Manage your profile and password
Personal display, playback, and notification defaults
Device-specific application preferences
Choose which actions ask before continuing
Authentication, security, and server management
AWS credentials, infrastructure settings, and service health
| Name | ID | State | Inputs |
|---|---|---|---|
| Open this section to load channels. | |||
| Name | ID | Type | State |
|---|---|---|---|
| Open this section to load inputs. | |||
Control which IP addresses can connect to automation services
Restrict RossTalk HTTP/TCP, MOS TCP, and CII TCP connections to specific IP addresses and CIDR ranges. Loopback is always allowed. When empty, all automation connections are accepted.
Configure polling and diagnostic collection defaults
Configure low-bandwidth WebRTC and HLS proxy output defaults
WebRTC proxies provide low-latency monitoring through MediaMTX. HLS proxies provide CloudFront-backed fallback streams through S3.
Real-time MediaMTX and SRT/WebRTC stream status
Configure SAML 2.0 and OpenID Connect identity providers
Step-by-step guide to connect Okta as an OpenID Connect identity provider.
Set the following values:
Nexushttps://<your-domain>/auth/sso/oidc/callbackClick Save.
From the app's General tab, copy:
Issuer URL: Go to Security → API → Authorization Servers and copy the Issuer URI.
Default: https://dev-12345678.okta.com/oauth2/default
To map Okta groups to roles, add a groups claim:
Option A — Via App Settings:
groups, Filter: Matches regex .*Option B — Via Authorization Server:
groups, include in ID Token + Access Token, value type Groups, filter regex .*Oktaopenid profile email groupshttps://<your-domain>/auth/sso/oidc/callbackBASE_URL env var must match your domain exactly.Manage database backups with automatic daily scheduling and manual triggers
Create a manual backup of all databases. Includes user accounts, settings, Kinetica templates, Conduit data sources, StreamController presets, CuePoint rules, and all saved configurations.
Last 7 backups are retained. Daily automatic backups run at 3:00 AM.
| Filename | Size | Created | Actions |
|---|---|---|---|
| Loading... | |||
Active-passive failover between primary and backup EC2 instances
Step-by-step guide to configure active-passive failover between two EC2 instances.
eipalloc-xxx allocation IDmlnexus-backup). No public access neededs3:GetObject, s3:PutObject, s3:ListBucket) and EC2 EIP permissions (ec2:DescribeAddresses, ec2:AssociateAddress, ec2:DisassociateAddress). Attach to both instancescurl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt install -y nodejssudo apt install -y nginx && sudo npm install -g pm2 && git clone <repo> ~/nexus && cd ~/nexus && npm install.env from the primary, then change the failover vars (see Step 3)Add to the primary's .env:
FAILOVER_MODE=primary FAILOVER_S3_BUCKET=mlnexus-backup FAILOVER_PARTNER_URL=http://<backup-private-ip>:8080/health FAILOVER_ELASTIC_IP_ALLOC_ID=eipalloc-xxxxxxxxx
Add to the backup's .env:
FAILOVER_MODE=backup FAILOVER_S3_BUCKET=mlnexus-backup FAILOVER_PARTNER_URL=http://<primary-private-ip>:8080/health FAILOVER_ELASTIC_IP_ALLOC_ID=eipalloc-xxxxxxxxx
Both instances need port 8080 TCP open from the partner's private IP (for health check polling). Add inbound rules:
<backup-private-ip>/32<primary-private-ip>/32pm2 restart all. Wait for "Sync complete" in the logspm2 restart all. It should log "Starting in BACKUP mode"pm2 stop all). Within ~9 seconds the backup should promote and the site stays liveFAILOVER_SYNC_INTERVAL_MS | 15000 | DB upload frequency (min 5000) |
FAILOVER_HEALTH_INTERVAL_MS | 3000 | Health poll frequency (min 1000) |
FAILOVER_DEAD_THRESHOLD | 3 | Missed checks before promotion |
FAILOVER_HEARTBEAT_STALE_MS | 30000 | Heartbeat age before considered stale |
curl http://<partner-ip>:8080/healthec2:AssociateAddress and ec2:DisassociateAddress permissionsssh-keygen -R <eip>, then reconnectPOST /api/failover/promoteConfigure the Claude AI integration for the Kinetica template builder
Enter your Anthropic API key to enable the AI assistant in the builder. The key is stored server-side and never sent to the browser.
Select which Claude model to use. Sonnet is recommended for most tasks — fast and precise. Opus is slower but more capable for complex template generation. Haiku is fastest and cheapest for simple edits.
Create, edit, and manage user accounts
| Username | Full Name | Role | Last Login | Status | Actions | |
|---|---|---|---|---|---|---|
| Loading... | ||||||
Configure roles with custom permission sets
| Name | Description | Level | Permissions | Users | Type | Actions |
|---|---|---|---|---|---|---|
| Loading... | ||||||
View all administrative actions and system events
| Time | User | Action | Resource | Details | IP |
|---|---|---|---|---|---|
| Loading... | |||||
View real-time server logs and events
Version history and release notes
Git operations, environment configuration, and server control
Sensitive values are protected. Saved changes require a server restart.
Restart the process to apply configuration and code changes.
Download and manage the Kinetica native renderer for HDR fill+key output via NDI, OMT, or SDI
Install the native renderer on your render machine. It will connect to this Nexus server and output graphics via NDI, OMT, or DeckLink/AJA SDI.
Active renderer instances connected to this server
| Hostname | IP | Pipelines | Output Mode | Version | Uptime |
|---|---|---|---|---|---|
| No connected instances | |||||
Default settings baked into new renderer installations