Hi all,

I have an issue where I’m trying to setup my instance, and get as far as being able to register as an admin and login when using localhost, but not on my example domain.

When accessing my instance at https://lemmy.mydomain.com, for all appearances it appears to but up and running (I get a nice CSS theme)… but I simply cannot login. It gives 404 post responses.

Proof of failing login:

curl -H 'content-type: application/json' \
    --data-raw '{ \
"username":"tetris11", \
"password":"mypassword",  \
"password_verify":"mypassword, \
"show_nsfw":true \
}'  lemmy.mydomain.com/api/v3/user/register

returns:

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.25.1</center>
</body>
</html>

But if I change my domain into localhost:

curl -H 'content-type: application/json' \
    --data-raw '{ \
"username":"tetris11", \
"password":"mypassword",  \
"password_verify":"mypassword, \
"show_nsfw":true \
}'  localhost:8536/api/v3/user/register

I get

{ "jwt":"XXYYXXYY.XXYYXXYYYX", 
"registration_created":false,
"verify_email_sent":false 
}

or on repeated attempts:

{"error":"user_already_exists"}

My API is up but cannot be reached by https?

My lemmy.hjson


  database: {
    # put your db-passwd from above
    password: "db-password"
  }
  # replace with your domain
  hostname: "lemmy.mydomain.com"
  bind: "127.0.0.1"
  tls_enabled: true
  federation: {
    enabled: true
  }
  setup: {
    # Username for the admin user
    admin_username: "tetris11"
    # Password for the admin user. It must be at least 10 characters.
    admin_password: "mypassword"
    # Name of the site (can be changed later)
    site_name: "Welcome to the My Lemmy"
    # Email for the admin user (optional, can be omitted and set later through the web>
    admin_email: "realemail@email.com"
  }
  # remove this block if you don't require image hosting
  pictrs: {
    ## This port appears to be hardcoded
    url: "http://127.0.0.1:8080/"
  }
}

My lemmy-ui.service

[Unit]
Description=Lemmy UI - Web frontend for Lemmy
After=lemmy.service
Before=nginx.service

[Service]
User=lemmy
WorkingDirectory=/var/lib/lemmy-ui
ExecStart=/usr/bin/node dist/js/server.js
##Environment=LEMMY_UI_HOST=0.0.0.0:8536
Environment=LEMMY_UI_LEMMY_INTERNAL_HOST=localhost:8536
Environment=LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.mydomain.com
Environment=LEMMY_UI_HTTPS=true
Environment=RUST_LOG=info
Restart=on-failure

# Hardening
ProtectSystem=full
PrivateTmp=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

My lemmy.service

[Unit]
Description=Lemmy - A link aggregator for the fediverse
After=network.target

[Service]
User=lemmy
ExecStart=/home/lemmy/.cargo/bin/lemmy_server
Environment=LEMMY_CONFIG_LOCATION=/etc/lemmy/lemmy.hjson
Environment=PICTRS_PATH=/var/lib/pictrs
Environment=PICTRS_ADDR=127.0.0.1:8080
Restart=on-failure

# Hardening
ProtectSystem=yes
PrivateTmp=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

My nginx.conf

    limit_req_zone $binary_remote_addr zone=lemmy.mydomain.com_ratelimit:10m rate=>

    server {
        server_name lemmy.mydomain.com;
        access_log  /var/log/lemmy.access.log combined;

        location / {
            proxy_pass http://0.0.0.0:1234/;  ## lemmy
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    listen 443 ssl http2; # managed by Certbot
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/lemmy.mydomain.com/fullchain.pem; # mana>
    ssl_certificate_key /etc/letsencrypt/live/lemmy.mydomain.com/privkey.pem; # ma>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
  • tetris11OP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 years ago

    Yep, I’m on the latest v0.18.0-rc-6.

    Before that, I was getting websocket errors so I decided to upgrade to use the new api