Valmond

Hello all!

I'm really happy, my instance works !

But I don't know if it works that well ...

Is there some way to see if everything is up and running okay?

I'm asking because I have this in my log for example (they tick every second. There are other stuff of course but mainly this kind of repeating messages ...) see end of message

It's lemmy.mindoki.com BTW if you want to test something. I'd love someone federate with me, for example !moebius_art@lemmy.mindoki.com if someone would be so nice and try and tell if it works :-)

Cheers !

proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:08 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:08 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:08 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:09 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:11 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:14 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:14 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:15 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:15 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:15 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:16 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:18 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:18 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:18 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:20 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:21 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:21 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:21 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:22 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:22 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:25 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2; +https://lemmy.ml"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:26 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"
proxy_1     | 172.18.0.1 - - [24/Jul/2023:18:08:26 +0000] "POST /inbox HTTP/1.1" 200 0 "-" "Lemmy/0.18.2-1-g68276b2f9; +https://lemmy.world"

Hello all!

First of all, thank you for the help I have already received! I see the light in the end of the tunnel... i just hope it's not a train!

So, my Lemmy server IS up and running, but the lemmy-ui seems to be incorrectly configured in nginx.

The setup:

lemmy.mindoki.com is redirected with an A redirect to my static IP, where my ISP-Router box forwards port 80 and 443 over TCP to my Lemmy PC.

In the Lemmy PC is a fresh Linux mint with a Lemmy Docker install.

.

Some things works:

http://0.0.0.0:1236/pictrs/image/730840b6-d6ec-4a40-8668-36b89c6c1d33.png => Gets the image

https://lemmy.mindoki.com/pictrs/image/730840b6-d6ec-4a40-8668-36b89c6c1d33.png => Gets the image

curl “https://lemmy.mindoki.com/api/v3/community/list?sort=Hot&Limit=1” => Works

.

Some don't:

https://0.0.0.0/ => Server error

https://lemmy.mindoki.com/ => Server error

.

RoundSparrow (I don't know how to link users, sorry!) helped me out (here: https://lemmy.ml/comment/1715961) a bunch and suggested trying a smarthphone client, and lo and behold, it Works!

So it seems, as RoundSparrow figured out, my nginx configuration is not correct comming to routing ssh to my lemmy-ui docker.

I have spent the evening tinkering like a cave-man but to no avail, so I'm asking you knowledgeable people out there for help, and any help greatly appreciated!

Thanks again! .

Here are my config files: (I changed pwd & keys with 'redacted_...)

.

This is my main nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

limit_req_zone $binary_remote_addr zone=127.0.0.1_ratelimit:10m rate=1r/s;

server {
    listen 81;
    server_name lemmy.mindoki.com;

    return 200 "Bonjour, mon ami!\n";
}

# Redirect http requests to the https version
server {
    listen 80;
    listen [::]:80;
    server_name lemmy.mindoki.com;
    # Hide nginx version
    server_tokens off;
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name lemmy.mindoki.com;

    ssl_certificate /etc/letsencrypt/live/lemmy.mindoki.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/lemmy.mindoki.com/privkey.pem;


    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets on;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Hide nginx version
    server_tokens off;

    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
    # It might be nice to compress JSON, but leaving that out to protect against potential
    # compression+encryption information leak attacks like BREACH.
    gzip on;
    gzip_types text/css application/javascript image/svg+xml;
    gzip_vary on;

    # Various content security headers
    add_header Referrer-Policy "same-origin";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";


    location / {
      proxy_pass http://0.0.0.0:1236;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

access_log /var/log/nginx/access.log combined;

}

.

.

nginx_internal.conf

worker_processes auto;

events {
    worker_connections 1024;
}

http {
    # We construct a string consistent of the "request method" and "http accept header"
    # and then apply soem ~simply regexp matches to that combination to decide on the
    # HTTP upstream we should proxy the request to.
    #
    # Example strings:
    #
    #   "GET:application/activity+json"
    #   "GET:text/html"
    #   "POST:application/activity+json"
    #
    # You can see some basic match tests in this regex101 matching this configuration
    # https://regex101.com/r/vwMJNc/1
    #
    # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
    map "$request_method:$http_accept" $proxpass {
        # If no explicit matches exists below, send traffic to lemmy-ui
        default "http://lemmy-ui";

        # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
        #
        # These requests are used by Mastodon and other fediverse instances to look up profile information,
        # discover site information and so on.
        "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";

        # All non-GET/HEAD requests should go to lemmy
        #
        # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
        # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
        "~^(?!(GET|HEAD)).*:" "http://lemmy";
    }

    upstream lemmy {
        # this needs to map to the lemmy (server) docker service hostname
        server "lemmy:8536";
    }

    upstream lemmy-ui {
        # this needs to map to the lemmy-ui docker service hostname
        server "lemmy-ui:1234";
    }

    server {
        # this is the port inside docker, not the public one yet
        listen 1236;
        listen 8536;

        # change if needed, this is facing the public web
        server_name 127.0.0.1;
        server_tokens off;

        gzip on;
        gzip_types text/css application/javascript image/svg+xml;
        gzip_vary on;

        # Upload limit, relevant for pictrs
        client_max_body_size 20M;

        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        # Send actual client IP upstream
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # frontend general requests
        location / {
            proxy_pass $proxpass;
            rewrite ^(.+)/+$ $1 permanent;
        }

        # security.txt
        location = /.well-known/security.txt {
            proxy_pass "http://lemmy-ui";
        }

        # backend
        location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
            proxy_pass "http://lemmy";

            # proxy common stuff
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

.

