Docs / OrbiBond Server

Installation Guide

Deploy OrbiBond Server

Self-host the OrbiBond bonding server on your own infrastructure with Docker. HTTPS, dashboard, and all features included out of the box.

Quick Start

Get a bonding server running in under a minute. The server image includes the web dashboard, HTTPS termination, and all streaming features.

1 Pull the image


docker pull orbisports/orbibond-server:latest

2 Run the server

docker run -d \
  --name orbibond \
  --network host \
  --restart unless-stopped \
  -v orbibond-data:/app/data \
  orbisports/orbibond-server:latest \
  -p 28000 --web /app/web

The --web /app/web flag is required so the dashboard files are served correctly. This quick start runs in media mode only, so no elevated privileges are needed.

3 Open the dashboard

Navigate to https://your-server:28080 in your browser. Accept the self-signed certificate warning on first visit.

First Login

Default Credentials

Username: admin

Password: admin

You will be prompted to set a new password on first login. After that, the setup wizard guides you through creating your first API key. Share this key with the OrbiBond app to start bonding.

VPN Mode

Route all client LAN traffic through a bonded tunnel. VPN and media bonding work simultaneously — different clients can use different modes concurrently.

sudo sysctl -w net.ipv4.ip_forward=1

docker run -d --name orbibond \
  --network host \
  --restart unless-stopped \
  --cap-add=NET_ADMIN \
  --device=/dev/net/tun \
  -v orbibond-data:/app/data \
  orbisports/orbibond-server:latest \
  -p 28000 --web /app/web --vpn --ip-proxy

Starting with --vpn does not disable media bonding. Media egress is always available regardless of VPN mode. Requires NET_ADMIN capability and /dev/net/tun access. If you enable VPN mode without those privileges, the VPN path will fail to start.

Media Egress

When a client sends bonded media (MPEG-TS), the server can forward it to one or more destinations. Configure egress via the dashboard or API.

SRT

Low-latency delivery to any SRT-compatible ingest server.

{"type":"srt","url":"srt://dest:4900","latency_ms":500}

RTMP

Direct output to Twitch, YouTube, Facebook Live, or custom endpoints.

{"type":"rtmp","url":"rtmp://live.twitch.tv/app"}

UDP Multicast

Forward to local network multicast for production switchers and broadcast equipment.

{"type":"udp","url":"udp://239.1.1.1:5000"}

NDI

Discoverable NDI source on your production network. Contact us for NDI-enabled builds.

{"type":"ndi","ndi_name":"OrbiBond Feed 1"}

Multi-Destination

Fork the same bonded stream to multiple outputs simultaneously using the /api/egress/fork endpoint. SRT, RTMP, multicast, and NDI outputs can all run in parallel.

Docker Compose

For production deployments, use Docker Compose for easier management.

docker-compose.yml

version: '3.8'

services:
  orbibond:
    image: orbisports/orbibond-server:latest
    container_name: orbibond
    restart: unless-stopped
    network_mode: host
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - orbibond-data:/app/data
    command: >
      -p 28000
      -d /app/data/orbibond.db
      --web /app/web
      --vpn
      --ip-proxy
    sysctls:
      - net.ipv4.ip_forward=1

volumes:
  orbibond-data:
    driver: local

docker compose up -d

Configuration

Configure the server via environment variables passed to the container.

Variable	Default	Description
ORBIBOND_LICENSE_KEY	""	License key for seat validation
ORBIBOND_HTTPS_PORT	28080	HTTPS port for dashboard and API
ORBIBOND_PORT	28000	UDP port for bonding protocol
SERVER_HOSTNAME	orbibond.local	Hostname for SSL certificate CN
ORBIBOND_DB	/app/data/orbibond.db	Path to SQLite database
ORBIBOND_LICENSE_FILE	""	Path to offline license file (.orbilicense)
ORBIBOND_RESET_ADMIN_PASSWORD	""	Set to `1` to reset admin password on startup

Network Ports

UDP 28000

Bonding protocol. Mobile apps connect here to establish bonded tunnels. Must be reachable from the internet.

