Deployment Overview of Owncast on Server¶

Prerequisites and Basic Requirements¶

The deployment of Owncast requires a server running an Ubuntu-based operating system. The installation process utilizes the apt package manager and requires root privileges to configure system services and firewalls. The following software packages are installed as dependencies:

unzip
ffmpeg

The application listens on specific ports for internal and external communication, which must be open on the server's firewall.

Final Access Point¶

The application is accessible via the hostkey.in domain. The Fully Qualified Domain Name (FQDN) follows the format: owncast<Server ID>.hostkey.in:443

Replace <Server ID> with the unique identifier assigned to the specific instance.

Application Installation Process¶

Owncast is installed using the official installation script provided by the developers. The script is executed via a curl command that downloads and pipes the installer directly to bash.

The installation command is:

curl -s https://owncast.online/install.sh | bash

This script places the Owncast binary and default configuration files into the /root/owncast directory.

Application Service Management¶

Owncast is managed as a system service using systemd. The service file is located at /etc/systemd/system/owncast.service and is configured to:

Run as the root user.
Start automatically on system boot.
Restart automatically if the process fails.
Execute the binary located at /root/owncast/owncast.

Docker Containers and Their Deployment¶

A separate Docker Compose setup is used to manage the reverse proxy and SSL certificate generation. This deployment consists of the following container:

Image: jonasal/nginx-certbot:latest
Service Name: nginx
Restart Policy: unless-stopped
Network Mode: host

The Docker Compose configuration file is stored at:

/root/nginx/compose.yml

Docker Volumes and Environment¶

The proxy container utilizes the following volumes:

nginx_secrets (External volume mapped to /etc/letsencrypt)
Host directory /data/nginx/user_conf.d mapped to container path /etc/nginx/user_conf.d

Environment variables are loaded from /data/nginx/nginx-certbot.env, and the certificate email is set to [email protected].

Proxy Servers¶

Nginx, running inside a Docker container, acts as the reverse proxy for Owncast. It handles SSL termination and forwards traffic to the Owncast application.

SSL Provider: Certbot (embedded in the nginx-certbot image)
Proxy Configuration: The Nginx user configuration file for the specific domain is located at:
```
/data/nginx/user_conf.d/owncast<Server ID>.hostkey.in.conf
```
Backend Forwarding: Traffic received on the external port is proxied to the internal Owncast instance using the rule:
```
proxy_pass http://127.0.0.1:8080;
```

File and Directory Structure¶

The deployment creates the following directory structure on the host server:

Application Binary and Data: /root/owncast
Nginx Compose Configuration: /root/nginx/compose.yml
Nginx User Configuration: /data/nginx/user_conf.d/
SSL Certificates: Stored within the Docker volume nginx_secrets
System Service File: /etc/systemd/system/owncast.service

Available Ports for Connection¶

The system uses the following port configurations for internal and external traffic:

Direction	Port	Protocol	Description
Internal	8080	HTTP	Local Owncast service
External	443	HTTPS	Public access via Nginx proxy

Starting, Stopping, and Updating¶

Owncast Service¶

The Owncast application is controlled via standard systemctl commands:

Start the service:
```
systemctl start owncast
```
Stop the service:
```
systemctl stop owncast
```
Enable auto-start on boot:
```
systemctl enable owncast
```
Restart the service:
```
systemctl restart owncast
```

Docker Proxy Stack¶

The Nginx and Certbot containers are managed via docker compose in the /root/nginx directory:

Start or restart the proxy stack:
```
docker compose up -d
```
Stop the proxy stack:
```
docker compose down
```
View logs:
```
docker compose logs
```