Ugh, that one is a problem with indentation because pasting the config into a Lemmy comment destroys the formatting. I uploaded it on Github to preserve the correct indentation.
Andreas
joined 1 year ago
Yeah, the config file on the documentation sucks. I had to poke through several discussions on /c/selfhosting to find a config that wasn't the extremely minimal one linked in the documentation. Your config.hjson is fine from what I can tell, although I'm not sure why you censored the hostname there as it's supposed to be lemmy.emphisia.nl and not anything confidential.
Honestly, I don't have enough understanding of NGINX to debug its config, so I'll just share my docker-compose.yml for leddit.danmark.party which worked correctly and federated out of the box, with a few adjustments to match your deployment. Note that you'll have to tear down your existing deployment if you want to use this docker-compose.yml because they use the same ports.
I should probably self-host my own pastebin
version: "3.9"
x-logging:
&default-logging
options:
max-size: '10m'
driver: json-file
services:
caddy:
image: caddy:2
volumes:
- ./volumes/caddy:/data
- ./volumes/caddy:/config
# See Caddy's documentation for customizing this line
# https://caddyserver.com/docs/quick-starts/reverse-proxy
command:
- /bin/sh
- -c
- |
cat <<EOF > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile
{
debug
}
(common) {
encode gzip
header {
-Server
Strict-Transport-Security "max-age=31536000; include-subdomains;"
X-XSS-Protection "1; mode=block"
X-Frame-Options "DENY"
X-Content-Type-Options nosniff
Referrer-Policy no-referrer-when-downgrade
X-Robots-Tag "none"
}
}
# Lemmy instance
lemmy.emphisia.nl {
log
import common
reverse_proxy http://lemmy-ui:1234 # lemmy-ui
@lemmy {
path /api/*
path /pictrs/*
path /feeds/*
path /nodeinfo/*
path /.well-known/*
}
@lemmy-hdr {
header Accept application/*
}
handle @lemmy {
reverse_proxy http://lemmy:8085 # lemmy
}
handle @lemmy-hdr {
reverse_proxy http://lemmy:8085
}
@lemmy-post {
method POST
}
handle @lemmy-post {
reverse_proxy http://lemmy:8085
}
}
EOF
lemmy:
image: dessalines/lemmy:0.18.1-rc.9
ports:
- 8085:8536
volumes:
- ./lemmy.hjson:/config/config.hjson
depends_on:
- postgres
- pictrs
restart: always
logging: *default-logging
lemmy-ui:
image: dessalines/lemmy-ui:0.18.1-rc.9
ports:
- 1234:1234
environment:
- LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8085
- LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
depends_on:
- lemmy
volumes:
- ./volumes/lemmy-ui/extra_themes:/app/extra_themes
restart: always
logging: *default-logging
postgres:
image: postgres:15-alpine
ports:
- 5432:5432
environment:
- POSTGRES_USER=MyPostgresUser
- POSTGRES_DB=MyPostgresDb
- POSTGRES_PASSWORD=MyPostgresPassword
volumes:
- ./volumes/postgres:/var/lib/postgresql/data
restart: always
logging: *default-logging
pictrs:
image: asonix/pictrs:0.4.0-rc.7
user: 991:991
hostname: pictrs
environment:
- PICTRS__MEDIA__VIDEO_CODEC=vp9
- PICTRS__MEDIA__GIF__MAX_WIDTH=256
- PICTRS__MEDIA__GIF__MAX_HEIGHT=256
- PICTRS__MEDIA__GIF__MAX_AREA=65536
- PICTRS__MEDIA__GIF__MAX_FRAME_COUNT=400
volumes:
- ./volumes/pictrs:/mnt
restart: always
logging: *default-logging
postfix:
image: mwader/postfix-relay
environment:
- POSTFIX_myhostname=lemmy.emphisia.nl
restart: "always"
logging: *default-logging
I don't use NGINX as my proxy server, but it's a bit strange that you would need two configs for this while mine runs perfectly with one config and two open ports (:8536 for Lemmy-BE and :1234 for Lemmy-UI). And why are you using different versions of Lemmy-BE (18.1-rc9) and Lemmy-UI (18.1-rc4)?
If you are using the default docker-compose.yml on the Lemmy repo, that part of the NGINX config uses https:// + the name of the Docker containers. And you always give NGINX the external port (the number on the right side of the colon defined in ports:, like 1234 in 1234:5678). The port on the left is only known to the container the port is defined for.
If it's still broken after you correct the NGINX config, what are your docker-compose.yml and config.hjson like? There's several versions of them floating around and you might have combined incompatible versions with each other.
Yes, it started from this terminology change at Twitter in 2020. They're the reason that version control systems call the primary branch 'main' instead of 'master' by default, because 'master' comes from the master/slave terminology that is used in electronics hardware design.
There's a comment here saying that master/slave in hardware design is being replaced by primary/secondary because of the software trend, which I think is stupid. Master/slave works much better in that context because the master device controls the slave device. Primary/secondary implies that the slave device is a fallback of the master device.
On 0.18.0, there is only the "Only moderators can post" checkbox which stops regular users from creating new posts, but it doesn't stop them from commenting on posts. I'm looking for a way to prevent both (instead of deleting comments after they have been posted).
It will continue to work if you're the only user on your Teddit instance. Teddit (and Libreddit, and any of the Reddit alternative frontends) use the Reddit API un-authenticated and after July 1st, they will be rate-limited to 10 requests per minute. The limit is enough for the activity of one logged-out user but it will break the proxy instances that allow many users to combine their traffic under one IP.
It's great that they're going back to traditional, self-hosted forums instead of corporate social media for support and discussions, but damn, I don't miss having to manage hundreds of accounts with unique logins for each forum. I understand that they want more control over forum moderation and the Fediverse's "anyone can post there" system makes it troublesome. It would be great if there was more widespread adoption of decentralized, "one login to access everything" systems.
USB-A is one-sided, unlike USB-C, so you can't do direct data transfers between two devices with USB-A ports. It's much slower too. Electronic waste is not ideal but it has to happen for a large-scale hardware upgrade. I try to reduce it by recycling my USB-A bricks and cables.
I also cannot understand why, unless you use Apple devices exclusively, you would be happy that one company's series of devices has to use a completely unique charging system from every other device in the world. I don't care if Lightning is better when it's proprietary. If Apple "sticks two fingers up" and doesn't integrate USB-C charging into the iPhone 15, I won't be buying another device from them, because I'm tired of having to carry two different cables around - one USB-C for my laptop, Android phone, power bank, speaker and other devices, and one Lightning charger for nothing else but the damn iPhone.
Seeing the community get destroyed is hard, but seeing the whole company the community relies on being taken over by someone who doesn't care about is okay?! These unpaid janitors seriously need to re-evaluate their priorities.
First time I heard of migrating from Caddy to Traefik and not the other way around. The usual complaint about Traefik is that it's too complicated to manage all of the moving parts. I have only used Caddy with Dockerized setups though so I don't know what the others are like.
PiHole, Adguard Home and the like can't block ads on smart TVs? Or is it something like the TV refusing to start if it contacts the ad server and doesn't get a response?
Oh shit, I forgot that your Caddy would be running on a bridge network by default because mine is on the host network where all ports are already exposed to it! (It's generally a bad idea to use the host network, so don't do this if you're only using Caddy with containers on the same network) I edited the Gist to expose 80 and 443 for HTTP/S on that container, the updated file uses the same Github link. Really sorry about that!