[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-kerberos-io--agent":3,"tool-kerberos-io--agent":65},[4,18,32,40,48,56],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4292,"Deep-Live-Cam","hacksider\u002FDeep-Live-Cam","Deep-Live-Cam 是一款专注于实时换脸与视频生成的开源工具,用户仅需一张静态照片,即可通过“一键操作”实现摄像头画面的即时变脸或制作深度伪造视频。它有效解决了传统换脸技术流程繁琐、对硬件配置要求极高以及难以实时预览的痛点,让高质量的数字内容创作变得触手可及。\n\n这款工具不仅适合开发者和技术研究人员探索算法边界,更因其极简的操作逻辑(仅需三步:选脸、选摄像头、启动),广泛适用于普通用户、内容创作者、设计师及直播主播。无论是为了动画角色定制、服装展示模特替换,还是制作趣味短视频和直播互动,Deep-Live-Cam 都能提供流畅的支持。\n\n其核心技术亮点在于强大的实时处理能力,支持口型遮罩(Mouth Mask)以保留使用者原始的嘴部动作,确保表情自然精准;同时具备“人脸映射”功能,可同时对画面中的多个主体应用不同面孔。此外,项目内置了严格的内容安全过滤机制,自动拦截涉及裸露、暴力等不当素材,并倡导用户在获得授权及明确标注的前提下合规使用,体现了技术发展与伦理责任的平衡。",88924,3,"2026-04-06T03:28:53",[13,14,15,16],"开发框架","图像","Agent","视频","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":24,"last_commit_at":25,"category_tags":26,"status":17},2268,"ML-For-Beginners","microsoft\u002FML-For-Beginners","ML-For-Beginners 是由微软推出的一套系统化机器学习入门课程,旨在帮助零基础用户轻松掌握经典机器学习知识。这套课程将学习路径规划为 12 周,包含 26 节精炼课程和 52 道配套测验,内容涵盖从基础概念到实际应用的完整流程,有效解决了初学者面对庞大知识体系时无从下手、缺乏结构化指导的痛点。\n\n无论是希望转型的开发者、需要补充算法背景的研究人员,还是对人工智能充满好奇的普通爱好者,都能从中受益。课程不仅提供了清晰的理论讲解,还强调动手实践,让用户在循序渐进中建立扎实的技能基础。其独特的亮点在于强大的多语言支持,通过自动化机制提供了包括简体中文在内的 50 多种语言版本,极大地降低了全球不同背景用户的学习门槛。此外,项目采用开源协作模式,社区活跃且内容持续更新,确保学习者能获取前沿且准确的技术资讯。如果你正寻找一条清晰、友好且专业的机器学习入门之路,ML-For-Beginners 将是理想的起点。",85092,2,"2026-04-10T11:13:16",[14,27,16,28,15,29,30,13,31],"数据工具","插件","其他","语言模型","音频",{"id":33,"name":34,"github_repo":35,"description_zh":36,"stars":37,"difficulty_score":10,"last_commit_at":38,"category_tags":39,"status":17},3833,"MoneyPrinterTurbo","harry0703\u002FMoneyPrinterTurbo","MoneyPrinterTurbo 是一款利用 AI 大模型技术,帮助用户一键生成高清短视频的开源工具。只需输入一个视频主题或关键词,它就能全自动完成从文案创作、素材匹配、字幕合成到背景音乐搭配的全过程,最终输出完整的竖屏或横屏短视频。\n\n这款工具主要解决了传统视频制作流程繁琐、门槛高以及素材版权复杂等痛点。无论是需要快速产出内容的自媒体创作者,还是希望尝试视频生成的普通用户,无需具备专业的剪辑技能或昂贵的硬件配置(普通电脑即可运行),都能轻松上手。同时,其清晰的 MVC 架构和对多种主流大模型(如 DeepSeek、Moonshot、通义千问等)的广泛支持,也使其成为开发者进行二次开发或技术研究的理想底座。\n\nMoneyPrinterTurbo 的独特亮点在于其高度的灵活性与本地化友好性。它不仅支持中英文双语及多种语音合成,允许用户精细调整字幕样式和画面比例,还特别优化了国内网络环境下的模型接入方案,让用户无需依赖 VPN 即可使用高性能国产大模型。此外,工具提供批量生成模式,可一次性产出多个版本供用户择优,极大地提升了内容创作的效率与质量。",54991,"2026-04-05T12:23:02",[13,30,15,16,14],{"id":41,"name":42,"github_repo":43,"description_zh":44,"stars":45,"difficulty_score":24,"last_commit_at":46,"category_tags":47,"status":17},2179,"oh-my-openagent","code-yeongyu\u002Foh-my-openagent","oh-my-openagent(简称 omo)是一款强大的开源智能体编排框架,前身名为 oh-my-opencode。它致力于打破单一模型供应商的生态壁垒,解决开发者在构建 AI 应用时面临的“厂商锁定”难题。不同于仅依赖特定模型的封闭方案,omo 倡导开放市场理念,支持灵活调度多种主流大模型:利用 Claude、Kimi 或 GLM 进行任务编排,调用 GPT 处理复杂推理,借助 Minimax 提升响应速度,或发挥 Gemini 的创意优势。\n\n这款工具特别适合希望摆脱平台限制、追求极致性能与成本平衡的开发者及研究人员使用。通过统一接口,用户可以轻松组合不同模型的长处,构建更高效、更具适应性的智能体系统。其独特的技术亮点在于“全模型兼容”架构,让用户不再受制于某一家公司的策略变动或定价调整,真正实现对前沿模型资源的自由驾驭。无论是构建自动化编码助手,还是开发多步骤任务处理流程,oh-my-openagent 都能提供灵活且稳健的基础设施支持,助力用户在快速演进的 AI 生态中保持技术主动权。",50701,"2026-04-12T11:29:54",[16,30,13,14,15],{"id":49,"name":50,"github_repo":51,"description_zh":52,"stars":53,"difficulty_score":10,"last_commit_at":54,"category_tags":55,"status":17},5295,"tabby","TabbyML\u002Ftabby","Tabby 是一款可私有化部署的开源 AI 编程助手,旨在为开发团队提供 GitHub Copilot 的安全替代方案。它核心解决了代码辅助过程中的数据隐私顾虑与云端依赖问题,让企业能够在完全掌控数据的前提下享受智能代码补全、聊天问答及上下文理解带来的效率提升。\n\n这款工具特别适合注重代码安全的企业开发团队、希望本地化运行大模型的科研机构,以及拥有消费级显卡的个人开发者。Tabby 的最大亮点在于其“开箱即用”的自包含架构,无需配置复杂的数据库或依赖云服务即可快速启动。同时,它对硬件十分友好,支持在普通的消费级 GPU 上流畅运行,大幅降低了部署门槛。此外,Tabby 提供了标准的 OpenAPI 接口,能轻松集成到现有的云 IDE 或内部开发流程中,并支持通过 REST API 接入自定义文档以增强知识上下文。从代码自动补全到基于 Git 仓库的智能问答,Tabby 致力于成为开发者身边懂业务、守安全的智能伙伴。",33308,"2026-04-07T20:23:18",[13,30,15,14,16],{"id":57,"name":58,"github_repo":59,"description_zh":60,"stars":61,"difficulty_score":62,"last_commit_at":63,"category_tags":64,"status":17},6525,"generative-models","Stability-AI\u002Fgenerative-models","Generative Models 是 Stability AI 推出的开源项目,核心亮点在于最新发布的 Stable Video 4D 2.0(SV4D 2.0)。这是一个先进的视频转 4D 扩散模型,旨在解决从单一视角视频中生成高保真、多视角动态 3D 资产的技术难题。传统方法往往难以处理物体自遮挡或背景杂乱的情况,且生成的动态细节容易模糊,而 SV4D 2.0 通过改进的架构,显著提升了运动中的画面锐度与时空一致性,无需依赖额外的多视角参考图即可稳健地合成新颖视角的视频。\n\n该项目特别适合计算机视觉研究人员、AI 开发者以及从事 3D 内容创作的设计师使用。对于研究者,它提供了探索 4D 生成前沿的完整代码与训练权重;对于开发者,其支持自动回归生成长视频及低显存优化选项,便于集成与调试;对于设计师,它能将简单的物体运动视频快速转化为可用于游戏或影视的多视角 4D 素材。技术层面,SV4D 2.0 支持一次性生成 12 帧视频对应 4 个相机视角(或 5 帧对应 8 视角),分辨率达 576x576,并能更好地泛化至真实世界场景。用户只需准备一段白底或经简单抠图处理的物体运动视频,",27078,4,"2026-04-10T22:08:34",[16,29],{"id":66,"github_repo":67,"name":68,"description_en":69,"description_zh":70,"ai_summary_zh":70,"readme_en":71,"readme_zh":72,"quickstart_zh":73,"use_case_zh":74,"hero_image_url":75,"owner_login":76,"owner_name":77,"owner_avatar_url":78,"owner_bio":79,"owner_company":80,"owner_location":80,"owner_email":81,"owner_twitter":80,"owner_website":82,"owner_url":83,"languages":84,"stars":115,"forks":116,"last_commit_at":117,"license":118,"difficulty_score":24,"env_os":119,"env_gpu":120,"env_ram":121,"env_deps":122,"category_tags":128,"github_topics":129,"view_count":24,"oss_zip_url":80,"oss_zip_packed_at":80,"status":17,"created_at":138,"updated_at":139,"faqs":140,"releases":169},7125,"kerberos-io\u002Fagent","agent","An open and scalable video surveillance system for anyone making this world a better and more peaceful place.","Kerberos Agent 是一款开源且可扩展的视频监控管理代理,旨在为致力于构建更安全、和平世界的个人或组织提供强大的视频处理能力。它核心解决了传统监控系统封闭、昂贵且难以灵活部署的痛点,让用户能够自主掌控视频数据流,轻松将各类摄像头接入现代化管理架构。\n\n无论是拥有树莓派、NVIDIA Jetson 等边缘设备的开发者,还是需要搭建大规模集群的研究人员与企业用户,都能从中受益。只要你的摄像头支持 RTSP H.264\u002FH.265 编码(或通过转换工具适配),Kerberos Agent 即可在从 ARM 到 x86 的各种硬件架构上运行,甚至能无缝部署于 Kubernetes 集群中。\n\n其独特亮点在于完全开源(MIT 协议),允许商业使用及二次开发,代码透明度高;同时具备极强的环境适应性,既能在资源受限的边缘设备上轻量运行,也能支撑高并发的云端场景。配合直观的 Web 界面,用户可以快速完成配置与监控,是构建自定义智能安防系统的理想基石。","# Kerberos Agent\n\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fkerberos.io\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fkerberos-website-gray.svg?longCache=true&colorB=brightgreen\" alt=\"Kerberos Agent\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fdoc.kerberos.io\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fkerberos-documentation-gray.svg?longCache=true&colorB=brightgreen\" alt=\"Kerberos Agent\">\u003C\u002Fa>\n\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fcircleci.com\u002Fgh\u002Fkerberos-io\u002Fagent\">\u003Cimg src=\"https:\u002F\u002Fcircleci.com\u002Fgh\u002Fkerberos-io\u002Fagent.svg?style=svg\"\u002F>\u003C\u002Fa>\n\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fworkflows\u002FGo\u002Fbadge.svg\"\u002F>\n\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fworkflows\u002FReact\u002Fbadge.svg\"\u002F>\n\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fworkflows\u002FCodeQL\u002Fbadge.svg\"\u002F>\n\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fpkg.go.dev\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fmachinery\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_ff803135673c.png\" alt=\"PkgGoDev\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fcodecov.io\u002Fgh\u002Fkerberos-io\u002Fagent\">\u003Cimg src=\"https:\u002F\u002Fcodecov.io\u002Fgh\u002Fkerberos-io\u002Fagent\u002Fbranch\u002Fmaster\u002Fgraph\u002Fbadge.svg\" alt=\"Coverage Status\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fmachinery\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_2b4a70945b89.png\" alt=\"Coverage Status\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fapp.codacy.com\u002Fgh\u002Fkerberos-io\u002Fagent?utm_source=github.com&utm_medium=referral&utm_content=kerberos-io\u002Fagent&utm_campaign=Badge_Grade\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_adaaa9495e23.png\"\u002F>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fwww.figma.com\u002Fproto\u002FmsuYC6sv2cOCqZeDtBxNy7\u002F%5BNEW%5D-Kerberos.io-Apps?node-id=1%3A1788&viewport=-490%2C191%2C0.34553584456443787&scaling=min-zoom&page-id=1%3A2%3Ffuid%3D449684443467913607\" alt=\"Kerberos Agent\">\u003C\u002Fa>\n\n\u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg\" alt=\"License: MIT\">\u003C\u002Fa>\n[![donate](https:\u002F\u002Fbrianmacdonald.github.io\u002FEthonate\u002Fsvg\u002Feth-donate-blue.svg)](https:\u002F\u002Fbrianmacdonald.github.io\u002FEthonate\u002Faddress#0xf4a759C9436E2280Ea9cdd23d3144D95538fF4bE)\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Ftwitter.com\u002Fkerberosio?ref_src=twsrc%5Etfw\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Furl.svg?label=Follow%20%40kerberosio&style=social&url=https%3A%2F%2Ftwitter.com%2Fkerberosio\" alt=\"Twitter Widget\">\u003C\u002Fa>\n[![kerberosio](https:\u002F\u002Fsnapcraft.io\u002Fkerberosio\u002Fbadge.svg)](https:\u002F\u002Fsnapcraft.io\u002Fkerberosio)\n\n[![Slack invite](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fjoin%20kerberos.io%20on%20slack-grey?style=for-the-badge&logo=slack)](https:\u002F\u002Fjoinslack.kerberos.io\u002F)\n\n[**Docker Hub**](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fkerberos\u002Fagent) | [**Documentation**](https:\u002F\u002Fdoc.kerberos.io) | [**Website**](https:\u002F\u002Fkerberos.io) | [**View Demo**](https:\u002F\u002Fdemo.kerberos.io)\n\n> Before you continue, this repository discusses one of the components of the Kerberos.io stack, the Kerberos Agent, in depth. If you are [looking for an end-to-end deployment guide have a look here](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdeployment).\n\nKerberos Agent is an isolated and scalable video (surveillance) management agent made available as Open Source under the MIT License. This means that all the source code is available for you or your company, and you can use, transform and distribute the source code; as long you keep a reference of the original license. Kerberos Agent can be used for commercial usage (which was not the case for v2). Read more [about the license here](LICENSE).