Add example of single pcie coral (#12446)

* Update object_detectors.md

* Update docs/docs/configuration/object_detectors.md

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

---------

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

.devcontainer/devcontainer.json

@@ -10,9 +10,9 @@
   "features": {
     "ghcr.io/devcontainers/features/common-utils:1": {}
   },
-  "forwardPorts": [8080, 5000, 5001, 5173, 8554, 8555],
+  "forwardPorts": [8971, 5000, 5001, 5173, 8554, 8555],
   "portsAttributes": {
-    "8080": {
+    "8971": {
       "label": "External NGINX",
       "onAutoForward": "silent"
     },

.github/DISCUSSION_TEMPLATE/bug-report.yml

@@ -0,0 +1,83 @@
+title: "[Bug]: "
+labels: ["bug", "triage"]
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the problem you are having
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: Visible on the System page in the Web UI
+    validations:
+      required: true
+  - type: textarea
+    id: config
+    attributes:
+      label: Frigate config file
+      description: This will be automatically formatted into code, so no need for backticks.
+      render: yaml
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
+    validations:
+      required: true
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating system
+      options:
+        - HassOS
+        - Debian
+        - Other Linux
+        - Proxmox
+        - UNRAID
+        - Windows
+        - Other
+    validations:
+      required: true
+  - type: dropdown
+    id: install-method
+    attributes:
+      label: Install method
+      options:
+        - HassOS Addon
+        - Docker Compose
+        - Docker CLI
+    validations:
+      required: true
+  - type: dropdown
+    id: network
+    attributes:
+      label: Network connection
+      options:
+        - Wired
+        - Wireless
+        - Mixed
+    validations:
+      required: true
+  - type: input
+    id: camera
+    attributes:
+      label: Camera make and model
+      description: Dahua, hikvision, amcrest, reolink, etc and model number
+    validations:
+      required: true
+  - type: textarea
+    id: other
+    attributes:
+      label: Any other information that may be helpful

.github/DISCUSSION_TEMPLATE/camera-support.yml

@@ -69,14 +69,14 @@ body:
     validations:
       required: true
   - type: dropdown
-    id: coral
+    id: object-detector
     attributes:
-      label: Coral version
+      label: Object Detector
       options:
-        - USB
-        - PCIe
-        - M.2
-        - Dev Board
+        - Coral
+        - OpenVino
+        - TensorRT
+        - RKNN
         - Other
         - CPU (no coral)
     validations:

.github/DISCUSSION_TEMPLATE/config-support.yml

@@ -61,14 +61,14 @@ body:
     validations:
       required: true
   - type: dropdown
-    id: coral
+    id: object-detector
     attributes:
-      label: Coral version
+      label: Object Detector
       options:
-        - USB
-        - PCIe
-        - M.2
-        - Dev Board
+        - Coral
+        - OpenVino
+        - TensorRT
+        - RKNN
         - Other
         - CPU (no coral)
     validations:

.github/DISCUSSION_TEMPLATE/detector-support.yml

@@ -63,14 +63,14 @@ body:
     validations:
       required: true
   - type: dropdown
-    id: coral
+    id: object-detector
     attributes:
-      label: Coral version
+      label: Object Detector
       options:
-        - USB
-        - PCIe
-        - M.2
-        - Dev Board
+        - Coral
+        - OpenVino
+        - TensorRT
+        - RKNN
         - Other
         - CPU (no coral)
     validations:

.github/DISCUSSION_TEMPLATE/general-support.yml

@@ -69,14 +69,14 @@ body:
     validations:
       required: true
   - type: dropdown
-    id: coral
+    id: object-detector
     attributes:
-      label: Coral version
+      label: Object Detector
       options:
-        - USB
-        - PCIe
-        - M.2
-        - Dev Board
+        - Coral
+        - OpenVino
+        - TensorRT
+        - RKNN
         - Other
         - CPU (no coral)
     validations:

.github/FUNDING.yml

@@ -1,3 +1,4 @@
 github:
   - blakeblackshear
   - NickM-27
+  - hawkeye217

.github/ISSUE_TEMPLATE/config.yml

@@ -2,4 +2,7 @@ blank_issues_enabled: false
 contact_links:
   - name: Frigate Support
     url: https://github.com/blakeblackshear/frigate/discussions/new/choose
-    about: Get support for setting up or troubelshooting Frigate.
+    about: Get support for setting up or troubleshooting Frigate.
+  - name: Frigate Bug Report
+    url: https://github.com/blakeblackshear/frigate/discussions/new/choose
+    about: Report a specific UI or backend bug.

.github/workflows/ci.yml

@@ -220,7 +220,7 @@ jobs:
         with:
           string: ${{ github.repository }}
       - name: Log in to the Container registry
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
         with:
           string: ${{ github.repository }}
       - name: Log in to the Container registry
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -24,14 +24,24 @@ jobs:
       - name: Create tag variables
         run: |
           BRANCH=$([[ "${{ github.ref_name }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && echo "master" || echo "dev")
+          echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
           echo "BASE=ghcr.io/${{ steps.lowercaseRepo.outputs.lowercase }}" >> $GITHUB_ENV
           echo "BUILD_TAG=${BRANCH}-${GITHUB_SHA::7}" >> $GITHUB_ENV
           echo "CLEAN_VERSION=$(echo ${GITHUB_REF##*/} | tr '[:upper:]' '[:lower:]' | sed 's/^[v]//')" >> $GITHUB_ENV
       - name: Tag and push the main image
         run: |
           VERSION_TAG=${BASE}:${CLEAN_VERSION}
+          STABLE_TAG=${BASE}:stable
           PULL_TAG=${BASE}:${BUILD_TAG}
           docker run --rm -v $HOME/.docker/config.json:/config.json quay.io/skopeo/stable:latest copy --authfile /config.json --multi-arch all docker://${PULL_TAG} docker://${VERSION_TAG}
           for variant in standard-arm64 tensorrt tensorrt-jp4 tensorrt-jp5 rk; do
             docker run --rm -v $HOME/.docker/config.json:/config.json quay.io/skopeo/stable:latest copy --authfile /config.json --multi-arch all docker://${PULL_TAG}-${variant} docker://${VERSION_TAG}-${variant}
           done
+
+          # stable tag
+          if [[ "${BRANCH}" == "master" ]]; then
+            docker run --rm -v $HOME/.docker/config.json:/config.json quay.io/skopeo/stable:latest copy --authfile /config.json --multi-arch all docker://${PULL_TAG} docker://${STABLE_TAG}
+            for variant in standard-arm64 tensorrt tensorrt-jp4 tensorrt-jp5 rk; do
+              docker run --rm -v $HOME/.docker/config.json:/config.json quay.io/skopeo/stable:latest copy --authfile /config.json --multi-arch all docker://${PULL_TAG}-${variant} docker://${STABLE_TAG}-${variant}
+            done
+          fi

.gitignore

@@ -16,4 +16,5 @@ web/node_modules
 web/coverage
 core
 !/web/**/*.ts
-.idea/*
+.idea/*
+.ipynb_checkpoints

README.md

@@ -29,18 +29,22 @@ If you would like to make a donation to support development, please use [Github
 
 ## Screenshots
 
-Integration into Home Assistant
-
+### Live dashboard
 <div>
-<a href="docs/static/img/media_browser.png"><img src="docs/static/img/media_browser.png" height=400></a>
-<a href="docs/static/img/notification.png"><img src="docs/static/img/notification.png" height=400></a>
+<img width="800" alt="Live dashboard" src="https://github.com/blakeblackshear/frigate/assets/569905/5e713cb9-9db5-41dc-947a-6937c3bc376e">
 </div>
 
-Also comes with a builtin UI:
-
+### Streamlined review workflow
 <div>
-<a href="docs/static/img/home-ui.png"><img src="docs/static/img/home-ui.png" height=400></a>
-<a href="docs/static/img/camera-ui.png"><img src="docs/static/img/camera-ui.png" height=400></a>
+<img width="800" alt="Streamlined review workflow" src="https://github.com/blakeblackshear/frigate/assets/569905/6fed96e8-3b18-40e5-9ddc-31e6f3c9f2ff">
 </div>
 
-![Events](docs/static/img/events-ui.png)
+### Multi-camera scrubbing
+<div>
+<img width="800" alt="Multi-camera scrubbing" src="https://github.com/blakeblackshear/frigate/assets/569905/d6788a15-0eeb-4427-a8d4-80b93cae3d74">
+</div>
+
+### Built-in mask and zone editor
+<div>
+<img width="800" alt="Multi-camera scrubbing" src="https://github.com/blakeblackshear/frigate/assets/569905/d7885fc3-bfe6-452f-b7d0-d957cb3e31f5">
+</div>

docker/main/Dockerfile

@@ -35,13 +35,16 @@ ARG TARGETARCH
 WORKDIR /rootfs/usr/local/go2rtc/bin
 ADD --link --chmod=755 "https://github.com/AlexxIT/go2rtc/releases/download/v1.9.2/go2rtc_linux_${TARGETARCH}" go2rtc
 
+FROM wget AS tempio
+ARG TARGETARCH
+RUN --mount=type=bind,source=docker/main/install_tempio.sh,target=/deps/install_tempio.sh \
+    /deps/install_tempio.sh
 
 ####
 #
 # OpenVino Support
 #
 # 1. Download and convert a model from Intel's Public Open Model Zoo
-# 2. Build libUSB without udev to handle NCS2 enumeration
 #
 ####
 # Download and Convert OpenVino model
@@ -57,11 +60,18 @@ RUN apt-get -qq update \
     && pip install -r /requirements-ov.txt
 
 # Get OpenVino Model
-RUN mkdir /models \
-    && cd /models && omz_downloader --name ssdlite_mobilenet_v2 \
-    && cd /models && omz_converter --name ssdlite_mobilenet_v2 --precision FP16
-
+RUN --mount=type=bind,source=docker/main/build_ov_model.py,target=/build_ov_model.py \
+    mkdir /models && cd /models \
+    && wget http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz \
+    && tar -xvf ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz \
+    && python3 /build_ov_model.py
 
+####
+#
+# Coral Compatibility
+#
+# Builds libusb without udev. Needed for synology and other devices with USB coral
+####
 # libUSB - No Udev
 FROM wget as libusb-build
 ARG TARGETARCH
@@ -97,11 +107,12 @@ RUN wget -qO edgetpu_model.tflite https://github.com/google-coral/test_data/raw/
 RUN wget -qO cpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite
 COPY labelmap.txt .
 # Copy OpenVino model
-COPY --from=ov-converter /models/public/ssdlite_mobilenet_v2/FP16 openvino-model
+COPY --from=ov-converter /models/ssdlite_mobilenet_v2.xml openvino-model/
+COPY --from=ov-converter /models/ssdlite_mobilenet_v2.bin openvino-model/
 RUN wget -q https://github.com/openvinotoolkit/open_model_zoo/raw/master/data/dataset_classes/coco_91cl_bkgr.txt -O openvino-model/coco_91cl_bkgr.txt && \
     sed -i 's/truck/car/g' openvino-model/coco_91cl_bkgr.txt
 # Get Audio Model and labels
-RUN wget -qO cpu_audio_model.tflite https://tfhub.dev/google/lite-model/yamnet/classification/tflite/1?lite-format=tflite
+RUN wget -qO - https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download | tar xvz && mv 1.tflite cpu_audio_model.tflite
 COPY audio-labelmap.txt .
 
 
@@ -159,6 +170,7 @@ FROM scratch AS deps-rootfs
 COPY --from=nginx /usr/local/nginx/ /usr/local/nginx/
 COPY --from=go2rtc /rootfs/ /
 COPY --from=libusb-build /usr/local/lib /usr/local/lib
+COPY --from=tempio /rootfs/ /
 COPY --from=s6-overlay /rootfs/ /
 COPY --from=models /rootfs/ /
 COPY docker/main/rootfs/ /
@@ -176,7 +188,7 @@ ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
 ENV NVIDIA_VISIBLE_DEVICES=all
 ENV NVIDIA_DRIVER_CAPABILITIES="compute,video,utility"
 
-ENV PATH="/usr/lib/btbn-ffmpeg/bin:/usr/local/go2rtc/bin:/usr/local/nginx/sbin:${PATH}"
+ENV PATH="/usr/lib/btbn-ffmpeg/bin:/usr/local/go2rtc/bin:/usr/local/tempio/bin:/usr/local/nginx/sbin:${PATH}"
 
 # Install dependencies
 RUN --mount=type=bind,source=docker/main/install_deps.sh,target=/deps/install_deps.sh \

docker/main/build_ov_model.py

@@ -0,0 +1,11 @@
+import openvino as ov
+from openvino.tools import mo
+
+ov_model = mo.convert_model(
+    "/models/ssdlite_mobilenet_v2_coco_2018_05_09/frozen_inference_graph.pb",
+    compress_to_fp16=True,
+    transformations_config="/usr/local/lib/python3.9/dist-packages/openvino/tools/mo/front/tf/ssd_v2_support.json",
+    tensorflow_object_detection_api_pipeline_config="/models/ssdlite_mobilenet_v2_coco_2018_05_09/pipeline.config",
+    reverse_input_channels=True,
+)
+ov.save_model(ov_model, "/models/ssdlite_mobilenet_v2.xml")

docker/main/install_deps.sh

@@ -40,7 +40,7 @@ apt-get -qq install --no-install-recommends --no-install-suggests -y \
 # btbn-ffmpeg -> amd64
 if [[ "${TARGETARCH}" == "amd64" ]]; then
     mkdir -p /usr/lib/btbn-ffmpeg
-    wget -qO btbn-ffmpeg.tar.xz "https://github.com/BtbN/FFmpeg-Builds/releases/download/autobuild-2022-07-31-12-37/ffmpeg-n5.1-2-g915ef932a3-linux64-gpl-5.1.tar.xz"
+    wget -qO btbn-ffmpeg.tar.xz "https://github.com/NickM-27/FFmpeg-Builds/releases/download/autobuild-2022-07-31-12-37/ffmpeg-n5.1-2-g915ef932a3-linux64-gpl-5.1.tar.xz"
     tar -xf btbn-ffmpeg.tar.xz -C /usr/lib/btbn-ffmpeg --strip-components 1
     rm -rf btbn-ffmpeg.tar.xz /usr/lib/btbn-ffmpeg/doc /usr/lib/btbn-ffmpeg/bin/ffplay
 fi
@@ -48,7 +48,7 @@ fi
 # ffmpeg -> arm64
 if [[ "${TARGETARCH}" == "arm64" ]]; then
     mkdir -p /usr/lib/btbn-ffmpeg
-    wget -qO btbn-ffmpeg.tar.xz "https://github.com/BtbN/FFmpeg-Builds/releases/download/autobuild-2022-07-31-12-37/ffmpeg-n5.1-2-g915ef932a3-linuxarm64-gpl-5.1.tar.xz"
+    wget -qO btbn-ffmpeg.tar.xz "https://github.com/NickM-27/FFmpeg-Builds/releases/download/autobuild-2022-07-31-12-37/ffmpeg-n5.1-2-g915ef932a3-linuxarm64-gpl-5.1.tar.xz"
     tar -xf btbn-ffmpeg.tar.xz -C /usr/lib/btbn-ffmpeg --strip-components 1
     rm -rf btbn-ffmpeg.tar.xz /usr/lib/btbn-ffmpeg/doc /usr/lib/btbn-ffmpeg/bin/ffplay
 fi

docker/main/install_tempio.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+tempio_version="2021.09.0"
+
+if [[ "${TARGETARCH}" == "amd64" ]]; then
+    arch="amd64"
+elif [[ "${TARGETARCH}" == "arm64" ]]; then
+    arch="aarch64"
+fi
+
+mkdir -p /rootfs/usr/local/tempio/bin
+
+wget -q -O /rootfs/usr/local/tempio/bin/tempio "https://github.com/home-assistant/tempio/releases/download/${tempio_version}/tempio_${arch}"
+chmod 755 /rootfs/usr/local/tempio/bin/tempio

docker/main/requirements-ov.txt

@@ -1,5 +1,3 @@
 numpy
-# Openvino Library - Custom built with MYRIAD support
-openvino @ https://github.com/NateMeyer/openvino-wheels/releases/download/multi-arch_2022.3.1/openvino-2022.3.1-1-cp39-cp39-manylinux_2_31_x86_64.whl; platform_machine == 'x86_64'
-openvino @ https://github.com/NateMeyer/openvino-wheels/releases/download/multi-arch_2022.3.1/openvino-2022.3.1-1-cp39-cp39-linux_aarch64.whl; platform_machine == 'aarch64'
-openvino-dev[tensorflow2] @ https://github.com/NateMeyer/openvino-wheels/releases/download/multi-arch_2022.3.1/openvino_dev-2022.3.1-1-py3-none-any.whl
+tensorflow
+openvino-dev>=2024.0.0

docker/main/requirements-wheels.txt

@@ -2,9 +2,8 @@ click == 8.1.*
 Flask == 3.0.*
 Flask_Limiter == 3.7.*
 imutils == 0.5.*
-joserfc == 0.10.*
+joserfc == 0.11.*
 markupsafe == 2.1.*
-matplotlib == 3.8.*
 mypy == 1.6.1
 numpy == 1.26.*
 onvif_zeep == 0.2.12
@@ -29,7 +28,5 @@ norfair == 2.2.*
 setproctitle == 1.3.*
 ws4py == 0.5.*
 unidecode == 1.3.*
-onnxruntime == 1.16.*
-# Openvino Library - Custom built with MYRIAD support
-openvino @ https://github.com/NateMeyer/openvino-wheels/releases/download/multi-arch_2022.3.1/openvino-2022.3.1-1-cp39-cp39-manylinux_2_31_x86_64.whl; platform_machine == 'x86_64'
-openvino @ https://github.com/NateMeyer/openvino-wheels/releases/download/multi-arch_2022.3.1/openvino-2022.3.1-1-cp39-cp39-linux_aarch64.whl; platform_machine == 'aarch64'
+onnxruntime == 1.18.*
+openvino == 2024.1.*

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync-log/consumer-for

@@ -0,0 +1 @@
+certsync

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync-log/pipeline-name

@@ -0,0 +1 @@
+certsync-pipeline

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync-log/run

@@ -0,0 +1,4 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+exec logutil-service /dev/shm/logs/certsync

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync-log/type

@@ -0,0 +1 @@
+longrun

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/finish

@@ -0,0 +1,30 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+# Take down the S6 supervision tree when the service fails
+
+set -o errexit -o nounset -o pipefail
+
+# Logs should be sent to stdout so that s6 can collect them
+
+declare exit_code_container
+exit_code_container=$(cat /run/s6-linux-init-container-results/exitcode)
+readonly exit_code_container
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+readonly service="CERTSYNC"
+
+echo "[INFO] Service ${service} exited with code ${exit_code_service} (by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + exit_code_signal)) >/run/s6-linux-init-container-results/exitcode
+  fi
+  if [[ "${exit_code_signal}" -eq 15 ]]; then
+    exec /run/s6/basedir/bin/halt
+  fi
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" >/run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/producer-for

@@ -0,0 +1 @@
+certsync-log

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run

@@ -0,0 +1,58 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+# Start the CERTSYNC service
+
+set -o errexit -o nounset -o pipefail
+
+# Logs should be sent to stdout so that s6 can collect them
+
+echo "[INFO] Starting certsync..."
+
+lefile="/etc/letsencrypt/live/frigate/fullchain.pem"
+
+tls_enabled=`python3 /usr/local/nginx/get_tls_settings.py | jq -r .enabled`
+
+while true
+do
+    if [[ "$tls_enabled" == 'false' ]]; then
+        sleep 9999
+        continue
+    fi
+
+    if [ ! -e $lefile ]
+    then
+        echo "[ERROR] TLS certificate does not exist: $lefile"
+    fi
+
+    leprint=`openssl x509 -in $lefile -fingerprint -noout 2>&1 || echo 'failed'`
+
+    case "$leprint" in
+        *Fingerprint*)
+            ;;
+        *)
+            echo "[ERROR] Missing fingerprint from $lefile"
+            ;;
+    esac
+
+    liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:8971 2>&1 | openssl x509 -fingerprint 2>&1 | grep -i fingerprint  || echo 'failed'`
+
+    case "$liveprint" in
+        *Fingerprint*)
+            ;;
+        *)
+            echo "[ERROR] Missing fingerprint from current nginx TLS cert"
+            ;;
+    esac
+
+    if [[ "$leprint" != "failed" && "$liveprint" != "failed" && "$leprint" != "$liveprint" ]]
+    then
+        echo "[INFO] Reloading nginx to refresh TLS certificate"
+        echo "$lefile: $leprint"
+        /usr/local/nginx/sbin/nginx -s reload
+    fi
+
+    sleep 60
+
+done
+
+exit 0

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/timeout-kill

@@ -0,0 +1 @@
+30000

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/type

@@ -0,0 +1 @@
+longrun

docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run

@@ -16,8 +16,8 @@ function migrate_db_path() {
     if [[ -f "${config_file_yaml}" ]]; then
         config_file="${config_file_yaml}"
     elif [[ ! -f "${config_file}" ]]; then
-        echo "[ERROR] Frigate config file not found"
-        return 1
+        # Frigate will create the config file on startup
+        return 0
     fi
     unset config_file_yaml
 

docker/main/rootfs/etc/s6-overlay/s6-rc.d/log-prepare/run

@@ -4,7 +4,7 @@
 
 set -o errexit -o nounset -o pipefail
 
-dirs=(/dev/shm/logs/frigate /dev/shm/logs/go2rtc /dev/shm/logs/nginx)
+dirs=(/dev/shm/logs/frigate /dev/shm/logs/go2rtc /dev/shm/logs/nginx /dev/shm/logs/certsync)
 
 mkdir -p "${dirs[@]}"
 chown nobody:nogroup "${dirs[@]}"

docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/data/check

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -e
+
+# Wait for PID file to exist.
+while ! test -f /run/nginx.pid; do sleep 1; done

docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/notification-fd

@@ -0,0 +1 @@
+3

docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -8,6 +8,84 @@ set -o errexit -o nounset -o pipefail
 
 echo "[INFO] Starting NGINX..."
 
