[Self-Hosting] Video playback fails with HTTPS - seeking guidance on S3 endpoint configuration

[webvijayi]

First, thank you for building Cap! It's an excellent open-source alternative to Loom, and I really appreciate being able to self-host it. The software works great once configured properly.

Issue Summary

When self-hosting Cap with HTTPS, I encountered video playback failures with "Unsupported Format" errors. After troubleshooting, this turned out to be a mixed content security issue. I'm opening this to share my experience and ask if my solution aligns with the intended approach.

What I Experienced

Setup:

• Self-hosted Cap using the docker-compose template
• Deployed with HTTPS (Let's Encrypt SSL)
• MinIO for S3 storage

Problem:

1. Videos uploaded successfully from desktop app ✅
2. But playback in browser showed "Unsupported Format" ❌
3. Browser console error: Blocked loading mixed active content: http://domain.com:9000/...

Root cause: Main site uses HTTPS, but videos were being served via HTTP (from MinIO port 9000), triggering browser mixed content security blocks.

Template vs Production

The template appropriately states it's for local development:

# IT IS NOT MEANT FOR PRODUCTION DEPLOYMENT WITHOUT MODIFICATIONS
# IT IS MEANT FOR LOCAL EVALUATION AND DEVELOPMENT PURPOSES ONLY

And uses:

S3_PUBLIC_ENDPOINT: http://localhost:3902

However, the self-hosting docs (https://cap.so/docs/self-hosting) don't specify what modifications are needed for production HTTPS deployments, which left me guessing initially.

What Worked for Me

I configured the S3 endpoint to use HTTPS via a subdomain:

DNS:

s3.yourdomain.com → SERVER_IP

Reverse Proxy (Apache in my case):

<VirtualHost *:443>
    ServerName s3.yourdomain.com
    SSLEngine on
    ProxyPass / http://127.0.0.1:9000/
    ProxyPreserveHost On
</VirtualHost>

docker-compose.yml:

S3_PUBLIC_ENDPOINT: "https://s3.yourdomain.com"
S3_INTERNAL_ENDPOINT: "http://cap-minio:9000"

After implementing this, everything works perfectly - uploads and playback both function flawlessly.

Question for Maintainers

Is this the recommended approach for production deployments? I noticed Railway's template uses https://${{RAILWAY_PUBLIC_DOMAIN}}:443 for the public endpoint, which suggests HTTPS is indeed the intended pattern.

If this is correct, I'd be happy to contribute documentation or examples to help other self-hosters. The current docs are great for getting started, but production HTTPS configuration guidance would be a valuable addition.

Offer to Help

I've created a working one-click installer that automates this setup: https://github.com/webvijayi/cap-install

If it would be helpful, I'm happy to:

• Contribute documentation for production HTTPS deployment
• Add example nginx/apache configs to the docs
• Help clarify the S3 endpoint configuration in the template comments

Thank you again for the excellent work on Cap! Once I figured out the HTTPS configuration, it's been working wonderfully.

Testing Environment

• Server: AlmaLinux 8 with DirectAdmin
• Web server: Apache with Let's Encrypt
• S3: MinIO (from docker-compose)
• All features working: desktop uploads, browser playback, sharing

[linear]

CAP-559