\n\n![Kerberos Agent go through UI](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_967869098e0d.gif)\n\n## :thinking: Prerequisites\n\n- An IP camera which supports a RTSP H264 or H265 encoded stream,\n - (or) a USB camera, Raspberry Pi camera or other camera, that [you can transform to a valid RTSP H264 or H265 stream](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp).\n- Any hardware (ARMv6, ARMv7, ARM64, AMD64) that can run a binary or container, for example: a Raspberry Pi, NVidia Jetson, Intel NUC, a VM, Bare metal machine or a full blown Kubernetes cluster.\n\n## :video_camera: Is my camera working?\n\nThere are a myriad of cameras out there (USB, IP and other cameras), and it might be daunting to know if Kerberos Agent will work for your camera. [Therefore we are listing all the camera models that are acknowlegded by the community](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F59). Feel free to add your camera to the list as well!\n\n## :books: Overview\n\n### Up and running in no time\n\n1. [Quickstart - Docker](#quickstart---docker)\n2. [Quickstart - Balena](#quickstart---balena)\n3. [Quickstart - Snap](#quickstart---snap)\n\n### Introduction\n\n1. [A world of Kerberos Agents](#a-world-of-kerberos-agents)\n\n### Running and automation\n\n1. [How to run and deploy a Kerberos Agent](#how-to-run-and-deploy-a-kerberos-agent)\n2. [Access the Kerberos Agent](#access-the-kerberos-agent)\n3. [Configure and persist with volume mounts](#configure-and-persist-with-volume-mounts)\n4. [Configure with environment variables](#configure-with-environment-variables)\n\n### Insights\n\n1. [Encryption](#encryption)\n2. [H264 vs H265](#h264-vs-h265)\n\n### Contributing\n\n1. [Contribute with Codespaces](#contribute-with-codespaces)\n2. [Develop and build](#develop-and-build)\n3. [Building from source](#building-from-source)\n4. [Building for Docker](#building-for-docker)\n\n### Varia\n\n1. [Support our project](#support-our-project)\n1. [What is new?](#what-is-new)\n1. [Contributors](#contributors)\n\n## Quickstart - Docker\n\nThe easiest way to get your Kerberos Agent up and running is to use our public image on [Docker hub](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fkerberos\u002Fagent). Once you have selected a specific tag, run `docker` command below, which will open the web interface of your Kerberos agent on port `80`, and off you go. For a more configurable and persistent deployment have a look at [Running and automating a Kerberos Agent](#running-and-automating-a-kerberos-agent).\n\n docker run -p 80:80 --name mycamera -d --restart=always kerberos\u002Fagent:latest\n\nIf you want to connect to a USB or Raspberry Pi camera, [you'll need to run our side car container](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp) which proxies the camera to an RTSP stream. In that case you'll want to configure the Kerberos Agent container to run in the host network, so it can connect directly to the RTSP sidecar.\n\n docker run --network=host --name mycamera -d --restart=always kerberos\u002Fagent:latest\n\n## Quickstart - Balena\n\nRun Kerberos Agent with [Balena Cloud](https:\u002F\u002Fwww.balena.io\u002F) super powers. Monitor your Kerberos Agent with seamless remote access, over the air updates, an encrypted public `https` endpoint and much more. Checkout our application `video-surveillance` on [Balena Hub](https:\u002F\u002Fhub.balena.io\u002Fapps\u002F2064752\u002Fvideo-surveillance), and create your first or fleet of Kerberos Agent(s).\n\n[![deploy with balena](https:\u002F\u002Fbalena.io\u002Fdeploy.svg)](https:\u002F\u002Fdashboard.balena-cloud.com\u002Fdeploy?repoUrl=https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fbalena-agent)\n\n## Quickstart - Snap\n\nRun Kerberos Agent with our [Snapcraft package](https:\u002F\u002Fsnapcraft.io\u002Fkerberosio).\n\n snap install kerberosio\n\nOnce installed you can find your Kerberos Agent configration at `\u002Fvar\u002Fsnap\u002Fkerberosio\u002Fcommon`. Run the Kerberos Agent as following\n\n sudo kerberosio.agent -action=run -port=80\n\n## A world of Kerberos Agents\n\nThe Kerberos Agent is an isolated and scalable video (surveillance) management agent with a strong focus on user experience, scalability, resilience, extension and integration. Next to the Kerberos Agent, Kerberos.io provides many other tools such as [Kerberos Factory](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Ffactory), [Kerberos Vault](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fvault), and [Kerberos Hub](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fhub) to provide additional capabilities: bring your own cloud, bring your own storage, central overview, live streaming, machine learning, etc.\n\n[![Deployment Agent](.\u002Fassets\u002Fimg\u002Fedge-deployment-agent.svg)](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdeployment)\n\nAs mentioned above Kerberos.io applies the concept of agents. An agent is running next to (or on) your camera, and is processing a single camera feed. It applies motion based or continuous recording and makes those recordings available through a user friendly web interface. A Kerberos Agent allows you to connect to other cloud services or integrate with custom applications. Kerberos Agent is used for personal applications and scales to enterprise production level deployments. Learn more about the [deployment strategies here](\u003C(https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdeployment)>).\n\nThis repository contains everything you'll need to know about our core product, Kerberos Agent. Below you'll find a brief list of features and functions.\n\n- Low memory and CPU usage.\n- Simplified and modern user interface.\n- Multi architecture (ARMv6, ARMv7, ARM64, AMD64)\n- Multi stream, for example recording in H265, live streaming and motion detection in H264.\n- Multi camera support: IP Cameras (H264 and H265), USB cameras and Raspberry Pi Cameras [through a RTSP proxy](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp).\n- Single camera per instance (e.g. one container per camera).\n- Low resolution streaming through MQTT and high resolution streaming through WebRTC (only supports H264\u002FPCM).\n- Backchannel audio from Kerberos Hub to IP camera (requires PCM ULAW codec)\n- Audio (AAC) and video (H264\u002FH265) recording in MP4 container.\n- End-to-end encryption through MQTT using RSA and AES (livestreaming, ONVIF, remote configuration, etc)\n- Conditional recording: offline mode, motion region, time table, continuous recording, webhook condition etc.\n- Post- and pre-recording for motion detection.\n- Encryption at rest using AES-256-CBC.\n- Ability to create fragmented recordings, and streaming through HLS fMP4.\n- [Deploy where you want](#how-to-run-and-deploy-a-kerberos-agent) with the tools you use: `docker`, `docker compose`, `ansible`, `terraform`, `kubernetes`, etc.\n- Cloud storage\u002Fpersistance: Kerberos Hub, Kerberos Vault and Dropbox. [(WIP: Minio, Storj, Google Drive, FTP etc.)](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F95)\n- Outputs: trigger an integration (Webhooks, MQTT, Script, etc) when a specific event (motion detection or start recording ) occurs\n- REST API access and documentation through Swagger (trigger recording, update configuration, etc).\n- MIT License\n\n## How to run and deploy a Kerberos Agent\n\nA Kerberos Agent, as previously mentioned, is a container. You can deploy it using various methods and automation tools, including `docker`, `docker compose`, `kubernetes` and more. To streamline your Kerberos.io experience, we provide concrete deployment examples to speed up your Kerberos.io journey”\n\nWe have documented the different deployment models [in the `deployments` directory](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments) of this repository. There you'll learn and find how to deploy using:\n\n- [Static binary](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#0-static-binary)\n- [Docker](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#1-docker)\n- [Docker Compose](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#2-docker-compose)\n- [Kubernetes](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#3-kubernetes)\n- [Red Hat OpenShift with Ansible](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#4-red-hat-ansible-and-openshift)\n- [Terraform](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#5-terraform)\n- [Salt](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#6-salt)\n- [Balena](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#8-balena)\n- [Snap](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#9-snap)\n\nBy default, your Kerberos Agents store all configuration and recordings within the container. To help you automate and have a more consistent data governance, you can attach volumes to configure and persist data of your Kerberos Agents and\u002For configure each Kerberos Agent through environment variables.\n\n## Access the Kerberos Agent\n\nOnce you have deployed the Kerberos Agent, using one of the deployment models described above, you will be able to access the Kerberos Agent user interface. A login page is presented asking for some credentials.\n\nThe default username and password for the Kerberos Agent is:\n\n- Username: `root`\n- Password: `root`\n\n**_Please note that you change the username and password for a final installation, see [Configure with environment variables](#configure-with-environment-variables) below._**\n\n## Configure and persist with volume mounts\n\nAn example of how to mount a host directory is shown below using `docker`, but is applicable for [all of the deployment models and tools described above](#running-and-automating-a-kerberos-agent).