From 2fcc38e20eb7b5db96c664b8f7d9c553b7093aad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Prin=C4=8Di=C4=8D?= Date: Thu, 11 Mar 2021 17:33:38 +0100 Subject: [PATCH] Add 'ownCast, nginx and TLS' --- ownCast%2C-nginx-and-TLS.md | 108 ++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 ownCast%2C-nginx-and-TLS.md diff --git a/ownCast%2C-nginx-and-TLS.md b/ownCast%2C-nginx-and-TLS.md new file mode 100644 index 0000000..3490b6e --- /dev/null +++ b/ownCast%2C-nginx-and-TLS.md @@ -0,0 +1,108 @@ +Welcome to the Wiki.Welcome to the Wiki. +# owncast and nginx with SSL + +## assumptions + +* dns is configures so that your.domain.com points to the IP of your server +* ownCast is already installed on your server and working at http://your.domain.com:PORT + +## install nginx + +```$ sudo apt install nginx``` + +## install certbot and nginx module for it + +```$ sudo apt install certbot python3-certbot-nginx``` + +## configure and run nginx + +``` +$ sudo touch /var/www/html/index.html +$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/your.domain.com.conf +``` + +edit /etc/nginx/sites-available/your.domain.com.conf into something like: + +``` +server { + listen 80; + listen [::]:80; + + server_name your.domain.com; + + root /var/www/; + index index.html; + + location / { + try_files $uri $uri/ =404; + } +} +``` + +## disable default page and enable your virtual domain + +``` +$ sudo ln -s /etc/nginx/sites-available/your.domain.com.conf /etc/nginx/sites-enabled/your.domain.com.conf +$ sudo rm /etc/nginx/sites-enabled/default +$ sudo sytemctl restart nginx +``` + +Test your webserver by going with a browser to http://your.domain.com. + +## install certificates from Let's Encrypt + +```$ sudo certbot -d your.domain.com``` + +(it's better not to enable automatic forward to SSL-enabled site e.g. http->https) + +certbot should reload your server but if it doesn't just +``` +$ sudo systemctl restart nginx.service +``` +Test it by opening https://your.domain.com in your browser. + +## reconfigure nginx to proxy to ownCast with SSL included. + +edit /etc/nginx/sites-available/your.domain.com.conf into something like this: + +``` +server { + server_name your.domain.com; + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://127.0.0.1:8080; + } + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} +``` + +(change your.domain.com to your own domain, and port in the proxy_pass setting to whatever you are using) + +Edit /etc/nginx/nginx.conf and add anywhere into html{} stanza: + +``` +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +``` + +Finally restart the server: +``` +$ sudo systemctl restart nginx.service +``` + +https://your.domain.com should now show owncast server. \ No newline at end of file