• 1 Post
Joined 3Y ago
Cake day: May 26, 2020


ahhh, that could have saved me some time! Will try with the 17.2 release then, git version appears broken #0 155.7 error: failed to run custom build command for lemmy_utils v0.17.1 (/app/crates/utils)

Edit: this uses a built in nginx container which also does letsencrypt, not what I need I’ll try rebuilding the docker-compose so I can use this with my existing nginxm, tomorrow.

it will show the ‘Lemmy Instance Setup’, but any other action results in websocket errors or a page with broken CSS, I’ve removed the deny all rule since lemmy.zaggy.nl is broken anyway. edit: nvm have to rework the docker-compose of release as it already has nginx

Made some progress, lemmy instance now runs but I’m running into websocket errors:

Firefox can’t establish a connection to the server at wss://lemmy.zaggy.nl/api/v3/ws.


version: '2.2'

    image: postgres:12-alpine
      - POSTGRES_USER=lemmy
      - POSTGRES_DB=lemmy
      - ./volumes/postgres:/var/lib/postgresql/data
    restart: always

    image: dessalines/lemmy:0.16.7
      - "LAN IP:8536:8536"
      - ""
    restart: always
      - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemm>
      - ./lemmy.hjson:/config/config.hjson
      - postgres
      - pictrs

    image: dessalines/lemmy-ui:0.16.7
      - ""
    restart: always
      - LEMMY_EXTERNAL_HOST=lemmy.zaggy.nl:8536
      - LEMMY_HTTPS=true
      - lemmy

    image: asonix/pictrs:0.3.1
      - "LAN IP:8537:8080"
      - ""
    user: 991:991
      - ./volumes/pictrs:/mnt
    restart: always

lemmy hjson:

  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

  setup: {
    # username for the admin user
    admin_username: "lemmy"
    # password for the admin user
    admin_password: ADMIN PW
    # name of the site (can be changed later)
    site_name: "lemmy.zaggy.nl"

  opentelemetry_url: "http://otel:4137"

  # the domain name of your instance (eg "lemmy.ml")
  hostname: "lemmy.zaggy.nl"
  # address where lemmy should listen for incoming requests
  bind: ""
  # port where lemmy should listen for incoming requests
  port: 8536
  # settings related to the postgresql database
  # address where pictrs is available
  pictrs_url: "http://pictrs:8080"
  database: {
    # name of the postgres database for lemmy
    database: "lemmy"
    # username to connect to postgres
    user: "lemmy"
    # password to connect to postgres
    password: DB PW
    # host where postgres is running
    host: "postgres"
    # port where postgres can be accessed
    port: 5432
    # maximum number of active sql connections
    pool_size: 5
#  # optional: email sending configuration
#  email: {
#    # hostname and port of the smtp server
#    smtp_server: ""
#    # login name for smtp server
#    smtp_login: ""
#    # password to login to the smtp server
#    smtp_password: ""
#    # address to send emails from, eg "noreply@your-instance.com"
#    smtp_from_address: ""
#    # whether or not smtp connections should use tls
#    use_tls: true
#  }

nginx bit:

      server {
          listen 80;
          server_name  lemmy.zaggy.nl;
          rewrite ^ https://$http_host$request_uri? permanent;  # force redirect http to https

       server {
           listen       443 ssl;
           server_name  lemmy.zaggy.nl;
           proxy_cache cache;
           proxy_cache_lock on;
           proxy_cache_valid 200 1s;
           proxy_cache_use_stale updating;
           ssl_protocols TLSv1.2 TLSv1.3;#disable ssl3 to prevent POODLE
           ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
           ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
           ssl_prefer_server_ciphers on;
           ssl_session_cache shared:SSL:10m;
           ssl_dhparam /etc/letsencrypt/live/www.zaggy.nl-0001/dhparam.pem;
           ssl_certificate /etc/letsencrypt/live/zaggy.nl/fullchain.pem;
           ssl_certificate_key /etc/letsencrypt/live/zaggy.nl/privkey.pem;
           ssl_session_cache shared:SSL:10m;
           ssl_session_tickets off;
           ssl_stapling on;
           ssl_stapling_verify on;

          # Hide nginx version
           server_tokens off;

# Enable compression for JS/CSS/HTML bundle, for improved client load times.
   # It might be nice to compress JSON, but leaving that out to protect against potential
   # compression+encryption information leak attacks like BREACH.
   gzip on;
   gzip_types text/css application/javascript image/svg+xml;
   gzip_vary on;

   # Only connect to this site via HTTPS for the two years
   add_header Strict-Transport-Security "max-age=63072000";

   # Various content security headers
   add_header Referrer-Policy "same-origin";
   add_header X-Content-Type-Options "nosniff";
   add_header X-Frame-Options "DENY";
   add_header X-XSS-Protection "1; mode=block";

   # Upload limit for pictrs
   client_max_body_size 20M;

   # frontend
   location / {
          #restricting external access  until I fix lemmy/create admin user
          allow LAN RANGE;
          allow VPN RANGE;
          deny all;

     # The default ports:
     # lemmy_ui_port: 1235
     # lemmy_port: 8536

     set $proxpass "http://LAN IP:1235";
     if ($http_accept ~ "^application/.*$") {
       set $proxpass "http://LAN IP:8536";
     if ($request_method = POST) {
       set $proxpass "http://LAN IP:8536";
     proxy_pass $proxpass;

     rewrite ^(.+)/+$ $1 permanent;

     # Send actual client IP upstream
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

   # backend
   location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
     proxy_pass http://LAN IP:8537;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";

     # Add IP forwarding headers
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

   # Redirect pictshare images to pictrs
   location ~ /pictshare/(.*)$ {
     return 301 /pictrs/image/$1;


So if I make the bind variable in lemmy.hjson anything else than, the lemmy container keeps restarting with the mentioned error.

Setup with existing nginx reverse proxy on another host?
Are there any instructions on how to do this? I have a new VM with docker for lemmy and another VM with nginx running, hosting zaggy.nl. I've had a go at lemmy but the lemmy container keep restarting, saying 'Error: LemmyError { message: None, inner: Address not available (os error 99), context: "SpanTrace" } ' Which variables do I need to change besides db and admin password? What do I fill in for LEMMY_EXTERNAL_HOST?

Get a second hand business laptop (dell latitude, lenovo thinkpad, hp elitebook), replace battery where needed, install linux yourself. If needed you can pop by the seller with a USB drive with Ubuntu or suchlike to quickly test compatibility. Business laptop because of decent parts and guaranteed to be self serviceable.

As for power saving, I saw this pop by a while ago: https://medium.com/@amanusk/an-extensive-guide-to-optimizing-a-linux-laptop-for-battery-life-and-performance-27a7d853856c

Great news! I’ve upgraded without issue on my own instance, lemmy.zaggy.nl, it’s open for testing, break away, I have snapshots.
I apologize for the ongoing nonsense topics and Dutch.