Go through config.example.json, web/config.example.json, greenlock.d/config.example.json, and .env.example and replace the placeholders with real values, then rename the files to config.json, web/config.json, greenlock.d/config.json, and .env respectively.
Ensure that you configure a reverse proxy such as nginx to forward requests to the server at http://localhost:PORT (port 3000 by default), setting at a minimum the X-Real-IP header in your nginx configuration file to $remote_addr like so:
# Gander HTTPS server configuration
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name example.tld
ssl_certificate /path/to/gander/greenlock.d/live/example.tld/fullchain.pem;
ssl_certificate_key /path/to/gander/greenlock.d/live/example.tld/privkey.pem;
ssl_trusted_certificate /path/to/gander/greenlock.d/live/example.tld/fullchain.pem;
add_header Strict-Transport-Security "max-age=31536000;";
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# If you use Cloudflare proxying, replace $remote_addr with $http_cf_connecting_ip
# See https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#nginx-1
# alternatively use ngx_http_realip_module
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Ensure you have ffmpeg v7+ installed on the server. ffmpeg v7.1.2 is known to work.
Run the yarn command, bearing in mind this program is known to work with node v20+ installed via nvm and yarn support enabled via corepack. Latest tested node version: v25.2.1
You need to start the server and open the client at port 80 or 443 at least once in the configuration it comes in for greenlock-express to generate SSL certificates. Unfortunately, in order to setup your reverse proxy software to bind to ports 80 and 443 correctly, for now you have to edit source/camera.ts, Ctrl + F for ".serve(app)" in the source code, comment that line out, uncomment the lines consisting of a call to .ready(...) directly above the .serve(app) line, and finally uncomment the imports from http and https at the top of the file.
Run yarn build and yarn start, making sure you don't have anything bound to the ports that are used by the software. Connect to a port exposed by your reverse proxy, ensuring that it points to the SSL certificates generated by greenlock.