Secure OBS Websocket with nginx

The OBS websocket developer has a pretty weird point of view regarding listening on private network addresses vs the current state of it listening on a public IP or IPs.
What OBS websocket currently does is listening on 0.0.0.0 which is an alias for all available IP addresses.
But if you’re controlling OBS via Websocket from the outside, it’s no one’s business what you do there.

I will explain how to turn the ws:0.0.0.0:4455 into a wss:domain.tld:443 .

It’s very simple. You need to have nginx installed and somewhere “production ready” configured.
You probably have your config files in /etc/nginx/conf.d or similar.
Create a vhost there.

save it as /etc/nginx/conf.d/domain.tld.conf

Replace all instances of domain.tld with your domain and/or subdomain combination/name.

/etc/nginx/acme.conf

request a new certificate from letsencrypt

and restart nginx

If you can’t generate a certificate, or nginx fails to start,
comment everything in the 2nd server block, aka add a # at the beginning of each line there, restart nginx, request a cert, uncomment again, restart nginx.

Connect to OBS websocket via wss://domain.tld:443

Ideally you would have a firewall on your obs server, but this is out of scope.# of this post.

Any questions, comments are below.