\n\nYou attach a volume to your container by leveraging the `-v` option. To mount your own configuration file and recordings folder, run the following commands:\n\n docker run -p 80:80 --name mycamera \\\n -v $(pwd)\u002Fagent\u002Fconfig:\u002Fhome\u002Fagent\u002Fdata\u002Fconfig \\\n -v $(pwd)\u002Fagent\u002Frecordings:\u002Fhome\u002Fagent\u002Fdata\u002Frecordings \\\n -d --restart=always kerberos\u002Fagent:latest\n\nMore examples for each deployment and automation tool [can be found in the deployment section](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments). Be sure to verify the permissions of the directory\u002Fvolume you are attaching. More information in [this issue](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F80).\n\n chmod -R 755 kerberos-agent\u002F\n chown 100:101 kerberos-agent\u002F -R\n\n## Configure with environment variables\n\nNext to attaching the configuration file, it is also possible to override the configuration with environment variables. This makes deploying with `docker compose` or `kubernetes` much easier and more scalable. Using this approach, we simplify automation through `ansible` and `terraform`.\n\n docker run -p 80:80 --name mycamera \\\n -e AGENT_NAME=mycamera \\\n -e AGENT_TIMEZONE=Europe\u002FBrussels \\\n -e AGENT_CAPTURE_IPCAMERA_RTSP=rtsp:\u002F\u002Ffake.kerberos.io\u002Fstream \\\n -e AGENT_CAPTURE_CONTINUOUS=true \\\n -d --restart=always kerberos\u002Fagent:latest\n\n| Name | Description | Default Value |\n| --------------------------------------- | ----------------------------------------------------------------------------------------------- | ------------------------------ |\n| `LOG_LEVEL` | Level for logging, could be \"info\", \"warning\", \"debug\", \"error\" or \"fatal\". | \"info\" |\n| `LOG_OUTPUT` | Logging output format \"json\" or \"text\". | \"text\" |\n| `AGENT_MODE` | You can choose to run this in 'release' for production, and or 'demo' for showcasing. | \"release\" |\n| `AGENT_TLS_INSECURE` | Specify if you want to use `InsecureSkipVerify` for the internal HTTP client. | \"false\" |\n| `AGENT_USERNAME` | The username used to authenticate against the Kerberos Agent login page. | \"root\" |\n| `AGENT_PASSWORD` | The password used to authenticate against the Kerberos Agent login page. | \"root\" |\n| `AGENT_KEY` | A unique identifier for your Kerberos Agent, this is auto-generated but can be overriden. | \"\" |\n| `AGENT_NAME` | The agent friendly-name. | \"agent\" |\n| `AGENT_TIMEZONE` | Timezone which is used for converting time. | \"Africa\u002FCeuta\" |\n| `AGENT_REMOVE_AFTER_UPLOAD` | When enabled, recordings uploaded successfully to a storage will be removed from disk. | \"true\" |\n| `AGENT_OFFLINE` | Makes sure no external connection is made. | \"false\" |\n| `AGENT_AUTO_CLEAN` | Cleans up the recordings directory. | \"true\" |\n| `AGENT_AUTO_CLEAN_MAX_SIZE` | If `AUTO_CLEAN` enabled, set the max size of the recordings directory (in MB). | \"100\" |\n| `AGENT_TIME` | Enable the timetable for Kerberos Agent | \"false\" |\n| `AGENT_TIMETABLE` | A (weekly) time table to specify when to make recordings \"start1,end1,start2,end2;start1.. | \"\" |\n| `AGENT_REGION_POLYGON` | A single polygon set for motion detection: \"x1,y1;x2,y2;x3,y3;... | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_RTSP` | Full-HD RTSP endpoint to the camera you're targetting. | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_SUB_RTSP` | Sub-stream RTSP endpoint used for livestreaming (WebRTC). | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_BASE_WIDTH` | Force a specific width resolution for live view processing. | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_BASE_HEIGHT` | Force a specific height resolution for live view processing. | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF` | Mark as a compliant ONVIF device. | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF_XADDR` | ONVIF endpoint\u002Faddress running on the camera. | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF_USERNAME` | ONVIF username to authenticate against. | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF_PASSWORD` | ONVIF password to authenticate against. | \"\" |\n| `AGENT_CAPTURE_MOTION` | Toggle for enabling or disabling motion. | \"true\" |\n| `AGENT_CAPTURE_LIVEVIEW` | Toggle for enabling or disabling liveview. | \"true\" |\n| `AGENT_CAPTURE_SNAPSHOTS` | Toggle for enabling or disabling snapshot generation. | \"true\" |\n| `AGENT_CAPTURE_RECORDING` | Toggle for enabling making recordings. | \"true\" |\n| `AGENT_CAPTURE_CONTINUOUS` | Toggle for enabling continuous \"true\" or motion \"false\". | \"false\" |\n| `AGENT_CAPTURE_PRERECORDING` | If `CONTINUOUS` set to `false`, specify the recording time (seconds) before\u002Fafter motion event. | \"10\" |\n| `AGENT_CAPTURE_POSTRECORDING` | If `CONTINUOUS` set to `false`, specify the recording time (seconds) after motion event. | \"20\" |\n| `AGENT_CAPTURE_MAXLENGTH` | The maximum length of a single recording (seconds). | \"30\" |\n| `AGENT_CAPTURE_PIXEL_CHANGE` | If `CONTINUOUS` set to `false`, the number of pixel require to change before motion triggers. | \"150\" |\n| `AGENT_CAPTURE_FRAGMENTED` | Set the format of the recorded MP4 to fragmented (suitable for HLS). | \"false\" |\n| `AGENT_CAPTURE_FRAGMENTED_DURATION` | If `AGENT_CAPTURE_FRAGMENTED` set to `true`, define the duration (seconds) of a fragment. | \"8\" |\n| `AGENT_MQTT_URI` | An MQTT broker endpoint that is used for bi-directional communication (live view, onvif, etc) | \"tcp:\u002F\u002Fmqtt.kerberos.io:1883\" |\n| `AGENT_MQTT_USERNAME` | Username of the MQTT broker. | \"\" |\n| `AGENT_MQTT_PASSWORD` | Password of the MQTT broker. | \"\" |\n| `AGENT_REALTIME_PROCESSING` | If `AGENT_REALTIME_PROCESSING` set to `true`, the agent will send key frames to the topic | \"\" |\n| `AGENT_REALTIME_PROCESSING_TOPIC` | The topic to which keyframes will be sent in base64 encoded format. | \"\" |\n| `AGENT_STUN_URI` | When using WebRTC, you'll need to provide a STUN server. | \"stun:turn.kerberos.io:8443\" |\n| `AGENT_FORCE_TURN` | Force using a TURN server, by generating relay candidates only. | \"false\" |\n| `AGENT_TURN_URI` | When using WebRTC, you'll need to provide a TURN server. | \"turn:turn.kerberos.io:8443\" |\n| `AGENT_TURN_USERNAME` | TURN username used for WebRTC. | \"username1\" |\n| `AGENT_TURN_PASSWORD` | TURN password used for WebRTC. | \"password1\" |\n| `AGENT_CLOUD` | Store recordings in Kerberos Hub (s3), Kerberos Vault (kstorage), or Dropbox (dropbox). | \"s3\" |\n| `AGENT_HUB_ENCRYPTION` | Turning on\u002Foff encryption of traffic from your Kerberos Agent to Kerberos Hub. | \"true\" |\n| `AGENT_HUB_URI` | The Kerberos Hub API, defaults to our Kerberos Hub SAAS. | \"https:\u002F\u002Fapi.hub.domain.com\" |\n| `AGENT_HUB_KEY` | The access key linked to your account in Kerberos Hub. | \"\" |\n| `AGENT_HUB_PRIVATE_KEY` | The secret access key linked to your account in Kerberos Hub. | \"\" |\n| `AGENT_HUB_REGION` | The Kerberos Hub region, to which you want to upload. | \"\" |\n| `AGENT_HUB_SITE` | The site ID of a site you've created in your Kerberos Hub account. | \"\" |\n| `AGENT_KERBEROSVAULT_URI` | The Kerberos Vault API url. | \"https:\u002F\u002Fvault.domain.com\u002Fapi\" |\n| `AGENT_KERBEROSVAULT_ACCESS_KEY` | The access key of a Kerberos Vault account. | \"\" |\n| `AGENT_KERBEROSVAULT_SECRET_KEY` | The secret key of a Kerberos Vault account. | \"\" |\n| `AGENT_KERBEROSVAULT_PROVIDER` | A Kerberos Vault provider you have created (optional). | \"\" |\n| `AGENT_KERBEROSVAULT_DIRECTORY` | The directory, in the Kerberos vault, where the recordings will be stored. | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_URI` | The Kerberos Vault API url. | \"https:\u002F\u002Fvault.domain.com\u002Fapi\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_ACCESS_KEY` | The access key of a secondary Kerberos Vault account. | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_SECRET_KEY` | The secret key of a secondary Kerberos Vault account. | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_PROVIDER` | A secondary Kerberos Vault provider you have created (optional). | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_DIRECTORY` | The directory, in the secondary Kerberos vault, where the recordings will be stored. | \"\" |\n| `AGENT_DROPBOX_ACCESS_TOKEN` | The Access Token from your Dropbox app, that is used to leverage the Dropbox SDK. | \"\" |\n| `AGENT_DROPBOX_DIRECTORY` | The directory, in Dropbox, where the recordings will be stored. | \"\" |\n| `AGENT_ENCRYPTION` | Enable 'true' or disable 'false' end-to-end encryption for MQTT messages. | \"false\" |\n| `AGENT_ENCRYPTION_RECORDINGS` | Enable 'true' or disable 'false' end-to-end encryption for recordings. | \"false\" |\n| `AGENT_ENCRYPTION_FINGERPRINT` | The fingerprint of the keypair (public\u002Fprivate keys), so you know which one to use. | \"\" |\n| `AGENT_ENCRYPTION_PRIVATE_KEY` | The private key (assymetric\u002FRSA) to decrypt and sign requests send over MQTT. | \"\" |\n| `AGENT_ENCRYPTION_SYMMETRIC_KEY` | The symmetric key (AES) to encrypt and decrypt requests sent over MQTT. | \"\" |\n| `AGENT_SIGNING` | Enable 'true' or disable 'false' for signing recordings. | \"true\" |\n| `AGENT_SIGNING_PRIVATE_KEY` | The private key (RSA) to sign the recordings fingerprint to validate origin. | \"\" - uses default one if empty |\n\n\n## Encryption\n\nYou can encrypt your recordings and outgoing MQTT messages with your own AES and RSA keys by enabling the encryption settings. Once enabled, all your recordings will be encrypted using AES-256-CBC and your symmetric key. You can use the default `openssl` toolchain to decrypt the recordings with your AES key, as following:\n\n openssl aes-256-cbc -d -md md5 -in encrypted.mp4 -out decrypted.mp4 -k your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8\n\nOr you can decrypt a folder of recordings, using the Kerberos Agent binary as following:\n\n go run main.go -action decrypt .