✓ Solved

Please help setting up Owncast on a sub domain.

I'm really lost and confused about how to make a sub domain. My domains are registered at Namecheap, and they are pointing to Linode name-servers.

On my VPS I have an Apache2 virtual host set up @ (https://pastlife.works) and I'm trying to setup Owncast on my Linode to point the stream to a subdomain.

I would like my subdomain to be something like:

How do I do this?
the stream works if you go to but I want it to be accessible through the sub-domain. I dont know what kind of record to make for this or what to put in the fields.

Thank you for your time and efforts

6 Replies

✓ Best Answer

Solved with help from L.E.
I had to run this command for it to work: sudo a2enmod headers

The steps taken were as follows:

1) create an HTTP site for "live.example.com" in /etc/apache2/sites-available/

2) get a certbot certificate for "live.example.com"

3) create an HTTPS websitesite for "live.example.com" [simple "hello world" page] - may not be needed

4) proxy https://live.example.com to local system and port (see below for config)

Here is the way I configured the le-ssl.conf for apache:

<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerName live.pastlife.works
        ServerAdmin email
        ServerAlias live.pastlife.works
        DocumentRoot /var/www/live.pastlife.works

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests       Off
        ProxyPreserveHost   On
        AllowEncodedSlashes NoDecode

        <Proxy *>
          Order deny,allow
          Allow from all
## order matters here, RequestHeader Flags before ProxyPass flags ##
        RequestHeader    set X-Forwarded-Proto "https"
        RequestHeader    set X-Forwarded-Port "443"

        ProxyPass        / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

## order matters here, Include first ##
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/live.pastlife.works/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/live.pastlife.works/privkey.pem


I did not include these lines (owncast had them in the docs)

RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$           [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$          [NC]
RewriteRule .* ws://localhost:8080%{REQUEST_URI}  [P,QSA,L]

Visit my link to letsencrypt above for the full process of assistance.

I really hope this helps someone. Maybe Linode can make a guide from this info for those who dont want to use the marketplace app. That would be cool.

Thanks for your replies @stevewi
Have a great day and happy chocolate bunny egg day

You do this with A/AAAA records in DNS… I'm assuming you're going to use Linode's DNS Manager for this.

Let the IP address of your Linode be

  • Set an A/AAAA record for pastlife.works to be with a default TTL.
  • Set an A/AAAA record for live siteA to be with a default TTL.

Commit your changes and wait 24-48 hours depending on your location in the world…then test it:

ping pastlife.works should reply with
ping live.pastlife.works should reply with

Repeat for IPv6 addresses (except use ping -6 to test).

The rest is up to your web server. If you're using apache2, you have to have

ServerName live.pastlife.works

in the VirtualHost configuration for your owncast site.

I don't know about nginx or litespeed so if either of those are your web server, you're on your own. Also, if owncast uses php or Ruby on Rails or some such, you are also on your own.

-- sw

Thanks for the reply. I'm confused. Maybe I should have made a different title because what I'm wanting to do apparently is a lot more than a subdomain.

Yes I'm using Linode's DNS

My IP is confused about "Let the IP address of your Linode be"

I made an A record and set the host as "live" and the IP is the same as above 45.79…

The way it's working now is the subdomain live.pastlife.works is going to the first virtual host in my list at /etc/apache2/sites-enabled

That's not what I want. I want the subdomain to point to the Owncast live stream server (written in Go) which right now is only accessible through or any of my domains with the port typed (8080)

Again thanks a lot, Steve


OK there is some useful info here for anyone who may be able to help:
My post at letsencrypt community

Basically I got the subdomain setup as a new virtual host, got a certbot certificate for that subdomain, and then proceeded to edit the le-ssl.conf for the proxy like Owncast's docs give example. It completely broke apache.

I got this error when running /var/log/apache2/error.log :

[ssl:error] [pid 1103:tid 140404248024832] [client] AH02032: Hostname live.pastlife.works provided via SNI and hostname provided via HTTP have no compatible SSL setup

My IP is confused about "Let the IP address of your Linode be"

Since I didn't know your IP address (and you should avoid posting it publicly lest any malcontents or script kiddies get their hands on it), I used…an example IP address in an unroutable network.

Rearrange your <VirtualHost> configuration to look like this:

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/live.pastlife.works/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/live.pastlife.works/privkey.pem

Also, heed well the advice given by the respondents to your post at the Let's Encrypt community.

-- sw

That is what I thought, sorry about that.

If anyone wanted to do anything malicious though, they (or their script) can just look up the domain on whois or something and get the IP right?

I did arrange the 3 lines the way you showed. I had Include line on bottom, if that matters.

One member at Let's Encrypt suggested the ReWrite Rule section as unnecessary but I tried to comment out that section. Doing that also broke the apache sites


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct