Apache
If you're already using Apache as a web server you can configure it as a reverse proxy in front of your Owncast server to enable SSL. The following configuration example requires Apache >= 2.4.47.
Ensure required Apache modules are enabled using the a2enmod command.
$ sudo a2enmod proxy proxy_http ssl
<VirtualHost *:80>
ServerName live.example.com
ServerAdmin admin@example.com
Redirect permanent / https://live.example.com
</VirtualHost>
# live-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName live.example.com
ServerAdmin admin@example.com
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ upgrade=websocket
ProxyPassReverse / http://localhost:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Contributors to this page
Related Documents
- HAProxyHAproxy is a well known performant reverse proxy.
- CaddyCaddy is possibly the fastest way to setup a SSL proxy.
- SSL & HTTP ProxiesPut your Owncast server behind a proxy to enable SSL.
- lighttpdlighttpd is a lightweight option for SSL proxying.
- NGINXNGINX is a very popular solution for SSL proxying.