
138
|
|
|
107
139
|
You can verify the proxy containers are running:
|
package/package.json
CHANGED