+# Taken from https://github.com/felipecrs/cgroup-scripts/commits/master/get_cpus.sh
+function get_cpus() {
+    local quota=""
+    local period=""
+
+    if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+        if [ -f /sys/fs/cgroup/cpu.max ]; then
+            read -r quota period </sys/fs/cgroup/cpu.max
+            if [ "$quota" = "max" ]; then
+                quota=""
+                period=""
+            fi
+        else
+            echo "[WARN] /sys/fs/cgroup/cpu.max not found. Falling back to /proc/cpuinfo." >&2
+        fi
+    else
+        if [ -f /sys/fs/cgroup/cpu/cpu.cfs_quota_us ] && [ -f /sys/fs/cgroup/cpu/cpu.cfs_period_us ]; then
+            quota=$(cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us)
+            period=$(cat /sys/fs/cgroup/cpu/cpu.cfs_period_us)
+
+            if [ "$quota" = "-1" ]; then
+                quota=""
+                period=""
+            fi
+        else
+            echo "[WARN] /sys/fs/cgroup/cpu/cpu.cfs_quota_us or /sys/fs/cgroup/cpu/cpu.cfs_period_us not found. Falling back to /proc/cpuinfo." >&2
+        fi
+    fi
+
+    local cpus
+    if [ -n "${quota}" ] && [ -n "${period}" ]; then
+        cpus=$((quota / period))
+        if [ "$cpus" -eq 0 ]; then
+            cpus=1
+        fi
+    else
+        cpus=$(grep -c ^processor /proc/cpuinfo)
+    fi
+
+    printf '%s' "$cpus"
+}
+
+function set_worker_processes() {
+    # Capture number of assigned CPUs to calculate worker processes
+    local cpus
+
+    cpus=$(get_cpus)
+    if [[ "${cpus}" -gt 4 ]]; then
+        cpus=4
+    fi
+
+    # we need to catch any errors because sed will fail if user has bind mounted a custom nginx file
+    sed -i "s/worker_processes auto;/worker_processes ${cpus};/" /usr/local/nginx/conf/nginx.conf || true
+}
+
+set_worker_processes
+
+# ensure the directory for ACME challenges exists
+mkdir -p /etc/letsencrypt/www
+
+# Create self signed certs if needed
+letsencrypt_path=/etc/letsencrypt/live/frigate
+mkdir -p $letsencrypt_path
+
+if [ ! \( -f "$letsencrypt_path/privkey.pem" -a -f "$letsencrypt_path/fullchain.pem" \) ]; then
+    echo "[INFO] No TLS certificate found. Generating a self signed certificate..."
+    openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
+        -subj "/O=FRIGATE DEFAULT CERT/CN=*" \
+        -keyout "$letsencrypt_path/privkey.pem" -out "$letsencrypt_path/fullchain.pem" 2>/dev/null
+fi
+
+# build templates for optional TLS support
+python3 /usr/local/nginx/get_tls_settings.py | \
+    tempio  -template /usr/local/nginx/templates/listen.gotmpl \
+            -out /usr/local/nginx/conf/listen.conf
+
 # Replace the bash process with the NGINX process, redirecting stderr to stdout
 exec 2>&1
-exec nginx
+exec \
+    s6-notifyoncheck -t 30000 -n 1 \
+    nginx

docker/main/rootfs/labelmap/coco-80.txt

@@ -0,0 +1,80 @@
+0  person
+1  bicycle
+2  car
+3  motorcycle
+4  airplane
+5  car
+6  train
+7  car
+8  boat
+9  traffic light
+10  fire hydrant
+11  stop sign
+12  parking meter
+13  bench
+14  bird
+15  cat
+16  dog
+17  horse
+18  sheep
+19  cow
+20  elephant
+21  bear
+22  zebra
+23  giraffe
+24  backpack
+25  umbrella
+26  handbag
+27  tie
+28  suitcase
+29  frisbee
+30  skis
+31  snowboard
+32  sports ball
+33  kite
+34  baseball bat
+35  baseball glove
+36  skateboard
+37  surfboard
+38  tennis racket
+39  bottle
+40  wine glass
+41  cup
+42  fork
+43  knife
+44  spoon
+45  bowl
+46  banana
+47  apple
+48  sandwich
+49  orange
+50  broccoli
+51  carrot
+52  hot dog
+53  pizza
+54  donut
+55  cake
+56  chair
+57  couch
+58  potted plant
+59  bed
+60  dining table
+61  toilet
+62  tv
+63  laptop
+64  mouse
+65  remote
+66  keyboard
+67  cell phone
+68  microwave
+69  oven
+70  toaster
+71  sink
+72  refrigerator
+73  book
+74  clock
+75  vase
+76  scissors
+77  teddy bear
+78  hair drier
+79  toothbrush

docker/main/rootfs/labelmap/coco.txt

@@ -0,0 +1,91 @@
+0  person
+1  bicycle
+2  car
+3  motorcycle
+4  airplane
+5  bus
+6  train
+7  car
+8  boat
+9  traffic light
+10  fire hydrant
+11  street sign
+12  stop sign
+13  parking meter
+14  bench
+15  bird
+16  cat
+17  dog
+18  horse
+19  sheep
+20  cow
+21  elephant
+22  bear
+23  zebra
+24  giraffe
+25  hat
+26  backpack
+27  umbrella
+28  shoe
+29  eye glasses
+30  handbag
+31  tie
+32  suitcase
+33  frisbee
+34  skis
+35  snowboard
+36  sports ball
+37  kite
+38  baseball bat
+39  baseball glove
+40  skateboard
+41  surfboard
+42  tennis racket
+43  bottle
+44  plate
+45  wine glass
+46  cup
+47  fork
+48  knife
+49  spoon
+50  bowl
+51  banana
+52  apple
+53  sandwich
+54  orange
+55  broccoli
+56  carrot
+57  hot dog
+58  pizza
+59  donut
+60  cake
+61  chair
+62  couch
+63  potted plant
+64  bed
+65  mirror
+66  dining table
+67  window
+68  desk
+69  toilet
+70  door
+71  tv
+72  laptop
+73  mouse
+74  remote
+75  keyboard
+76  cell phone
+77  microwave
+78  oven
+79  toaster
+80  sink
+81  refrigerator
+82  blender
+83  book
+84  clock
+85  vase
+86  scissors
+87  teddy bear
+88  hair drier
+89  toothbrush
+90  hair brush

docker/main/rootfs/usr/local/go2rtc/create_config.py

@@ -21,9 +21,9 @@ FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE
 if os.path.isdir("/run/secrets"):
     for secret_file in os.listdir("/run/secrets"):
         if secret_file.startswith("FRIGATE_"):
-            FRIGATE_ENV_VARS[secret_file] = Path(
-                os.path.join("/run/secrets", secret_file)
-            ).read_text()
+            FRIGATE_ENV_VARS[secret_file] = (
+                Path(os.path.join("/run/secrets", secret_file)).read_text().strip()
+            )
 
 config_file = os.environ.get("CONFIG_FILE", "/config/config.yml")
 

docker/main/rootfs/usr/local/nginx/conf/go2rtc_upstream.conf

@@ -0,0 +1,4 @@
+upstream go2rtc {
+    server 127.0.0.1:1984;
+    keepalive 1024;
+}

docker/main/rootfs/usr/local/nginx/conf/nginx.conf

@@ -56,16 +56,10 @@ http {
         keepalive 1024;
     }
 
-    upstream go2rtc {
-        server 127.0.0.1:1984;
-        keepalive 1024;
-    }
+    include go2rtc_upstream.conf;
 
     server {
-        # intended for external traffic, protected by auth
-        listen [::]:8080 ipv6only=off;
-        # intended for internal traffic, not protected by auth
-        listen [::]:5000 ipv6only=off;
+        include listen.conf;
 
         # vod settings
         vod_base_url '';
@@ -134,6 +128,8 @@ http {
                 image/jpeg jpg;
             }
 
+            expires 7d;
+            add_header Cache-Control "public";
             autoindex on;
             root /media/frigate;
         }

docker/main/rootfs/usr/local/nginx/conf/proxy_trusted_headers.conf

@@ -1,3 +1,6 @@
+# Header used to validate reverse proxy trust
+proxy_set_header X-Proxy-Secret $http_x_proxy_secret;
+
 # these headers will be copied to the /auth request and are available
 # to be mapped in the config to Frigate's remote-user header
 
@@ -19,4 +22,4 @@ proxy_set_header X-authentik-username $http_x_authentik_username;
 proxy_set_header X-authentik-groups $http_x_authentik_groups;
 proxy_set_header X-authentik-email $http_x_authentik_email;
 proxy_set_header X-authentik-name $http_x_authentik_name;
-proxy_set_header X-authentik-uid $http_x_authentik_uid;
+proxy_set_header X-authentik-uid $http_x_authentik_uid;

docker/main/rootfs/usr/local/nginx/get_tls_settings.py

@@ -0,0 +1,28 @@
+"""Prints the tls config as json to stdout."""
+
+import json
+import os
+
+import yaml
+
+config_file = os.environ.get("CONFIG_FILE", "/config/config.yml")
+
+# Check if we can use .yaml instead of .yml
+config_file_yaml = config_file.replace(".yml", ".yaml")
+if os.path.isfile(config_file_yaml):
+    config_file = config_file_yaml
+
+try:
+    with open(config_file) as f:
+        raw_config = f.read()
+
+    if config_file.endswith((".yaml", ".yml")):
+        config: dict[str, any] = yaml.safe_load(raw_config)
+    elif config_file.endswith(".json"):
+        config: dict[str, any] = json.loads(raw_config)
+except FileNotFoundError:
+    config: dict[str, any] = {}
+
+tls_config: dict[str, any] = config.get("tls", {"enabled": True})
+
+print(json.dumps(tls_config))

docker/main/rootfs/usr/local/nginx/templates/listen.gotmpl

@@ -0,0 +1,33 @@
+# intended for internal traffic, not protected by auth
+listen 5000;
+
+{{ if not .enabled }}
+# intended for external traffic, protected by auth
+listen 8971;
+{{ else }}
+# intended for external traffic, protected by auth
+listen 8971 ssl;
+
+ssl_certificate /etc/letsencrypt/live/frigate/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/frigate/privkey.pem;
+
+# generated 2024-06-01, Mozilla Guideline v5.7, nginx 1.25.3, OpenSSL 1.1.1w, modern configuration, no OCSP
+# https://ssl-config.mozilla.org/#server=nginx&version=1.25.3&config=modern&openssl=1.1.1w&ocsp=false&guideline=5.7
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+ssl_session_tickets off;
+
+# modern configuration
+ssl_protocols TLSv1.3;
+ssl_prefer_server_ciphers off;
+
+# HSTS (ngx_http_headers_module is required) (63072000 seconds)
+add_header Strict-Transport-Security "max-age=63072000" always;
+
+# ACME challenge location
+location /.well-known/acme-challenge/ {
+    default_type "text/plain";
+    root /etc/letsencrypt/www;
+}
+{{ end }}
+

docker/rockchip/Dockerfile

@@ -22,5 +22,5 @@ ADD https://github.com/MarcA711/rknn-toolkit2/releases/download/v2.0.0/librknnrt
 
 RUN rm -rf /usr/lib/btbn-ffmpeg/bin/ffmpeg
 RUN rm -rf /usr/lib/btbn-ffmpeg/bin/ffprobe
-ADD --chmod=111 https://github.com/MarcA711/Rockchip-FFmpeg-Builds/releases/download/6.1-3/ffmpeg /usr/lib/btbn-ffmpeg/bin/
-ADD --chmod=111 https://github.com/MarcA711/Rockchip-FFmpeg-Builds/releases/download/6.1-3/ffprobe /usr/lib/btbn-ffmpeg/bin/
+ADD --chmod=111 https://github.com/MarcA711/Rockchip-FFmpeg-Builds/releases/download/6.1-5/ffmpeg /usr/lib/btbn-ffmpeg/bin/
+ADD --chmod=111 https://github.com/MarcA711/Rockchip-FFmpeg-Builds/releases/download/6.1-5/ffprobe /usr/lib/btbn-ffmpeg/bin/

docs/docs/configuration/advanced.md

@@ -80,6 +80,14 @@ model:
   input_pixel_format: "bgr"
 ```
 
+#### `labelmap`
+
+:::warning
+
+If the labelmap is customized then the labels used for alerts will need to be adjusted as well. See [alert labels](../configuration/review.md#restricting-alerts-to-specific-labels) for more info.
+
+:::
+
 The labelmap can be customized to your needs. A common reason to do this is to combine multiple object types that are easily confused when you don't need to be as granular such as car/truck. By default, truck is renamed to car because they are often confused. You cannot add new object types, but you can change the names of existing objects in the model.
 
 ```yaml
@@ -106,7 +114,53 @@ Some labels have special handling and modifications can disable functionality.
 
 :::
 
-## Custom ffmpeg build
+## Network Configuration
+
+Changes to Frigate's internal network configuration can be made by bind mounting nginx.conf into the container. For example:
+
+```yaml
+services:
+  frigate:
+    container_name: frigate
+    ...
+    volumes:
+      ...
+      - /path/to/your/nginx.conf:/usr/local/nginx/conf/nginx.conf
+```
+
+### Enabling IPv6
+
+IPv6 is disabled by default, to enable IPv6 listen.gotmpl needs to be bind mounted with IPv6 enabled. For example:
+
+```
+{{ if not .enabled }}
+# intended for external traffic, protected by auth
+listen 8971;
+{{ else }}
+# intended for external traffic, protected by auth
+listen 8971 ssl;
+
+# intended for internal traffic, not protected by auth
+listen 5000;
+```
+
+becomes
+
+```
+{{ if not .enabled }}
+# intended for external traffic, protected by auth
+listen [::]:8971 ipv6only=off;
+{{ else }}
+# intended for external traffic, protected by auth
+listen [::]:8971 ipv6only=off ssl;
+
+# intended for internal traffic, not protected by auth
+listen [::]:5000 ipv6only=off;
+```
+
+## Custom Dependencies
+
+### Custom ffmpeg build
 
 Included with Frigate is a build of ffmpeg that works for the vast majority of users. However, there exists some hardware setups which have incompatibilities with the included build. In this case, a docker volume mapping can be used to overwrite the included ffmpeg build with an ffmpeg build that works for your specific hardware setup.
 
@@ -118,9 +172,9 @@ To do this:
 
 NOTE: The folder that is mapped from the host needs to be the folder that contains `/bin`. So if the full structure is `/home/appdata/frigate/custom-ffmpeg/bin/ffmpeg` then `/home/appdata/frigate/custom-ffmpeg` needs to be mapped to `/usr/lib/btbn-ffmpeg`.
 
-## Custom go2rtc version
+### Custom go2rtc version
 
-Frigate currently includes go2rtc v1.9.2, there may be certain cases where you want to run a different version of go2rtc.
+Frigate currently includes go2rtc v1.9.4, there may be certain cases where you want to run a different version of go2rtc.
 
 To do this:
 

docs/docs/configuration/authentication.md

@@ -5,30 +5,26 @@ title: Authentication
 
 # Authentication
 
-## Modes
-
-Frigate supports two modes for authentication
-
-| Mode     | Description                                                                                                                                                                     |
-| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `native` | (default) Use this mode if you don't implement authentication with a proxy in front of Frigate.                                                                                 |
-| `proxy`  | Use this mode if you have an existing proxy for authentication. Supports passing authenticated user downstream to Frigate for role-based authorization (future implementation). |
-
-### Native mode
-
 Frigate stores user information in its database. Password hashes are generated using industry standard PBKDF2-SHA256 with 600,000 iterations. Upon successful login, a JWT token is issued with an expiration date and set as a cookie. The cookie is refreshed as needed automatically. This JWT token can also be passed in the Authorization header as a bearer token.
 
 Users are managed in the UI under Settings > Users.
 
-#### Onboarding
+The following ports are available to access the Frigate web UI.
+
+| Port   | Description                                                                                                                                                                                                  |
+| ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `8971` | Authenticated UI and API. Reverse proxies should use this port.                                                                                                                                              |
+| `5000` | Internal unauthenticated UI and API access. Access to this port should be limited. Intended to be used within the docker network for services that integrate with Frigate and do not support authentication. |
+
+## Onboarding
 
 On startup, an admin user and password are generated and printed in the logs. It is recommended to set a new password for the admin account after logging in for the first time under Settings > Users.
 
-#### Resetting admin password
+## Resetting admin password
 
 In the event that you are locked out of your instance, you can tell Frigate to reset the admin password and print it in the logs on next startup using the `reset_admin_password` setting in your config file.
 
-#### Login failure rate limiting
+## Login failure rate limiting
 
 In order to limit the risk of brute force attacks, rate limiting is available for login failures. This is implemented with Flask-Limiter, and the string notation for valid values is available in [the documentation](https://flask-limiter.readthedocs.io/en/stable/configuration.html#rate-limit-string-notation).
 
@@ -46,22 +42,60 @@ If you are running a reverse proxy in the same docker compose file as Frigate, h
 
 ```yaml
 auth:
-  mode: native
   failed_login_rate_limit: "1/second;5/minute;20/hour"
   trusted_proxies:
     - 172.18.0.0/16 # <---- this is the subnet for the internal docker compose network
 ```
 
-### Proxy mode
+## JWT Token Secret
 
-Proxy mode is designed to complement common upstream authentication proxies such as Authelia, Authentik, oauth2_proxy, or traefik-forward-auth.
+The JWT token secret needs to be kept secure. Anyone with this secret can generate valid JWT tokens to authenticate with Frigate. This should be a cryptographically random string of at least 64 characters.
 