TCP 28080

HTTPS dashboard and REST API. Used for server management, monitoring, and egress configuration.

UDP 9000+ (optional)

SRT listener ports. Required when using SRT listener mode for pull-based streaming. Configure the listener port in the dashboard under Targets. If not using host networking, map these ports explicitly (e.g., -p 9000:9000/udp).

Host Networking

For NDI, UDP multicast, or SRT listener outputs, the container must use host networking instead of port mapping.

◆ NDI requires mDNS (Bonjour) for discovery on the local network.
◆ UDP multicast requires direct access to the host's network interfaces.
◆ SRT listener mode binds to arbitrary ports that callers connect to.

Docker Run

docker run -d \
  --name orbibond \
  --restart unless-stopped \
  --network host \
  -v orbibond-data:/app/data \
  orbisports/orbibond-server:latest \
  -p 28000 --web /app/web

Docker Compose

docker-compose.yml

version: '3.8'

services:
  orbibond:
    image: orbisports/orbibond-server:latest
    container_name: orbibond
    restart: unless-stopped
    network_mode: host
    volumes:
      - orbibond-data:/app/data
    environment:
      - ORBIBOND_LICENSE_KEY=your_license_key
    command: >
      -p 28000
      --web /app/web

volumes:
  orbibond-data:
    driver: local

When using host networking, the ports directive is not needed — the container shares the host's network stack directly. Ensure ports 28000/UDP and 28080/TCP are open in your firewall.

SSL Certificates

The server runs HTTPS-only. A self-signed certificate is generated automatically on first start. For production, use your own certificate.

Mount custom certificates

Place your cert.pem and key.pem files in the SSL directory.

docker run -d \
  --name orbibond \
  --network host \
  -v orbibond-data:/app/data \
  -v /path/to/certs:/app/data/ssl:ro \
  orbisports/orbibond-server:latest \
  -p 28000 --web /app/web

Upload via dashboard

Navigate to Settings in the dashboard to paste your PEM certificate and private key directly, or request a Let's Encrypt certificate.

Data Persistence

All server state is stored in /app/data. Mount this as a Docker volume to persist data across container restarts.

/app/data/

orbibond.db — API keys, devices, target presets, usage, passwords

ssl/ — custom SSL certificates

Backup & Restore

Export the server database for backup, or restore from a previous export. The database contains all API keys, target presets, user accounts, and usage data.

Export (Backup)

Download a backup from Settings > Database Management in the dashboard, or via the API:

curl -sk -b "session=TOKEN" \
  https://server:28080/api/admin/database/export \
  -o orbibond-backup.db

Import (Restore)

Copy the backup file into the container's data volume, then trigger the import:

# Copy the backup file into the container
docker cp orbibond-backup.db orbibond:/app/data/import.db

# Trigger import via the dashboard (Settings > Database Management)
# or via the API:
curl -sk -X POST -b "session=TOKEN" \
  https://server:28080/api/admin/database/import

# Restart the server to apply
docker restart orbibond

Password Reset

If you've lost access to the admin account, reset the password from the host without needing to log in.

Via Docker Exec

docker exec orbibond \
  /app/orbibond-server --reset-admin-password \
  --db /app/data/orbibond.db

This resets the admin password to admin. Log in and change it immediately.

Via Environment Variable

Set ORBIBOND_RESET_ADMIN_PASSWORD=1 when starting the container. The password is reset before the server starts.

docker run -d \
  --name orbibond \
  --network host \
  -e ORBIBOND_RESET_ADMIN_PASSWORD=1 \
  -v orbibond-data:/app/data \
  orbisports/orbibond-server:latest \
  -p 28000 --web /app/web

Need Help?

Questions about deployment, configuration, or integration? We're here to help.

Contact Support View Pricing

← Back to Documentation