Apache
Apache requires the most boilerplate configuration, but if you’re already using Apache as a web server you can configure it as a reverse proxy in front of your Owncast server to enable SSL.
Ensure required Apache modules are enabled using the a2enmod
command.
$ sudo a2enmod proxy proxy_http proxy_wstunnel ssl
<VirtualHost \*:80>
ServerName live.example.com
ServerAdmin admin@example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =live.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# live-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName live.example.com
ServerAdmin admin@example.com
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# setup the proxy to forward websocket requests properly
# (note: this proxy automatically converts the secure websocket (wss)
# to a normal websocket and vice versa.
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L]
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>