Serve Content Via HTTPS

To make your installation available from the outside worls, you want to allow non-local traffic and want to secure connections from and to Opencast. To archieve that, you can either use an HTTP(S) proxy like Apache httpd, Caddy or Nginx.

• Using Nginx to enable HTTPS (recommended)
• Using Apache httpd to enable HTTPS
• Using Caddy to enable HTTPS

Note that introducing HTTPS will not automatically migrate old content. It may still use the previously configured HTTP protocol. For a semi-automatic migration, please take a look at the following guide:

• Migrating old content to HTTPS

General Recommendations

It's hard to keep up with security (e.g. proper TLS configuration). That is why we recommend using a proxy like Nginx or Apache as, due to their general popularity, it is usually much easier to find good configuration recommendations.

There are also a couple of great sites to test your final setup:

• Observatory by Mozilla
• Qualys SSL Labs

If you have no easy way of obtaining proper TLS certificates for your organization, please consider using Let’s Encrypt.

For testing and developer servers, properly configured self-signed certificates can be an option.