Skip to content

Deployment Overview of Owncast on Server

Prerequisites and Basic Requirements

The deployment of Owncast requires a server running the Ubuntu operating system. The installation process necessitates root privileges to manage system services, install packages, and configure network settings. The following components are required:

  • Operating System: Ubuntu
  • Privileges: Root access (sudo or root user)
  • Network: Access to the internet for downloading the installation script and Docker images
  • Ports: Port 8080 is used for the Owncast application; Port 80 and 443 are required for the Nginx proxy and SSL certificate management

File and Directory Structure

The application and its supporting services utilize specific directories for configuration, data storage, and execution:

  • /root/owncast: The working directory for the Owncast application binary and configuration files.
  • /root/nginx: The directory containing the Docker Compose configuration for the Nginx proxy and Certbot.
  • /etc/systemd/system/owncast.service: The systemd unit file defining the Owncast service.
  • /data/nginx/user_conf.d: The directory storing Nginx user configuration files, including host-specific settings.
  • /data/nginx/nginx-certbot.env: The environment file containing configuration variables for the Nginx-Certbot container.
  • /etc/letsencrypt: The mount point for SSL certificates managed by the Nginx-Certbot container.

Application Installation Process

Owncast is installed using the official installation script provided by the developers. The process involves updating the package cache, installing necessary utilities, and executing the remote installation script.

  1. Update the APT package cache to ensure the latest package lists are available.
  2. Install the unzip utility, which is required for the installation script.
  3. Execute the Owncast installation script via curl to download and run the installer.

The installation command is as follows:

curl -s https://owncast.online/install.sh | bash

Following the script execution, a systemd service file is created to manage the Owncast application as a background service.

Docker Containers and Their Deployment

The deployment includes a Docker container for Nginx and Certbot to handle reverse proxying and SSL certificate management. This container is managed via Docker Compose.

The Docker Compose configuration is located at /root/nginx/compose.yml. The configuration defines the following service:

  • Service Name: nginx
  • Image: jonasal/nginx-certbot:latest
  • Restart Policy: unless-stopped
  • Network Mode: host
  • Environment Variables:
  • CERTBOT_EMAIL: Set to [email protected]
  • Additional variables are loaded from /data/nginx/nginx-certbot.env
  • Volumes:
  • nginx_secrets: An external volume mounted to /etc/letsencrypt for certificate storage.
  • /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d for custom Nginx configurations.

To start the Docker containers, the following command is executed from the /root/nginx directory:

docker compose up -d

Proxy Servers

The Nginx container acts as a reverse proxy for the Owncast application. It handles incoming HTTP and HTTPS traffic and forwards requests to the Owncast instance running on the host.

  • Proxy Target: Requests are proxied to http://127.0.0.1:8080.
  • Configuration Location: The proxy pass directive is configured within the file /data/nginx/user_conf.d/<prefix><server_id>.hostkey.in.conf.
  • SSL Management: The jonasal/nginx-certbot image automatically manages SSL certificates using Let's Encrypt.
  • Custom Domains: Configuration for specific hostnames is managed through the files in the /data/nginx/user_conf.d directory.

Access Rights and Security

Security and access control are implemented through systemd service definitions and Docker volume permissions.

  • Service User: The Owncast service runs as the root user.
  • Directory Permissions:
  • The /root/nginx directory is owned by root with permissions 0755.
  • The Docker Compose file /root/nginx/compose.yml is owned by root with permissions 0644.
  • The systemd service file /etc/systemd/system/owncast.service is owned by root with permissions 0644.
  • Firewall: Ensure that the host firewall allows traffic on ports 80, 443, and 8080.

Starting, Stopping, and Updating

The Owncast application is managed as a systemd service, while the proxy infrastructure is managed via Docker Compose.

Managing the Owncast Service:

  • Start the service: 
    systemctl start owncast
  • Stop the service: 
    systemctl stop owncast
  • Enable the service to start on boot: 
    systemctl enable owncast
  • Reload the systemd daemon after configuration changes: 
    systemctl daemon-reload

Managing the Proxy Containers:

  • Start or restart the Nginx and Certbot containers: 

    docker compose up -d
    This command must be executed from the /root/nginx directory.

  • Stop the containers: 

    docker compose down

Updating the System:

  • To update the Owncast application, re-run the installation script or update the binary manually within /root/owncast.
  • To update the proxy container, pull the latest image and restart the service: 
    docker compose pull
docker compose up -d
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×