-#### Header mapping
+You can generate a token using the Python secret library with the following command:
 
-If your proxy supports passing a header with the authenticated username, you can use the `header_map` config to specify the header name so it is passed to Frigate. For example, the following will map the `X-Forwarded-User` value. Header names are not case sensitive.
+```shell
+python3 -c 'import secrets; print(secrets.token_hex(64))'
+```
+
+Frigate looks for a JWT token secret in the following order:
+
+1. An environment variable named `FRIGATE_JWT_SECRET`
+2. A docker secret named `FRIGATE_JWT_SECRET` in `/run/secrets/`
+3. A `jwt_secret` option from the Home Assistant Addon options
+4. A `.jwt_secret` file in the config directory
+
+If no secret is found on startup, Frigate generates one and stores it in a `.jwt_secret` file in the config directory.
+
+Changing the secret will invalidate current tokens.
+
+## Proxy configuration
+
+Frigate can be configured to leverage features of common upstream authentication proxies such as Authelia, Authentik, oauth2_proxy, or traefik-forward-auth.
+
+If you are leveraging the authentication of an upstream proxy, you likely want to disable Frigate's authentication. Optionally, if communication between the reverse proxy and Frigate is over an untrusted network, you should set an `auth_secret` in the `proxy` config and configure the proxy to send the secret value as a header named `X-Proxy-Secret`. Assuming this is an untrusted network, you will also want to [configure a real TLS certificate](tls.md) to ensure the traffic can't simply be sniffed to steal the secret.
+
+Here is an example of how to disable Frigate's authentication and also ensure the requests come only from your known proxy.
 
 ```yaml
 auth:
+  enabled: False
+
+proxy:
+  auth_secret: <some random long string>
+```
+
+You can use the following code to generate a random secret.
+
+```shell
+python3 -c 'import secrets; print(secrets.token_hex(64))'
+```
+
+### Header mapping
+
+If you have disabled Frigate's authentication and your proxy supports passing a header with the authenticated username, you can use the `header_map` config to specify the header name so it is passed to Frigate. For example, the following will map the `X-Forwarded-User` value. Header names are not case sensitive.
+
+```yaml
+proxy:
   ...
   header_map:
     user: x-forwarded-user
@@ -89,10 +123,10 @@ If you would like to add more options, you can overwrite the default file with a
 
 Future versions of Frigate may leverage group and role headers for authorization in Frigate as well.
 
-#### Login page redirection
+### Login page redirection
 
 Frigate gracefully performs login page redirection that should work with most authentication proxies. If your reverse proxy returns a `Location` header on `401`, `302`, or `307` unauthorized responses, Frigate's frontend will automatically detect it and redirect to that URL.
 
-#### Custom logout url
+### Custom logout url
 
 If your reverse proxy has a dedicated logout url, you can specify using the `logout_url` config option. This will update the link for the `Logout` link in the UI.

docs/docs/configuration/camera_specific.md

@@ -175,7 +175,7 @@ go2rtc:
       - rtspx://192.168.1.1:7441/abcdefghijk
 ```
 
-[See the go2rtc docs for more information](https://github.com/AlexxIT/go2rtc/tree/v1.9.2#source-rtsp)
+[See the go2rtc docs for more information](https://github.com/AlexxIT/go2rtc/tree/v1.9.4#source-rtsp)
 
 In the Unifi 2.0 update Unifi Protect Cameras had a change in audio sample rate which causes issues for ffmpeg. The input rate needs to be set for record if used directly with unifi protect.
 

docs/docs/configuration/cameras.md

@@ -79,7 +79,7 @@ This list of working and non-working PTZ cameras is based on user feedback.
 
 | Brand or specific camera | PTZ Controls | Autotracking | Notes                                                                                                                                           |
 | ------------------------ | :----------: | :----------: | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| Amcrest                  |      ✅      |      ✅      | ⛔️ Generally, Amcrest should work, but some older models (like the common IP2M-841) don't support auto tracking                                  |
+| Amcrest                  |      ✅      |      ✅      | ⛔️ Generally, Amcrest should work, but some older models (like the common IP2M-841) don't support autotracking                                 |
 | Amcrest ASH21            |      ❌      |      ❌      | No ONVIF support                                                                                                                                |
 | Ctronics PTZ             |      ✅      |      ❌      |                                                                                                                                                 |
 | Dahua                    |      ✅      |      ✅      |                                                                                                                                                 |
@@ -91,11 +91,7 @@ This list of working and non-working PTZ cameras is based on user feedback.
 | Reolink E1 Zoom          |      ✅      |      ❌      |                                                                                                                                                 |
 | Reolink RLC-823A 16x     |      ✅      |      ❌      |                                                                                                                                                 |
 | Sunba 405-D20X           |      ✅      |      ❌      |                                                                                                                                                 |
-| Tapo C200                |      ✅      |      ❌      | Incomplete ONVIF support                                                                                                                        |
-| Tapo C210                |      ✅      |      ❌      | Incomplete ONVIF support, ONVIF Service Port: 2020                                                                                              |
-| Tapo C220                |      ✅      |      ❌      | Incomplete ONVIF support, ONVIF Service Port: 2020                                                                                              |
-| Tapo C225                |      ✅      |      ❌      | Incomplete ONVIF support, ONVIF Service Port: 2020                                                                                              |
-| Tapo C520WS              |      ✅      |      ❌      | Incomplete ONVIF support, ONVIF Service Port: 2020                                                                                              |
+| Tapo                     |      ✅      |      ❌      | Many models supported, ONVIF Service Port: 2020                                                                                                 |
 | Uniview IPC672LR-AX4DUPK |      ✅      |      ❌      | Firmware says FOV relative movement is supported, but camera doesn't actually move when sending ONVIF commands                                  |
 | Vikylin PTZ-2804X-I2     |      ❌      |      ❌      | Incomplete ONVIF support                                                                                                                        |
 
@@ -115,6 +111,6 @@ camera_groups:
     cameras:
       - driveway_cam
       - garage_cam
-    icon: car
+    icon: LuCar
     order: 0
 ```

docs/docs/configuration/hardware_acceleration.md

@@ -13,7 +13,7 @@ Depending on your system, these parameters may not be compatible. More informati
 
 ## Raspberry Pi 3/4
 
-Ensure you increase the allocated RAM for your GPU to at least 128 (`raspi-config` > Performance Options > GPU Memory).  
+Ensure you increase the allocated RAM for your GPU to at least 128 (`raspi-config` > Performance Options > GPU Memory).
 If you are using the HA addon, you may need to use the full access variant and turn off `Protection mode` for hardware acceleration.
 
 ```yaml
@@ -67,7 +67,7 @@ Or map in all the `/dev/video*` devices.
 
 ### Via VAAPI
 
-VAAPI supports automatic profile selection so it will work automatically with both H.264 and H.265 streams. VAAPI is recommended for all generations of Intel-based CPUs if QSV does not work.
+VAAPI supports automatic profile selection so it will work automatically with both H.264 and H.265 streams. VAAPI is recommended for all generations of Intel-based CPUs.
 
 ```yaml
 ffmpeg:
@@ -82,7 +82,7 @@ With some of the processors, like the J4125, the default driver `iHD` doesn't se
 
 ### Via Quicksync (>=10th Generation only)
 
-QSV must be set specifically based on the video encoding of the stream.
+If VAAPI does not work for you, you can try QSV if your processor supports it. QSV must be set specifically based on the video encoding of the stream.
 
 #### H.264 streams
 
@@ -362,39 +362,11 @@ that NVDEC/NVDEC1 are in use.
 
 ## Rockchip platform
 
-Hardware accelerated video de-/encoding is supported on all Rockchip SoCs using [Nyanmisaka's FFmpeg Fork](https://github.com/nyanmisaka/ffmpeg-rockchip) based on [Rockchip's mpp library](https://github.com/rockchip-linux/mpp).
+Hardware accelerated video de-/encoding is supported on all Rockchip SoCs using [Nyanmisaka's FFmpeg 6.1 Fork](https://github.com/nyanmisaka/ffmpeg-rockchip) based on [Rockchip's mpp library](https://github.com/rockchip-linux/mpp).
 
 ### Prerequisites
 
-Make sure that you use a linux distribution that comes with the rockchip BSP kernel 5.10 or 6.1 and rkvdec2 driver. To check, enter the following commands:
-
-```
-$ uname -r
-5.10.xxx-rockchip # or 6.1.xxx; the -rockchip suffix is important
-$ ls /dev/dri
-by-path  card0  card1  renderD128  renderD129 # should list renderD128
-```
-
-I recommend [Joshua Riek's Ubuntu for Rockchip](https://github.com/Joshua-Riek/ubuntu-rockchip), if your board is supported.
-
-### Setup
-
-Follow Frigate's default installation instructions, but use a docker image with `-rk` suffix for example `ghcr.io/blakeblackshear/frigate:stable-rk`.
-
-Next, you need to grant docker permissions to access your hardware:
-- During the configuration process, you should run docker in privileged mode to avoid any errors due to insufficient permissions. To do so, add `privileged: true` to your `docker-compose.yml` file or the `--privileged` flag to your docker run command.
-- After everything works, you should only grant necessary permissions to increase security. Add the lines below to your `docker-compose.yml` file or the following options to your docker run command: `--security-opt systempaths=unconfined --security-opt apparmor=unconfined --device /dev/dri:/dev/dri --device /dev/dma_heap:/dev/dma_heap --device /dev/rga:/dev/rga --device /dev/mpp_service:/dev/mpp_service`:
-
-```yaml
-    security_opt:
-      - apparmor=unconfined
-      - systempaths=unconfined
-    devices:
-      - /dev/dri:/dev/dri
-      - /dev/dma_heap:/dev/dma_heap
-      - /dev/rga:/dev/rga
-      - /dev/mpp_service:/dev/mpp_service
-```
+Make sure to follow the [Rockchip specific installation instructions](/frigate/installation#rockchip-platform).
 
 ### Configuration
 

docs/docs/configuration/live.md

@@ -7,13 +7,15 @@ Frigate intelligently displays your camera streams on the Live view dashboard. Y
 
 ## Live View technologies
 
-Frigate intelligently uses three different streaming technologies to display your camera streams. The highest quality and fluency of the Live view requires the bundled `go2rtc` to be configured as shown in the [step by step guide](/guides/configuring_go2rtc).
+Frigate intelligently uses three different streaming technologies to display your camera streams on the dashboard and the single camera view, switching between available modes based on network bandwidth, player errors, or required features like two-way talk. The highest quality and fluency of the Live view requires the bundled `go2rtc` to be configured as shown in the [step by step guide](/guides/configuring_go2rtc).
 
-| Source | Latency | Frame Rate                            | Resolution     | Audio                        | Requires go2rtc | Other Limitations                                |
-| ------ | ------- | ------------------------------------- | -------------- | ---------------------------- | --------------- | ------------------------------------------------ |
-| jsmpeg | low     | same as `detect -> fps`, capped at 10 | same as detect | no                           | no              | none                                             |
-| mse    | low     | native                                | native         | yes (depends on audio codec) | yes             | iPhone requires iOS 17.1+, Firefox is h.264 only |
-| webrtc | lowest  | native                                | native         | yes (depends on audio codec) | yes             | requires extra config, doesn't support h.265     |
+The jsmpeg live view will use more browser and client GPU resources. Using go2rtc is highly recommended and will provide a superior experience.
+
+| Source | Latency | Frame Rate                            | Resolution | Audio                        | Requires go2rtc | Other Limitations                                                                    |
+| ------ | ------- | ------------------------------------- | ---------- | ---------------------------- | --------------- | ------------------------------------------------------------------------------------ |
+| jsmpeg | low     | same as `detect -> fps`, capped at 10 | 720p       | no                           | no              | resolution is configurable, but go2rtc is recommended if you want higher resolutions |
+| mse    | low     | native                                | native     | yes (depends on audio codec) | yes             | iPhone requires iOS 17.1+, Firefox is h.264 only                                     |
+| webrtc | lowest  | native                                | native     | yes (depends on audio codec) | yes             | requires extra config, doesn't support h.265                                         |
 
 ### Audio Support
 

docs/docs/configuration/masks.md

@@ -78,7 +78,7 @@ It is, but the definition of "unnecessary" varies. I want to ignore areas of mot
 
 > For me, giving my masks ANY padding results in a lot of people detection I'm not interested in. I live in the city and catch a lot of the sidewalk on my camera. People walk by my front door all the time and the margin between the sidewalk and actually walking onto my stoop is very thin, so I basically have everything but the exact contours of my stoop masked out. This results in very tidy detections but this info keeps throwing me off. Am I just overthinking it?
 
-This is what `required_zones` are for. You should define a zone (remember this is evaluated based on the bottom center of the bounding box) and make it required to save snapshots and clips (now events in 0.9.0). You can also use this in your conditions for a notification.
+This is what `required_zones` are for. You should define a zone (remember this is evaluated based on the bottom center of the bounding box) and make it required to save snapshots and clips (previously events in 0.9.0 to 0.13.0 and review items in 0.14.0 and later). You can also use this in your conditions for a notification.
 
 > Maybe my specific situation just warrants this. I've just been having a hard time understanding the relevance of this information - it seems to be that it's exactly what would be expected when "masking out" an area of ANY image.
 

docs/docs/configuration/object_detectors.md

@@ -81,6 +81,15 @@ detectors:
     device: ""
 ```
 
+### Single PCIE/M.2 Coral
+
+```yaml
+detectors:
+  coral:
+    type: edgetpu
+    device: pci
+```
+
 ### Multiple PCIE/M.2 Corals
 
 ```yaml
@@ -109,9 +118,13 @@ detectors:
 
 The OpenVINO detector type runs an OpenVINO IR model on AMD and Intel CPUs, Intel GPUs and Intel VPU hardware. To configure an OpenVINO detector, set the `"type"` attribute to `"openvino"`.
 
-The OpenVINO device to be used is specified using the `"device"` attribute according to the naming conventions in the [Device Documentation](https://docs.openvino.ai/latest/openvino_docs_OV_UG_Working_with_devices.html). Other supported devices could be `AUTO`, `CPU`, `GPU`, `MYRIAD`, etc. If not specified, the default OpenVINO device will be selected by the `AUTO` plugin.
+The OpenVINO device to be used is specified using the `"device"` attribute according to the naming conventions in the [Device Documentation](https://docs.openvino.ai/2024/openvino-workflow/running-inference/inference-devices-and-modes.html). The most common devices are `CPU` and `GPU`. Currently, there is a known issue with using `AUTO`. For backwards compatibility, Frigate will attempt to use `GPU` if `AUTO` is set in your configuration.
 
-OpenVINO is supported on 6th Gen Intel platforms (Skylake) and newer. It will also run on AMD CPUs despite having no official support for it. A supported Intel platform is required to use the `GPU` device with OpenVINO. The `MYRIAD` device may be run on any platform, including Arm devices. For detailed system requirements, see [OpenVINO System Requirements](https://www.intel.com/content/www/us/en/developer/tools/openvino-toolkit/system-requirements.html)
+OpenVINO is supported on 6th Gen Intel platforms (Skylake) and newer. It will also run on AMD CPUs despite having no official support for it. A supported Intel platform is required to use the `GPU` device with OpenVINO. For detailed system requirements, see [OpenVINO System Requirements](https://docs.openvino.ai/2024/about-openvino/release-notes-openvino/system-requirements.html)
+
+### Supported Models
+
+#### SSDLite MobileNet v2
 
 An OpenVINO model is provided in the container at `/openvino-model/ssdlite_mobilenet_v2.xml` and is used by this detector type by default. The model comes from Intel's Open Model Zoo [SSDLite MobileNet V2](https://github.com/openvinotoolkit/open_model_zoo/tree/master/models/public/ssdlite_mobilenet_v2) and is converted to an FP16 precision IR model. Use the model configuration shown below when using the OpenVINO detector with the default model.
 
@@ -119,66 +132,52 @@ An OpenVINO model is provided in the container at `/openvino-model/ssdlite_mobil
 detectors:
   ov:
     type: openvino
-    device: AUTO
-    model:
-      path: /openvino-model/ssdlite_mobilenet_v2.xml
+    device: GPU
 
 model:
   width: 300
   height: 300
   input_tensor: nhwc
   input_pixel_format: bgr
+  path: /openvino-model/ssdlite_mobilenet_v2.xml
   labelmap_path: /openvino-model/coco_91cl_bkgr.txt
 ```
 
-This detector also supports YOLOX. Other YOLO variants are not officially supported/tested. Frigate does not come with any yolo models preloaded, so you will need to supply your own models. This detector has been verified to work with the [yolox_tiny](https://github.com/openvinotoolkit/open_model_zoo/tree/master/models/public/yolox-tiny) model from Intel's Open Model Zoo. You can follow [these instructions](https://github.com/openvinotoolkit/open_model_zoo/tree/master/models/public/yolox-tiny#download-a-model-and-convert-it-into-openvino-ir-format) to retrieve the OpenVINO-compatible `yolox_tiny` model. Make sure that the model input dimensions match the `width` and `height` parameters, and `model_type` is set accordingly. See [Full Configuration Reference](/configuration/reference.md) for a list of possible `model_type` options. Below is an example of how `yolox_tiny` can be used in Frigate:
+#### YOLOX
+
+This detector also supports YOLOX. Frigate does not come with any YOLOX models preloaded, so you will need to supply your own models.
+
+#### YOLO-NAS
+
+[YOLO-NAS](https://github.com/Deci-AI/super-gradients/blob/master/YOLONAS.md) models are supported, but not included by default. You can build and download a compatible model with pre-trained weights using [this notebook](https://github.com/frigate/blob/dev/notebooks/YOLO_NAS_Pretrained_Export.ipynb) [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/blakeblackshear/frigate/blob/dev/notebooks/YOLO_NAS_Pretrained_Export.ipynb).
+
+:::warning
+
+The pre-trained YOLO-NAS weights from DeciAI are subject to their license and can't be used commercially. For more information, see: https://docs.deci.ai/super-gradients/latest/LICENSE.YOLONAS.html
+
+:::
+
+The input image size in this notebook is set to 320x320. This results in lower CPU usage and faster inference times without impacting performance in most cases due to the way Frigate crops video frames to areas of interest before running detection. The notebook and config can be updated to 640x640 if desired.
+
+After placing the downloaded onnx model in your config folder, you can use the following configuration:
 
 ```yaml
 detectors:
   ov:
     type: openvino
-    device: AUTO
-    model:
-      path: /path/to/yolox_tiny.xml
+    device: GPU
 
 model:
-  width: 416
-  height: 416
+  model_type: yolonas
+  width: 320 # <--- should match whatever was set in notebook
+  height: 320 # <--- should match whatever was set in notebook
   input_tensor: nchw
   input_pixel_format: bgr
-  model_type: yolox
-  labelmap_path: /path/to/coco_80cl.txt
+  path: /config/yolo_nas_s.onnx
+  labelmap_path: /labelmap/coco-80.txt
 ```
 
-### Intel NCS2 VPU and Myriad X Setup
-
-Intel produces a neural net inference acceleration chip called Myriad X. This chip was sold in their Neural Compute Stick 2 (NCS2) which has been discontinued. If intending to use the MYRIAD device for acceleration, additional setup is required to pass through the USB device. The host needs a udev rule installed to handle the NCS2 device.
-
-```bash
-sudo usermod -a -G users "$(whoami)"
-cat <<EOF > 97-myriad-usbboot.rules
-SUBSYSTEM=="usb", ATTRS{idProduct}=="2485", ATTRS{idVendor}=="03e7", GROUP="users", MODE="0666", ENV{ID_MM_DEVICE_IGNORE}="1"
-SUBSYSTEM=="usb", ATTRS{idProduct}=="f63b", ATTRS{idVendor}=="03e7", GROUP="users", MODE="0666", ENV{ID_MM_DEVICE_IGNORE}="1"
-EOF
-sudo cp 97-myriad-usbboot.rules /etc/udev/rules.d/
-sudo udevadm control --reload-rules
-sudo udevadm trigger
-```
-
-Additionally, the Frigate docker container needs to run with the following configuration:
-
-```bash
---device-cgroup-rule='c 189:\* rmw' -v /dev/bus/usb:/dev/bus/usb
-```
-
-or in your compose file:
-
-```yml
-device_cgroup_rules:
-  - "c 189:* rmw"
-volumes:
-  - /dev/bus/usb:/dev/bus/usb
-```
+Note that the labelmap uses a subset of the complete COCO label set that has only 80 objects.
 
 ## NVidia TensorRT Detector
 
@@ -313,39 +312,11 @@ Hardware accelerated object detection is supported on the following SoCs:
 - RK3576
 - RK3588
 
-This implementation uses the [Rockchip's RKNN-Toolkit2](https://github.com/airockchip/rknn-toolkit2/) Currently, only [Yolo-NAS](https://github.com/Deci-AI/super-gradients/blob/master/YOLONAS.md) is supported as object detection model.
+This implementation uses the [Rockchip's RKNN-Toolkit2](https://github.com/airockchip/rknn-toolkit2/), version v2.0.0.beta0. Currently, only [Yolo-NAS](https://github.com/Deci-AI/super-gradients/blob/master/YOLONAS.md) is supported as object detection model.
 