\u002Fdata\u002Frecordings your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8\n\nOr for a single file:\n\n go run main.go -action decrypt .\u002Fdata\u002Frecordings\u002Fvideo.mp4 your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8\n\n## H264 vs H265\n\nIf we talk about video encoders and decoders (codecs) there are 2 major video codecs on the market: H264 and H265. Taking into account your use case, you might use one over the other. We will provide an (not complete) overview of the advantages and disadvantages of each codec in the field of video surveillance and video analytics. If you would like to know more, you should look for additional resources on the internet (or if you like to read physical items, books still exists nowadays).\n\n- H264 (also known as AVC or MPEG-4 Part 10)\n\n - Is the most common one and most widely supported for IP cameras.\n - Supported in the majority of browsers, operating system, and third-party applications.\n - Can be embedded in commercial and 3rd party applications.\n - Different levels of compression (high, medium, low, ..)\n - Better quality \u002F compression ratio, shows less artifacts at medium compression ratios.\n - Does support technologies such as WebRTC\n\n- H265 (also known as HEVC)\n - Is not supported on legacy cameras, though becoming rapidly available on \"newer\" IP cameras.\n - Might not always be supported due to licensing. For example not supported in browers on a Linux distro.\n - Requires licensing when embedding in a commercial product (be careful).\n - Higher levels of compression (50% more than H264).\n - H265 shows artifacts in motion based environments (which is less with H264).\n - Recording the same video (resolution, duration and FPS) in H264 and H265 will result in approx 50% the file size.\n - Not supported in technologies such as WebRTC\n\nConclusion: depending on the use case you might choose one over the other, and you can use both at the same time. For example you can use H264 (main stream) for livestreaming, and H265 (sub stream) for recording. If you wish to play recordings in a cross-platform and cross-browser environment, you might opt for H264 for better support.\n\n## Contribute with Codespaces\n\nOne of the major blockers for letting you contribute to an Open Source project is to set up your local development machine. Why? Because you might already have some tools and libraries installed that are used for other projects, and the libraries you would need for Kerberos Agent, for example FFmpeg, might require a different version. Welcome to dependency hell...\n\nBy leveraging codespaces, which the Kerberos Agent repo supports, you will be able to set up the required development environment in a few minutes. By opening the `\u003C> Code` tab on the top of the page, you will be able to create a codespace, [using the Kerberos Devcontainer](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdevcontainer) base image. This image requires all the relevant dependencies: FFmpeg, OpenCV, Golang, Node, Yarn, etc.\n\n![Kerberos Agent codespace](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_a8a4e69cd13c.png)\n\nAfter a few minutes, you will see a beautiful `Visual Studio Code` shown in your browser, and you are ready to code!\n\n![Kerberos Agent VSCode](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_fa53f0d0f4ef.png)\n\nOn opening of the GitHub Codespace, some dependencies will be installed. Once this is done go ahead to the `ui\u002Fsrc\u002Fconfig.json` file, and (un)comment following section. Make sure to replace the `externalHost` variable with the DNS name you will retrieve from the next step.\n\n \u002F\u002F Uncomment this when using codespaces or other special DNS names (which you can't control)\n \u002F\u002F replace this with the DNS name of the kerberos agent server (the codespace url)\n const externalHost = 'cedricve-automatic-computing-machine-v647rxvj4whx9qp-80.preview.app.github.dev';\n\n const dev = {\n ENV: 'dev',\n HOSTNAME: externalHost,\n \u002F\u002FAPI_URL: `${protocol}\u002F\u002F${hostname}:80\u002Fapi`,\n \u002F\u002FURL: `${protocol}\u002F\u002F${hostname}:80`,\n \u002F\u002FWS_URL: `${websocketprotocol}\u002F\u002F${hostname}:80\u002Fws`,\n\n \u002F\u002F Uncomment, and comment the above lines, when using codespaces or other special DNS names (which you can't control)\n API_URL: `${protocol}\u002F\u002F${externalHost}\u002Fapi`,\n URL: `${protocol}\u002F\u002F${externalHost}`,\n WS_URL: `${websocketprotocol}\u002F\u002F${externalHost}\u002Fws`,\n };\n\nGo and open two terminals: one for the `ui` project and one for the `machinery` project.\n\n1. Terminal A:\n\n cd machinery\u002F\n go run main.go -action run -port 80\n\n2. Terminal B:\n\n cd ui\u002F\n yarn start\n\nOnce executed, a popup will show up mentioning `portforwarding`. You should see two ports being opened, one for the ui `3000` and one for the machinery `80`. `Right-click` on the port `80` and change visibility from `private` to `public`, this is required to avoid `CORS` errors.\n\n![Codespace make public](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_39c63d200653.png)\n\nAs mentioned above, copy the hostname of the `machinery` DNS name, and paste it in the `ui\u002Fsrc\u002Fconfig.json` file. Once done, reload the `ui` page in your browser, and you should be able to access the login page with the default credentials `root` and `root`.\n\n## Develop and build\n\nThe Kerberos Agent is divided in two parts: a `machinery` and `web` part. Both parts live in this repository in their relative folders. For development or running the application on your local machine, you have to run both the `machinery` and the `web` as described below. When running in production everything is shipped as only one artifact, read more about this at [Building for production](#building-for-production).\n\n### UI\n\nThe `web` is a **React** project which is the main entry point for an end user to view recordings, a livestream, and modify the configuration of the `machinery`.\n\n git clone https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\n cd ui\n yarn start\n\nThis will start a webserver and launches the web app on port `3000`.\n\n![login-agent](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_af8c56c88021.gif)\n\nOnce signed in you'll see the dashboard page. After successfull configuration of your agent, you'll should see a live view and possible events recorded to disk.\n\n![dashboard-agent](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_526836259b17.png)\n\n### Machinery\n\nThe `machinery` is a **Golang** project which delivers two functions: it acts as the Kerberos Agent which is doing all the heavy lifting with camera processing and other kinds of logic and on the other hand it acts as a webserver (Rest API) that allows communication from the web (React) or any other custom application. The API is documented using `swagger`.\n\nYou can simply run the `machinery` using following commands.\n\n git clone https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\n cd machinery\n go run main.go -action run -port 80\n\nThis will launch the Kerberos Agent and run a webserver on port `80`. You can change the port by your own preference. We strongly support the usage of [Goland](https:\u002F\u002Fwww.jetbrains.com\u002Fgo\u002F) or [Visual Studio Code](https:\u002F\u002Fcode.visualstudio.com\u002F), as it comes with all the debugging and linting features built in.\n\n![VSCode desktop](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_a0e2ee209624.png)\n\n## Building from source\n\nRunning Kerberos Agent in production only requires a single binary to run. Nevertheless, we have two parts: the `machinery` and the `web`, we merge them during build time. So this is what happens.\n\n### UI\n\nTo build the Kerberos Agent web app, you simply have to run the `build` command of `yarn`. This will create a `build` directory inside the `web` directory, which contains a minified version of the React application. Other than that, we [also move](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fblob\u002Fmaster\u002Fweb\u002Fpackage.json#L16) this `build` directory to the `machinery` directory.\n\n cd ui\n yarn build\n\n### Machinery\n\nBuilding the `machinery` is also super easy 🚀, by using `go build` you can create a single binary which ships it all; thank you Golang. After building you will end up with a binary called `main`, this is what contains everything you need to run Kerberos Agent.\n\nRemember the build step of the `web` part, during build time we move the build directory to the `machinery` directory. Inside the `machinery` web server [we reference the](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fblob\u002Fmaster\u002Fmachinery\u002Fsrc\u002Frouters\u002Fhttp\u002FServer.go#L44) `build` directory. This makes it possible to just a have single web server that runs it all.\n\n cd machinery\n go build\n\n## Building for Docker\n\nInside the root of this `agent` repository, you will find a `Dockerfile`. This file contains the instructions for building and shipping a **Kerberos Agent**. Important to note is that you start from a prebuilt base image, `kerberos\u002Fbase:xxx`.\nThis base image already contains a couple of tools, such as Golang, FFmpeg and OpenCV. We do this for faster compilation times.\n\nBy running the `docker build` command, you will create the Kerberos Agent Docker image. After building you can simply run the image as a Docker container.