.

The lemmy.hjson

{
  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

  database: {
    #host: 127.0.0.1
    #password: "redacted_password"
    #uri: "postgres://lemmy:5432?pass=redacted_password"
    # NOTE: uri passwords etc is now configured in: /media/fediverse/Storage/lemmy/.bashrc

    # password to connect to postgres
    password: "redacted_password"
    # host where postgres is running
    host: "postgres"

  }

  hostname: 127.0.0.1
  #hostname: lemmy.mindoki.com

  #bind: "127.0.0.1"
  federation: {
    enabled: true
  }

  pictrs: {
    url: "http://pictrs:8080/"
    api_key: "redacted_key"
  }

  email: {
    smtp_server: "postfix:25"
    smtp_from_address: "noreply@mindoki.com"
    tls_type: "none"
  }
}

.

.

and finally the docker_compose.yml

version: "3.7"

x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "50m"
    max-file: "4"

services:
  proxy:
    image: nginx:1-alpine
    ports:
      # actual and only port facing any connection from outside
      # Note, change the left number if port 1236 is already in use on your system
      # You could use port 80 if you won't use a reverse proxy
      - "1236:8536"
    volumes:
      - ./nginx_internal.conf:/etc/nginx/nginx.conf:ro,Z
    restart: always
    logging: *default-logging
    depends_on:
      - pictrs
      - lemmy-ui

  lemmy:
    image: dessalines/lemmy:0.18.2
    hostname: lemmy
    restart: always
    logging: *default-logging
    environment:
      - RUST_LOG="warn"
    volumes:
      - ./lemmy.hjson:/config/config.hjson:Z
    depends_on:
      - postgres
      - pictrs

  lemmy-ui:
    image: dessalines/lemmy-ui:0.18.2
    environment:
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=127.0.0.1
      #lemmy.mindoki.com
      - LEMMY_UI_HTTPS=true
    volumes:
      - ./volumes/lemmy-ui/extra_themes:/app/extra_themes
    depends_on:
      - lemmy
    restart: always
    logging: *default-logging

  pictrs:
    image: asonix/pictrs:0.4.0-rc.7
    # this needs to match the pictrs url in lemmy.hjson
    hostname: pictrs
    # we can set options to pictrs like this, here we set max. image size and forced format for conversion
    # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
    environment:
      - PICTRS_OPENTELEMETRY_URL=http://otel:4137
      - PICTRS__API_KEY=redacted_key
      - RUST_LOG=debug
      - RUST_BACKTRACE=full
      - PICTRS__MEDIA__VIDEO_CODEC=vp9
      - PICTRS__MEDIA__GIF__MAX_WIDTH=256
      - PICTRS__MEDIA__GIF__MAX_HEIGHT=256
      - PICTRS__MEDIA__GIF__MAX_AREA=65536
      - PICTRS__MEDIA__GIF__MAX_FRAME_COUNT=400
    user: 991:991
    volumes:
      - ./volumes/pictrs:/mnt:Z
    restart: always
    logging: *default-logging
    deploy:
      resources:
        limits:
          memory: 690m

  postgres:
    image: postgres:15-alpine
    hostname: postgres
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=redacted_password
      - POSTGRES_DB=lemmy
    volumes:
      - ./volumes/postgres:/var/lib/postgresql/data:Z
      - ./customPostgresql.conf:/etc/postgresql.conf
    restart: always
    logging: *default-logging

  postfix:
    image: mwader/postfix-relay
    environment:
      - POSTFIX_myhostname=127.0.0.1

    restart: "always"
    logging: *default-logging

Hello!

I got my Lemmy server up and running locally yesterday yay (I set up some subs and test-posted), but today I must have tinkered with something because now the server only shows "Server error" (check code block 1 below for the server log).

Checking the logs, it seems it can't "load" the site thumbnail. Curiously if I ask for it in firefox:

http://0.0.0.0:1236/pictrs/image/730840b6-d6ec-4a40-8668-36b89c6c1d33.png

it loads up (code block 2)

Any idea why Lemmy gets this "ECONNREFUSED" error ?

