Are there any instructions on how to do this? I have a new VM with docker for lemmy and another VM with nginx running, hosting zaggy.nl.
I’ve had a go at lemmy but the lemmy container keep restarting, saying 'Error: LemmyError { message: None, inner: Address not available (os error 99), context: “SpanTrace” } ’ Which variables do I need to change besides db and admin password? What do I fill in for LEMMY_EXTERNAL_HOST?
Made some progress, lemmy instance now runs but I’m running into websocket errors:
Firefox can’t establish a connection to the server at wss://lemmy.zaggy.nl/api/v3/ws.
docker-compose.yml:
version: '2.2' services: postgres: image: postgres:12-alpine environment: - POSTGRES_USER=lemmy - POSTGRES_PASSWORD=DB PASSWORD - POSTGRES_DB=lemmy volumes: - ./volumes/postgres:/var/lib/postgresql/data restart: always lemmy: image: dessalines/lemmy:0.16.7 ports: - "LAN IP:8536:8536" - "127.0.0.1:6669:6669" restart: always environment: - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemm> volumes: - ./lemmy.hjson:/config/config.hjson depends_on: - postgres - pictrs lemmy-ui: image: dessalines/lemmy-ui:0.16.7 ports: - "192.168.1.243:1235:1234" restart: always environment: - LEMMY_INTERNAL_HOST=LAN IP:8536 - LEMMY_EXTERNAL_HOST=lemmy.zaggy.nl:8536 - LEMMY_HTTPS=true depends_on: - lemmy pictrs: image: asonix/pictrs:0.3.1 ports: - "LAN IP:8537:8080" - "127.0.0.1:6670:6669" user: 991:991 volumes: - ./volumes/pictrs:/mnt restart: always
lemmy hjson:
{ # for more info about the config, check out the documentation # https://join-lemmy.org/docs/en/administration/configuration.html setup: { # username for the admin user admin_username: "lemmy" # password for the admin user admin_password: ADMIN PW # name of the site (can be changed later) site_name: "lemmy.zaggy.nl" } opentelemetry_url: "http://otel:4137" # the domain name of your instance (eg "lemmy.ml") hostname: "lemmy.zaggy.nl" # address where lemmy should listen for incoming requests bind: "0.0.0.0" # port where lemmy should listen for incoming requests port: 8536 # settings related to the postgresql database # address where pictrs is available pictrs_url: "http://pictrs:8080" database: { # name of the postgres database for lemmy database: "lemmy" # username to connect to postgres user: "lemmy" # password to connect to postgres password: DB PW # host where postgres is running host: "postgres" # port where postgres can be accessed port: 5432 # maximum number of active sql connections pool_size: 5 } slur_filter: ''' (*removed*(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|*removed*?s?|*removed*?|\bspi(c|k)s?\b|\bchinks?|*removed*?|*removed*(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|> ''' # # optional: email sending configuration # email: { # # hostname and port of the smtp server # smtp_server: "" # # login name for smtp server # smtp_login: "" # # password to login to the smtp server # smtp_password: "" # # address to send emails from, eg "noreply@your-instance.com" # smtp_from_address: "" # # whether or not smtp connections should use tls # use_tls: true # } }
nginx bit:
server { listen 80; server_name lemmy.zaggy.nl; rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https } server { listen 443 ssl; server_name lemmy.zaggy.nl; proxy_cache cache; proxy_cache_lock on; proxy_cache_valid 200 1s; proxy_cache_use_stale updating; ssl_protocols TLSv1.2 TLSv1.3;#disable ssl3 to prevent POODLE ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/letsencrypt/live/www.zaggy.nl-0001/dhparam.pem; ssl_certificate /etc/letsencrypt/live/zaggy.nl/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zaggy.nl/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; # Hide nginx version server_tokens off; # Enable compression for JS/CSS/HTML bundle, for improved client load times. # It might be nice to compress JSON, but leaving that out to protect against potential # compression+encryption information leak attacks like BREACH. gzip on; gzip_types text/css application/javascript image/svg+xml; gzip_vary on; # Only connect to this site via HTTPS for the two years add_header Strict-Transport-Security "max-age=63072000"; # Various content security headers add_header Referrer-Policy "same-origin"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options "DENY"; add_header X-XSS-Protection "1; mode=block"; # Upload limit for pictrs client_max_body_size 20M; # frontend location / { #restricting external access until I fix lemmy/create admin user allow LAN RANGE; allow VPN RANGE; deny all; # The default ports: # lemmy_ui_port: 1235 # lemmy_port: 8536 set $proxpass "http://LAN IP:1235"; if ($http_accept ~ "^application/.*$") { set $proxpass "http://LAN IP:8536"; } if ($request_method = POST) { set $proxpass "http://LAN IP:8536"; } proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # backend location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_pass http://LAN IP:8537; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Add IP forwarding headers proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # Redirect pictshare images to pictrs location ~ /pictshare/(.*)$ { return 301 /pictrs/image/$1; } }
Looks like we need to update our installation instructions, these are using an old version of lemmy.
ahhh, that could have saved me some time! Will try with the 17.2 release then, git version appears broken #0 155.7 error: failed to run custom build command for
lemmy_utils v0.17.1 (/app/crates/utils)
Edit: this uses a built in nginx container which also does letsencrypt, not what I need I’ll try rebuilding the docker-compose so I can use this with my existing nginxm, tomorrow.
I apologize for our install docs not being up to date, I’m getting those fixed now.
The manual install probably isn’t going ta work well right now, so i’d suggest ansible or docker.
Hey Zaggy,
When you say - “lemmy instance now runs”, what do you mean?
[when I visit lemmy.zaggy.nl - I get
nginx 403 Forbidden
(maybe because you’re testing something right now)]it will show the ‘Lemmy Instance Setup’, but any other action results in websocket errors or a page with broken CSS, I’ve removed the deny all rule since lemmy.zaggy.nl is broken anyway. edit: nvm have to rework the docker-compose of release as it already has nginx