 ### Prerequisites
 
-Make sure that you use a linux distribution that comes with the rockchip BSP kernel 5.10 or 6.1 and rknpu driver. To check, enter the following commands:
-
-```
-$ uname -r
-5.10.xxx-rockchip # or 6.1.xxx; the -rockchip suffix is important
-$ ls /dev/dri
-by-path  card0  card1  renderD128  renderD129 # should list renderD129
-$ sudo cat /sys/kernel/debug/rknpu/version
-RKNPU driver: v0.9.2 # or later version
-```
-
-I recommend [Joshua Riek's Ubuntu for Rockchip](https://github.com/Joshua-Riek/ubuntu-rockchip), if your board is supported.
-
-### Setup
-
-Follow Frigate's default installation instructions, but use a docker image with `-rk` suffix for example `ghcr.io/blakeblackshear/frigate:stable-rk`.
-
-Next, you need to grant docker permissions to access your hardware:
-
-- During the configuration process, you should run docker in privileged mode to avoid any errors due to insufficient permissions. To do so, add `privileged: true` to your `docker-compose.yml` file or the `--privileged` flag to your docker run command.
-- After everything works, you should only grant necessary permissions to increase security. Add the lines below to your `docker-compose.yml` file or the following options to your docker run command: `--security-opt systempaths=unconfined --security-opt apparmor=unconfined --device /dev/dri:/dev/dri`:
-
-```yaml
-security_opt:
-  - apparmor=unconfined
-  - systempaths=unconfined
-devices:
-  - /dev/dri:/dev/dri
-```
+Make sure to follow the [Rockchip specific installation instrucitions](/frigate/installation#rockchip-platform).
 
 ### Configuration
 
@@ -376,13 +347,21 @@ model: # required
   input_pixel_format: bgr # required
   # shape of detection frame
   input_tensor: nhwc
+  # needs to be adjusted to model, see below
+  labelmap_path: /labelmap.txt # required
 ```
 
+The correct labelmap must be loaded for each model. If you use a custom model (see notes below), you must make sure to provide the correct labelmap. The table below lists the correct paths for the bundled models:
+
+| `path`                | `labelmap_path`       |
+| --------------------- | --------------------- |
+| deci-fp16-yolonas\_\* | /labelmap/coco-80.txt |
+
 ### Choosing a model
 
 :::warning
 
-yolo-nas models use weights from DeciAI. These weights are subject to their license and can't be used commercially. For more information, see: https://docs.deci.ai/super-gradients/latest/LICENSE.YOLONAS.html 
+The pre-trained YOLO-NAS weights from DeciAI are subject to their license and can't be used commercially. For more information, see: https://docs.deci.ai/super-gradients/latest/LICENSE.YOLONAS.html
 
 :::
 
@@ -405,6 +384,5 @@ $ cat /sys/kernel/debug/rknpu/load
 
 :::
 
-- By default the rknn detector uses the yolonas_s model (`model: path: default-fp16-yolonas_s`). This model comes with the image, so no further steps than those mentioned above are necessary and no download happens.
-- The other choices are automatically downloaded and stored in the folder `config/model_cache/rknn_cache`. After upgrading Frigate, you should remove older models to free up space.
-- Finally, you can also provide your own `.rknn` model. You should not save your own models in the `rknn_cache` folder, store them directly in the `model_cache` folder or another subfolder. To convert a model to `.rknn` format see the `rknn-toolkit2` (requires a x86 machine). Note, that there is only post-processing for the supported models.
+- All models are automatically downloaded and stored in the folder `config/model_cache/rknn_cache`. After upgrading Frigate, you should remove older models to free up space.
+- You can also provide your own `.rknn` model. You should not save your own models in the `rknn_cache` folder, store them directly in the `model_cache` folder or another subfolder. To convert a model to `.rknn` format see the `rknn-toolkit2` (requires a x86 machine). Note, that there is only post-processing for the supported models.

docs/docs/configuration/object_filters.md

@@ -36,7 +36,7 @@ False positives can also be reduced by filtering a detection based on its shape.
 
 ### Object Area
 
-`min_area` and `max_area` filter on the area of an objects bounding box in pixels and can be used to reduce false positives that are outside the range of expected sizes. For example when a leaf is detected as a dog or when a large tree is detected as a person, these can be reduced by adding a `min_area` / `max_area` filter. The recordings timeline can be used to determine the area of the bounding box in that frame by selecting a timeline item then mousing over or tapping the red box.
+`min_area` and `max_area` filter on the area of an objects bounding box in pixels and can be used to reduce false positives that are outside the range of expected sizes. For example when a leaf is detected as a dog or when a large tree is detected as a person, these can be reduced by adding a `min_area` / `max_area` filter.
 
 ### Object Proportions
 

docs/docs/configuration/record.md

@@ -159,11 +159,14 @@ Using Frigate UI, HomeAssistant, or MQTT, cameras can be automated to only recor
 
 ## How do I export recordings?
 
-The export page in the Frigate WebUI allows for exporting real time clips with a designated start and stop time as well as exporting a time-lapse for a designated start and stop time. These exports can take a while so it is important to leave the file until it is no longer in progress.
+Footage can be exported from Frigate by right-clicking (desktop) or long pressing (mobile) on a review item in the Review pane or by clicking the Export button in the History view. Exported footage is then organized and searchable through the Export view, accessible from the main navigation bar.
 
 ### Time-lapse export
 
+Time lapse exporting is available only via the [HTTP API](../integrations/api.md#post-apiexportcamerastartstart-timestampendend-timestamp).
+
 When exporting a time-lapse the default speed-up is 25x with 30 FPS. This means that every 25 seconds of (real-time) recording is condensed into 1 second of time-lapse video (always without audio) with a smoothness of 30 FPS.
+
 To configure the speed-up factor, the frame rate and further custom settings, the configuration parameter `timelapse_args` can be used. The below configuration example would change the time-lapse speed to 60x (for fitting 1 hour of recording into 1 minute of time-lapse) with 25 FPS:
 
 ```yaml

docs/docs/configuration/reference.md

@@ -63,11 +63,31 @@ database:
   # The path to store the SQLite DB (default: shown below)
   path: /config/frigate.db
 
+# Optional: TLS configuration
+tls:
+  # Optional: Enable TLS for port 8971 (default: shown below)
+  enabled: True
+
+# Optional: Proxy configuration
+proxy:
+  # Optional: Mapping for headers from upstream proxies. Only used if Frigate's auth
+  # is disabled.
+  # NOTE: Many authentication proxies pass a header downstream with the authenticated
+  #       user name. Not all values are supported. It must be a whitelisted header.
+  #       See the docs for more info.
+  header_map:
+    user: x-forwarded-user
+  # Optional: Url for logging out a user. This sets the location of the logout url in
+  # the UI.
+  logout_url: /api/logout
+  # Optional: Auth secret that is checked against the X-Proxy-Secret header sent from
+  # the proxy. If not set, all requests are trusted regardless of origin.
+  auth_secret: None
+
 # Optional: Authentication configuration
 auth:
-  # Optional: Authentication mode (default: shown below)
-  # Valid values are: native, proxy
-  mode: native
+  # Optional: Enable authentication
+  enabled: True
   # Optional: Reset the admin user password on startup (default: shown below)
   # New password is printed in the logs
   reset_admin_password: False
@@ -82,23 +102,14 @@ auth:
   # When the session is going to expire in less time than this setting,
   # it will be refreshed back to the session_length.
   refresh_time: 43200 # 12 hours
-  # Optional: Mapping for headers from upstream proxies. Only used in proxy auth mode.
-  # NOTE: Many authentication proxies pass a header downstream with the authenticated
-  #       user name. Not all values are supported. It must be a whitelisted header.
-  #       See the docs for more info.
-  header_map:
-    user: x-forwarded-user
   # Optional: Rate limiting for login failures to help prevent brute force
   # login attacks (default: shown below)
   # See the docs for more information on valid values
   failed_login_rate_limit: None
   # Optional: Trusted proxies for determining IP address to rate limit
   # NOTE: This is only used for rate limiting login attempts and does not bypass
-  # authentication in any way
+  # authentication. See the authentication docs for more details.
   trusted_proxies: []
-  # Optional: Url for logging out a user. This only needs to be set if you are using
-  # proxy mode.
-  logout_url: /api/logout
   # Optional: Number of hashing iterations for user passwords
   # As of Feb 2023, OWASP recommends 600000 iterations for PBKDF2-SHA256
   # NOTE: changing this value will not automatically update password hashes, you
@@ -191,7 +202,7 @@ birdseye:
   inactivity_threshold: 30
   # Optional: Configure the birdseye layout
   layout:
-    # Optional: Scaling factor for the layout calculator (default: shown below)
+    # Optional: Scaling factor for the layout calculator, range 1.0-5.0 (default: shown below)
     scaling_factor: 2.0
     # Optional: Maximum number of cameras to show at one time, showing the most recent (default: show all cameras)
     max_cameras: 1
@@ -602,6 +613,9 @@ cameras:
       user: admin
       # Optional: password for login.
       password: admin
+      # Optional: Ignores time synchronization mismatches between the camera and the server during authentication. 
+      # Using NTP on both ends is recommended and this should only be set to True in a "safe" environment due to the security risk it represents. 
+      ignore_time_mismatch: False
       # Optional: PTZ camera object autotracking. Keeps a moving object in
       # the center of the frame by automatically moving the PTZ camera.
       autotracking:
@@ -645,8 +659,6 @@ cameras:
 
 # Optional
 ui:
-  # Optional: Set the default live mode for cameras in the UI (default: shown below)
-  live_mode: mse
   # Optional: Set a timezone to use in the UI (default: use browser local time)
   # timezone: America/Denver
   # Optional: Set the time format used.

docs/docs/configuration/restream.md

@@ -7,11 +7,11 @@ title: Restream
 
 Frigate can restream your video feed as an RTSP feed for other applications such as Home Assistant to utilize it at `rtsp://<frigate_host>:8554/<camera_name>`. Port 8554 must be open. [This allows you to use a video feed for detection in Frigate and Home Assistant live view at the same time without having to make two separate connections to the camera](#reduce-connections-to-camera). The video feed is copied from the original video feed directly to avoid re-encoding. This feed does not include any annotation by Frigate.
 
-Frigate uses [go2rtc](https://github.com/AlexxIT/go2rtc/tree/v1.9.2) to provide its restream and MSE/WebRTC capabilities. The go2rtc config is hosted at the `go2rtc` in the config, see [go2rtc docs](https://github.com/AlexxIT/go2rtc/tree/v1.9.2#configuration) for more advanced configurations and features.
+Frigate uses [go2rtc](https://github.com/AlexxIT/go2rtc/tree/v1.9.4) to provide its restream and MSE/WebRTC capabilities. The go2rtc config is hosted at the `go2rtc` in the config, see [go2rtc docs](https://github.com/AlexxIT/go2rtc/tree/v1.9.4#configuration) for more advanced configurations and features.
 
 :::note
 
-You can access the go2rtc stream info at `http://frigate_ip:8080/api/go2rtc/streams` which can be helpful to debug as well as provide useful information about your camera streams.
+You can access the go2rtc stream info at `/api/go2rtc/streams` which can be helpful to debug as well as provide useful information about your camera streams.
 
 :::
 
@@ -134,7 +134,7 @@ cameras:
 
 ## Advanced Restream Configurations
 
-The [exec](https://github.com/AlexxIT/go2rtc/tree/v1.9.2#source-exec) source in go2rtc can be used for custom ffmpeg commands. An example is below:
+The [exec](https://github.com/AlexxIT/go2rtc/tree/v1.9.4#source-exec) source in go2rtc can be used for custom ffmpeg commands. An example is below:
 
 NOTE: The output will need to be passed with two curly braces `{{output}}`
 

docs/docs/configuration/review.md

@@ -7,6 +7,16 @@ The Review page of the Frigate UI is for quickly reviewing historical footage of
 
 Review items are filterable by date, object type, and camera.
 
+### Review items vs. events
+
+In Frigate 0.13 and earlier versions, the UI presented "events". An event was synonymous with a tracked or detected object. In Frigate 0.14 and later, a review item is a time period where any number of tracked objects were active.
+
+For example, consider a situation where two people walked past your house. One was walking a dog. At the same time, a car drove by on the street behind them.
+
+In this scenario, Frigate 0.13 and earlier would show 4 events in the UI - one for each person, another for the dog, and yet another for the car. You would have had 4 separate videos to watch even though they would have all overlapped.
+
+In 0.14 and later, all of that is bundled into a single review item which starts and ends to capture all of that activity. Reviews for a single camera cannot overlap. Once you have watched that time period on that camera, it is marked as reviewed.
+
 ## Alerts and Detections
 
 Not every segment of video captured by Frigate may be of the same level of interest to you. Video of people who enter your property may be a different priority than those walking by on the sidewalk. For this reason, Frigate 0.14 categorizes review items as _alerts_ and _detections_. By default, all person and car objects are considered alerts. You can refine categorization of your review items by configuring required zones for them.
@@ -42,12 +52,26 @@ review:
       - dog
 ```
 
+## Excluding a camera from alerts or detections
+
+To exclude a specific camera from alerts or detections, simply provide an empty list to the alerts or detections field _at the camera level_.
+
+For example, to exclude objects on the camera _gatecamera_ from any detections, include this in your config:
+
+```yaml
+cameras:
+  gatecamera:
+    review:
+      detections:
+        labels: []
+```
+
 ## Restricting review items to specific zones
 
 By default a review item will be created if any `review -> alerts -> labels` and `review -> detections -> labels` are detected anywhere in the camera frame. You will likely want to configure review items to only be created when the object enters an area of interest, [see the zone docs for more information](./zones.md#restricting-alerts-and-detections-to-specific-zones)
 
 :::info
 
-Because zones don't apply to audio, audio labels will always be marked as an alert.
+Because zones don't apply to audio, audio labels will always be marked as a detection by default.
 
 :::

docs/docs/configuration/tls.md

@@ -0,0 +1,59 @@
+---
+id: tls
+title: TLS
+---
+
+# TLS
+
+Frigate's integrated NGINX server supports TLS certificates. By default Frigate will generate a self signed certificate that will be used for port 8971. Frigate is designed to make it easy to use whatever tool you prefer to manage certificates.
+
+Frigate is often running behind a reverse proxy that manages TLS certificates for multiple services. You will likely need to set your reverse proxy to allow self signed certificates or you can disable TLS in Frigate's config. However, if you are running on a dedicated device that's separate from your proxy or if you expose Frigate directly to the internet, you may want to configure TLS with valid certificates.
+
+In many deployments, TLS will be unnecessary. It can be disabled in the config with the following yaml:
+
+```yaml
+tls:
+  enabled: False
+```
+
+## Certificates
+
+TLS certificates can be mounted at `/etc/letsencrypt/live/frigate` using a bind mount or docker volume.
+
+```yaml
+frigate:
+  ...
+  volumes:
+    - /path/to/your/certificate_folder:/etc/letsencrypt/live/frigate:ro
+  ...
+```
+
+Within the folder, the private key is expected to be named `privkey.pem` and the certificate is expected to be named `fullchain.pem`.
+
+Note that certbot uses symlinks, and those can't be followed by the container unless it has access to the targets as well, so if using certbot you'll also have to mount the `archive` folder for your domain, e.g.:
+
+```yaml
+frigate:
+  ...
+  volumes:
+    - /etc/letsencrypt/live/frigate:/etc/letsencrypt/live/frigate:ro
+    - /etc/letsencrypt/archive/frigate:/etc/letsencrypt/archive/frigate:ro
+  ...
+
+```
+
+Frigate automatically compares the fingerprint of the certificate at `/etc/letsencrypt/live/frigate/fullchain.pem` against the fingerprint of the TLS cert in NGINX every minute. If these differ, the NGINX config is reloaded to pick up the updated certificate.
+
+If you issue Frigate valid certificates you will likely want to configure it to run on port 443 so you can access it without a port number like `https://your-frigate-domain.com` by mapping 8971 to 443.
+
+```yaml
+frigate:
+  ...
+  ports:
+    - "443:8971"
+  ...
+```
+
+## ACME Challenge
+
+Frigate also supports hosting the acme challenge files for the HTTP challenge method if needed. The challenge files should be mounted at `/etc/letsencrypt/www`.

docs/docs/configuration/zones.md

@@ -69,15 +69,6 @@ Sometimes you want to limit a zone to specific object types to have more granula
 ```yaml
 cameras:
   name_of_your_camera:
-    record:
-      events:
-        required_zones:
-          - entire_yard
-          - front_yard_street
-    snapshots:
-      required_zones:
-        - entire_yard
-        - front_yard_street
     zones:
       entire_yard:
         coordinates: ... (everywhere you want a person)

docs/docs/frigate/glossary.md

@@ -9,6 +9,13 @@ The glossary explains terms commonly used in Frigate's documentation.
 
 A box returned from the object detection model that outlines an object in the frame. These have multiple colors depending on object type in the debug live view.
 
+### Bounding Box Colors
+
+- At startup different colors will be assigned to each object label
+- A dark blue thin line indicates that object is not detected at this current point in time
+- A gray thin line indicates that object is detected as being stationary
+- A thick line indicates that object is the subject of autotracking (when enabled).
+
 ## Event
 
 The time period starting when a tracked object entered the frame and ending when it left the frame, including any time that the object remained still. Events are saved when it is considered a [true positive](#threshold) and meets the requirements for a snapshot or recording to be saved.
@@ -41,6 +48,10 @@ When pixels in the current camera frame are different than previous frames. When
 
 A portion of the camera frame that is sent to object detection, regions can be sent due to motion, active objects, or occasionally for stationary objects. These are represented by green boxes in the debug live view.
 
+## Review Item
+
+A review item is a time period where any number of events/tracked objects were active. [See the review docs for more info](/configuration/review)
+
 ## Snapshot Score
 
 The score shown in a snapshot is the score of that object at that specific moment in time.

docs/docs/frigate/hardware.md

@@ -95,6 +95,18 @@ Frigate supports all Jetson boards, from the inexpensive Jetson Nano to the powe
 
 Inference speed will vary depending on the YOLO model, jetson platform and jetson nvpmodel (GPU/DLA/EMC clock speed). It is typically 20-40 ms for most models. The DLA is more efficient than the GPU, but not faster, so using the DLA will reduce power consumption but will slightly increase inference time.
 