\n\n docker build -t kerberos\u002Fagent .\n\n## What is new?\n\nThis repository contains the next generation of Kerberos.io, **Kerberos Agent (v3)**, and is the successor of the machinery and web repositories. A switch in technologies and architecture has been made. This version is still under active development and can be followed on the [develop branch](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fdevelop) and [project overview](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fprojects\u002F1).\n\nRead more about this [at the FAQ](#faq) below.\n\n![opensource-to-agent](https:\u002F\u002Fuser-images.githubusercontent.com\u002F1546779\u002F172066873-7752c979-de63-4417-8d26-34192fdbd1e6.svg)\n\n## Contributors\n\nThis project exists thanks to all the people who contribute. Bravo!\n\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fgraphs\u002Fcontributors\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_a8eb1c49a102.png\" \u002F>\n\u003C\u002Fa>\n","# Kerberos 代理\n\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fkerberos.io\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fkerberos-website-gray.svg?longCache=true&colorB=brightgreen\" alt=\"Kerberos 代理\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fdoc.kerberos.io\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fkerberos-documentation-gray.svg?longCache=true&colorB=brightgreen\" alt=\"Kerberos 代理\">\u003C\u002Fa>\n\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fcircleci.com\u002Fgh\u002Fkerberos-io\u002Fagent\">\u003Cimg src=\"https:\u002F\u002Fcircleci.com\u002Fgh\u002Fkerberos-io\u002Fagent.svg?style=svg\"\u002F>\u003C\u002Fa>\n\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fworkflows\u002FGo\u002Fbadge.svg\"\u002F>\n\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fworkflows\u002FReact\u002Fbadge.svg\"\u002F>\n\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fworkflows\u002FCodeQL\u002Fbadge.svg\"\u002F>\n\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fpkg.go.dev\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fmachinery\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_ff803135673c.png\" alt=\"PkgGoDev\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fcodecov.io\u002Fgh\u002Fkerberos-io\u002Fagent\">\u003Cimg src=\"https:\u002F\u002Fcodecov.io\u002Fgh\u002Fkerberos-io\u002Fagent\u002Fbranch\u002Fmaster\u002Fgraph\u002Fbadge.svg\" alt=\"覆盖率\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fmachinery\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_2b4a70945b89.png\" alt=\"覆盖率\">\u003C\u002Fa>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fapp.codacy.com\u002Fgh\u002Fkerberos-io\u002Fagent?utm_source=github.com&utm_medium=referral&utm_content=kerberos-io\u002Fagent&utm_campaign=Badge_Grade\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_adaaa9495e23.png\"\u002F>\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Fwww.figma.com\u002Fproto\u002FmsuYC6sv2cOCqZeDtBxNy7\u002F%5BNEW%5D-Kerberos.io-Apps?node-id=1%3A1788&viewport=-490%2C191%2C0.34553584456443787&scaling=min-zoom&page-id=1%3A2%3Ffuid%3D449684443467913607\" alt=\"Kerberos 代理\">\u003C\u002Fa>\n\n\u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg\" alt=\"许可证:MIT\">\u003C\u002Fa>\n[![捐赠](https:\u002F\u002Fbrianmacdonald.github.io\u002FEthonate\u002Fsvg\u002Feth-donate-blue.svg)](https:\u002F\u002Fbrianmacdonald.github.io\u002FEthonate\u002Faddress#0xf4a759C9436E2280Ea9cdd23d3144D95538fF4bE)\n\u003Ca target=\"_blank\" href=\"https:\u002F\u002Ftwitter.com\u002Fkerberosio?ref_src=twsrc%5Etfw\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Furl.svg?label=关注%20@kerberosio&style=social&url=https%3A%2F%2Ftwitter.com%2Fkerberosio\" alt=\"Twitter 小部件\">\u003C\u002Fa>\n[![kerberosio](https:\u002F\u002Fsnapcraft.io\u002Fkerberosio\u002Fbadge.svg)](https:\u002F\u002Fsnapcraft.io\u002Fkerberosio)\n\n[![Slack 邀请](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fjoin%20kerberos.io%20on%20slack-grey?style=for-the-badge&logo=slack)](https:\u002F\u002Fjoinslack.kerberos.io\u002F)\n\n[**Docker Hub**](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fkerberos\u002Fagent) | [**文档**](https:\u002F\u002Fdoc.kerberos.io) | [**官网**](https:\u002F\u002Fkerberos.io) | [**查看演示**](https:\u002F\u002Fdemo.kerberos.io)\n\n> 在继续之前,请注意,此仓库深入讨论了 Kerberos.io 技术栈中的一个组件——Kerberos 代理。如果您正在寻找端到端的部署指南,请参阅此处:[https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdeployment]。\n\nKerberos 代理是一款隔离且可扩展的视频(监控)管理代理,以 MIT 许可证开源发布。这意味着所有源代码均可供您或您的公司使用,并且您可以自由地使用、修改和分发这些源代码,只要保留原始许可证的引用即可。Kerberos 代理可用于商业用途(而 v2 版本则不支持)。更多关于许可证的信息,请参阅 [LICENSE 文件]。\n\n![Kerberos 代理通过 UI 展示](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_967869098e0d.gif)\n\n## :thinking: 前提条件\n\n- 一台支持 RTSP H264 或 H265 编码流的 IP 摄像头,\n - (或者)一台 USB 摄像头、树莓派摄像头或其他摄像头,您可以将其转换为有效的 RTSP H264 或 H265 流 [参考:https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp]。\n- 任何能够运行二进制文件或容器的硬件设备(ARMv6、ARMv7、ARM64、AMD64),例如:树莓派、NVIDIA Jetson、Intel NUC、虚拟机、裸金属服务器或完整的 Kubernetes 集群。\n\n## :video_camera: 我的摄像头能正常工作吗?\n\n市面上有各种各样的摄像头(USB、IP 等),很难判断 Kerberos 代理是否适用于您的设备。因此,我们列出了社区已确认兼容的摄像头型号 [参见:https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F59]。欢迎您也将自己的摄像头加入列表!\n\n## :books: 概述\n\n### 快速上手\n\n1. [快速入门 - Docker](#quickstart---docker)\n2. [快速入门 - Balena](#quickstart---balena)\n3. [快速入门 - Snap](#quickstart---snap)\n\n### 简介\n\n1. [Kerberos 代理的世界](#a-world-of-kerberos-agents)\n\n### 运行与自动化\n\n1. [如何运行和部署 Kerberos 代理](#how-to-run-and-deploy-a-kerberos-agent)\n2. [访问 Kerberos 代理](#access-the-kerberos-agent)\n3. [通过卷挂载进行配置和持久化](#configure-and-persist-with-volume-mounts)\n4. [使用环境变量进行配置](#configure-with-environment-variables)\n\n### 深入了解\n\n1. [加密](#encryption)\n2. [H264 与 H265 的区别](#h264-vs-h265)\n\n### 贡献\n\n1. [通过 Codespaces 贡献](#contribute-with-codespaces)\n2. [开发与构建](#develop-and-build)\n3. [从源码构建](#building-from-source)\n4. [为 Docker 构建](#building-for-docker)\n\n### 其他\n\n1. [支持我们的项目](#support-our-project)\n1. [最新动态](#what-is-new)\n1. [贡献者](#contributors)\n\n## 快速入门 - Docker\n\n让您的 Kerberos 代理快速启动并运行的最简单方法是使用我们在 [Docker Hub](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fkerberos\u002Fagent) 上发布的公共镜像。选择特定标签后,运行以下 `docker` 命令,它将在端口 `80` 上打开您的 Kerberos 代理的 Web 界面,随后您就可以开始使用了。如需更灵活且持久化的部署,请参阅 [运行与自动化 Kerberos 代理](#running-and-automating-a-kerberos-agent)。\n\n docker run -p 80:80 --name mycamera -d --restart=always kerberos\u002Fagent:latest\n\n如果您想连接 USB 或树莓派摄像头,您需要运行我们的辅助容器 [https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp],该容器会将摄像头信号代理为 RTSP 流。在这种情况下,您需要将 Kerberos 代理容器配置为在主机网络中运行,以便直接连接到 RTSP 辅助容器。\n\n docker run --network=host --name mycamera -d --restart=always kerberos\u002Fagent:latest\n\n## 快速入门 - Balena\n\n借助 [Balena Cloud](https:\u002F\u002Fwww.balena.io\u002F) 的强大功能运行 Kerberos 代理。通过无缝的远程访问、空中更新、加密的公共 `https` 端点等功能,轻松监控您的 Kerberos 代理。请查看我们在 [Balena Hub](https:\u002F\u002Fhub.balena.io\u002Fapps\u002F2064752\u002Fvideo-surveillance) 上的应用程序“视频监控”,并创建您的第一个或多个 Kerberos 代理实例。\n\n[![使用 balena 部署](https:\u002F\u002Fbalena.io\u002Fdeploy.svg)](https:\u002F\u002Fdashboard.balena-cloud.com\u002Fdeploy?repoUrl=https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fbalena-agent)\n\n## 快速入门 - Snap\n\n使用我们的 [Snapcraft 软件包](https:\u002F\u002Fsnapcraft.io\u002Fkerberosio) 运行 Kerberos Agent。\n\n snap install kerberosio\n\n安装完成后,您可以在 `\u002Fvar\u002Fsnap\u002Fkerberosio\u002Fcommon` 找到 Kerberos Agent 的配置文件。按照以下方式运行 Kerberos Agent:\n\n sudo kerberosio.agent -action=run -port=80\n\n## 一个充满 Kerberos Agent 的世界\n\nKerberos Agent 是一款隔离且可扩展的视频(监控)管理代理,专注于用户体验、可扩展性、鲁棒性、扩展性和集成能力。除了 Kerberos Agent 外,Kerberos.io 还提供了许多其他工具,如 [Kerberos Factory](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Ffactory)、[Kerberos Vault](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fvault) 和 [Kerberos Hub](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fhub),以提供额外的功能:自定义云环境、自定义存储、集中概览、实时流媒体、机器学习等。\n\n[![部署代理](.\u002Fassets\u002Fimg\u002Fedge-deployment-agent.svg)](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdeployment)\n\n如上所述,Kerberos.io 采用了代理的概念。代理运行在您的摄像头旁边(或设备上),处理单个摄像头的视频流。它支持基于运动检测或连续录制,并通过用户友好的 Web 界面提供这些录像。Kerberos Agent 允许您连接到其他云服务或与自定义应用程序集成。Kerberos Agent 既可用于个人应用,也能扩展到企业级生产部署。更多关于 [部署策略的信息请参见此处](\u003C(https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdeployment)>).\n\n本仓库包含了您需要了解的关于我们核心产品 Kerberos Agent 的所有内容。以下是其主要特性和功能的简要列表:\n\n- 低内存和 CPU 使用率。\n- 简洁现代的用户界面。\n- 多架构支持(ARMv6、ARMv7、ARM64、AMD64)。\n- 多路流支持,例如以 H265 格式录制、以 H264 格式进行直播和运动检测。\n- 多摄像头支持:IP 摄像头(H264 和 H265)、USB 摄像头以及树莓派摄像头 [通过 RTSP 代理](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp)。\n- 每个实例仅管理一台摄像头(例如,每个容器对应一台摄像头)。\n- 通过 MQTT 提供低分辨率流媒体,通过 WebRTC 提供高分辨率流媒体(仅支持 H264\u002FPCM 格式)。\n- 从 Kerberos Hub 向 IP 摄像头发送回传音频(需 PCM ULAW 编解码器)。\n- 支持以 MP4 容器格式录制音频(AAC)和视频(H264\u002FH265)。\n- 通过 MQTT 使用 RSA 和 AES 实现端到端加密(用于直播、ONVIF 协议、远程配置等)。\n- 条件录制:离线模式、运动区域、时间表、连续录制、Webhook 触发条件等。\n- 运动检测时的前后录制功能。\n- 使用 AES-256-CBC 对静态数据进行加密。\n- 支持创建分段录制,并通过 HLS fMP4 格式进行流媒体传输。\n- 可根据需求选择合适的部署方式 [参见如何运行和部署 Kerberos Agent](#how-to-run-and-deploy-a-kerberos-agent),并结合您常用的工具:`docker`、`docker compose`、`ansible`、`terraform`、`kubernetes` 等。\n- 云存储\u002F持久化:Kerberos Hub、Kerberos Vault 和 Dropbox。[(正在进行中:Minio、Storj、Google Drive、FTP 等)](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F95)\n- 输出功能:当特定事件(如运动检测或开始录制)发生时,触发集成(Webhooks、MQTT、脚本等)。\n- 通过 Swagger 提供 REST API 访问及文档(如触发录制、更新配置等)。\n- MIT 许可证\n\n## 如何运行和部署 Kerberos Agent\n\n如前所述,Kerberos Agent 是一个容器。您可以使用多种方法和自动化工具对其进行部署,包括 `docker`、`docker compose`、`kubernetes` 等。为了简化您的 Kerberos.io 使用体验,我们提供了具体的部署示例,帮助您更快地开始使用 Kerberos.io。\n\n我们已在本仓库的 [deployments 目录](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments) 中记录了不同的部署模式。