Hello all!

I finally got my Lemmy instance up and running yay!

It runs on a local machine, I have nginx installed and my website pointing onto it.

lemmy.mindoki.com => my_static_ip(port 80) => local_ip => nginx

In ngunx I just set up a hello world message, and it works out. lemmy.mindoki.com shows it.

Now, my Lemmy instance is accessible on 0.0.0.0:1236 but obviously only from inside the hosting machine itself.

I have tinkered a bit with the nginx.conf but I feel there is lot of things to do wrongly, especially as it’s ‘dynamic’, but also it seems like a schoolbook example (for Lemmy, so no hits on my favourite search engine), so maybe someone has a working nginx.conf file to spare for a basic setup like this?

Thanks a bunch!

  • Valmond@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Hello !

    I followed your instructions, taking the:

    lemmy-ansible/templates/nginx_internal.conf
    

    and sticking:

    lemmy-ansible/templates/nginx.conf
    

    in the “http {” section + changing all the {{domain}} to lemmy.mindoki.com and changing the {{lemmy_port}} to 1236 (FYI: 0.0.0.0:1236 hits up Lemmy locally)

    Saving it all off in the nginx nginx.conf file.

    I feel exceedingly stupid, but is this the way to go? Because I get this error when I reload nginx:

    nginx: [emerg] host not found in upstream “lemmy:8536” in /etc/nginx/nginx.conf:111

    Cheers and thanks again!

    Edit: removing the upstreams, changed the backend proxy_pass, but to no avail…

    • Max-P@lemmy.max-p.me
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Can you describe your setup in more details? Are you using the Docker setup with also NGINX running on the host outside of Docker?

      If so, nginx_internal.conf must be passed in as a volume to the inner NGINX via the docker-compose. On the host, you only need the bits from nginx.conf. Don’t try to use the internal ones, it doesn’t make sense.

      If you post your configs it will be easier to pinpoint exactly what’s wrong. Also paste the output of docker ps.

      • Valmond@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m off one week on holidays, will sure post all config when I come back, thanks again!

      • Valmond@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Hello, I’m back with more questions and clarifications!

        This is what I did to install Lemmy:

        Install a fresh Linux Mint on an old PC.

        Follow the ‘official’ docker install: https://join-lemmy.org/docs/administration/install_docker.html

        I continued with nginx, lets encrypt etc.

        I also installed PosgreSQL and added a user Lemmy.

        I forward a TCP connection from my fix public IP to the lemmy PC and pointed lemmy.mindoki.com with an A redirection onto that public IP:PORT.

        The only ‘exotic’ thing done was that I added these lines to /home/fediverse/.bashrc :

        export LEMMY_CONFIG_LOCATION=“/media/fediverse/Storage/lemmy/lemmy.hjson”

        EMMY_DATABASE_URL=“postgres://lemmy:redacted_password@localhost:5432/lemmy”

        . “$HOME/.cargo/env”

        I don’t think (but not completely sure) that the last line was added by me manually.

        Now I can access Lemmy locally on localhost:1236 and everything works (inscription, creations of ‘subs’ etc).

        I added the nginx.conf config file at the end of this message (some lines are commented out to make it work at all).

        Almost feels like I should have a very much shorter nginx config file 🙃

        Thanks again!

        Cheers

        .

        .

        .

        nginx.conf :

        worker_processes auto;

        events { worker_connections 1024; }

        http {

        limit_req_zone $binary_remote_addr zone=lemmy.mindoki.com_ratelimit:10m rate=1r/s;
        
        server {
            listen 80;
            listen [::]:80;
            server_name lemmy.mindoki.com;
            # Hide nginx version
            server_tokens off;
            location /.well-known/acme-challenge/ {
                root /var/www/certbot;
            }
            location / {
                return 301 https://$host$request_uri;
            }
        }
        
        server {
            listen 443 ssl http2;
            listen [::]:443 ssl http2;
            server_name lemmy.mindoki.com;
        
            ssl_certificate /etc/letsencrypt/live/lemmy.mindoki.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/lemmy.mindoki.com/privkey.pem;
        
        
            ssl_protocols TLSv1.2 TLSv1.3;
            ssl_prefer_server_ciphers on;
            ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
            ssl_session_timeout  10m;
            ssl_session_cache shared:SSL:10m;
            ssl_session_tickets on;
            ssl_stapling on;
            ssl_stapling_verify on;
        
            # Hide nginx version
            server_tokens off;
        
            # Enable compression for JS/CSS/HTML bundle, for improved client load times.
            # It might be nice to compress JSON, but leaving that out to protect against potential
            # compression+encryption information leak attacks like BREACH.
            gzip on;
            gzip_types text/css application/javascript image/svg+xml;
            gzip_vary on;
        
            # Various content security headers
            add_header Referrer-Policy "same-origin";
            add_header X-Content-Type-Options "nosniff";
            add_header X-Frame-Options "DENY";
            add_header X-XSS-Protection "1; mode=block";
        
        
            location / {
              proxy_pass http://0.0.0.0:1236;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "upgrade";
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header Host $host;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
        
        access_log /var/log/nginx/access.log combined;
        
        
        
        # We construct a string consistent of the "request method" and "http accept header"
        # and then apply soem ~simply regexp matches to that combination to decide on the
        # HTTP upstream we should proxy the request to.
        #
        # Example strings:
        #
        #   "GET:application/activity+json"
        #   "GET:text/html"
        #   "POST:application/activity+json"
        #
        # You can see some basic match tests in this regex101 matching this configuration
        # https://regex101.com/r/vwMJNc/1
        #
        # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
        map "$request_method:$http_accept" $proxpass {
            # If no explicit matches exists below, send traffic to lemmy-ui
            default "http://lemmy-ui";
        
            # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
            #
            # These requests are used by Mastodon and other fediverse instances to look up profile information,
            # discover site information and so on.
            "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";
        
            # All non-GET/HEAD requests should go to lemmy
            #
            # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
            # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
            "~^(?!(GET|HEAD)).*:" "http://lemmy";
        }
        
        #upstream lemmy {
            # this needs to map to the lemmy (server) docker service hostname
        #    server "lemmy:8536";
        #}
        
        #upstream lemmy-ui {
            # this needs to map to the lemmy-ui docker service hostname
        #    server "lemmy-ui:1234";
        #}
        
        server {
            # this is the port inside docker, not the public one yet
            listen 1236;
            listen 8536;
        
            # change if needed, this is facing the public web
            server_name localhost;
            server_tokens off;
        
            gzip on;
            gzip_types text/css application/javascript image/svg+xml;
            gzip_vary on;
        
            # Upload limit, relevant for pictrs
            client_max_body_size 20M;
        
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
        
            # frontend general requests
            location / {
                proxy_pass $proxpass;
        
                rewrite ^(.+)/+$ $1 permanent;
        
                # Send actual client IP upstream
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        
            # backend
            location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
                proxy_pass "https://lemmy";
        
                # proxy common stuff
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        
                # Send actual client IP upstream
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
        

        }

        • Valmond@lemmy.mlOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          EDIT: The site itself works now, so I “only” need help with nginx :-)

          EDIT: DISCARD THE FOLLOWING LINES (Strike-through doesn’t seem to work):

          ~~BTW, I get a handful of errors when I start Lemmy :

          thread ‘main’ panicked at 'Error connecting to postgres://lemmy:thepassword@postgres:5432/lemmy: could not connect to server: Connection refused

          lemmy_1 | Is the server running on host “postgres” (172.18.0.2) and accepting

          lemmy_1 | TCP/IP connections on port 5432?

          I do not know at all where that 172.18.0.2 address comes from sweating :-D~~