Cheers !

lemmy-ui_1  | FetchError: request to http://0.0.0.0:1236/pictrs/image/730840b6-d6ec-4a40-8668-36b89c6c1d33.png failed, reason: connect ECONNREFUSED 0.0.0.0:1236
lemmy-ui_1  |     at ClientRequest.<anonymous> (/app/node_modules/node-fetch/lib/index.js:1505:11)
lemmy-ui_1  |     at ClientRequest.emit (node:events:512:28)
lemmy-ui_1  |     at Socket.socketErrorListener (node:_http_client:495:9)
lemmy-ui_1  |     at Socket.emit (node:events:512:28)
lemmy-ui_1  |     at emitErrorNT (node:internal/streams/destroy:151:8)
lemmy-ui_1  |     at emitErrorCloseNT (node:internal/streams/destroy:116:3)
lemmy-ui_1  |     at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
lemmy-ui_1  |   type: 'system',
lemmy-ui_1  |   errno: 'ECONNREFUSED',
lemmy-ui_1  |   code: 'ECONNREFUSED'
lemmy-ui_1  | }
proxy_1     | 172.18.0.1 - - [18/Jul/2023:14:31:31 +0000] "GET / HTTP/1.1" 500 12 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"

pictrs_1    | 2023-07-18T14:32:21.858505Z  INFO HTTP request{http.method=GET http.route=/image/original/{filename} http.flavor=1.1 http.scheme=http http.host=pictrs:8080 http.client_ip=172.18.0.7:59168 http.user_agent=Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 http.target=/image/original/730840b6-d6ec-4a40-8668-36b89c6c1d33.png otel.name=HTTP GET /image/original/{filename} otel.kind="server" request_id=65877368-96ae-4ad9-a928-67a9bc3e3700}: tracing_actix_web::root_span_builder: new
pictrs_1    | 2023-07-18T14:32:21.861635Z  INFO HTTP request{http.method=GET http.route=/image/original/{filename} http.flavor=1.1 http.scheme=http http.host=pictrs:8080 http.client_ip=172.18.0.7:59168 http.user_agent=Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 http.target=/image/original/730840b6-d6ec-4a40-8668-36b89c6c1d33.png otel.name=HTTP GET /image/original/{filename} otel.kind="server" request_id=65877368-96ae-4ad9-a928-67a9bc3e3700 trace_id=00000000000000000000000000000000 http.status_code=200 otel.status_code="OK"}: tracing_actix_web::root_span_builder: close time.busy=1.43ms time.idle=1.73ms
proxy_1     | 172.18.0.1 - - [18/Jul/2023:14:32:21 +0000] "GET /pictrs/image/730840b6-d6ec-4a40-8668-36b89c6c1d33.png HTTP/1.1" 200 12511 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"

Hello all!

A have a huge hassle setting this marvelous thing up, and finally, it seems, all my:

thread 'main' panicked at 'Error connecting to postgres://lemmy:PASSWORD@postgres:5432/lemmy: FATAL: password authentication failed for user "lemmy"

vanished as I, it seems, got lemmy to connect to my postgres database...

When I start up though, I still get one error and I would like to know if it's "normal" (some race condition maybe) or not at all and I falsely believe it all is OK...

Thanks in beforehand!

Here is the output when I start it all up:

fediverse@fediverse-OptiPlex-3060:/media/fediverse/Storage/lemmy$ docker-compose up Creating network "lemmy_default" with the default driver Creating lemmy_postgres_1 ... done Creating lemmy_pictrs_1 ... done Creating lemmy_postfix_1 ... done Creating lemmy_lemmy_1 ... done Creating lemmy_lemmy-ui_1 ... done Creating lemmy_proxy_1 ... done Attaching to lemmy_postgres_1, lemmy_postfix_1, lemmy_pictrs_1, lemmy_lemmy_1, lemmy_lemmy-ui_1, lemmy_proxy_1 lemmy_1 | thread 'main' panicked at 'Error connecting to postgres://lemmy:PASSWORD@postgres:5432/lemmy: could not connect to server: Connection refused lemmy_1 | Is the server running on host "postgres" (172.18.0.2) and accepting lemmy_1 | TCP/IP connections on port 5432? lemmy_1 | ', crates/db_schema/src/utils.rs:161:56 lemmy_1 | note: run with RUST_BACKTRACE=1 environment variable to display a backtrace lemmy-ui_1 | Inferno is in development mode. postgres_1 | postgres_1 | PostgreSQL Database directory appears to contain a database; Skipping initialization postgres_1 | proxy_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration proxy_1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/

Hello all!

I finally got my Lemmy instance up and running yay!

It runs on a local machine, I have nginx installed and my website pointing onto it.

lemmy.mindoki.com => my_static_ip(port 80) => local_ip => nginx

In ngunx I just set up a hello world message, and it works out. lemmy.mindoki.com shows it.

Now, my Lemmy instance is accessible on 0.0.0.0:1236 but obviously only from inside the hosting machine itself.

I have tinkered a bit with the nginx.conf but I feel there is lot of things to do wrongly, especially as it's 'dynamic', but also it seems like a schoolbook example (for Lemmy, so no hits on my favourite search engine), so maybe someone has a working nginx.conf file to spare for a basic setup like this?

Thanks a bunch!