您可以在其中学习并找到以下部署方式:\n\n- [静态二进制文件](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#0-static-binary)\n- [Docker](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#1-docker)\n- [Docker Compose](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#2-docker-compose)\n- [Kubernetes](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#3-kubernetes)\n- [Red Hat OpenShift 与 Ansible](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#4-red-hat-ansible-and-openshift)\n- [Terraform](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#5-terraform)\n- [Salt](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#6-salt)\n- [Balena](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#8-balena)\n- [Snap](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments#9-snap)\n\n默认情况下,您的 Kerberos Agent 会将所有配置和录制文件存储在容器内部。为了帮助您实现自动化并保持更一致的数据治理,您可以挂载卷来配置和持久化 Kerberos Agent 的数据,或者通过环境变量来配置每个 Kerberos Agent。\n\n## 访问 Kerberos Agent\n\n在使用上述任一部署模式成功部署 Kerberos Agent 后,您将能够访问 Kerberos Agent 的用户界面。系统会显示登录页面,要求输入凭据。\n\nKerberos Agent 的默认用户名和密码为:\n\n- 用户名:`root`\n- 密码:`root`\n\n**_请注意,在最终部署时应更改用户名和密码,请参阅下方的[通过环境变量配置](#configure-with-environment-variables)部分。_**\n\n## 通过挂载卷进行配置和持久化\n\n下面以 `docker` 为例展示了如何挂载主机目录,但该方法同样适用于 [上述所有部署模式和工具](#running-and-automating-a-kerberos-agent)。\n\n您可以通过 `-v` 选项将卷挂载到容器中。要挂载您自己的配置文件和录制文件夹,请运行以下命令:\n\n docker run -p 80:80 --name mycamera \\\n -v $(pwd)\u002Fagent\u002Fconfig:\u002Fhome\u002Fagent\u002Fdata\u002Fconfig \\\n -v $(pwd)\u002Fagent\u002Frecordings:\u002Fhome\u002Fagent\u002Fdata\u002Frecordings \\\n -d --restart=always kerberos\u002Fagent:latest\n\n有关每种部署和自动化工具的更多示例,请参阅 [部署章节](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fmaster\u002Fdeployments)。请务必检查您所挂载目录\u002F卷的权限。更多信息请参见 [此问题](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F80)。\n\n chmod -R 755 kerberos-agent\u002F\n chown 100:101 kerberos-agent\u002F -R\n\n## 通过环境变量进行配置\n\n除了挂载配置文件外,您还可以使用环境变量来覆盖配置。这使得使用 `docker compose` 或 `kubernetes` 部署更加简单和可扩展。采用这种方法,我们还能简化通过 `ansible` 和 `terraform` 的自动化流程。\n\ndocker run -p 80:80 --name mycamera \\\n -e AGENT_NAME=mycamera \\\n -e AGENT_TIMEZONE=Europe\u002FBrussels \\\n -e AGENT_CAPTURE_IPCAMERA_RTSP=rtsp:\u002F\u002Ffake.kerberos.io\u002Fstream \\\n -e AGENT_CAPTURE_CONTINUOUS=true \\\n -d --restart=always kerberos\u002Fagent:latest\n\n| 名称 | 描述 | 默认值 |\n| --------------------------------------- | ----------------------------------------------------------------------------------------------- | ------------------------------ |\n| `LOG_LEVEL` | 日志级别,可选值为 \"info\"、\"warning\"、\"debug\"、\"error\" 或 \"fatal\"。 | \"info\" |\n| `LOG_OUTPUT` | 日志输出格式,可选值为 \"json\" 或 \"text\"。 | \"text\" |\n| `AGENT_MODE` | 可选择以 'release' 模式运行用于生产环境,或以 'demo' 模式用于展示。 | \"release\" |\n| `AGENT_TLS_INSECURE` | 指定是否对内部 HTTP 客户端使用 `InsecureSkipVerify`。 | \"false\" |\n| `AGENT_USERNAME` | 用于在 Kerberos Agent 登录页面进行身份验证的用户名。 | \"root\" |\n| `AGENT_PASSWORD` | 用于在 Kerberos Agent 登录页面进行身份验证的密码。 | \"root\" |\n| `AGENT_KEY` | 您的 Kerberos Agent 的唯一标识符,此值会自动生成,但也可手动覆盖。 | \"\" |\n| `AGENT_NAME` | Agent 的友好名称。 | \"agent\" |\n| `AGENT_TIMEZONE` | 用于时间转换的时区。 | \"Africa\u002FCeuta\" |\n| `AGENT_REMOVE_AFTER_UPLOAD` | 启用后,成功上传到存储的录像将从磁盘中删除。 | \"true\" |\n| `AGENT_OFFLINE` | 确保不建立任何外部连接。 | \"false\" |\n| `AGENT_AUTO_CLEAN` | 清理录像目录。 | \"true\" |\n| `AGENT_AUTO_CLEAN_MAX_SIZE` | 如果启用 `AUTO_CLEAN`,设置录像目录的最大大小(单位:MB)。 | \"100\" |\n| `AGENT_TIME` | 启用 Kerberos Agent 的定时任务 | \"false\" |\n| `AGENT_TIMETABLE` | 用于指定录像开始和结束时间的每周时间表:\"start1,end1,start2,end2;start1..\" | \"\" |\n| `AGENT_REGION_POLYGON` | 用于运动检测的单个多边形区域:\"x1,y1;x2,y2;x3,y3;...\" | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_RTSP` | 目标摄像机的全高清 RTSP 端点。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_SUB_RTSP` | 用于直播流(WebRTC)的子码流 RTSP 端点。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_BASE_WIDTH` | 强制设置实时预览处理的特定宽度分辨率。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_BASE_HEIGHT` | 强制设置实时预览处理的特定高度分辨率。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF` | 标记为符合 ONVIF 规范的设备。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF_XADDR` | 摄像机上运行的 ONVIF 端点\u002F地址。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF_USERNAME` | 用于 ONVIF 身份验证的用户名。 | \"\" |\n| `AGENT_CAPTURE_IPCAMERA_ONVIF_PASSWORD` | 用于 ONVIF 身份验证的密码。 | \"\" |\n| `AGENT_CAPTURE_MOTION` | 开启或关闭运动检测功能。 | \"true\" |\n| `AGENT_CAPTURE_LIVEVIEW` | 开启或关闭实时预览功能。 | \"true\" |\n| `AGENT_CAPTURE_SNAPSHOTS` | 开启或关闭截图生成功能。 | \"true\" |\n| `AGENT_CAPTURE_RECORDING` | 开启或关闭录像功能。 | \"true\" |\n| `AGENT_CAPTURE_CONTINUOUS` | 开启连续录制模式(\"true\")或运动触发模式(\"false\")。 | \"false\" |\n| `AGENT_CAPTURE_PRERECORDING` | 如果 `CONTINUOUS` 设置为 `false`,则指定运动事件发生前后的录制时长(秒)。 | \"10\" |\n| `AGENT_CAPTURE_POSTRECORDING` | 如果 `CONTINUOUS` 设置为 `false`,则指定运动事件发生后的录制时长(秒)。 | \"20\" |\n| `AGENT_CAPTURE_MAXLENGTH` | 单个录像的最大时长(秒)。 | \"30\" |\n| `AGENT_CAPTURE_PIXEL_CHANGE` | 如果 `CONTINUOUS` 设置为 `false`,则指定触发运动检测所需的像素变化数量。 | \"150\" |\n| `AGENT_CAPTURE_FRAGMENTED` | 将录制的 MP4 文件格式设置为分片式(适用于 HLS)。 | \"false\" |\n| `AGENT_CAPTURE_FRAGMENTED_DURATION` | 如果 `AGENT_CAPTURE_FRAGMENTED` 设置为 `true`,则定义每个分片的时长(秒)。 | \"8\" |\n| `AGENT_MQTT_URI` | 用于双向通信(实时预览、ONVIF 等)的 MQTT 代理端点 | \"tcp:\u002F\u002Fmqtt.kerberos.io:1883\" |\n| `AGENT_MQTT_USERNAME` | MQTT 代理的用户名。 | \"\" |\n| `AGENT_MQTT_PASSWORD` | MQTT 代理的密码。 | \"\" |\n| `AGENT_REALTIME_PROCESSING` | 如果 `AGENT_REALTIME_PROCESSING` 设置为 `true`,Agent 会将关键帧发送到指定主题 | \"\" |\n| `AGENT_REALTIME_PROCESSING_TOPIC` | 关键帧将以 base64 编码格式发送到的主题。 | \"\" |\n| `AGENT_STUN_URI` | 使用 WebRTC 时,需要提供 STUN 服务器。 | \"stun:turn.kerberos.io:8443\" |\n| `AGENT_FORCE_TURN` | 强制使用 TURN 服务器,仅生成中继候选者。 | \"false\" |\n| `AGENT_TURN_URI` | 使用 WebRTC 时,需要提供 TURN 服务器。 | \"turn:turn.kerberos.io:8443\" |\n| `AGENT_TURN_USERNAME` | 用于 WebRTC 的 TURN 用户名。 | \"username1\" |\n| `AGENT_TURN_PASSWORD` | 用于 WebRTC 的 TURN 密码。 | \"password1\" |\n| `AGENT_CLOUD` | 将录像存储在 Kerberos Hub(s3)、Kerberos Vault(kstorage)或 Dropbox(dropbox)中。 | \"s3\" |\n| `AGENT_HUB_ENCRYPTION` | 开启或关闭从您的 Kerberos Agent 到 Kerberos Hub 的流量加密。 | \"true\" |\n| `AGENT_HUB_URI` | Kerberos Hub API,默认为我们提供的 Kerberos Hub SAAS。 | \"https:\u002F\u002Fapi.hub.domain.com\" |\n| `AGENT_HUB_KEY` | 与您在 Kerberos Hub 中的账户关联的访问密钥。 | \"\" |\n| `AGENT_HUB_PRIVATE_KEY` | 与您在 Kerberos Hub 中的账户关联的私钥。 | \"\" |\n| `AGENT_HUB_REGION` | 您希望上传录像的 Kerberos Hub 区域。 | \"\" |\n| `AGENT_HUB_SITE` | 您在 Kerberos Hub 账户中创建的站点 ID。 | \"\" |\n| `AGENT_KERBEROSVAULT_URI` | Kerberos Vault API 的 URL。 | \"https:\u002F\u002Fvault.domain.com\u002Fapi\" |\n| `AGENT_KERBEROSVAULT_ACCESS_KEY` | Kerberos Vault 账户的访问密钥。 | \"\" |\n| `AGENT_KERBEROSVAULT_SECRET_KEY` | Kerberos Vault 账户的秘密密钥。 | \"\" |\n| `AGENT_KERBEROSVAULT_PROVIDER` | 您创建的 Kerberos Vault 提供商(可选)。 | \"\" |\n| `AGENT_KERBEROSVAULT_DIRECTORY` | 在 Kerberos Vault 中用于存储录像的目录。 | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_URI` | Kerberos Vault API 的 URL。 | \"https:\u002F\u002Fvault.domain.com\u002Fapi\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_ACCESS_KEY` | 第二个 Kerberos Vault 账户的访问密钥。 | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_SECRET_KEY` | 第二个 Kerberos Vault 账户的秘密密钥。 | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_PROVIDER` | 您创建的第二个 Kerberos Vault 提供商(可选)。 | \"\" |\n| `AGENT_KERBEROSVAULT_SECONDARY_DIRECTORY` | 在第二个 Kerberos Vault 中用于存储录像的目录。 | \"\" |\n| `AGENT_DROPBOX_ACCESS_TOKEN` | 您 Dropbox 应用程序的访问令牌,用于利用 Dropbox SDK。 | \"\" |\n| `AGENT_DROPBOX_DIRECTORY` | 在 Dropbox 中用于存储录像的目录。 | \"\" |\n| `AGENT_ENCRYPTION` | 开启或关闭 MQTT 消息的端到端加密。 | \"false\" |\n| `AGENT_ENCRYPTION_RECORDINGS` | 开启或关闭录像的端到端加密。 | \"false\" |\n| `AGENT_ENCRYPTION_FINGERPRINT` | 密钥对(公钥\u002F私钥)的指纹,以便您知道使用哪一对。 | \"\" |\n| `AGENT_ENCRYPTION_PRIVATE_KEY` | 用于解密和签名通过 MQTT 发送请求的私钥(非对称\u002FRSA)。 | \"\" |\n| `AGENT_ENCRYPTION_SYMMETRIC_KEY` | 用于加密和解密通过 MQTT 发送请求的对称密钥(AES)。 | \"\" |\n| `AGENT_SIGNING` | 开启或关闭录像签名功能。 | \"true\" |\n| `AGENT_SIGNING_PRIVATE_KEY` | 用于对录像指纹进行签名以验证来源的私钥(RSA)。 | \"\" - 如为空则使用默认密钥 |\n\n## 加密\n\n您可以通过启用加密设置,使用自定义的 AES 和 RSA 密钥对录制文件及传出的 MQTT 消息进行加密。一旦启用,所有录制文件将使用 AES-256-CBC 和您的对称密钥进行加密。您可以使用默认的 `openssl` 工具链,通过 AES 密钥解密录制文件,具体命令如下:\n\n openssl aes-256-cbc -d -md md5 -in encrypted.mp4 -out decrypted.mp4 -k your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8\n\n或者,您也可以使用 Kerberos Agent 二进制文件解密整个录制文件夹,命令如下:\n\n go run main.go -action decrypt .\u002Fdata\u002Frecordings your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8\n\n对于单个文件,可以使用以下命令:\n\n go run main.go -action decrypt .\u002Fdata\u002Frecordings\u002Fvideo.mp4 your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8\n\n## H.264 与 H.265\n\n在视频编解码器(Codec)领域,市场上主要有两种主流编码格式:H.264 和 H.265。根据您的应用场景,可以选择其中一种或同时使用两者。我们将简要概述这两种编码格式在视频监控和视频分析领域的优缺点。如果您想深入了解,可以进一步查阅互联网上的相关资料(当然,纸质书籍仍然是一种不错的选择)。\n\n- H.264(也称为 AVC 或 MPEG-4 Part 10)\n\n - 是最常见的编码格式,也是 IP 摄像机中最广泛支持的。\n - 大多数浏览器、操作系统和第三方应用都支持该格式。\n - 可以嵌入到商业软件和第三方应用中。\n - 提供多种压缩级别(高、中、低等)。\n - 在中等压缩比下,画质更好且压缩效率更高,产生的伪影更少。\n - 支持 WebRTC 等技术。\n\n- H.265(也称为 HEVC)\n\n - 不被旧式摄像机支持,但正在逐渐普及于“较新”的 IP 摄像机。\n - 由于授权许可问题,可能并非所有平台都支持。例如,在某些 Linux 发行版的浏览器中就不支持。\n - 如果将其嵌入商业产品中,需要支付授权费用,请务必注意。\n - 压缩效率更高(比 H.264 高约 50%)。\n - 在运动场景中容易出现伪影,而 H.264 则表现更好。\n - 使用相同分辨率、时长和帧率录制同一段视频时,H.265 的文件大小约为 H.264 的一半。\n - 不支持 WebRTC 等技术。\n\n结论:根据具体应用场景,您可以选择其中一种编码格式,也可以同时使用两者。例如,可以使用 H.264 作为主码流进行直播,而用 H.265 作为子码流进行录制。如果希望在跨平台和跨浏览器环境中播放录制内容,则建议选择 H.264,因为它具有更好的兼容性。\n\n## 使用 Codespaces 贡献代码\n\n参与开源项目的一大障碍通常是本地开发环境的搭建。原因在于,您可能已经安装了用于其他项目的工具和库,而 Kerberos Agent 所需的依赖(如 FFmpeg)可能需要不同版本。这就会陷入所谓的“依赖地狱”……\n\n借助 Codespaces,Kerberos Agent 仓库提供了这一功能,您可以在几分钟内快速搭建所需的开发环境。只需点击页面顶部的 `\u003C> Code` 选项卡,即可创建一个 Codespace,并使用 [Kerberos Devcontainer](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fdevcontainer) 基础镜像。该镜像包含了所有必要的依赖项:FFmpeg、OpenCV、Golang、Node.js、Yarn 等。