- Install nginx and create firewall rules
- Create and configure your websites
- Point your domain to your machine
- Get free trusted SSL certificates for your websites
- Create your own video streaming server
- The result
- Not yet: Apache 2
sudo apt install nginx
sudo ufw allow 'Nginx Full'Create your website(s) sudo mkdir -p /var/www/yourdomain.com and edit sudo nano /etc/nginx/sites-available/yourdomain.com with this content
server {
listen 80;
listen [::]:80;
root /var/www/mydomain.com;
index index.html;
server_name mydomain.com www.mydomain.com;
location / {
try_files $uri $uri/ =404;
}
}Check for mistakes in the syntax sudo nginx -t
Create a link to enable the site: sudo ln -s /etc/nginx/sites-available/mydomain.com /etc/nginx/sites-enabled/mydomain.com
Finally reload nginx sudo systemctl reload nginx
For that you will need to create an A record for @ (the domain) which points to your public IP and CNAMES for www and other hosts pointing to your your domain. If your ISP provides you with a fixed public IP that's all you need to do.
I don't have a fixed public IP address though. So instead of an A record I have a dynamic A record in namecheap (where my domains are registered).
Then I use a daemon ddclient that uses namecheap API (it can also query several others registrars) to update the IP address in namecheap dynamic A records. Unlike changing an A record, the dynamic A record propagates instantly. Install sudo apt-get install ddclient and configure Sudo nano /etc/ddclient/ddclient.confsudo nano /etc/ddclient.conf
#### Global Settings
# How often to update (seconds)
daemon=300
ssl=yes
use=web
web=dynamicdns.park-your-domain.com/getip
protocol=namecheap
server=dynamicdns.park-your-domain.com
#### beachlab.org
login=beachlab.org
password='PUT-YOUR-DOMAIN-KEY-HERE'
@.beachlab.orgFinally make ddclient start when you boot up your ubuntu system
sudo update-rc.d ddclient defaults
sudo update-rc.d ddclient enableIs this true?
If the server is in your local network, and you want to reach it by it's hostname, you must point the server local IP address to the server hostname. Get your server machine name
cat /etc/hostnamewhich in my case returnsthebeachlaband point it to the local network fixed ip address that you set at the beginningsudo nano /etc/hosts.
192.168.1.50 thebeachlabWarning: Still not sure why but 127.0.0.1 will not work. You have to use the network ip.
The following step is to create free trusted SSL certificates. This thing used to cost quite a lot of money but now it's pretty straight forward and there's no reason to have an unencrypted connection anymore. Install certbot:
sudo apt install certbot python3-certbot-nginx
Make sure that the auto renewal timer is running sudo systemctl status certbot.timer otherwise start and enable it sudo systemctl enable --now certbot.timer.
To get certificates for your websites
sudo certbot --nginx -d mydomain.com -d www.mydomain.com
To obtain a standalone certificate
sudo certbot certonly --nginx -d whatever.mydomain.com
Other tasks you can do:
- View your certificates
sudo certbot certificates - Test the auto renewal process
sudo certbot renew --dry-run - Delete a certificate
sudo certbot delete
This is very cool to watch a movie with someone remotely. First install the RTMP module for nginx
sudo add-apt-repository universe
sudo apt install libnginx-mod-rtmpAdjust your web server's configuration so it can accept and deliver your media stream.
sudo nano /etc/nginx/nginx.conf
And add the following to the bottom of the config file:
rtmp {
server {
listen 21935;
chunk_size 4096;
application live {
live on;
record off;
}
}
}Restart the server sudo systemctl restart nginx.
Adjust the firewall rules to accept TCP connections on port 21935.
sudo ufw add 21935
sudo ufw reloadNow setup your OBS streaming software and add this streaming server
rtmp://192.168.1.50/live replacing with the server IP address,
Add a stream_key if you want and start streaming
Launch VLC, open your stream by clicking on Media > Open Network Stream. Enter the path to your stream, adding the Stream Key you set up in OBS, then click Play. For example, rtmp://IP-ADDRESS/live/SECRET-KEY. You should now be viewing your very own live video stream!
- How to protect the stream server so no one can stream to it without a stream key.
- Record videos
My proud website hosted in my suitcase:
To deploy your website with git check the git section.
My initial intention was to run all my web services through nginx. But there are still some software that require you to run apache. In fact, the reason my Nextcloud server is broken is probably related to refusing to install Apache 2.
WIP