HTTPS
For enabling HTTPS in Restreamer you have three options:
- provide your certificate directly to Restreamer (BYOC),
- proxy the requests to Restreamer from a HTTPS enabled webserver, e.g. nginx,
- use the provided Docker Compose app that does that all for you
Check below for a description of all mentioned options.
BYOC (“Bring Your Own Certificate”)
You will need a valid certificate for the IP or the FQDN, i.e. (sub-)domain, your Restreamer will be reachable at.
The certificate has to be in PEM format. Regarding intermediate certificates the nginx documentation explains: If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates.
The key also has to be in PEM format.
Place the certificate and key file as cert.pem
and key.pem
in a subdirectory called ssl
into the directory that you
mount to /restreamer/db
. E.g. if you mount /mnt/restreamer/db
to /restreamer/db
, then place the PEM files into /mnt/restreamer/db/ssl
.
Inside the Docker container, Restreamer expects the certificate and key file as /restreamer/db/ssl/cert.pem
and /restreamer/db/ssl/key.pem
.
In order enable HTTPS and make Restreamer use the certificate, set the environment variable RS_HTTPS
to true
and
expose the port 8181
. Restreamer will listen on port 8181
for incoming HTTPS requests. The normal HTTP port 8080
is still available
and can be exposed as well.
The Docker command line would look like:
docker run ... -p 443:8181 -e RS_HTTPS=true -v /mnt/restreamer/db:/restreamer/db ...
Of course, you can map the HTTPS port to any port you prefer.
Proxy
If you already have a webserver running (e.g. nginx) that serves sites with HTTPS, you can proxy the requests to your Restreamer.
nginx
This example for nginx assumes that the Restreamer is listening on localhost:8080
.
...
server {
listen 443 ssl http2;
server_name ...;
[SSL configuration]
location /restreamer/ {
proxy_http_version 1.1;
proxy_pass http://localhost:8080;
}
}
...
Check the nginx documentation for more details.
Docker Compose
Docker Compose combines different docker containers to an app. The provided docker-compose.yml
in the root of the repository
defines such an app that makes the Restreamer available via HTTPS with almost no configuration.
Make a copy of the docker-compose.yml
. Now you need to adjust it to your needs. In the restreamer:
section edit the environment variables for Restreamer (at least change the default username and password).
You might also want to change the directory that is mounted into the Restreamer container to persist your settings in the volumes:
section.
In the https-portal
section adjust the DOMAINS
environment variables to the (sub-)domain you want the Restreamer running on. You have to own
the (sub-)domain and it has to point to the IP where Restreamer will run on. Set the value for STAGE
to production
. This will tell https-portal
to pull a valid certificate from Let’s Encrypt. If you only want to try it out without pulling a real certificate from Let’s Encrypt, set the value
for STAGE
to local
and https-portal
will generate a self-signed certificate.
In the console, change to the directory where you stored the docker-compose.yml
and execute
docker-compose up
or
docker-compose -f /path/to/docker-compose.yml up
In the default configuration a self-signed certificate for localhost
will be generated. After starting the app you can access the Restreamer by
entering https://localhost/
into your browser.