\n\n![Kerberos Agent Codespace](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_a8a4e69cd13c.png)\n\n等待几分钟后,您将在浏览器中看到一个美观的 Visual Studio Code 界面,此时您就可以开始编写代码了!\n\n![Kerberos Agent VSCode](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_fa53f0d0f4ef.png)\n\nGitHub Codespace 启动后会自动安装一些依赖项。安装完成后,请打开 `ui\u002Fsrc\u002Fconfig.json` 文件,取消注释并修改以下部分。请务必将 `externalHost` 变量替换为您将在下一步获取的 DNS 名称。\n\n \u002F\u002F 当使用 codespaces 或其他特殊 DNS 名称时,请取消注释此行(这些名称通常不由您控制)\n \u002F\u002F 将其替换为 Kerberos Agent 服务器的 DNS 名称(即 codespace 的 URL)\n const externalHost = 'cedricve-automatic-computing-machine-v647rxvj4whx9qp-80.preview.app.github.dev';\n\n const dev = {\n ENV: 'dev',\n HOSTNAME: externalHost,\n \u002F\u002FAPI_URL: `${protocol}\u002F\u002F${hostname}:80\u002Fapi`,\n \u002F\u002FURL: `${protocol}\u002F\u002F${hostname}:80`,\n \u002F\u002FWS_URL: `${websocketprotocol}\u002F\u002F${hostname}:80\u002Fws`,\n\n \u002F\u002F 当使用 codespaces 或其他特殊 DNS 名称时,请取消注释上述行,并注释掉上面的代码\n API_URL: `${protocol}\u002F\u002F${externalHost}\u002Fapi`,\n URL: `${protocol}\u002F\u002F${externalHost}`,\n WS_URL: `${websocketprotocol}\u002F\u002F${externalHost}\u002Fws`,\n };\n\n接下来,打开两个终端:一个用于 `ui` 项目,另一个用于 `machinery` 项目。\n\n1. 终端 A:\n\n cd machinery\u002F\n go run main.go -action run -port 80\n\n2. 终端 B:\n\n cd ui\u002F\n yarn start\n\n执行完成后,会出现一个提示框,显示“端口转发”。您应该会看到两个端口被打开,一个是 `ui` 项目的 `3000` 端口,另一个是 `machinery` 项目的 `80` 端口。请右键点击 `80` 端口,将其可见性从“私有”改为“公共”,这样可以避免 CORS 错误。\n\n![Codespace 设置为公开](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_39c63d200653.png)\n\n如前所述,复制 `machinery` 的 DNS 名称,并将其粘贴到 `ui\u002Fsrc\u002Fconfig.json` 文件中。完成设置后,刷新浏览器中的 `ui` 页面,您应该能够使用默认凭据 `root` 和 `root` 登录系统。\n\n## 开发与构建\n\nKerberos Agent 分为两个部分:`machinery` 和 `web`。这两个部分分别位于仓库中的相应文件夹内。要在本地开发或运行应用程序,您需要按照以下说明同时启动 `machinery` 和 `web`。而在生产环境中,整个应用会被打包成一个单一的可部署产物,更多相关信息请参阅 [生产环境构建](#building-for-production)。\n\n### UI\n\n`web` 部分是一个基于 React 的项目,它是最终用户查看录制内容、直播流以及修改 `machinery` 配置的主要入口。\n\n git clone https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\n cd ui\n yarn start\n\n这将启动一个 Web 服务器,并在 `3000` 端口上运行 Web 应用程序。\n\n![登录界面](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_af8c56c88021.gif)\n\n登录成功后,您将看到仪表盘页面。在正确配置 Agent 后,您应该能够看到实时画面以及已记录到磁盘上的事件信息。\n\n![仪表盘](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_526836259b17.png)\n\n### 机器\n\n`machinery` 是一个 **Golang** 项目,提供两项功能:一方面,它作为 Kerberos 代理,负责处理摄像头数据及其他逻辑等繁重任务;另一方面,它又充当一个 Web 服务器(Rest API),允许来自 Web(React)或其他自定义应用程序的通信。该 API 使用 `swagger` 进行文档化。\n\n你可以通过以下命令简单地运行 `machinery`:\n\n git clone https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\n cd machinery\n go run main.go -action run -port 80\n\n这将启动 Kerberos 代理,并在端口 `80` 上运行一个 Web 服务器。你也可以根据自己的需求更改端口号。我们强烈推荐使用 [Goland](https:\u002F\u002Fwww.jetbrains.com\u002Fgo\u002F) 或 [Visual Studio Code](https:\u002F\u002Fcode.visualstudio.com\u002F),因为它们内置了完整的调试和代码检查功能。\n\n![VSCode 桌面](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_a0e2ee209624.png)\n\n## 从源码构建\n\n在生产环境中运行 Kerberos 代理只需一个二进制文件即可。尽管如此,我们仍有两个部分:`machinery` 和 `web`,它们会在构建时被合并。具体流程如下。\n\n### UI\n\n要构建 Kerberos 代理的 Web 应用程序,你只需运行 `yarn` 的 `build` 命令。这将在 `web` 目录下创建一个 `build` 目录,其中包含 React 应用程序的压缩版本。除此之外,我们还会将这个 `build` 目录移动到 `machinery` 目录中。\n\n cd ui\n yarn build\n\n### Machinery\n\n构建 `machinery` 同样非常简单 🚀,只需使用 `go build` 即可生成一个包含所有内容的单个二进制文件——这都要感谢 Golang。构建完成后,你会得到一个名为 `main` 的二进制文件,它包含了运行 Kerberos 代理所需的一切。\n\n还记得 `web` 部分的构建步骤吗?在构建过程中,我们会将 `build` 目录移动到 `machinery` 目录中。在 `machinery` 中的 Web 服务器里,会引用这个 `build` 目录。这样一来,就只需要一个 Web 服务器就能完成所有工作。\n\n cd machinery\n go build\n\n## 为 Docker 构建\n\n在这个 `agent` 仓库的根目录下,你会找到一个 `Dockerfile`。该文件包含了构建和打包 **Kerberos 代理** 的指令。需要注意的是,我们是从一个预构建的基础镜像 `kerberos\u002Fbase:xxx` 开始的。这个基础镜像已经包含了 Golang、FFmpeg 和 OpenCV 等工具,这样可以加快编译速度。\n\n通过运行 `docker build` 命令,你将创建 Kerberos 代理的 Docker 镜像。构建完成后,你可以直接将其作为 Docker 容器运行。\n\n docker build -t kerberos\u002Fagent .\n\n## 新增内容\n\n该仓库包含了 Kerberos.io 的下一代产品——**Kerberos 代理(v3)**,它是 `machinery` 和 `web` 仓库的继任者。技术栈和架构都发生了重大变化。当前此版本仍在积极开发中,你可以在 [develop 分支](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Ftree\u002Fdevelop)和 [项目概览](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fprojects\u002F1)中跟踪进展。\n\n更多相关信息请参阅下方的 [常见问题解答](#faq)。\n\n![开源转代理](https:\u002F\u002Fuser-images.githubusercontent.com\u002F1546779\u002F172066873-7752c979-de63-4417-8d26-34192fdbd1e6.svg)\n\n## 贡献者\n\n本项目得以存在,离不开所有贡献者的努力。太棒了!\n\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fgraphs\u002Fcontributors\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_readme_a8eb1c49a102.png\" \u002F>\n\u003C\u002Fa>","# Kerberos Agent 快速上手指南\n\nKerberos Agent 是一个开源、可扩展的视频监控管理代理,支持在多种硬件架构(ARM\u002FAMD64)上运行。它专注于低资源占用、现代用户界面以及与云服务的灵活集成。\n\n## 环境准备\n\n在部署之前,请确保满足以下硬件和软件要求:\n\n### 硬件要求\n* **计算设备**:支持运行二进制文件或容器的任何硬件,包括:\n * Raspberry Pi (ARMv6, ARMv7, ARM64)\n * Nvidia Jetson\n * Intel NUC\n * 虚拟机 (VM) 或物理服务器 (AMD64)\n * Kubernetes 集群\n* **摄像头设备**(任选其一):\n * 支持 **RTSP H264** 或 **H265** 编码流的 IP 摄像头。\n * USB 摄像头、树莓派摄像头或其他相机(需配合 [`camera-to-rtsp`](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fcamera-to-rtsp) 侧边车容器转换为 RTSP 流)。\n\n### 软件依赖\n* **Docker**:推荐安装最新稳定版(用于容器化部署)。\n* **网络**:确保设备可以访问互联网以拉取镜像,或已配置私有镜像仓库。\n\n> **提示**:社区维护了一份已验证兼容的摄像头型号列表,部署前可查阅 [Camera Compatibility List](https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F59)。\n\n## 安装步骤\n\n最快捷的安装方式是使用 Docker。以下提供两种常见场景的命令。\n\n### 场景一:连接 IP 摄像头(标准模式)\n适用于直接通过 RTSP 连接的 IP 摄像头。此命令将启动 Agent 并映射 80 端口以访问 Web 界面。\n\n```bash\ndocker run -p 80:80 --name mycamera -d --restart=always kerberos\u002Fagent:latest\n```\n\n### 场景二:连接 USB\u002F树莓派摄像头(宿主机网络模式)\n如果您使用 USB 摄像头或树莓派原生摄像头,需要先运行 `camera-to-rtsp` 侧边车将视频流转为 RTSP。此时 Agent 需要运行在宿主机网络模式下,以便直接连接本地 RTSP 流。\n\n```bash\ndocker run --network=host --name mycamera -d --restart=always kerberos\u002Fagent:latest\n```\n\n> **其他部署方式**:\n> * **Balena Cloud**: 可通过 [Balena Hub](https:\u002F\u002Fhub.balena.io\u002Fapps\u002F2064752\u002Fvideo-surveillance) 一键部署,支持远程管理和 OTA 更新。\n> * **Snapcraft**: 在支持 Snap 的 Linux 系统上,运行 `snap install kerberosio`,然后执行 `sudo kerberosio.agent -action=run -port=80`。\n> * **Kubernetes\u002FAnsible\u002FTerraform**: 详细编排文件请参考官方仓库的 `deployments` 目录。\n\n## 基本使用\n\n安装完成后,您可以立即通过浏览器进行管理。\n\n1. **访问管理界面**\n 打开浏览器,访问 `http:\u002F\u002F\u003C您的设备 IP>:80`。\n * 如果是本地运行,访问 `http:\u002F\u002Flocalhost:80`。\n\n2. **配置摄像头**\n * 在 Web 界面中,输入摄像头的 **RTSP 地址**(例如:`rtsp:\u002F\u002Fusername:password@ip_address:554\u002Fstream`)。\n * 如果是 USB 摄像头配合侧边车使用,通常地址为 `rtsp:\u002F\u002Flocalhost:8554\u002Flive`(具体取决于 sidecar 配置)。\n\n3. **开始监控**\n * 配置完成后,Agent 将自动开始处理视频流。\n * 您可以在界面上查看实时直播、配置运动检测区域、设置录制计划(连续录制或触发录制)。\n * 录制的视频片段默认存储在容器内,建议在生产环境中通过 `-v` 参数挂载卷来持久化数据(例如:`-v \u002Fdata\u002Frecordings:\u002Fopt\u002Fkerberos\u002Frecordings`)。\n\n4. **高级功能**\n * **多码流支持**:可同时配置 H265 用于存储,H264 用于低延迟直播。\n * **集成输出**:配置 Webhooks、MQTT 或脚本,在检测到运动时触发外部通知。\n * **加密**:支持端到端加密传输及静态数据加密(AES-256-CBC)。\n\n现在您已经成功运行了 Kerberos Agent,可以进一步探索其与 Kerberos Hub、Vault 等组件的集成以实现云端管理。","某大型物流园区希望利用现有的数百个 IP 摄像头构建一套低成本、可自主掌控的智能安防系统,以实时监控货物装卸区并预防盗窃。\n\n### 没有 Kerberos Agent 时\n- **硬件绑定严重**:必须购买昂贵且封闭的专有 NVR(网络视频录像机)硬件,无法复用园区内已有的树莓派或旧服务器资源。\n- **扩展成本高昂**:每增加一个摄像头都需要额外的商业授权费用,导致大规模部署时预算迅速超支。\n- **数据黑盒风险**:视频流处理和存储逻辑完全封闭,无法自定义分析算法,且担心敏感监控数据被第三方云服务商窃取或滥用。\n- **运维僵化**:系统升级或故障排查依赖厂商支持,无法根据实际网络环境灵活调整容器化部署策略。\n\n### 使用 Kerberos Agent 后\n- **利旧与兼容性强**:直接在现有的 ARM 架构设备(如 Raspberry Pi、Jetson)或 x86 服务器上部署 Docker 容器,轻松接入支持 RTSP 流的各类摄像头。\n- **零授权成本扩展**:基于 MIT 开源协议,无额外按路数收费,园区可自由将监控规模从几十个扩展至数千个而不增加软件成本。\n- **完全数据主权**:所有视频流在本地边缘端处理并加密传输,团队可基于开放源码集成自研的 AI 行为分析模型,确保数据不出园区。\n- **弹性敏捷运维**:支持 Kubernetes 集群化管理,运维人员可一键更新代理版本或动态调整资源配额,快速响应业务变化。\n\nKerberos Agent 通过开源、可扩展的边缘架构,让企业能以极低的成本构建完全自主可控的现代化视频监控系统。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fkerberos-io_agent_96786909.gif","kerberos-io","Kerberos.io","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fkerberos-io_661fd89c.png","A scalable video analytics and video management platform, build on top of Docker and Kubernetes, for everyone and everywhere. A product by uug.ai",null,"support@uug.ai","https:\u002F\u002Fkerberos.io","https:\u002F\u002Fgithub.com\u002Fkerberos-io",[85,89,93,97,101,105,108,112],{"name":86,"color":87,"percentage":88},"Go","#00ADD8",89.2,{"name":90,"color":91,"percentage":92},"JavaScript","#f1e05a",9.5,{"name":94,"color":95,"percentage":96},"SCSS","#c6538c",0.8,{"name":98,"color":99,"percentage":100},"Dockerfile","#384d54",0.2,{"name":102,"color":103,"percentage":104},"HTML","#e34c26",0.1,{"name":106,"color":107,"percentage":104},"HCL","#844FBA",{"name":109,"color":110,"percentage":111},"CSS","#663399",0,{"name":113,"color":114,"percentage":111},"Shell","#89e051",999,139,"2026-04-13T07:54:37","MIT","Linux","非必需。支持带有 GPU 的硬件(如 NVIDIA Jetson),但未指定具体型号、显存或 CUDA 版本要求。","未说明(文档仅提及“低内存占用”)",{"notes":123,"python":124,"dependencies":125},"1. 核心架构:该工具是使用 Go 语言编写的代理,前端使用 React,不以 Python 环境运行。\n2. 硬件架构:支持多种架构,包括 ARMv6, ARMv7, ARM64, AMD64(适用于 Raspberry Pi, NVIDIA Jetson, Intel NUC, VM, 裸机或 Kubernetes 集群)。\n3. 摄像头要求:必须拥有支持 RTSP H.264 或 H.265 编码流的 IP 摄像头;或者通过侧车容器(side car container)将 USB\u002FRaspberry Pi 摄像头转换为 RTSP 流。\n4. 部署方式:推荐通过 Docker, Balena, Snap, Kubernetes, Ansible, Terraform 等方式部署。\n5. 音频编码:如需双向音频对讲,摄像头需支持 PCM ULAW 编解码器。","不适用 (该工具主要基于 Go 和 React 开发,提供二进制文件或容器镜像)",[126,127],"Docker (可选,用于容器化部署)","RTSP 流 (H.264\u002FH.265)",[16],[130,131,132,133,134,135,136,137],"videosurveillance","golang","react","ipcamera","video-surveillance","motiondetection","motiondetector","docker","2026-03-27T02:49:30.150509","2026-04-13T22:51:00.063882",[141,146,151,156,161,165],{"id":142,"question_zh":143,"answer_zh":144,"source_url":145},32026,"Docker 容器启动时报错\"permission denied\"无法创建文件(如 .data\u002Fsnapshots\u002F.test)怎么办?","这通常是因为 Docker 挂载卷的权限问题。请按照以下步骤解决:\n1. 