Add 'ownCast, nginx and TLS'
parent
f274ec88b8
commit
9450ace1f3
|
@ -0,0 +1,90 @@
|
|||
Welcome to the Wiki.
|
||||
# owncast and nginx with SSL
|
||||
|
||||
## assumptions
|
||||
|
||||
* dns is configures so that your.domain.com points to the IP of your server
|
||||
* ownCast is already installed on your server and working at http://your.domain.com:PORT
|
||||
|
||||
## install nginx
|
||||
|
||||
```$ sudo apt install nginx```
|
||||
|
||||
## install certbot and nginx module for it
|
||||
|
||||
```$ sudo apt install certbot python3-certbot-nginx```
|
||||
|
||||
## configure and run nginx
|
||||
|
||||
```
|
||||
$ sudo touch /var/www/html/index.html
|
||||
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/your.domain.com.conf
|
||||
```
|
||||
edit /etc/nginx/sites-available/your.domain.com.conf into something like:
|
||||
```
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name your.domain.com;
|
||||
|
||||
root /var/www/;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
$ sudo ln -s /etc/nginx/sites-available/your.domain.com.conf /etc/nginx/sites-enabled/your.domain.com.conf
|
||||
$ sudo rm /etc/nginx/sites-enabled/default
|
||||
$ sytemctl restart nginx
|
||||
```
|
||||
Test your webserver by going with a browser to http://your.domain.com - does it work?
|
||||
|
||||
## install certificates from Let's Encrypt
|
||||
|
||||
```$ sudo certbot -d your.domain.com```
|
||||
|
||||
(it's better not to enable automatic forward to SSL-enabled site e.g. http->https)
|
||||
|
||||
## reconfigure nginx to proxy to ownCast
|
||||
|
||||
edit /etc/nginx/sites-available/your.domain.com.conf into something like this:
|
||||
```
|
||||
server {
|
||||
|
||||
server_name your.domain.com;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
|
||||
listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
```
|
||||
(change your.domain.com to your own domain, and port in the proxy_pass setting to whatever you are using)
|
||||
|
||||
Edit /etc/nginx/nginx.conf and add anywhere into html{} stanza:
|
||||
```
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
```
|
Loading…
Reference in New Issue