+#### Rockchip platform
+
+Frigate supports hardware video processing on all Rockchip boards. However, hardware object detection is only supported on these boards:
+
+- RK3562
+- RK3566
+- RK3568
+- RK3576
+- RK3588
+
+The inference time of a rk3588 with all 3 cores enabled is typically 25-30 ms for yolo-nas s.
+
 ## What does Frigate use the CPU for and what does it use a detector for? (ELI5 Version)
 
 This is taken from a [user question on reddit](https://www.reddit.com/r/homeassistant/comments/q8mgau/comment/hgqbxh5/?utm_source=share&utm_medium=web2x&context=3). Modified slightly for clarity.

docs/docs/frigate/installation.md

@@ -34,7 +34,7 @@ The following ports are used by Frigate and can be mapped via docker as required
 
 | Port   | Description                                                                                                                                                                |
 | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `8080` | Authenticated UI and API access. Reverse proxies should use this port.                                                                                                     |
+| `8971` | Authenticated UI and API access without TLS. Reverse proxies should use this port.                                                                                         |
 | `5000` | Internal unauthenticated UI and API access. Access to this port should be limited. Intended to be used within the docker network for services that integrate with Frigate. |
 | `8554` | RTSP restreaming. By default, these streams are unauthenticated. Authentication can be configured in go2rtc section of config.                                             |
 | `8555` | WebRTC connections for low latency live views.                                                                                                                             |
@@ -44,7 +44,6 @@ The following ports are used by Frigate and can be mapped via docker as required
 Writing to a local disk or external USB drive:
 
 ```yaml
-version: "3.9"
 services:
   frigate:
     ...
@@ -95,6 +94,56 @@ By default, the Raspberry Pi limits the amount of memory available to the GPU. I
 
 Additionally, the USB Coral draws a considerable amount of power. If using any other USB devices such as an SSD, you will experience instability due to the Pi not providing enough power to USB devices. You will need to purchase an external USB hub with it's own power supply. Some have reported success with <a href="https://amzn.to/3a2mH0P" target="_blank" rel="nofollow noopener sponsored">this</a> (affiliate link).
 
+### Rockchip platform
+
+Make sure that you use a linux distribution that comes with the rockchip BSP kernel 5.10 or 6.1 and necessary drivers (especially rkvdec2 and rknpu). To check, enter the following commands:
+
+```
+$ uname -r
+5.10.xxx-rockchip # or 6.1.xxx; the -rockchip suffix is important
+$ ls /dev/dri
+by-path  card0  card1  renderD128  renderD129 # should list renderD128 (VPU) and renderD129 (NPU)
+$ sudo cat /sys/kernel/debug/rknpu/version
+RKNPU driver: v0.9.2 # or later version
+```
+
+I recommend [Joshua Riek's Ubuntu for Rockchip](https://github.com/Joshua-Riek/ubuntu-rockchip), if your board is supported.
+
+#### Setup
+
+Follow Frigate's default installation instructions, but use a docker image with `-rk` suffix for example `ghcr.io/blakeblackshear/frigate:stable-rk`.
+
+Next, you need to grant docker permissions to access your hardware:
+
+- During the configuration process, you should run docker in privileged mode to avoid any errors due to insufficient permissions. To do so, add `privileged: true` to your `docker-compose.yml` file or the `--privileged` flag to your docker run command.
+- After everything works, you should only grant necessary permissions to increase security. Disable the privileged mode and add the lines below to your `docker-compose.yml` file:
+
+```yaml
+security_opt:
+  - apparmor=unconfined
+  - systempaths=unconfined
+devices:
+  - /dev/dri
+  - /dev/dma_heap
+  - /dev/rga
+  - /dev/mpp_service
+```
+
+or add these options to your `docker run` command:
+
+```
+--security-opt systempaths=unconfined \
+--security-opt apparmor=unconfined \
+--device /dev/dri \
+--device /dev/dma_heap \
+--device /dev/rga \
+--device /dev/mpp_service
+```
+
+#### Configuration
+
+Next, you should configure [hardware object detection](/configuration/object_detectors#rockchip-platform) and [hardware video processing](/configuration/hardware_acceleration#rockchip-platform).
+
 ## Docker
 
 Running in Docker with compose is the recommended install method.
@@ -122,7 +171,7 @@ services:
         tmpfs:
           size: 1000000000
     ports:
-      - "8080:8080"
+      - "8971:8971"
       # - "5000:5000" # Internal unauthenticated access. Expose carefully.
       - "8554:8554" # RTSP feeds
       - "8555:8555/tcp" # WebRTC over tcp
@@ -145,7 +194,7 @@ docker run -d \
   -v /path/to/your/config:/config \
   -v /etc/localtime:/etc/localtime:ro \
   -e FRIGATE_RTSP_PASSWORD='password' \
-  -p 8080:8080 \
+  -p 8971:8971 \
   -p 8554:8554 \
   -p 8555:8555/tcp \
   -p 8555:8555/udp \
@@ -321,7 +370,7 @@ docker run \
   --network=bridge \
   --privileged \
   --workdir=/opt/frigate \
-  -p 8080:8080 \
+  -p 8971:8971 \
   -p 8554:8554 \
   -p 8555:8555 \
   -p 8555:8555/udp \

docs/docs/guides/configuring_go2rtc.md

@@ -13,7 +13,7 @@ Use of the bundled go2rtc is optional. You can still configure FFmpeg to connect
 
 # Setup a go2rtc stream
 
-First, you will want to configure go2rtc to connect to your camera stream by adding the stream you want to use for live view in your Frigate config file. If you set the stream name under go2rtc to match the name of your camera, it will automatically be mapped and you will get additional live view options for the camera. Avoid changing any other parts of your config at this step. Note that go2rtc supports [many different stream types](https://github.com/AlexxIT/go2rtc/tree/v1.9.2#module-streams), not just rtsp.
+First, you will want to configure go2rtc to connect to your camera stream by adding the stream you want to use for live view in your Frigate config file. If you set the stream name under go2rtc to match the name of your camera, it will automatically be mapped and you will get additional live view options for the camera. Avoid changing any other parts of your config at this step. Note that go2rtc supports [many different stream types](https://github.com/AlexxIT/go2rtc/tree/v1.9.4#module-streams), not just rtsp.
 
 ```yaml
 go2rtc:
@@ -24,59 +24,78 @@ go2rtc:
 
 The easiest live view to get working is MSE. After adding this to the config, restart Frigate and try to watch the live stream by selecting MSE in the dropdown after clicking on the camera.
 
+
 ### What if my video doesn't play?
 
-If you are unable to see your video feed, first check the go2rtc logs in the Frigate UI under Logs in the sidebar. If go2rtc is having difficulty connecting to your camera, you should see some error messages in the log. If you do not see any errors, then the video codec of the stream may not be supported in your browser. If your camera stream is set to H265, try switching to H264. You can see more information about [video codec compatibility](https://github.com/AlexxIT/go2rtc/tree/v1.9.2#codecs-madness) in the go2rtc documentation. If you are not able to switch your camera settings from H265 to H264 or your stream is a different format such as MJPEG, you can use go2rtc to re-encode the video using the [FFmpeg parameters](https://github.com/AlexxIT/go2rtc/tree/v1.9.2#source-ffmpeg). It supports rotating and resizing video feeds and hardware acceleration. Keep in mind that transcoding video from one format to another is a resource intensive task and you may be better off using the built-in jsmpeg view. Here is an example of a config that will re-encode the stream to H264 without hardware acceleration:
+- Check Logs:
+    - Access the go2rtc logs in the Frigate UI under Logs in the sidebar.
+    - If go2rtc is having difficulty connecting to your camera, you should see some error messages in the log.
 
-```yaml
-go2rtc:
-  streams:
-    back:
-      - rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
-      - "ffmpeg:back#video=h264"
-```
+- Check go2rtc Web Interface: if you don't see any errors in the logs, try viewing the camera through go2rtc's web interface.
+    - Navigate to port 1984 in your browser to access go2rtc's web interface.
+        - If using Frigate through Home Assistant, enable the web interface at port 1984.
+        - If using Docker, forward port 1984 before accessing the web interface.
+    - Click `stream` for the specific camera to see if the camera's stream is being received.
 
-Some camera streams may need to use the ffmpeg module in go2rtc. This has the downside of slower startup times, but has compatibility with more stream types.
+- Check Video Codec:
+    - If the camera stream works in go2rtc but not in your browser, the video codec might be unsupported.
+    - If using H265, switch to H264. Refer to [video codec compatibility](https://github.com/AlexxIT/go2rtc/tree/v1.9.4#codecs-madness) in go2rtc documentation.
+    - If unable to switch from H265 to H264, or if the stream format is different (e.g., MJPEG), re-encode the video using [FFmpeg parameters](https://github.com/AlexxIT/go2rtc/tree/v1.9.4#source-ffmpeg). It supports rotating and resizing video feeds and hardware acceleration. Keep in mind that transcoding video from one format to another is a resource intensive task and you may be better off using the built-in jsmpeg view.
+        ```yaml
+        go2rtc:
+          streams:
+            back:
+              - rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
+              - "ffmpeg:back#video=h264"
+        ```
 
-```yaml
-go2rtc:
-  streams:
-    back:
-      - ffmpeg:rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
-```
+- Switch to FFmpeg if needed: 
+    - Some camera streams may need to use the ffmpeg module in go2rtc. This has the downside of slower startup times, but has compatibility with more stream types.
+        ```yaml
+        go2rtc:
+          streams:
+            back:
+              - ffmpeg:rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
+        ```
 
-If you can see the video but do not have audio, this is most likely because your camera's audio stream is not AAC. If possible, update your camera's audio settings to AAC. If your cameras do not support AAC audio, you will need to tell go2rtc to re-encode the audio to AAC on demand if you want audio. This will use additional CPU and add some latency. To add AAC audio on demand, you can update your go2rtc config as follows:
+- If you can see the video but do not have audio, this is most likely because your
+camera's audio stream is not AAC.
+    - If possible, update your camera's audio settings to AAC.
+    - If your cameras do not support AAC audio, you will need to tell go2rtc to re-encode the audio to AAC on demand if you want audio. This will use additional CPU and add some latency. To add AAC audio on demand, you can update your go2rtc config as follows:
+        ```yaml
+        go2rtc:
+          streams:
+            back:
+              - rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
+              - "ffmpeg:back#audio=aac"
+        ```
 
-```yaml
-go2rtc:
-  streams:
-    back:
-      - rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
-      - "ffmpeg:back#audio=aac"
-```
+        If you need to convert **both** the audio and video streams, you can use the following:
 
-If you need to convert **both** the audio and video streams, you can use the following:
+        ```yaml
+        go2rtc:
+          streams:
+            back:
+              - rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
+              - "ffmpeg:back#video=h264#audio=aac"
+        ```
 
-```yaml
-go2rtc:
-  streams:
-    back:
-      - rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
-      - "ffmpeg:back#video=h264#audio=aac"
-```
+        When using the ffmpeg module, you would add AAC audio like this:
 
-When using the ffmpeg module, you would add AAC audio like this:
-
-```yaml
-go2rtc:
-  streams:
-    back:
-      - "ffmpeg:rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2#video=copy#audio=copy#audio=aac"
-```
+        ```yaml
+        go2rtc:
+          streams:
+            back:
+              - "ffmpeg:rtsp://user:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2#video=copy#audio=copy#audio=aac"
+        ```
 
 :::warning
 
-To access the go2rtc stream externally when utilizing the Frigate Add-On (for instance through VLC), you must first enable the RTSP Restream port. You can do this by visiting the Frigate Add-On configuration page within Home Assistant and revealing the hidden options under the "Show disabled ports" section.
+To access the go2rtc stream externally when utilizing the Frigate Add-On (for
+instance through VLC), you must first enable the RTSP Restream port.
+You can do this by visiting the Frigate Add-On configuration page within Home
+Assistant and revealing the hidden options under the "Show disabled ports"
+section.
 
 :::
 

docs/docs/guides/getting_started.md

@@ -117,7 +117,7 @@ services:
         tmpfs:
           size: 1000000000
     ports:
-      - "8080:8080"
+      - "8971:8971"
       - "8554:8554" # RTSP feeds
 ```
 
@@ -137,7 +137,7 @@ cameras:
             - detect
 ```
 
-Now you should be able to start Frigate by running `docker compose up -d` from within the folder containing `docker-compose.yml`. On startup, an admin user and password will be created and outputted in the logs. You can see this by running `docker logs frigate`. Frigate should now be accessible at `server_ip:8080` where you can login with the `admin` user and finish the configuration using the built-in configuration editor.
+Now you should be able to start Frigate by running `docker compose up -d` from within the folder containing `docker-compose.yml`. On startup, an admin user and password will be created and outputted in the logs. You can see this by running `docker logs frigate`. Frigate should now be accessible at `https://server_ip:8971` where you can login with the `admin` user and finish the configuration using the built-in configuration editor.
 
 ## Configuring Frigate
 
@@ -274,13 +274,11 @@ cameras:
         - 0,461,3,0,1919,0,1919,843,1699,492,1344,458,1346,336,973,317,869,375,866,432
 ```
 
-### Step 6: Enable recording and/or snapshots
+### Step 6: Enable recordings
 
-In order to see Events in the Frigate UI, either snapshots or record will need to be enabled.
+In order to review activity in the Frigate UI, recordings need to be enabled.
 
-#### Record
-
-To enable recording video, add the `record` role to a stream and enable it in the config. If record is disabled in the config, turning it on via the UI will not have any effect.
+To enable recording video, add the `record` role to a stream and enable it in the config. If record is disabled in the config, it won't be possible to enable it in the UI.
 
 ```yaml
 mqtt: ...
@@ -307,26 +305,6 @@ If you don't have separate streams for detect and record, you would just add the
 
 By default, Frigate will retain video of all events for 10 days. The full set of options for recording can be found [here](../configuration/reference.md).
 
-#### Snapshots
-
-To enable snapshots of your events, just enable it in the config. Snapshots are taken from the detect stream because it is the only stream decoded.
-
-```yaml
-mqtt: ...
-
-detectors: ...
-
-cameras:
-  name_of_your_camera: ...
-    detect: ...
-    record: ...
-    snapshots: # <----- Enable snapshots
-      enabled: True
-    motion: ...
-```
-
-By default, Frigate will retain snapshots of all events for 10 days. The full set of options for snapshots can be found [here](../configuration/reference.md).
-
 ### Step 7: Complete config
 
 At this point you have a complete config with basic functionality. You can see the [full config reference](../configuration/reference.md) for a complete list of configuration options.
@@ -336,6 +314,8 @@ At this point you have a complete config with basic functionality. You can see t
 Now that you have a working install, you can use the following documentation for additional features:
 
 1. [Configuring go2rtc](configuring_go2rtc.md) - Additional live view options and RTSP relay
-2. [Home Assistant Integration](../integrations/home-assistant.md) - Integrate with Home Assistant
-3. [Masks](../configuration/masks.md)
-4. [Zones](../configuration/zones.md)
+2. [Zones](../configuration/zones.md)
+3. [Review](../configuration/review.md)
+4. [Masks](../configuration/masks.md)
+5. [Home Assistant Integration](../integrations/home-assistant.md) - Integrate with Home Assistant
+

docs/docs/guides/ha_notifications.md

@@ -5,7 +5,7 @@ title: Home Assistant notifications
 
 The best way to get started with notifications for Frigate is to use the [Blueprint](https://community.home-assistant.io/t/frigate-mobile-app-notifications-2-0/559732). You can use the yaml generated from the Blueprint as a starting point and customize from there.
 
-It is generally recommended to trigger notifications based on the `frigate/events` mqtt topic. This provides the event_id needed to fetch [thumbnails/snapshots/clips](../integrations/home-assistant.md#notification-api) and other useful information to customize when and where you want to receive alerts. The data is published in the form of a change feed, which means you can reference the "previous state" of the object in the `before` section and the "current state" of the object in the `after` section. You can see an example [here](../integrations/mqtt.md#frigateevents).
+It is generally recommended to trigger notifications based on the `frigate/reviews` mqtt topic. This provides the event_id(s) needed to fetch [thumbnails/snapshots/clips](../integrations/home-assistant.md#notification-api) and other useful information to customize when and where you want to receive alerts. The data is published in the form of a change feed, which means you can reference the "previous state" of the object in the `before` section and the "current state" of the object in the `after` section. You can see an example [here](../integrations/mqtt.md#frigateevents).
 
 Here is a simple example of a notification automation of events which will update the existing notification for each change. This means the image you see in the notification will update as Frigate finds a "better" image.
 
@@ -17,7 +17,7 @@ automation:
       topic: frigate/events
     action:
       - service: notify.mobile_app_pixel_3
-        data_template:
+        data:
           message: 'A {{trigger.payload_json["after"]["label"]}} was detected.'
           data:
             image: 'https://your.public.hass.address.com/api/frigate/notifications/{{trigger.payload_json["after"]["id"]}}/thumbnail.jpg?format=android'
@@ -33,48 +33,18 @@ automation:
     description: ""
     trigger:
       - platform: mqtt
-        topic: frigate/events
-        payload: new
-        value_template: "{{ value_json.type }}"
+        topic: frigate/reviews
+        payload: alert
+        value_template: "{{ value_json['after']['severity'] }}"
     action:
       - service: notify.mobile_app_iphone
         data:
-          message: 'A {{trigger.payload_json["after"]["label"]}} was detected.'
+          message: 'A {{trigger.payload_json["after"]["data"]["objects"] | sort | join(", ") | title}} was detected.'
           data:
             image: >-
-              https://your.public.hass.address.com/api/frigate/notifications/{{trigger.payload_json["after"]["id"]}}/thumbnail.jpg
+              https://your.public.hass.address.com/api/frigate/notifications/{{trigger.payload_json["after"]["data"]["detections"][0]}}/thumbnail.jpg
             tag: '{{trigger.payload_json["after"]["id"]}}'
             when: '{{trigger.payload_json["after"]["start_time"]|int}}'
             entity_id: camera.{{trigger.payload_json["after"]["camera"] | replace("-","_") | lower}}
     mode: single
 ```
-
-## Conditions
-
-Conditions with the `before` and `after` values allow a high degree of customization for automations.
-
-When a person enters a zone named yard
-
-```yaml
-condition:
-  - "{{ trigger.payload_json['after']['label'] == 'person' }}"
-  - "{{ 'yard' in trigger.payload_json['after']['entered_zones'] }}"
-```
-
-When a person leaves a zone named yard
-
-```yaml
-condition:
-  - "{{ trigger.payload_json['after']['label'] == 'person' }}"
-  - "{{ 'yard' in trigger.payload_json['before']['current_zones'] }}"
-  - "{{ not 'yard' in trigger.payload_json['after']['current_zones'] }}"
-```
-
-Notify for dogs in the front with a high top score
-
-```yaml
-condition:
-  - "{{ trigger.payload_json['after']['label'] == 'dog' }}"
-  - "{{ trigger.payload_json['after']['camera'] == 'front' }}"
-  - "{{ trigger.payload_json['after']['top_score'] > 0.98 }}"
-```

docs/docs/guides/reverse_proxy.md

@@ -38,20 +38,20 @@ Here we access Frigate via https://cctv.mydomain.co.uk
     ServerName cctv.mydomain.co.uk
 
     ProxyPreserveHost On
-    ProxyPass "/"  "http://frigatepi.local:8080/"
-    ProxyPassReverse "/"  "http://frigatepi.local:8080/"
+    ProxyPass "/"  "http://frigatepi.local:8971/"
+    ProxyPassReverse "/"  "http://frigatepi.local:8971/"
 
-    ProxyPass /ws ws://frigatepi.local:8080/ws
-    ProxyPassReverse /ws ws://frigatepi.local:8080/ws
+    ProxyPass /ws ws://frigatepi.local:8971/ws
+    ProxyPassReverse /ws ws://frigatepi.local:8971/ws
 
-    ProxyPass /live/ ws://frigatepi.local:8080/live/
-    ProxyPassReverse /live/ ws://frigatepi.local:8080/live/
+    ProxyPass /live/ ws://frigatepi.local:8971/live/
+    ProxyPassReverse /live/ ws://frigatepi.local:8971/live/
 
     RewriteEngine on
     RewriteCond %{HTTP:Upgrade} =websocket [NC]
-    RewriteRule /(.*)  ws://frigatepi.local:8080/$1 [P,L]
+    RewriteRule /(.*)  ws://frigatepi.local:8971/$1 [P,L]
     RewriteCond %{HTTP:Upgrade} !=websocket [NC]
-    RewriteRule /(.*)  http://frigatepi.local:8080/$1 [P,L]
+    RewriteRule /(.*)  http://frigatepi.local:8971/$1 [P,L]
 </VirtualHost>
 ```
 
@@ -101,7 +101,7 @@ This is set in `$server` and `$port` this should match your ports you have expos
 server {
   set $forward_scheme http;
   set $server         "192.168.100.2"; # FRIGATE SERVER LOCATION
-  set $port           8080;
+  set $port           8971;
 
   listen 80;
   listen 443 ssl http2;

docs/docs/integrations/api.md

@@ -164,7 +164,7 @@ Accepts the following query string parameters:
 | `motion`    | int  | Draw blue boxes for areas with detected motion (0 or 1)            |
 | `regions`   | int  | Draw green boxes for areas where object detection was run (0 or 1) |
 
-You can access a higher resolution mjpeg stream by appending `h=height-in-pixels` to the endpoint. For example `http://localhost:8080/api/back?h=1080`. You can also increase the FPS by appending `fps=frame-rate` to the URL such as `http://localhost:8080/api/back?fps=10` or both with `?fps=10&h=1000`.
+You can access a higher resolution mjpeg stream by appending `h=height-in-pixels` to the endpoint. For example `/api/back?h=1080`. You can also increase the FPS by appending `fps=frame-rate` to the URL such as `/api/back?fps=10` or both with `?fps=10&h=1000`.
 
 ### `GET /api/<camera_name>/latest.jpg[?h=300]`
 
@@ -381,9 +381,13 @@ List of frames in the preview cache for the time range. Previews are only kept i
 
 Specific preview frame from preview cache.
 
-### `GET /<camera>/start/<start-timestamp>/end/<end-timestamp>/preview.gif`
+### `GET /<camera>/start/<start-timestamp>/end/<end-timestamp>/preview`
 
-Gif made from preview video / frames during this time range
+Looping image made from preview video / frames during this time range.
+
+| param     | Type | Description                      |
+| --------- | ---- | -------------------------------- |
+| `format`  | str  | Format of preview [`gif`, `mp4`] |
 
 ## Recordings
 
@@ -450,10 +454,15 @@ Reviews from the database. Accepts the following query string parameters:
 | `after`    | int  | Epoch time                                                     |
 | `cameras`  | str  | , separated list of cameras                                    |
 | `labels`   | str  | , separated list of labels                                     |
+| `zones`    | str  | , separated list of zones                                      |
 | `reviewed` | int  | Include items that have been reviewed (0 or 1)                 |
 | `limit`    | int  | Limit the number of events returned                            |
 | `severity` | str  | Limit items to severity (alert, detection, significant_motion) |
 
+### `GET /api/review/<id>`
+
+Get review with `id` from the database.
+
 ### `GET /api/review/summary`
 
 Summary of reviews for the last 30 days. Accepts the following query string parameters:
@@ -496,21 +505,21 @@ Delete review items.
 
 Get the motion activity for camera(s) during a specified time period.
 