创建配置挂载点:\n mkdir [camera] [camera]\u002Fconfig\n wget https:\u002F\u002Fraw.githubusercontent.com\u002Fkerberos-io\u002Fagent\u002Fmaster\u002Fmachinery\u002Fdata\u002Fconfig\u002Fconfig.json -O [camera]\u002Fconfig\n sudo chown [运行 docker 的用户]:[组] [docker-compose.yml 所在目录] -R\n sudo chmod 777 [docker-compose.yml 所在目录] -R\n2. 创建媒体挂载点:\n mkdir [媒体位置]\u002F[camera] [媒体位置]\u002F[camera]\u002Frecordings [媒体位置]\u002F[camera]\u002Fsnapshots\n sudo chown [运行 docker 的用户]:[组] [媒体位置] -R\n sudo chmod 777 [媒体位置]\u002F[camera] -R\n3. 在 docker-compose.yml 的 volumes 部分使用正确的目标路径,例如:\n volumes:\n - [docker-compose.yml 位置]\u002F[camera]\u002Fconfig:\u002Fhome\u002Fagent\u002Fdata\u002Fconfig:rw","https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F62",{"id":147,"question_zh":148,"answer_zh":149,"source_url":150},32027,"访问 Dashboard 页面导致 Firefox 或 Safari 浏览器卡死无响应,如何解决?","这个问题通常是由使用了不支持的编解码器(特别是 H.265)引起的。维护者已发布修复程序来解除对不支持编解码器的阻塞。请尝试更新到最新的 Docker 镜像(latest 标签):\ndocker pull kerberos\u002Fagent:latest\n如果使用的是 Reolink RLC-520 等特定摄像头,请尝试保留默认的分辨率设置,因为更改分辨率可能会导致 H.265 流无效从而引起浏览器挂起。","https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F99",{"id":152,"question_zh":153,"answer_zh":154,"source_url":155},32028,"启用“连续录制”(Continuous recording)功能时容器崩溃并报错\"nil pointer dereference\"怎么办?","该问题已在后续版本中修复。此外,如果您在使用 Traefik 配合 Lets Encrypt 进行 TLS 配置时遇到问题,请确保您的 DNS 记录有效并指向 Docker 主机 IP 地址。以下是一个可用的 Traefik 配置示例:\ncommand:\n - \"--certificatesresolvers.leresolver.acme.email=email.name@domain.tld\"\n - \"--certificatesresolvers.leresolver.acme.storage=\u002Fletsencrypt\u002Facme.json\"\n - \"--certificatesresolvers.leresolver.acme.tlschallenge=true\"\nports:\n - '80:80'\n - '443:443'\nvolumes:\n - \u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock\n - .\u002Fletsencrypt:\u002Fletsencrypt\n如果问题依旧,建议检查是否使用了正确的 agent-dev 或最新稳定版镜像。","https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F44",{"id":157,"question_zh":158,"answer_zh":159,"source_url":160},32029,"Docker 镜像无法连接到 Kerberos Hub,报错\"Something went wrong while verifying Kerberos Hub\"是什么原因?","首先排除网络连通性问题(如在容器内使用 wget 测试 API 地址)。如果网络正常但仍报错,可能是您使用的 Docker 镜像版本过旧或存在临时性服务端问题。有用户反馈在测试了维护者推送到 Docker Hub 的最新镜像后,Kerberos Hub 设置成功验证并解决了连接问题。请尝试拉取最新镜像:\ndocker pull kerberos\u002Fagent:latest\n然后重启容器。如果问题持续,请检查您的 License Key 是否正确配置。","https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fissues\u002F101",{"id":162,"question_zh":163,"answer_zh":164,"source_url":145},32030,"如何在 Docker Compose 中正确配置 Kerberos Agent 的环境变量和挂载卷?","在 docker-compose.yml 中,您需要正确映射配置和数据目录,并设置必要的环境变量。关键配置如下:\n1. 环境变量示例:\n environment:\n AGENT_NAME: \"camera-name\"\n AGENT_CAPTURE_IPCAMERA_RTSP: \"rtsp:\u002F\u002Fuser:pass@ip:port\u002Fstream\"\n AGENT_TIMEZONE: \"America\u002FEdmonton\"\n AGENT_AUTO_CLEAN: \"true\"\n2. 挂载卷配置(确保宿主机目录权限正确,参考权限问题 FAQ):\n volumes:\n - .\u002Fagent\u002Fconfig:\u002Fhome\u002Fagent\u002Fdata\u002Fconfig\n - .\u002Fagent\u002Frecordings:\u002Fhome\u002Fagent\u002Fdata\u002Frecordings\n - .\u002Fagent\u002Fsnapshots:\u002Fhome\u002Fagent\u002Fdata\u002Fsnapshots\n3. 端口映射:\n ports:\n - '8080:8080'\n确保宿主机上的目录已预先创建并赋予了 Docker 运行用户读写权限。",{"id":166,"question_zh":167,"answer_zh":168,"source_url":150},32031,"Kerberos Agent 支持哪些视频编解码器?遇到 H.265 流导致的问题如何处理?","Kerberos Agent 主要支持 H.264 编解码器。早期版本在遇到 H.265 流时可能导致 Web 界面卡死。维护者已在新版本中添加了处理机制,当检测到不支持的编解码器(如 H.265)时会阻止其导致页面挂起。\n解决方案:\n1. 升级 Agent 到最新版本(latest)。\n2. 如果可能,在摄像头设置中将主码流或子码流改为 H.264 格式。\n3. 对于某些摄像头(如 Reolink),保持默认分辨率设置可能避免生成无效的 H.265 流。",[170,175,180,185,190,195,200,205,210,215,220,225,230,235,240,245,250,255,260,265],{"id":171,"version":172,"summary_zh":173,"released_at":174},239242,"v3.6.19","## 变更内容\n* 功能:并发 WebRTC,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F262 中实现\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.18...v3.6.19","2026-03-09T20:40:32",{"id":176,"version":177,"summary_zh":178,"released_at":179},239243,"v3.6.18","## 变更内容\n* 功能:添加 WebRTC AAC 转码器,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F261 中实现。\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.17...v3.6.18","2026-03-09T16:46:38",{"id":181,"version":182,"summary_zh":183,"released_at":184},239244,"v3.6.17","## 变更内容\n* 修复\u002F设置干净状态,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F260 中完成\n\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.16...v3.6.17","2026-03-09T15:56:57",{"id":186,"version":187,"summary_zh":188,"released_at":189},239245,"v3.6.16","## 变更内容\n* 功能:添加广播功能,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F259 中实现\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.15...v3.6.16","2026-03-09T15:21:07",{"id":191,"version":192,"summary_zh":193,"released_at":194},239246,"v3.6.15","## 变更内容\n* 修复\u002F添加宽限期,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F258 中完成\n\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.14...v3.6.15","2026-03-09T14:21:11",{"id":196,"version":197,"summary_zh":198,"released_at":199},239247,"v3.6.14","## 变更内容\n* security\u002Fmiddleware-exposure 由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F257 中提交\n\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.13...v3.6.14","2026-03-09T13:25:59",{"id":201,"version":202,"summary_zh":203,"released_at":204},239248,"v3.6.13","## 变更内容\n* 修复\u002FMQTT 重连,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F253 中完成\n* 功能\u002F提升 MQTT 并发性,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F255 中完成\n\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.12...v3.6.13","2026-03-09T12:25:46",{"id":206,"version":207,"summary_zh":208,"released_at":209},239249,"v3.6.12","## 变更内容\n* 修复\u002F在开始后关闭 MP4 文件,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F252 中完成\n\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.11...v3.6.12","2026-03-03T14:21:36",{"id":211,"version":212,"summary_zh":213,"released_at":214},239250,"v3.6.11","## 变更内容\n* 修复\u002F添加 AVC 描述回退,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F250 中完成\n\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.10...v3.6.11","2026-02-27T10:49:03",{"id":216,"version":217,"summary_zh":218,"released_at":219},239251,"v3.6.10","## 变更内容\n* 功能\u002F增强:avc-hevc-ssp-nalus,由 @cedricve 在 https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F249 中实现\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.9...v3.6.10","2026-02-27T10:12:48",{"id":221,"version":222,"summary_zh":223,"released_at":224},239252,"v3.6.9","## What's Changed\r\n* fix\u002Fsanitize-parameter-sets by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F248\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.8...v3.6.9","2026-02-26T19:51:15",{"id":226,"version":227,"summary_zh":228,"released_at":229},239253,"v3.6.8","## What's Changed\r\n* fix\u002Fensure-stsd by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F247\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.7...v3.6.8","2026-02-26T16:14:11",{"id":231,"version":232,"summary_zh":233,"released_at":234},239254,"v3.6.7","## What's Changed\r\n* feature\u002Fadd-issue-generator-workflow by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F240\r\n* fix\u002Fupdate-workflows-for-nightly-build by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F241\r\n* fix\u002Fupdate-workflows-for-nightly-build by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F242\r\n* fix\u002Fhandle-sps-pps-unknown-state by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F246\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.6...v3.6.7","2026-02-26T15:25:16",{"id":236,"version":237,"summary_zh":238,"released_at":239},239255,"v3.6.6","## What's Changed\r\n* feature\u002Ffix-quicktime-duration by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F237\r\n* fix\u002Fdocker-build-release-action by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F238\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.5...v3.6.6","2026-02-13T21:18:03",{"id":241,"version":242,"summary_zh":243,"released_at":244},239256,"v3.6.5","## What's Changed\r\n* fix\u002Fdebugging-lost-keyframes by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F236\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.4...v3.6.5","2026-02-11T15:51:45",{"id":246,"version":247,"summary_zh":248,"released_at":249},239257,"v3.6.4","## What's Changed\r\n* fix\u002Fdebugging-lost-keyframes by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F235\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.3...v3.6.4","2026-02-11T15:16:24",{"id":251,"version":252,"summary_zh":253,"released_at":254},239258,"v3.6.3","## What's Changed\r\n* fix\u002Ffps-gop-size by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F232\r\n* fix\u002Ffps-gop-size by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F234\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.2...v3.6.3","2026-02-11T14:06:02",{"id":256,"version":257,"summary_zh":258,"released_at":259},239259,"v3.6.2","## What's Changed\r\n* feature\u002Fimprove-keyframe-interval by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F231\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.1...v3.6.2","2026-02-11T11:28:57",{"id":261,"version":262,"summary_zh":263,"released_at":264},239260,"v3.6.1","## What's Changed\r\n* feature\u002Fimprove-video-format by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F229 and https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F230\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.6.0...v3.6.1","2026-02-10T16:25:53",{"id":266,"version":267,"summary_zh":268,"released_at":269},239261,"v3.6.0","## What's Changed\r\n* fix\u002Frelease-process by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F219\r\n* feature\u002Fimprove-webrtc-tracing by @cedricve in https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fpull\u002F228\r\n\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fkerberos-io\u002Fagent\u002Fcompare\u002Fv3.5.6...v3.6.0","2026-01-23T14:23:25"]