Quick install (one-liner)
This is the recommended path: one command provisions Docker, clones the source, generates a
.env with strong random secrets, builds and starts the whole stack, and issues a TLS
certificate. See Requirements first — the script gates hard on
Ubuntu 24.04/26.04 LTS x86_64.
The one-liner
Section titled “The one-liner”curl -fsSL https://www.streamhub.studio/install.sh | sudo bashPrompts for your domain (blank = localhost test mode), a Let’s Encrypt email, and
an admin username (default admin) — everything else, including the admin password, is
generated for you.
curl -fsSL https://www.streamhub.studio/install.sh | sudo bash -s -- \ --non-interactive \ --domain media.example.com \ --email admin@example.com \ --admin-pass 'S3cret!' \ --smtp-host mail.example.com --smtp-port 587 \ --smtp-user no-reply@example.com --smtp-pass 'smtp-secret' \ --superadmin-email info@example.comEvery flag has a STREAMHUB_* environment-variable twin, so this also runs unattended from
cloud-init or CI with no flags at all — just exported env vars. On a non-TTY run the final
summary redacts secrets (cloud-init/CI persist stdout) and points at
/opt/streamhub/.env instead.
| sudo sh also works — under a POSIX sh the script re-execs itself under bash before doing
anything else. Run --help for the full flag list.
Key flags
Section titled “Key flags”| Flag | Env twin | Meaning |
|---|---|---|
--domain <fqdn> |
STREAMHUB_DOMAIN |
Public domain (DNS A record must point here). Empty/localhost = local test mode. |
--email <email> |
ACME_EMAIL |
Let’s Encrypt / ACME + admin contact email. |
--admin-user <u> |
ADMIN_USER |
Break-glass dashboard user (default admin). |
--admin-pass <p> |
ADMIN_PASS |
Break-glass dashboard password (default: generated). |
--superadmin-email <e> |
STREAMHUB_SUPERADMIN_EMAIL |
Email whose magic-link login becomes superadmin. |
--smtp-host/-port/-user/-pass/-from |
STREAMHUB_SMTP_* |
SMTP for magic-link/invite/reset emails (optional but recommended). |
--proxy nginx|caddy |
STREAMHUB_PROXY |
TLS/reverse proxy: nginx+certbot (default) or the Compose Caddy service (auto-TLS, no host packages). |
--no-tls |
STREAMHUB_NO_TLS |
Skip certbot (e.g. behind your own proxy/LB). |
--cluster-redis-bind <ip> |
STREAMHUB_CLUSTER_REDIS_BIND |
Prepare this node as a cluster origin — also binds redis on a private address with a generated password, for edges to join later. See Join a cluster. |
--dir <path> |
STREAMHUB_DIR |
Install directory (default /opt/streamhub). |
--non-interactive |
STREAMHUB_NON_INTERACTIVE=1 |
Never prompt; missing values fall back to generated/defaults. |
--dry-run |
— | Validate OS/ports/flags and print the plan; changes nothing. |
Join-mode flags (--join, --master-token, --master-ip, --master-url, --node-name,
--region) are covered in Join a cluster.
What it provisions, in order
Section titled “What it provisions, in order”- Gate — root, Ubuntu 24.04/26.04 x64, and a port preflight (80, 443, 1935, 3020, 6379, 7880, 7881, 8080/tcp + 7882/udp — ports already held by a previous StreamHub run are fine, any other owner aborts the install).
- Dependencies (idempotent) — Docker + the Compose plugin via
get.docker.com; for the default--proxy nginx, alsonginx+certbot/python3-certbot-nginx. Raises the kernel UDP buffer if it’s below 16 MB. Ifufwis active, allows the public ports. - Repo →
/opt/streamhub(or--dir);git cloneon a fresh install,git pullon a re-run. .env— generated with strong random secrets: LiveKit API key/secret, JWT secret, thesk_API token, themtk_metrics token, theclt_cluster token, and the admin password. Existing values are never overwritten.- Stack —
docker compose up -d --buildforredis livekit ingress egress core(pluscaddyonly with--proxy caddy). Waits for/api/v1/health, then seeds thesk_API token into the database. - TLS — writes the nginx server block (
/rtc→ LiveKit,/→ core) and runscertbot --nginx --redirect(skipped forlocalhostinstalls,--no-tls, or when a cert already exists; renewal runs viacertbot.timer). - Summary — prints the dashboard URL + credentials, the
sk_token, the RTMP/WHIP/HLS endpoints, and a ready-made join one-liner (with the cluster token) for adding edge nodes.
Re-run / idempotency
Section titled “Re-run / idempotency”The installer is safe to run again at any time — that’s how you update:
curl -fsSL https://www.streamhub.studio/install.sh | sudo bash- Flags and env vars update their
.envkeys. - Generated secrets are never rotated by a re-run — your LiveKit keys, JWT secret, and API token stay stable across updates.
- It pulls the latest code, rebuilds the image, and restarts the stack.
Private-repo tarball fallback
Section titled “Private-repo tarball fallback”install.sh tries git clone first (GIT_TERMINAL_PROMPT=0, so a private repo without
credentials fails fast rather than hanging on a prompt). If that fails, it falls back to a
source tarball hosted alongside the script:
https://www.streamhub.studio/streamhub-src.tar.gz (built with git archive HEAD — tracked
files only, never secrets). This keeps the one-liner working even while the product repository is
private. Override either source with STREAMHUB_REPO_URL / STREAMHUB_SRC_URL.
cd /opt/streamhubdocker compose logs -f core # tail logsdocker compose down # stopcurl -fsSL https://www.streamhub.studio/install.sh | sudo bash # re-run = update + restart