-| param      | Type | Description                                                    |
-| ---------- | ---- | -------------------------------------------------------------- |
-| `before`   | int  | Epoch time                                                     |
-| `after`    | int  | Epoch time                                                     |
-| `cameras`  | str  | , separated list of cameras                                    |
+| param     | Type | Description                 |
+| --------- | ---- | --------------------------- |
+| `before`  | int  | Epoch time                  |
+| `after`   | int  | Epoch time                  |
+| `cameras` | str  | , separated list of cameras |
 
 ### `GET /review/activity/audio`
 
 Get the audio activity for camera(s) during a specified time period.
 
-| param      | Type | Description                                                    |
-| ---------- | ---- | -------------------------------------------------------------- |
-| `before`   | int  | Epoch time                                                     |
-| `after`    | int  | Epoch time                                                     |
-| `cameras`  | str  | , separated list of cameras                                    |
+| param     | Type | Description                 |
+| --------- | ---- | --------------------------- |
+| `before`  | int  | Epoch time                  |
+| `after`   | int  | Epoch time                  |
+| `cameras` | str  | , separated list of cameras |
 
 ## Timeline
 

docs/docs/integrations/home-assistant.md

@@ -150,7 +150,8 @@ Home Assistant > Configuration > Integrations > Frigate > Options
 
 | Platform        | Description                                                                       |
 | --------------- | --------------------------------------------------------------------------------- |
-| `camera`        | Live camera stream (requires RTSP), camera for image of the last detected object. |
+| `camera`        | Live camera stream (requires RTSP).                                               |
+| `image`         | Image of the latest detected object for each camera.                              |
 | `sensor`        | States to monitor Frigate performance, object counts for all zones and cameras.   |
 | `switch`        | Switch entities to toggle detection, recordings and snapshots.                    |
 | `binary_sensor` | A "motion" binary sensor entity per camera/zone/object.                           |

docs/docs/integrations/mqtt.md

@@ -92,6 +92,62 @@ Message published for each changed event. The first message is published when th
 }
 ```
 
+### `frigate/reviews`
+
+Message published for each changed review item. The first message is published when the `detection` or `alert` is initiated. When additional objects are detected or when a zone change occurs, it will publish a, `update` message with the same id. When the review activity has ended a final `end` message is published.
+
+```json
+{
+  "type": "update",  // new, update, end
+  "before": {
+    "id": "1718987129.308396-fqk5ka",  // review_id
+    "camera": "front_cam",
+    "start_time": 1718987129.308396,
+    "end_time": null,
+    "severity": "detection",
+    "thumb_path": "/media/frigate/clips/review/thumb-front_cam-1718987129.308396-fqk5ka.webp",
+    "data": {
+      "detections": [  // list of event IDs
+        "1718987128.947436-g92ztx",
+        "1718987148.879516-d7oq7r",
+        "1718987126.934663-q5ywpt"
+      ],
+      "objects": [
+        "person",
+        "car"
+      ],
+      "sub_labels": [],
+      "zones": [],
+      "audio": []
+    }
+  },
+  "after": {
+    "id": "1718987129.308396-fqk5ka",
+    "camera": "front_cam",
+    "start_time": 1718987129.308396,
+    "end_time": null,
+    "severity": "alert",
+    "thumb_path": "/media/frigate/clips/review/thumb-front_cam-1718987129.308396-fqk5ka.webp",
+    "data": {
+      "detections": [
+        "1718987128.947436-g92ztx",
+        "1718987148.879516-d7oq7r",
+        "1718987126.934663-q5ywpt"
+      ],
+      "objects": [
+        "person",
+        "car"
+      ],
+      "sub_labels": ["Bob"],
+      "zones": [
+        "front_yard"
+      ],
+      "audio": []
+    }
+  }
+}
+```
+
 ### `frigate/stats`
 
 Same data available at `/api/stats` published at a configurable interval.

docs/docs/integrations/plus.md

@@ -49,20 +49,26 @@ You can view all of your submitted images at [https://plus.frigate.video](https:
 
 ## Use Models
 
-Models available in Frigate+ can be used with a special model path. No other information needs to be configured for Frigate+ models because it fetches the remaining config from Frigate+ automatically.
+Once you have [requested your first model](../plus/first_model.md) and gotten your own model ID, it can be used with a special model path. No other information needs to be configured for Frigate+ models because it fetches the remaining config from Frigate+ automatically.
 
 ```yaml
 model:
-  path: plus://e63b7345cc83a84ed79dedfc99c16616
+  path: plus://<your_model_id>
 ```
 
+:::note
+
+Model IDs are not secret values and can be shared freely. Access to your model is protected by your API key.
+
+:::
+
 Models are downloaded into the `/config/model_cache` folder and only downloaded if needed.
 
 If needed, you can override the labelmap for Frigate+ models. This is not recommended as renaming labels will break the Submit to Frigate+ feature if the labels are not available in Frigate+.
 
 ```yaml
 model:
-  path: plus://e63b7345cc83a84ed79dedfc99c16616
+  path: plus://<your_model_id>
   labelmap:
     3: animal
     4: animal

docs/docs/plus/first_model.md

@@ -28,6 +28,12 @@ model:
   path: plus://<your_model_id>
 ```
 
+:::note
+
+Model IDs are not secret values and can be shared freely. Access to your model is protected by your API key.
+
+:::
+
 ## Step 4: Adjust your object filters for higher scores
 
 Frigate+ models generally have much higher scores than the default model provided in Frigate. You will likely need to increase your `threshold` and `min_score` values. Here is an example of how these values can be refined, but you should expect these to evolve as your model improves. For more information about how `threshold` and `min_score` are related, see the docs on [object filters](../configuration/object_filters.md#object-scores).

docs/docs/plus/index.md

@@ -3,7 +3,7 @@ id: index
 title: Models
 ---
 
-<a href="https://plus.frigate.video" target="_blank" rel="nofollow">Frigate+</a> offers models trained on images submitted by Frigate+ users from their security cameras and is specifically designed for the way Frigate NVR analyzes video footage. These models offer higher accuracy with less resources. The images you upload are used to fine tune a baseline model trained from images uploaded by all Frigate+ users. This fine tuning process results in a model that is optimized for accuracy in your specific conditions.
+<a href="https://frigate.video/plus" target="_blank" rel="nofollow">Frigate+</a> offers models trained on images submitted by Frigate+ users from their security cameras and is specifically designed for the way Frigate NVR analyzes video footage. These models offer higher accuracy with less resources. The images you upload are used to fine tune a baseline model trained from images uploaded by all Frigate+ users. This fine tuning process results in a model that is optimized for accuracy in your specific conditions.
 
 :::info
 

docs/docs/troubleshooting/edgetpu.md

@@ -37,7 +37,7 @@ The USB Coral can become stuck and need to be restarted, this can happen for a n
 
 ## PCIe Coral Not Detected
 
-The most common reason for the PCIe coral not being detected is that the driver has not been installed. See [the coral docs(https://coral.ai/docs/m2/get-started/#2-install-the-pcie-driver-and-edge-tpu-runtime) for how to install the driver for the PCIe based coral.
+The most common reason for the PCIe coral not being detected is that the driver has not been installed. See [the coral docs](https://coral.ai/docs/m2/get-started/#2-install-the-pcie-driver-and-edge-tpu-runtime) for how to install the driver for the PCIe based coral.
 
 ## Only One PCIe Coral Is Detected With Coral Dual EdgeTPU
 

docs/docs/troubleshooting/faqs.md

@@ -28,6 +28,7 @@ You can open `chrome://media-internals/` in another tab and then try to playback
 Frigate generally [recommends cameras with configurable sub streams](/frigate/hardware.md). However, if your camera does not have a sub stream that a suitable resolution, the main stream can be resized.
 
 To do this efficiently the following setup is required:
+
 1. A GPU or iGPU must be available to do the scaling.
 2. [ffmpeg presets for hwaccel](/configuration/hardware_acceleration.md) must be used
 3. Set the desired detection resolution for `detect -> width` and `detect -> height`.
@@ -56,4 +57,44 @@ SQLite does not work well on a network share, if the `/media` folder is mapped t
 
 If MQTT isn't working in docker try using the IP of the device hosting the MQTT server instead of `localhost`, `127.0.0.1`, or `mosquitto.ix-mosquitto.svc.cluster.local`.
 
-This is because, by default, Frigate does not run in host mode so localhost points to the Frigate container and not the host device's network.
+This is because Frigate does not run in host mode so localhost points to the Frigate container and not the host device's network.
+
+### How do I know if my camera is offline
+
+A camera being offline can be detected via MQTT or /api/stats, the camera_fps for any offline camera will be 0.
+
+Also, Home Assistant will mark any offline camera as being unavailable when the camera is offline.
+
+### How can I view the Frigate log files without using the Web UI?
+
+Frigate manages logs internally as well as outputs directly to Docker via standard output. To view these logs using the CLI, follow these steps:
+
+- Open a terminal or command prompt on the host running your Frigate container.
+- Type the following command and press Enter:
+  ```
+  docker logs -f frigate
+  ```
+  This command tells Docker to show you the logs from the Frigate container.
+  Note: If you've given your Frigate container a different name, replace "frigate" in the command with your container's actual name. The "-f" option means the logs will continue to update in real-time as new entries are added. To stop viewing the logs, press `Ctrl+C`. If you'd like to learn more about using Docker logs, including additional options and features, you can explore Docker's [official documentation](https://docs.docker.com/engine/reference/commandline/logs/).
+
+Alternatively, when you create the Frigate Docker container, you can bind a directory on the host to the mountpoint `/dev/shm/logs` to not only be able to persist the logs to disk, but also to be able to query them directly from the host using your favorite log parsing/query utility.
+
+```
+docker run -d \
+  --name frigate \
+  --restart=unless-stopped \
+  --mount type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000 \
+  --device /dev/bus/usb:/dev/bus/usb \
+  --device /dev/dri/renderD128 \
+  --shm-size=64m \
+  -v /path/to/your/storage:/media/frigate \
+  -v /path/to/your/config:/config \
+  -v /etc/localtime:/etc/localtime:ro \
+  -v /path/to/local/log/dir:/dev/shm/logs \
+  -e FRIGATE_RTSP_PASSWORD='password' \
+  -p 5000:5000 \
+  -p 8554:8554 \
+  -p 8555:8555/tcp \
+  -p 8555:8555/udp \
+  ghcr.io/blakeblackshear/frigate:stable
+```

docs/package.json

@@ -14,9 +14,9 @@
     "write-heading-ids": "docusaurus write-heading-ids"
   },
   "dependencies": {
-    "@docusaurus/core": "^3.3.2",
-    "@docusaurus/preset-classic": "^3.3.2",
-    "@docusaurus/theme-mermaid": "^3.3.2",
+    "@docusaurus/core": "^3.4.0",
+    "@docusaurus/preset-classic": "^3.4.0",
+    "@docusaurus/theme-mermaid": "^3.4.0",
     "@mdx-js/react": "^3.0.0",
     "clsx": "^2.0.0",
     "prism-react-renderer": "^2.1.0",
@@ -37,8 +37,8 @@
     ]
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "^3.3.2",
-    "@docusaurus/types": "^3.3.2",
+    "@docusaurus/module-type-aliases": "^3.4.0",
+    "@docusaurus/types": "^3.4.0",
     "@types/react": "^18.2.79"
   },
   "engines": {

docs/sidebars.js

@@ -22,7 +22,7 @@ module.exports = {
         {
           type: "link",
           label: "Go2RTC Configuration Reference",
-          href: "https://github.com/AlexxIT/go2rtc/tree/v1.9.2#configuration",
+          href: "https://github.com/AlexxIT/go2rtc/tree/v1.9.4#configuration",
         },
       ],
       Detectors: [
@@ -52,6 +52,7 @@ module.exports = {
         "configuration/authentication",
         "configuration/hardware_acceleration",
         "configuration/ffmpeg_presets",
+        "configuration/tls",
         "configuration/advanced",
       ],
     },

frigate/api/app.py

@@ -21,7 +21,7 @@ from frigate.api.export import ExportBp
 from frigate.api.media import MediaBp
 from frigate.api.preview import PreviewBp
 from frigate.api.review import ReviewBp
-from frigate.config import AuthModeEnum, FrigateConfig
+from frigate.config import FrigateConfig
 from frigate.const import CONFIG_DIR
 from frigate.events.external import ExternalEventProcessor
 from frigate.models import Event, Timeline
@@ -86,9 +86,7 @@ def create_app(
     app.plus_api = plus_api
     app.camera_error_image = None
     app.stats_emitter = stats_emitter
-    app.jwt_token = (
-        get_jwt_secret() if frigate_config.auth.mode == AuthModeEnum.native else None
-    )
+    app.jwt_token = get_jwt_secret() if frigate_config.auth.enabled else None
     # update the request_address with the x-forwarded-for header from nginx
     app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1)
     # initialize the rate limiter for the login endpoint
@@ -176,6 +174,9 @@ def config():
     # remove the mqtt password
     config["mqtt"].pop("password", None)
 
+    # remove the proxy secret
+    config["proxy"].pop("auth_secret", None)
+
     for camera_name, camera in current_app.frigate_config.cameras.items():
         camera_dict = config["cameras"][camera_name]
 
@@ -483,6 +484,10 @@ def logs(service: str):
             if len(cleanLine) < 10:
                 continue
 
+            # handle cases where S6 does not include date in log line
+            if "  " not in cleanLine:
+                cleanLine = f"{datetime.now()}  {cleanLine}"
+
             if dateEnd == 0:
                 dateEnd = cleanLine.index("  ")
                 keyLength = dateEnd - (6 if service_location == "frigate" else 0)

frigate/api/auth.py

@@ -17,7 +17,7 @@ from flask_limiter import Limiter
 from joserfc import jwt
 from peewee import DoesNotExist
 
-from frigate.config import AuthConfig, AuthModeEnum
+from frigate.config import AuthConfig, ProxyConfig
 from frigate.const import CONFIG_DIR, JWT_SECRET_ENV_VAR, PASSWORD_HASH_ALGORITHM
 from frigate.models import User
 
@@ -87,13 +87,11 @@ def get_jwt_secret() -> str:
         )
         jwt_secret = os.environ.get(JWT_SECRET_ENV_VAR)
     # check docker secrets
-    elif (
-        os.path.isdir("/run/secrets")
-        and os.access("/run/secrets", os.R_OK)
-        and JWT_SECRET_ENV_VAR in os.listdir("/run/secrets")
-    ):
+    elif os.path.isfile(os.path.join("/run/secrets", JWT_SECRET_ENV_VAR)):
         logger.debug(f"Using jwt secret from {JWT_SECRET_ENV_VAR} docker secret file.")
-        jwt_secret = Path(os.path.join("/run/secrets", JWT_SECRET_ENV_VAR)).read_text()
+        jwt_secret = (
+            Path(os.path.join("/run/secrets", JWT_SECRET_ENV_VAR)).read_text().strip()
+        )
     # check for the addon options file
     elif os.path.isfile("/data/options.json"):
         with open("/data/options.json") as f:
@@ -170,6 +168,9 @@ def set_jwt_cookie(response, cookie_name, encoded_jwt, expiration, secure):
 # Endpoint for use with nginx auth_request
 @AuthBp.route("/auth")
 def auth():
+    auth_config: AuthConfig = current_app.frigate_config.auth
+    proxy_config: ProxyConfig = current_app.frigate_config.proxy
+
     success_response = make_response({}, 202)
 
     # dont require auth if the request is on the internal port
@@ -177,13 +178,24 @@ def auth():
     if request.headers.get("x-server-port", 0, type=int) == 5000:
         return success_response
 
-    # if proxy auth mode
-    if current_app.frigate_config.auth.mode == AuthModeEnum.proxy:
+    fail_response = make_response({}, 401)
+
+    # ensure the proxy secret matches if configured
+    if (
+        proxy_config.auth_secret is not None
+        and request.headers.get("x-proxy-secret", "", type=str)
+        != proxy_config.auth_secret
+    ):
+        logger.debug("X-Proxy-Secret header does not match configured secret value")
+        return fail_response
+
+    # if auth is disabled, just apply the proxy header map and return success
+    if not auth_config.enabled:
         # pass the user header value from the upstream proxy if a mapping is specified
         # or use anonymous if none are specified
-        if current_app.frigate_config.auth.header_map.user is not None:
+        if proxy_config.header_map.user is not None:
             upstream_user_header_value = request.headers.get(
-                current_app.frigate_config.auth.header_map.user,
+                proxy_config.header_map.user,
                 type=str,
                 default="anonymous",
             )
@@ -192,7 +204,7 @@ def auth():
             success_response.headers["remote-user"] = "anonymous"
         return success_response
 
-    fail_response = make_response({}, 401)
+    # now apply authentication
     fail_response.headers["location"] = "/login"
 
     JWT_COOKIE_NAME = current_app.frigate_config.auth.cookie_name

frigate/api/export.py

@@ -4,6 +4,7 @@ import logging
 from pathlib import Path
 from typing import Optional
 
+import psutil
 from flask import (
     Blueprint,
     current_app,
@@ -12,8 +13,8 @@ from flask import (
     request,
 )
 from peewee import DoesNotExist
-from werkzeug.utils import secure_filename
 
+from frigate.const import EXPORT_DIR
 from frigate.models import Export, Recordings
 from frigate.record.export import PlaybackFactorEnum, RecordingExporter
 
@@ -46,9 +47,9 @@ def export_recording(camera_name: str, start_time, end_time):
 
     json: dict[str, any] = request.get_json(silent=True) or {}
     playback_factor = json.get("playback", "realtime")
-    name: Optional[str] = json.get("name")
+    friendly_name: Optional[str] = json.get("name")
 
-    if len(name or "") > 256:
+    if len(friendly_name or "") > 256:
         return make_response(
             jsonify({"success": False, "message": "File name is too long."}),
             401,
@@ -76,7 +77,7 @@ def export_recording(camera_name: str, start_time, end_time):
     exporter = RecordingExporter(
         current_app.frigate_config,
         camera_name,
-        secure_filename(name) if name else None,
+        friendly_name,
         int(start_time),
         int(end_time),
         (
@@ -140,6 +141,27 @@ def export_delete(id: str):
             404,
         )
 
+    files_in_use = []
+    for process in psutil.process_iter():
+        try:
+            if process.name() != "ffmpeg":
+                continue
+            flist = process.open_files()
+            if flist:
+                for nt in flist:
+                    if nt.path.startswith(EXPORT_DIR):
+                        files_in_use.append(nt.path.split("/")[-1])
+        except psutil.Error:
+            continue
+
+    if export.video_path.split("/")[-1] in files_in_use:
+        return make_response(
+            jsonify(
+                {"success": False, "message": "Can not delete in progress export."}
+            ),
+            400,
+        )
+
     Path(export.video_path).unlink(missing_ok=True)
 
     if export.thumb_path:

frigate/api/media.py

@@ -105,6 +105,7 @@ def latest_frame(camera_name):
         "regions": request.args.get("regions", type=int),
     }
     resize_quality = request.args.get("quality", default=70, type=int)
+    extension = os.path.splitext(request.path)[1][1:]
 
     if camera_name in current_app.frigate_config.cameras:
         frame = current_app.detected_frames_processor.get_current_frame(
@@ -147,10 +148,10 @@ def latest_frame(camera_name):
         frame = cv2.resize(frame, dsize=(width, height), interpolation=cv2.INTER_AREA)
 
         ret, img = cv2.imencode(
-            ".webp", frame, [int(cv2.IMWRITE_WEBP_QUALITY), resize_quality]
+            f".{extension}", frame, [int(cv2.IMWRITE_WEBP_QUALITY), resize_quality]
         )
         response = make_response(img.tobytes())
-        response.headers["Content-Type"] = "image/webp"
+        response.headers["Content-Type"] = f"image/{extension}"
         response.headers["Cache-Control"] = "no-store"
         return response
     elif camera_name == "birdseye" and current_app.frigate_config.birdseye.restream:
@@ -165,10 +166,10 @@ def latest_frame(camera_name):
         frame = cv2.resize(frame, dsize=(width, height), interpolation=cv2.INTER_AREA)
 
         ret, img = cv2.imencode(
-            ".webp", frame, [int(cv2.IMWRITE_WEBP_QUALITY), resize_quality]
+            f".{extension}", frame, [int(cv2.IMWRITE_WEBP_QUALITY), resize_quality]
         )
         response = make_response(img.tobytes())
-        response.headers["Content-Type"] = "image/webp"
+        response.headers["Content-Type"] = f"image/{extension}"
         response.headers["Cache-Control"] = "no-store"
         return response
     else:
@@ -459,7 +460,7 @@ def recording_clip(camera_name, start_ts, end_ts):
         )
 
     file_name = secure_filename(file_name)
-    path = os.path.join(CACHE_DIR, file_name)
+    path = os.path.join(CLIPS_DIR, f"cache/{file_name}")
 
     if not os.path.exists(path):
         ffmpeg_cmd = [
@@ -511,7 +512,7 @@ def recording_clip(camera_name, start_ts, end_ts):
         response.headers["Content-Disposition"] = "attachment; filename=%s" % file_name
     response.headers["Content-Length"] = os.path.getsize(path)
     response.headers["X-Accel-Redirect"] = (
-        f"/cache/{file_name}"  # nginx: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers
+        f"/clips/cache/{file_name}"  # nginx: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers
     )
 
     return response
@@ -553,7 +554,9 @@ def vod_ts(camera_name, start_ts, end_ts):
             logger.warning(f"Recording clip is missing or empty: {recording.path}")
 
     if not clips:
-        logger.error("No recordings found for the requested time range")
+        logger.error(
+            f"No recordings found for {camera_name} during the requested time range"
+        )
         return make_response(
             jsonify(
                 {
@@ -636,7 +639,7 @@ def vod_event(id):
         # If the recordings are not found and the event started more than 5 minutes ago, set has_clip to false
         if (
             event.start_time < datetime.now().timestamp() - 300
-            and type(vod_response) == tuple
+            and type(vod_response) is tuple
             and len(vod_response) == 2
             and vod_response[1] == 404
         ):
@@ -1232,8 +1235,8 @@ def preview_gif(camera_name: str, start_ts, end_ts, max_cache_age=2592000):
 
 @MediaBp.route("/<camera_name>/start/<int:start_ts>/end/<int:end_ts>/preview.mp4")
 @MediaBp.route("/<camera_name>/start/<float:start_ts>/end/<float:end_ts>/preview.mp4")
-def preview_mp4(camera_name: str, start_ts, end_ts):
-    file_name = f"clip_{camera_name}_{start_ts}-{end_ts}.mp4"
+def preview_mp4(camera_name: str, start_ts, end_ts, max_cache_age=604800):
+    file_name = f"preview_{camera_name}_{start_ts}-{end_ts}.mp4"
 
     if len(file_name) > 1000:
         return make_response(
@@ -1380,7 +1383,7 @@ def preview_mp4(camera_name: str, start_ts, end_ts):
 
     response = make_response()
     response.headers["Content-Description"] = "File Transfer"
-    response.headers["Cache-Control"] = "no-cache"
+    response.headers["Cache-Control"] = f"private, max-age={max_cache_age}"
     response.headers["Content-Type"] = "video/mp4"
     response.headers["Content-Length"] = os.path.getsize(path)
     response.headers["X-Accel-Redirect"] = (

frigate/api/review.py

@@ -22,6 +22,7 @@ ReviewBp = Blueprint("reviews", __name__)
 def review():
     cameras = request.args.get("cameras", "all")
     labels = request.args.get("labels", "all")
+    zones = request.args.get("zones", "all")
     reviewed = request.args.get("reviewed", type=int, default=0)
     limit = request.args.get("limit", type=int, default=None)
     severity = request.args.get("severity", None)
@@ -60,6 +61,20 @@ def review():
         label_clause = reduce(operator.or_, label_clauses)
         clauses.append((label_clause))
 
+    if zones != "all":
+        # use matching so segments with multiple zones
+        # still match on a search where any zone matches
+        zone_clauses = []
+        filtered_zones = zones.split(",")
+
+        for zone in filtered_zones:
+            zone_clauses.append(
+                (ReviewSegment.data["zones"].cast("text") % f'*"{zone}"*')
+            )
+
+        zone_clause = reduce(operator.or_, zone_clauses)
+        clauses.append((zone_clause))
+
     if reviewed == 0:
         clauses.append((ReviewSegment.has_been_reviewed == False))
 
@@ -96,6 +111,7 @@ def review_summary():
 
     cameras = request.args.get("cameras", "all")
     labels = request.args.get("labels", "all")
+    zones = request.args.get("zones", "all")
 
     clauses = [(ReviewSegment.start_time > day_ago)]
 
@@ -118,6 +134,20 @@ def review_summary():
         label_clause = reduce(operator.or_, label_clauses)
         clauses.append((label_clause))
 
+    if zones != "all":
+        # use matching so segments with multiple zones
+        # still match on a search where any zone matches
+        zone_clauses = []
+        filtered_zones = zones.split(",")
+
+        for zone in filtered_zones:
+            zone_clauses.append(
+                (ReviewSegment.data["zones"].cast("text") % f'*"{zone}"*')
+            )
+
+        zone_clause = reduce(operator.or_, zone_clauses)
+        clauses.append((zone_clause))
+
     last_24 = (
         ReviewSegment.select(
             fn.SUM(
@@ -440,7 +470,12 @@ def motion_activity():
 
     # resample data using pandas to get activity on scaled basis
     df = pd.DataFrame(data, columns=["start_time", "motion", "camera"])
-    df = df.astype(dtype={"motion": "float16"})
+
+    if df.empty:
+        logger.warning("No motion data found for the requested time range")
+        return jsonify([])
+
+    df = df.astype(dtype={"motion": "float32"})
 
     # set date as datetime index
     df["start_time"] = pd.to_datetime(df["start_time"], unit="s")
@@ -462,11 +497,13 @@ def motion_activity():
 
     for i in range(0, length, chunk):
         part = df.iloc[i : i + chunk]
-        df.iloc[i : i + chunk, 0] = (
-            (part["motion"] - part["motion"].min())
-            / (part["motion"].max() - part["motion"].min())
-            * 100
-        ).fillna(0.0)
+        min_val, max_val = part["motion"].min(), part["motion"].max()
+        if min_val != max_val:
+            df.iloc[i : i + chunk, 0] = (
+                part["motion"].sub(min_val).div(max_val - min_val).mul(100).fillna(0)
+            )
+        else:
+            df.iloc[i : i + chunk, 0] = 0.0
 
     # change types for output
     df.index = df.index.astype(int) // (10**9)

frigate/app.py

@@ -27,7 +27,7 @@ from frigate.comms.dispatcher import Communicator, Dispatcher
 from frigate.comms.inter_process import InterProcessCommunicator
 from frigate.comms.mqtt import MqttClient
 from frigate.comms.ws import WebSocketClient
-from frigate.config import AuthModeEnum, FrigateConfig
+from frigate.config import FrigateConfig
 from frigate.const import (
     CACHE_DIR,
     CLIPS_DIR,
@@ -68,7 +68,7 @@ from frigate.stats.util import stats_init
 from frigate.storage import StorageMaintainer
 from frigate.timeline import TimelineProcessor
 from frigate.types import CameraMetricsTypes, PTZMetricsTypes
-from frigate.util.builtin import save_default_config
+from frigate.util.builtin import empty_and_close_queue, save_default_config
 from frigate.util.config import migrate_frigate_config
 from frigate.util.object import get_camera_regions_grid
 from frigate.version import VERSION
@@ -100,7 +100,7 @@ class FrigateApp:
         for d in [
             CONFIG_DIR,
             RECORD_DIR,
-            CLIPS_DIR,
+            f"{CLIPS_DIR}/cache",
             CACHE_DIR,
             MODEL_CACHE_DIR,
             EXPORT_DIR,
@@ -521,8 +521,9 @@ class FrigateApp:
             logger.info(f"Capture process started for {name}: {capture_process.pid}")
 
     def start_audio_processors(self) -> None:
+        self.audio_process = None
         if len([c for c in self.config.cameras.values() if c.audio.enabled]) > 0:
-            audio_process = mp.Process(
+            self.audio_process = mp.Process(
                 target=listen_to_audio,
                 name="audio_capture",
                 args=(
@@ -530,10 +531,10 @@ class FrigateApp:
                     self.camera_metrics,
                 ),
             )
-            audio_process.daemon = True
-            audio_process.start()
-            self.processes["audio_detector"] = audio_process.pid or 0
-            logger.info(f"Audio process started: {audio_process.pid}")
+            self.audio_process.daemon = True
+            self.audio_process.start()
+            self.processes["audio_detector"] = self.audio_process.pid or 0
+            logger.info(f"Audio process started: {self.audio_process.pid}")
 
     def start_timeline_processor(self) -> None:
         self.timeline_processor = TimelineProcessor(
@@ -592,7 +593,7 @@ class FrigateApp:
             )
 
     def init_auth(self) -> None:
-        if self.config.auth.mode == AuthModeEnum.native:
+        if self.config.auth.enabled:
             if User.select().count() == 0:
                 password = secrets.token_hex(16)
                 password_hash = hash_password(
@@ -706,9 +707,9 @@ class FrigateApp:
         self.check_shm()
         self.init_auth()
 
+        # Flask only listens for SIGINT, so we need to catch SIGTERM and send SIGINT
         def receiveSignal(signalNumber: int, frame: Optional[FrameType]) -> None:
-            self.stop()
-            sys.exit()
+            os.kill(os.getpid(), signal.SIGINT)
 
         signal.signal(signal.SIGTERM, receiveSignal)
 
@@ -717,10 +718,13 @@ class FrigateApp:
         except KeyboardInterrupt:
             pass
 
+        logger.info("Flask has exited...")
+
         self.stop()
 
     def stop(self) -> None:
         logger.info("Stopping...")
+
         self.stop_event.set()
 
         # set an end_time on entries without an end_time before exiting
@@ -731,43 +735,76 @@ class FrigateApp:
             ReviewSegment.end_time == None
         ).execute()
 
-        # Stop Communicators
-        self.inter_process_communicator.stop()
-        self.inter_config_updater.stop()
-        self.inter_detection_proxy.stop()
+        # stop the audio process
+        if self.audio_process is not None:
+            self.audio_process.terminate()
+            self.audio_process.join()
 
+        # ensure the capture processes are done
+        for camera in self.camera_metrics.keys():
+            capture_process = self.camera_metrics[camera]["capture_process"]
+            if capture_process is not None:
+                logger.info(f"Waiting for capture process for {camera} to stop")
+                capture_process.terminate()
+                capture_process.join()
+
+        # ensure the camera processors are done
+        for camera in self.camera_metrics.keys():
+            camera_process = self.camera_metrics[camera]["process"]
+            if camera_process is not None:
+                logger.info(f"Waiting for process for {camera} to stop")
+                camera_process.terminate()
+                camera_process.join()
+                logger.info(f"Closing frame queue for {camera}")
+                frame_queue = self.camera_metrics[camera]["frame_queue"]
+                empty_and_close_queue(frame_queue)
+
+        # ensure the detectors are done
         for detector in self.detectors.values():
             detector.stop()
 
-        # Empty the detection queue and set the events for all requests
-        while not self.detection_queue.empty():
-            connection_id = self.detection_queue.get(timeout=1)
-            self.detection_out_events[connection_id].set()
-        self.detection_queue.close()
-        self.detection_queue.join_thread()
+        empty_and_close_queue(self.detection_queue)
+        logger.info("Detection queue closed")
+
+        self.detected_frames_processor.join()
+        empty_and_close_queue(self.detected_frames_queue)
+        logger.info("Detected frames queue closed")
+
+        self.timeline_processor.join()
+        self.event_processor.join()
+        empty_and_close_queue(self.timeline_queue)
+        logger.info("Timeline queue closed")
+
+        self.output_processor.terminate()
+        self.output_processor.join()
+
+        self.recording_process.terminate()
+        self.recording_process.join()
+
+        self.review_segment_process.terminate()
+        self.review_segment_process.join()
 
         self.external_event_processor.stop()
         self.dispatcher.stop()
-        self.detected_frames_processor.join()
         self.ptz_autotracker_thread.join()
-        self.event_processor.join()
+
         self.event_cleanup.join()
         self.record_cleanup.join()
         self.stats_emitter.join()
         self.frigate_watchdog.join()
         self.db.stop()
 
+        # Stop Communicators
+        self.inter_process_communicator.stop()
+        self.inter_config_updater.stop()
+        self.inter_detection_proxy.stop()
+
         while len(self.detection_shms) > 0:
             shm = self.detection_shms.pop()
             shm.close()
             shm.unlink()
 
-        for queue in [
-            self.detected_frames_queue,
-            self.log_queue,
-        ]:
-            if queue is not None:
-                while not queue.empty():
-                    queue.get_nowait()
-                queue.close()
-                queue.join_thread()
+        self.log_process.terminate()
+        self.log_process.join()
+
+        os._exit(os.EX_OK)

frigate/comms/detections_updater.py

@@ -26,9 +26,8 @@ class DetectionProxyRunner(threading.Thread):
 
     def run(self) -> None:
