Please help setting up Owncast on a sub domain.
I'm really lost and confused about how to make a sub domain. My domains are registered at Namecheap, and they are pointing to Linode name-servers.
On my VPS I have an Apache2 virtual host set up @ (https://pastlife.works) and I'm trying to setup Owncast on my Linode to point the stream to a subdomain.
I would like my subdomain to be something like:
live.pastlife.works
How do I do this?
the stream works if you go to http://45.79.80.227:8080 but I want it to be accessible through the sub-domain. I dont know what kind of record to make for this or what to put in the fields.
Thank you for your time and efforts
6 Replies
✓ Best Answer
Solved with help from L.E.
I had to run this command for it to work: sudo a2enmod headers
The steps taken were as follows:
1) create an HTTP site for "live.example.com" in /etc/apache2/sites-available/
2) get a certbot certificate for "live.example.com"
3) create an HTTPS websitesite for "live.example.com" [simple "hello world" page] - may not be needed
4) proxy https://live.example.com to local system and port (see below for config)
Here is the way I configured the le-ssl.conf for apache:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName live.pastlife.works
ServerAdmin email
ServerAlias live.pastlife.works
DocumentRoot /var/www/live.pastlife.works
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
## order matters here, RequestHeader Flags before ProxyPass flags ##
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
## order matters here, Include first ##
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/live.pastlife.works/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/live.pastlife.works/privkey.pem
</VirtualHost>
</IfModule>
I did not include these lines (owncast had them in the docs)
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:8080%{REQUEST_URI} [P,QSA,L]
Visit my link to letsencrypt above for the full process of assistance.
I really hope this helps someone. Maybe Linode can make a guide from this info for those who dont want to use the marketplace app. That would be cool.
Thanks for your replies @stevewi
Have a great day and happy chocolate bunny egg day
You do this with A/AAAA records in DNS… I'm assuming you're going to use Linode's DNS Manager for this.
Let the IP address of your Linode be 192.168.0.1.
- Set an A/AAAA record for pastlife.works to be 192.168.0.1 with a default TTL.
- Set an A/AAAA record for live siteA to be 192.168.0.1 with a default TTL.
Commit your changes and wait 24-48 hours depending on your location in the world…then test it:
ping pastlife.works should reply with 192.168.0.1.
ping live.pastlife.works should reply with 192.168.0.1.
Repeat for IPv6 addresses (except use ping -6 to test).
The rest is up to your web server. If you're using apache2, you have to have
ServerName live.pastlife.works
in the VirtualHost configuration for your owncast site.
I don't know about nginx or litespeed so if either of those are your web server, you're on your own. Also, if owncast uses php or Ruby on Rails or some such, you are also on your own.
-- sw
Thanks for the reply. I'm confused. Maybe I should have made a different title because what I'm wanting to do apparently is a lot more than a subdomain.
Yes I'm using Linode's DNS
My IP is 45.79.80.227 confused about "Let the IP address of your Linode be 192.168.0.1."
I made an A record and set the host as "live" and the IP is the same as above 45.79…
The way it's working now is the subdomain live.pastlife.works is going to the first virtual host in my list at /etc/apache2/sites-enabled
That's not what I want. I want the subdomain to point to the Owncast live stream server (written in Go) which right now is only accessible through http://45.79.80.227:8080 or any of my domains with the port typed (8080)
Again thanks a lot, Steve
-PL
OK there is some useful info here for anyone who may be able to help:
My post at letsencrypt community
Basically I got the subdomain setup as a new virtual host, got a certbot certificate for that subdomain, and then proceeded to edit the le-ssl.conf for the proxy like Owncast's docs give example. It completely broke apache.
I got this error when running /var/log/apache2/error.log :
[ssl:error] [pid 1103:tid 140404248024832] [client 162.142.125.8:41958] AH02032: Hostname live.pastlife.works provided via SNI and hostname 45.79.80.227 provided via HTTP have no compatible SSL setup
My IP is 45.79.80.227 confused about "Let the IP address of your Linode be 192.168.0.1."
Since I didn't know your IP address (and you should avoid posting it publicly lest any malcontents or script kiddies get their hands on it), I used 192.168.0.1…an example IP address in an unroutable network.
Rearrange your <VirtualHost> configuration to look like this:
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/live.pastlife.works/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/live.pastlife.works/privkey.pem
Also, heed well the advice given by the respondents to your post at the Let's Encrypt community.
-- sw
That is what I thought, sorry about that.
If anyone wanted to do anything malicious though, they (or their script) can just look up the domain on whois or something and get the IP right?
I did arrange the 3 lines the way you showed. I had Include line on bottom, if that matters.
One member at Let's Encrypt suggested the ReWrite Rule section as unnecessary but I tried to comment out that section. Doing that also broke the apache sites