Caddy
Caddy is the fastest way to setup a SSL reverse proxy with a free certificate from Let's Encrypt.
While we will try to walk you through some installation steps it is highly suggested you follow Caddy's Install options and Reverse Proxy Quickstart for more documentation, examples and detailed information. Caddy is a well documented quality piece of software that you should get familiar with if you need to run a SSL reverse proxy.
1. Make sure you don't have other web servers running.
If you are running other pieces of web server software such as Apache or NGINX using port 80 or 443 then you won't be able to continue with this Caddy install. Either remove the other pieces of software or read up on how to make them live in harmony.
2. Install Caddy
Depending on your system there may be different options on installing. Using APT is suggested if it's supported on your machine.
- Using APT (recommended)
- Download manually
Installing this package automatically starts and runs Caddy for you as a systemd service so it will automatically run Caddy each time you start your machine.
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
Read the Caddy install steps for using apt for more details.
- Visit the releases page and expand the "assets" section.
- Find the version for your platform and operating system.
- Unarchive the file:
tar -xvzf caddy_2.3.0_linux_amd64.tar.gz - You're likely to want to setup Caddy as a system service to auatomatically start in the background. Learn how to do this. Read the Caddy download page for more details.
3. Run Caddy as a reverse proxy
- Single command line
- Caddyfile
It offers automatic configuration of HTTPS with a single command.
caddy reverse-proxy --from owncast.mydomain.com --to 127.0.0.1:8080
Replace owncast.mydomain.com with the public hostname of your Owncast server like watch.owncast.online for example.
Read the Caddy reverse proxy documentation for more details.
The Caddyfile is Caddy's config file.
Add to your Caddyfile:
owncast.example.com {
encode gzip
reverse_proxy 127.0.0.1:8080
tls webmaster@mydomain.com
}
Replace owncast.mydomain.com with the public hostname of your Owncast server like watch.owncast.online for example.
If you specify owncast.example.com without a protocol or a port, it will attempt to use the default http and https ports (80 and 443). Since these are privileged ports, you will need to run caddy with sudo or as root.
4. Run Owncast normally
Continue to run Owncast on port 8080.
5. Access Owncast through the proxy
You should now be able to access your Owncast server by visiting https://owncast.example.com instead of http://owncast.example.com:8080.
Replace owncast.example.com with the public hostname of your Owncast server like watch.owncast.online for example.
Related Documents
- SSL & HTTP ProxiesPut your Owncast server behind a proxy to enable SSL.
- ApacheIf you're already using Apache you can use it as a proxy.
- lighttpdlighttpd is a lightweight option for SSL proxying.
- NGINXNGINX is a very popular solution for SSL proxying.
- HAProxyHAproxy is a well known performant reverse proxy.