         """Run the proxy."""
-        control = self.context.socket(zmq.SUB)
+        control = self.context.socket(zmq.REP)
         control.connect(SOCKET_CONTROL)
-        control.setsockopt_string(zmq.SUBSCRIBE, "")
         incoming = self.context.socket(zmq.XSUB)
         incoming.bind(SOCKET_PUB)
         outgoing = self.context.socket(zmq.XPUB)
@@ -46,13 +45,13 @@ class DetectionProxy:
 
     def __init__(self) -> None:
         self.context = zmq.Context()
-        self.control = self.context.socket(zmq.PUB)
+        self.control = self.context.socket(zmq.REQ)
         self.control.bind(SOCKET_CONTROL)
         self.runner = DetectionProxyRunner(self.context)
         self.runner.start()
 
     def stop(self) -> None:
-        self.control.send_string("TERMINATE")  # tell the proxy to stop
+        self.control.send("TERMINATE".encode())  # tell the proxy to stop
         self.runner.join()
         self.context.destroy()
 
@@ -69,7 +68,7 @@ class DetectionPublisher:
     def send_data(self, payload: any) -> None:
         """Publish detection."""
         self.socket.send_string(self.topic.value, flags=zmq.SNDMORE)
-        self.socket.send_pyobj(payload)
+        self.socket.send_json(payload)
 
     def stop(self) -> None:
         self.socket.close()
@@ -92,7 +91,7 @@ class DetectionSubscriber:
 
             if has_update:
                 topic = DetectionTypeEnum[self.socket.recv_string(flags=zmq.NOBLOCK)]
-                return (topic, self.socket.recv_pyobj())
+                return (topic, self.socket.recv_json())
         except zmq.ZMQError:
             pass
 

frigate/comms/events_updater.py

@@ -20,7 +20,7 @@ class EventUpdatePublisher:
         self, payload: tuple[EventTypeEnum, EventStateEnum, str, dict[str, any]]
     ) -> None:
         """There is no communication back to the processes."""
-        self.socket.send_pyobj(payload)
+        self.socket.send_json(payload)
 
     def stop(self) -> None:
         self.socket.close()
@@ -43,7 +43,7 @@ class EventUpdateSubscriber:
             has_update, _, _ = zmq.select([self.socket], [], [], timeout)
 
             if has_update:
-                return self.socket.recv_pyobj()
+                return self.socket.recv_json()
         except zmq.ZMQError:
             pass
 
@@ -66,7 +66,7 @@ class EventEndPublisher:
         self, payload: tuple[EventTypeEnum, EventStateEnum, str, dict[str, any]]
     ) -> None:
         """There is no communication back to the processes."""
-        self.socket.send_pyobj(payload)
+        self.socket.send_json(payload)
 
     def stop(self) -> None:
         self.socket.close()
@@ -89,7 +89,7 @@ class EventEndSubscriber:
             has_update, _, _ = zmq.select([self.socket], [], [], timeout)
 
             if has_update:
-                return self.socket.recv_pyobj()
+                return self.socket.recv_json()
         except zmq.ZMQError:
             pass
 

frigate/comms/inter_process.py

@@ -37,14 +37,14 @@ class InterProcessCommunicator(Communicator):
                     break
 
                 try:
-                    (topic, value) = self.socket.recv_pyobj(flags=zmq.NOBLOCK)
+                    (topic, value) = self.socket.recv_json(flags=zmq.NOBLOCK)
 
                     response = self._dispatcher(topic, value)
 
                     if response is not None:
-                        self.socket.send_pyobj(response)
+                        self.socket.send_json(response)
                     else:
-                        self.socket.send_pyobj([])
+                        self.socket.send_json([])
                 except zmq.ZMQError:
                     break
 
@@ -65,8 +65,8 @@ class InterProcessRequestor:
 
     def send_data(self, topic: str, data: any) -> any:
         """Sends data and then waits for reply."""
-        self.socket.send_pyobj((topic, data))
-        return self.socket.recv_pyobj()
+        self.socket.send_json((topic, data))
+        return self.socket.recv_json()
 
     def stop(self) -> None:
         self.socket.close()

frigate/config.py

@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import asyncio
 import json
 import logging
 import os
@@ -8,7 +7,6 @@ from enum import Enum
 from pathlib import Path
 from typing import Any, Dict, List, Optional, Tuple, Union
 
-import matplotlib.pyplot as plt
 import numpy as np
 from pydantic import (
     BaseModel,
@@ -27,6 +25,7 @@ from frigate.const import (
     CACHE_DIR,
     CACHE_SEGMENT_FORMAT,
     DEFAULT_DB_PATH,
+    FREQUENCY_STATS_POINTS,
     MAX_PRE_CAPTURE,
     REGEX_CAMERA_NAME,
     YAML_EXT,
@@ -43,12 +42,13 @@ from frigate.plus import PlusApi
 from frigate.util.builtin import (
     deep_merge,
     escape_special_characters,
+    generate_color_palette,
     get_ffmpeg_arg_list,
     load_config_with_no_duplicates,
 )
-from frigate.util.config import get_relative_coordinates
+from frigate.util.config import StreamInfoRetriever, get_relative_coordinates
 from frigate.util.image import create_mask
-from frigate.util.services import auto_detect_hwaccel, get_video_properties
+from frigate.util.services import auto_detect_hwaccel
 
 logger = logging.getLogger(__name__)
 
@@ -62,9 +62,9 @@ FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE
 if os.path.isdir("/run/secrets") and os.access("/run/secrets", os.R_OK):
     for secret_file in os.listdir("/run/secrets"):
         if secret_file.startswith("FRIGATE_"):
-            FRIGATE_ENV_VARS[secret_file] = Path(
-                os.path.join("/run/secrets", secret_file)
-            ).read_text()
+            FRIGATE_ENV_VARS[secret_file] = (
+                Path(os.path.join("/run/secrets", secret_file)).read_text().strip()
+            )
 
 DEFAULT_TRACKED_OBJECTS = ["person"]
 DEFAULT_ALERT_OBJECTS = ["person", "car"]
@@ -73,6 +73,9 @@ DEFAULT_DETECTORS = {"cpu": {"type": "cpu"}}
 DEFAULT_DETECT_DIMENSIONS = {"width": 1280, "height": 720}
 DEFAULT_TIME_LAPSE_FFMPEG_ARGS = "-vf setpts=0.04*PTS -r 30"
 
+# stream info handler
+stream_info_retriever = StreamInfoRetriever()
+
 
 class FrigateBaseModel(BaseModel):
     model_config = ConfigDict(extra="forbid", protected_namespaces=())
@@ -98,9 +101,6 @@ class DateTimeStyleEnum(str, Enum):
 
 
 class UIConfig(FrigateBaseModel):
-    live_mode: LiveModeEnum = Field(
-        default=LiveModeEnum.mse, title="Default Live Mode."
-    )
     timezone: Optional[str] = Field(default=None, title="Override UI timezone.")
     time_format: TimeFormatEnum = Field(
         default=TimeFormatEnum.browser, title="Override UI time format."
@@ -116,9 +116,8 @@ class UIConfig(FrigateBaseModel):
     )
 
 
-class AuthModeEnum(str, Enum):
-    native = "native"
-    proxy = "proxy"
+class TlsConfig(FrigateBaseModel):
+    enabled: bool = Field(default=True, title="Enable TLS for port 8971")
 
 
 class HeaderMappingConfig(FrigateBaseModel):
@@ -127,8 +126,22 @@ class HeaderMappingConfig(FrigateBaseModel):
     )
 
 
+class ProxyConfig(FrigateBaseModel):
+    header_map: HeaderMappingConfig = Field(
+        default_factory=HeaderMappingConfig,
+        title="Header mapping definitions for proxy user passing.",
+    )
+    logout_url: Optional[str] = Field(
+        default=None, title="Redirect url for logging out with proxy."
+    )
+    auth_secret: Optional[str] = Field(
+        default=None,
+        title="Secret value for proxy authentication.",
+    )
+
+
 class AuthConfig(FrigateBaseModel):
-    mode: AuthModeEnum = Field(default=AuthModeEnum.native, title="Authentication mode")
+    enabled: bool = Field(default=True, title="Enable authentication")
     reset_admin_password: bool = Field(
         default=False, title="Reset the admin password on startup"
     )
@@ -144,10 +157,6 @@ class AuthConfig(FrigateBaseModel):
         title="Refresh the session if it is going to expire in this many seconds",
         ge=30,
     )
-    header_map: HeaderMappingConfig = Field(
-        default_factory=HeaderMappingConfig,
-        title="Header mapping definitions for proxy auth mode.",
-    )
     failed_login_rate_limit: Optional[str] = Field(
         default=None,
         title="Rate limits for failed login attempts.",
@@ -156,9 +165,6 @@ class AuthConfig(FrigateBaseModel):
         default=[],
         title="Trusted proxies for determining IP address to rate limit",
     )
-    logout_url: Optional[str] = Field(
-        default=None, title="Redirect url for logging out in proxy mode."
-    )
     # As of Feb 2023, OWASP recommends 600000 iterations for PBKDF2-SHA256
     hash_iterations: int = Field(default=600000, title="Password hash iterations")
 
@@ -188,7 +194,9 @@ class MqttConfig(FrigateBaseModel):
     port: int = Field(default=1883, title="MQTT Port")
     topic_prefix: str = Field(default="frigate", title="MQTT Topic Prefix")
     client_id: str = Field(default="frigate", title="MQTT Client ID")
-    stats_interval: int = Field(default=60, title="MQTT Camera Stats Interval")
+    stats_interval: int = Field(
+        default=60, ge=FREQUENCY_STATS_POINTS, title="MQTT Camera Stats Interval"
+    )
     user: Optional[str] = Field(None, title="MQTT Username")
     password: Optional[str] = Field(None, title="MQTT Password", validate_default=True)
     tls_ca_certs: Optional[str] = Field(None, title="MQTT TLS CA Certificates")
@@ -271,6 +279,10 @@ class OnvifConfig(FrigateBaseModel):
         default_factory=PtzAutotrackConfig,
         title="PTZ auto tracking config.",
     )
+    ignore_time_mismatch: bool = Field(
+        default=False,
+        title="Onvif Ignore Time Synchronization Mismatch Between Camera and Server",
+    )
 
 
 class RetainModeEnum(str, Enum):
@@ -1025,10 +1037,11 @@ class CameraConfig(FrigateBaseModel):
     def __init__(self, **config):
         # Set zone colors
         if "zones" in config:
-            colors = plt.cm.get_cmap("tab10", len(config["zones"]))
+            colors = generate_color_palette(len(config["zones"]))
+
             config["zones"] = {
-                name: {**z, "color": tuple(round(255 * c) for c in colors(idx)[:3])}
-                for idx, (name, z) in enumerate(config["zones"].items())
+                name: {**z, "color": color}
+                for (name, z), color in zip(config["zones"].items(), colors)
             }
 
         # add roles to the input if there is only one
@@ -1169,12 +1182,20 @@ class LoggerConfig(FrigateBaseModel):
 class CameraGroupConfig(FrigateBaseModel):
     """Represents a group of cameras."""
 
-    cameras: list[str] = Field(
+    cameras: Union[str, List[str]] = Field(
         default_factory=list, title="List of cameras in this group."
     )
     icon: str = Field(default="generic", title="Icon that represents camera group.")
     order: int = Field(default=0, title="Sort order for group.")
 
+    @field_validator("cameras", mode="before")
+    @classmethod
+    def validate_cameras(cls, v):
+        if isinstance(v, str) and "," not in v:
+            return [v]
+
+        return v
+
 
 def verify_config_roles(camera_config: CameraConfig) -> None:
     """Verify that roles are setup in the config correctly."""
@@ -1296,6 +1317,10 @@ class FrigateConfig(FrigateBaseModel):
     database: DatabaseConfig = Field(
         default_factory=DatabaseConfig, title="Database configuration."
     )
+    tls: TlsConfig = Field(default_factory=TlsConfig, title="TLS configuration.")
+    proxy: ProxyConfig = Field(
+        default_factory=ProxyConfig, title="Proxy configuration."
+    )
     auth: AuthConfig = Field(default_factory=AuthConfig, title="Auth configuration.")
     environment_vars: Dict[str, str] = Field(
         default_factory=dict, title="Frigate environment variables."
@@ -1355,11 +1380,18 @@ class FrigateConfig(FrigateBaseModel):
         default_factory=TimestampStyleConfig,
         title="Global timestamp style configuration.",
     )
+    version: Optional[float] = Field(default=None, title="Current config version.")
 
     def runtime_config(self, plus_api: PlusApi = None) -> FrigateConfig:
         """Merge camera config with globals."""
         config = self.model_copy(deep=True)
 
+        # Proxy secret substitution
+        if config.proxy.auth_secret:
+            config.proxy.auth_secret = config.proxy.auth_secret.format(
+                **FRIGATE_ENV_VARS
+            )
+
         # MQTT user/password substitutions
         if config.mqtt.user or config.mqtt.password:
             config.mqtt.user = config.mqtt.user.format(**FRIGATE_ENV_VARS)
@@ -1415,7 +1447,7 @@ class FrigateConfig(FrigateBaseModel):
                 if need_detect_dimensions or need_record_fourcc:
                     stream_info = {"width": 0, "height": 0, "fourcc": None}
                     try:
-                        stream_info = asyncio.run(get_video_properties(input.path))
+                        stream_info = stream_info_retriever.get_stream_info(input.path)
                     except Exception:
                         logger.warn(
                             f"Error detecting stream parameters automatically for {input.path} Applying default values."

frigate/const.py

@@ -82,6 +82,10 @@ UPSERT_REVIEW_SEGMENT = "upsert_review_segment"
 CLEAR_ONGOING_REVIEW_SEGMENTS = "clear_ongoing_review_segments"
 UPDATE_CAMERA_ACTIVITY = "update_camera_activity"
 
+# Stats Values
+
+FREQUENCY_STATS_POINTS = 15
+
 # Autotracking
 
 AUTOTRACKING_MAX_AREA_RATIO = 0.6

frigate/detectors/detection_api.py

@@ -1,5 +1,6 @@
 import logging
 from abc import ABC, abstractmethod
+from typing import List
 
 import numpy as np
 
@@ -10,6 +11,7 @@ logger = logging.getLogger(__name__)
 
 class DetectionApi(ABC):
     type_key: str
+    supported_models: List[ModelTypeEnum]
 
     @abstractmethod
     def __init__(self, detector_config):

frigate/detectors/detector_config.py

@@ -5,13 +5,12 @@ import os
 from enum import Enum
 from typing import Dict, Optional, Tuple
 
-import matplotlib.pyplot as plt
 import requests
 from pydantic import BaseModel, ConfigDict, Field
 from pydantic.fields import PrivateAttr
 
 from frigate.plus import PlusApi
-from frigate.util.builtin import load_labels
+from frigate.util.builtin import generate_color_palette, load_labels
 
 logger = logging.getLogger(__name__)
 
@@ -128,10 +127,9 @@ class ModelConfig(BaseModel):
 
     def create_colormap(self, enabled_labels: set[str]) -> None:
         """Get a list of colors for enabled labels."""
-        cmap = plt.cm.get_cmap("tab10", len(enabled_labels))
+        colors = generate_color_palette(len(enabled_labels))
 
-        for key, val in enumerate(enabled_labels):
-            self._colormap[val] = tuple(int(round(255 * c)) for c in cmap(key)[:3])
+        self._colormap = {label: color for label, color in zip(enabled_labels, colors)}
 
     model_config = ConfigDict(extra="forbid", protected_namespaces=())
 

frigate/detectors/plugins/deepstack.py

@@ -57,8 +57,8 @@ class DeepStack(DetectionApi):
                 files={"image": image_bytes},
                 timeout=self.api_timeout,
             )
-        except requests.exceptions.RequestException:
-            logger.error("Error calling deepstack API")
+        except requests.exceptions.RequestException as ex:
+            logger.error("Error calling deepstack API: %s", ex)
             return np.zeros((20, 6), np.float32)
 
         response_json = response.json()

frigate/detectors/plugins/openvino.py

@@ -1,7 +1,8 @@
 import logging
+import os
 
 import numpy as np
-import openvino.runtime as ov
+import openvino as ov
 from pydantic import Field
 from typing_extensions import Literal
 
@@ -20,31 +21,104 @@ class OvDetectorConfig(BaseDetectorConfig):
 
 class OvDetector(DetectionApi):
     type_key = DETECTOR_KEY
+    supported_models = [ModelTypeEnum.ssd, ModelTypeEnum.yolonas, ModelTypeEnum.yolox]
 
     def __init__(self, detector_config: OvDetectorConfig):
         self.ov_core = ov.Core()
-        self.ov_model = self.ov_core.read_model(detector_config.model.path)
         self.ov_model_type = detector_config.model.model_type
 
         self.h = detector_config.model.height
         self.w = detector_config.model.width
 
+        if detector_config.device == "AUTO":
+            logger.warning(
+                "OpenVINO AUTO device type is not currently supported. Attempting to use GPU instead."
+            )
+            detector_config.device = "GPU"
+
+        if not os.path.isfile(detector_config.model.path):
+            logger.error(f"OpenVino model file {detector_config.model.path} not found.")
+            raise FileNotFoundError
+
         self.interpreter = self.ov_core.compile_model(
-            model=self.ov_model, device_name=detector_config.device
+            model=detector_config.model.path, device_name=detector_config.device
         )
 
-        logger.info(f"Model Input Shape: {self.interpreter.input(0).shape}")
-        self.output_indexes = 0
+        self.model_invalid = False
+
+        if self.ov_model_type not in self.supported_models:
+            logger.error(
+                f"OpenVino detector does not support {self.ov_model_type} models."
+            )
+            self.model_invalid = True
+
+        # Ensure the SSD model has the right input and output shapes
+        if self.ov_model_type == ModelTypeEnum.ssd:
+            model_inputs = self.interpreter.inputs
+            model_outputs = self.interpreter.outputs
+
+            if len(model_inputs) != 1:
+                logger.error(
+                    f"SSD models must only have 1 input. Found {len(model_inputs)}."
+                )
+                self.model_invalid = True
+            if len(model_outputs) != 1:
+                logger.error(
+                    f"SSD models must only have 1 output. Found {len(model_outputs)}."
+                )
+                self.model_invalid = True
+
+            if model_inputs[0].get_shape() != ov.Shape([1, self.w, self.h, 3]):
+                logger.error(
+                    f"SSD model input doesn't match. Found {model_inputs[0].get_shape()}."
+                )
+                self.model_invalid = True
+
+            output_shape = model_outputs[0].get_shape()
+            if output_shape[0] != 1 or output_shape[1] != 1 or output_shape[3] != 7:
+                logger.error(f"SSD model output doesn't match. Found {output_shape}.")
+                self.model_invalid = True
+
+        if self.ov_model_type == ModelTypeEnum.yolonas:
+            model_inputs = self.interpreter.inputs
+            model_outputs = self.interpreter.outputs
+
+            if len(model_inputs) != 1:
+                logger.error(
+                    f"YoloNAS models must only have 1 input. Found {len(model_inputs)}."
+                )
+                self.model_invalid = True
+            if len(model_outputs) != 1:
+                logger.error(
+                    f"YoloNAS models must be exported in flat format and only have 1 output. Found {len(model_outputs)}."
+                )
+                self.model_invalid = True
+
+            if model_inputs[0].get_shape() != ov.Shape([1, 3, self.w, self.h]):
+                logger.error(
+                    f"YoloNAS model input doesn't match. Found {model_inputs[0].get_shape()}, but expected {[1, 3, self.w, self.h]}."
+                )
+                self.model_invalid = True
+
+            output_shape = model_outputs[0].partial_shape
+            if output_shape[-1] != 7:
+                logger.error(
+                    f"YoloNAS models must be exported in flat format. Model output doesn't match. Found {output_shape}."
+                )
+                self.model_invalid = True
 
-        while True:
-            try:
-                tensor_shape = self.interpreter.output(self.output_indexes).shape
-                logger.info(f"Model Output-{self.output_indexes} Shape: {tensor_shape}")
-                self.output_indexes += 1
-            except Exception:
-                logger.info(f"Model has {self.output_indexes} Output Tensors")
-                break
         if self.ov_model_type == ModelTypeEnum.yolox:
+            self.output_indexes = 0
+            while True:
+                try:
+                    tensor_shape = self.interpreter.output(self.output_indexes).shape
+                    logger.info(
+                        f"Model Output-{self.output_indexes} Shape: {tensor_shape}"
+                    )
+                    self.output_indexes += 1
+                except Exception:
+                    logger.info(f"Model has {self.output_indexes} Output Tensors")
+                    break
             self.num_classes = tensor_shape[2] - 5
             logger.info(f"YOLOX model has {self.num_classes} classes")
             self.set_strides_grids()
@@ -81,29 +155,52 @@ class OvDetector(DetectionApi):
 
     def detect_raw(self, tensor_input):
         infer_request = self.interpreter.create_infer_request()
-        infer_request.infer([tensor_input])
+        # TODO: see if we can use shared_memory=True
+        input_tensor = ov.Tensor(array=tensor_input)
+        infer_request.infer(input_tensor)
+
+        detections = np.zeros((20, 6), np.float32)
+
+        if self.model_invalid:
+            return detections
 
         if self.ov_model_type == ModelTypeEnum.ssd:
-            results = infer_request.get_output_tensor()
+            results = infer_request.get_output_tensor(0).data[0][0]
 
-            detections = np.zeros((20, 6), np.float32)
-            i = 0
-            for object_detected in results.data[0, 0, :]:
-                if object_detected[0] != -1:
-                    logger.debug(object_detected)
-                if object_detected[2] < 0.1 or i == 20:
+            for i, (_, class_id, score, xmin, ymin, xmax, ymax) in enumerate(results):
+                if i == 20:
                     break
                 detections[i] = [
-                    object_detected[1],  # Label ID
-                    float(object_detected[2]),  # Confidence
-                    object_detected[4],  # y_min
-                    object_detected[3],  # x_min
-                    object_detected[6],  # y_max
-                    object_detected[5],  # x_max
+                    class_id,
+                    float(score),
+                    ymin,
+                    xmin,
+                    ymax,
+                    xmax,
                 ]
-                i += 1
             return detections
-        elif self.ov_model_type == ModelTypeEnum.yolox:
+
+        if self.ov_model_type == ModelTypeEnum.yolonas:
+            predictions = infer_request.get_output_tensor(0).data
+
+            for i, prediction in enumerate(predictions):
+                if i == 20:
+                    break
+                (_, x_min, y_min, x_max, y_max, confidence, class_id) = prediction
+                # when running in GPU mode, empty predictions in the output have class_id of -1
+                if class_id < 0:
+                    break
+                detections[i] = [
+                    class_id,
+                    confidence,
+                    y_min / self.h,
+                    x_min / self.w,
+                    y_max / self.h,
+                    x_max / self.w,
+                ]
+            return detections
+
+        if self.ov_model_type == ModelTypeEnum.yolox:
             out_tensor = infer_request.get_output_tensor()
             # [x, y, h, w, box_score, class_no_1, ..., class_no_80],
             results = out_tensor.data
@@ -124,8 +221,6 @@ class OvDetector(DetectionApi):
 
             ordered = dets[dets[:, 5].argsort()[::-1]][:20]
 
-            detections = np.zeros((20, 6), np.float32)
-
             for i, object_detected in enumerate(ordered):
                 detections[i] = self.process_yolo(
                     object_detected[6], object_detected[5], object_detected[:4]

frigate/detectors/plugins/rknn.py

@@ -41,12 +41,12 @@ class Rknn(DetectionApi):
         if model_props["preset"]:
             config.model.model_type = model_props["model_type"]
 
-        if model_props["model_type"] == ModelTypeEnum.yolonas:
-            logger.info("""
-                        You are using yolo-nas with weights from DeciAI.
-                        These weights are subject to their license and can't be used commercially.
-                        For more information, see: https://docs.deci.ai/super-gradients/latest/LICENSE.YOLONAS.html
-                        """)
+            if model_props["model_type"] == ModelTypeEnum.yolonas:
+                logger.info(
+                    "You are using yolo-nas with weights from DeciAI. "
+                    "These weights are subject to their license and can't be used commercially. "
+                    "For more information, see: https://docs.deci.ai/super-gradients/latest/LICENSE.YOLONAS.html"
+                )
 
         from rknnlite.api import RKNNLite
 

frigate/events/audio.py

@@ -50,11 +50,13 @@ def get_ffmpeg_command(ffmpeg: FfmpegConfig) -> list[str]:
         or get_ffmpeg_arg_list(ffmpeg.input_args)
     )
     return (
-        ["ffmpeg", "-vn"]
+        ["ffmpeg", "-vn", "-threads", "1"]
         + input_args
         + ["-i"]
         + [ffmpeg_input.path]
         + [
+            "-threads",
+            "1",
             "-f",
             f"{AUDIO_FORMAT}",
             "-ar",
@@ -81,6 +83,7 @@ def listen_to_audio(
         logger.info("Exiting audio detector...")
 
     def receiveSignal(signalNumber: int, frame: Optional[FrameType]) -> None:
+        logger.debug(f"Audio process received signal {signalNumber}")
         stop_event.set()
         exit_process()
 

frigate/log.py

@@ -57,8 +57,8 @@ def log_process(log_queue: Queue) -> None:
 
     while True:
         try:
-            record = log_queue.get(timeout=1)
-        except (queue.Empty, KeyboardInterrupt):
+            record = log_queue.get(block=True, timeout=1.0)
+        except queue.Empty:
             if stop_event.is_set():
                 break
             continue

frigate/object_processing.py

@@ -498,6 +498,10 @@ class CameraState:
 
         frame_copy = cv2.cvtColor(frame_copy, cv2.COLOR_YUV2BGR_I420)
         # draw on the frame
+        if draw_options.get("mask"):
+            mask_overlay = np.where(self.camera_config.motion.mask == [0])
+            frame_copy[mask_overlay] = [0, 0, 0]
+
         if draw_options.get("bounding_boxes"):
             # draw the bounding boxes on the frame
             for obj in tracked_objects.values():
@@ -622,10 +626,6 @@ class CameraState:
                 )
                 cv2.drawContours(frame_copy, [zone.contour], -1, zone.color, thickness)
 
-        if draw_options.get("mask"):
-            mask_overlay = np.where(self.camera_config.motion.mask == [0])
-            frame_copy[mask_overlay] = [0, 0, 0]
-
         if draw_options.get("motion_boxes"):
             for m_box in motion_boxes:
                 cv2.rectangle(

frigate/output/birdseye.py

@@ -134,6 +134,8 @@ class FFMpegConverter(threading.Thread):
 
         ffmpeg_cmd = [
             "ffmpeg",
+            "-threads",
+            "1",
             "-f",
             "rawvideo",
             "-pix_fmt",
@@ -142,6 +144,8 @@ class FFMpegConverter(threading.Thread):
             f"{in_width}x{in_height}",
             "-i",
             "pipe:",
+            "-threads",
+            "1",
             "-f",
             "mpegts",
             "-s",

frigate/output/camera.py

@@ -31,6 +31,8 @@ class FFMpegConverter(threading.Thread):
 
         ffmpeg_cmd = [
             "ffmpeg",
+            "-threads",
+            "1",
             "-f",
             "rawvideo",
             "-pix_fmt",
@@ -39,6 +41,8 @@ class FFMpegConverter(threading.Thread):
             f"{in_width}x{in_height}",
             "-i",
             "pipe:",
+            "-threads",
+            "1",
             "-f",
             "mpegts",
             "-s",

frigate/output/output.py

@@ -38,6 +38,7 @@ def output_frames(
     stop_event = mp.Event()
 
     def receiveSignal(signalNumber, frame):
+        logger.debug(f"Output frames process received signal {signalNumber}")
         stop_event.set()
 
     signal.signal(signal.SIGTERM, receiveSignal)
@@ -173,10 +174,13 @@ def move_preview_frames(loc: str):
     preview_holdover = os.path.join(CLIPS_DIR, "preview_restart_cache")
     preview_cache = os.path.join(CACHE_DIR, "preview_frames")
 
-    if loc == "clips":
-        shutil.move(preview_cache, preview_holdover)
-    elif loc == "cache":
-        if not os.path.exists(preview_holdover):
-            return
+    try:
+        if loc == "clips":
+            shutil.move(preview_cache, preview_holdover)
+        elif loc == "cache":
+            if not os.path.exists(preview_holdover):
+                return
 
-        shutil.move(preview_holdover, preview_cache)
+            shutil.move(preview_holdover, preview_cache)
+    except shutil.Error:
+        logger.error("Failed to restore preview cache.")