it will show the 'Lemmy Instance Setup', but any other action results in websocket errors or a page with broken CSS, I've removed the deny all rule since lemmy.zaggy.nl is broken anyway. edit: nvm have to rework the docker-compose of release as it already has nginx
zaggynl
joined 4 years ago
Made some progress, lemmy instance now runs but I'm running into websocket errors:
Firefox can’t establish a connection to the server at wss://lemmy.zaggy.nl/api/v3/ws.
docker-compose.yml:
version: '2.2'
services:
postgres:
image: postgres:12-alpine
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=DB PASSWORD
- POSTGRES_DB=lemmy
volumes:
- ./volumes/postgres:/var/lib/postgresql/data
restart: always
lemmy:
image: dessalines/lemmy:0.16.7
ports:
- "LAN IP:8536:8536"
- "127.0.0.1:6669:6669"
restart: always
environment:
- RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemm>
volumes:
- ./lemmy.hjson:/config/config.hjson
depends_on:
- postgres
- pictrs
lemmy-ui:
image: dessalines/lemmy-ui:0.16.7
ports:
- "192.168.1.243:1235:1234"
restart: always
environment:
- LEMMY_INTERNAL_HOST=LAN IP:8536
- LEMMY_EXTERNAL_HOST=lemmy.zaggy.nl:8536
- LEMMY_HTTPS=true
depends_on:
- lemmy
pictrs:
image: asonix/pictrs:0.3.1
ports:
- "LAN IP:8537:8080"
- "127.0.0.1:6670:6669"
user: 991:991
volumes:
- ./volumes/pictrs:/mnt
restart: always
lemmy hjson:
{
# for more info about the config, check out the documentation
# https://join-lemmy.org/docs/en/administration/configuration.html
setup: {
# username for the admin user
admin_username: "lemmy"
# password for the admin user
admin_password: ADMIN PW
# name of the site (can be changed later)
site_name: "lemmy.zaggy.nl"
}
opentelemetry_url: "http://otel:4137"
# the domain name of your instance (eg "lemmy.ml")
hostname: "lemmy.zaggy.nl"
# address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# port where lemmy should listen for incoming requests
port: 8536
# settings related to the postgresql database
# address where pictrs is available
pictrs_url: "http://pictrs:8080"
database: {
# name of the postgres database for lemmy
database: "lemmy"
# username to connect to postgres
user: "lemmy"
# password to connect to postgres
password: DB PW
# host where postgres is running
host: "postgres"
# port where postgres can be accessed
port: 5432
# maximum number of active sql connections
pool_size: 5
}
slur_filter:
'''
(*removed*(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|*removed*?s?|*removed*?|\bspi(c|k)s?\b|\bchinks?|*removed*?|*removed*(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|>
'''
# # optional: email sending configuration
# email: {
# # hostname and port of the smtp server
# smtp_server: ""
# # login name for smtp server
# smtp_login: ""
# # password to login to the smtp server
# smtp_password: ""
# # address to send emails from, eg "[email protected]"
# smtp_from_address: ""
# # whether or not smtp connections should use tls
# use_tls: true
# }
}
nginx bit:
server {
listen 80;
server_name lemmy.zaggy.nl;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
}
server {
listen 443 ssl;
server_name lemmy.zaggy.nl;
proxy_cache cache;
proxy_cache_lock on;
proxy_cache_valid 200 1s;
proxy_cache_use_stale updating;
ssl_protocols TLSv1.2 TLSv1.3;#disable ssl3 to prevent POODLE
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/letsencrypt/live/www.zaggy.nl-0001/dhparam.pem;
ssl_certificate /etc/letsencrypt/live/zaggy.nl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zaggy.nl/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Hide nginx version
server_tokens off;
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
# It might be nice to compress JSON, but leaving that out to protect against potential
# compression+encryption information leak attacks like BREACH.
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Only connect to this site via HTTPS for the two years
add_header Strict-Transport-Security "max-age=63072000";
# Various content security headers
add_header Referrer-Policy "same-origin";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
# Upload limit for pictrs
client_max_body_size 20M;
# frontend
location / {
#restricting external access until I fix lemmy/create admin user
allow LAN RANGE;
allow VPN RANGE;
deny all;
# The default ports:
# lemmy_ui_port: 1235
# lemmy_port: 8536
set $proxpass "http://LAN IP:1235";
if ($http_accept ~ "^application/.*$") {
set $proxpass "http://LAN IP:8536";
}
if ($request_method = POST) {
set $proxpass "http://LAN IP:8536";
}
proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass http://LAN IP:8537;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Add IP forwarding headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Redirect pictshare images to pictrs
location ~ /pictshare/(.*)$ {
return 301 /pictrs/image/$1;
}
}
So if I make the bind variable in lemmy.hjson anything else than 0.0.0.0, the lemmy container keeps restarting with the mentioned error.
ahhh, that could have saved me some time! Will try with the 17.2 release then, git version appears broken #0 155.7 error: failed to run custom build command for
lemmy_utils v0.17.1 (/app/crates/utils)Edit: this uses a built in nginx container which also does letsencrypt, not what I need I'll try rebuilding the docker-compose so I can use this with my existing nginxm, tomorrow.