mirror of
https://github.com/LemmyNet/lemmy-docs.git
synced 2024-11-21 11:51:11 +00:00
Update to fix nginx proxy config (#186)
Co-authored-by: Jax Gauthier <jax@gauthier.id>
This commit is contained in:
parent
9a99880e96
commit
4249465e99
1 changed files with 81 additions and 1 deletions
|
@ -18,13 +18,91 @@ sudo chown -R 991:991 volumes/pictrs
|
|||
|
||||
If you'd like a different database password, you should also change it in the `docker-compose.yml` **before** your first run.
|
||||
|
||||
You'll also need to copy the following to `nginx.conf` in the root of your `lemmy` folder. This will ensure the proxy setup by `docker-compose` will function properly:
|
||||
|
||||
```
|
||||
worker_processes 1;
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
http {
|
||||
upstream lemmy {
|
||||
# this needs to map to the lemmy (server) docker service hostname
|
||||
server "lemmy:8536";
|
||||
}
|
||||
upstream lemmy-ui {
|
||||
# this needs to map to the lemmy-ui docker service hostname
|
||||
server "lemmy-ui:1234";
|
||||
}
|
||||
|
||||
server {
|
||||
# this is the port inside docker, not the public one yet
|
||||
listen 80;
|
||||
# change if needed, this is facing the public web
|
||||
server_name localhost;
|
||||
server_tokens off;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript image/svg+xml;
|
||||
gzip_vary on;
|
||||
|
||||
# Upload limit, relevant for pictrs
|
||||
client_max_body_size 20M;
|
||||
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
# frontend general requests
|
||||
location / {
|
||||
# distinguish between ui requests and backend
|
||||
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
|
||||
set $proxpass "http://lemmy-ui";
|
||||
|
||||
if ($http_accept = "application/activity+json") {
|
||||
set $proxpass "http://lemmy";
|
||||
}
|
||||
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
|
||||
set $proxpass "http://lemmy";
|
||||
}
|
||||
if ($request_method = POST) {
|
||||
set $proxpass "http://lemmy";
|
||||
}
|
||||
proxy_pass $proxpass;
|
||||
|
||||
rewrite ^(.+)/+$ $1 permanent;
|
||||
# Send actual client IP upstream
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
# backend
|
||||
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
|
||||
proxy_pass "http://lemmy";
|
||||
# proxy common stuff
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Send actual client IP upstream
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
After this, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it, in particular the hostname, and possibly the db password. Then run:
|
||||
|
||||
`docker-compose up -d`
|
||||
|
||||
You can access the lemmy-ui at `http://localhost:80`
|
||||
|
||||
To make Lemmy available outside the server, you need to setup a reverse proxy, like Nginx. You can use the following simple proxy:
|
||||
To make Lemmy available outside the server, you need to set up a reverse proxy, like Nginx. You can use the following simple proxy:
|
||||
|
||||
Note: If you are planning on running your reverse proxy on port 80, you'll need to update the docker-compose.yml file you just downloaded to change the internal proxy's listening port. If you are setting up Let's Encrypt on the same machine, you'll need to do this.
|
||||
|
||||
```
|
||||
server {
|
||||
|
@ -39,6 +117,8 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
### Let's Encrypt
|
||||
|
||||
You should also setup TLS, for example with [Let's Encrypt](https://letsencrypt.org/). [Here's a guide for setting up letsencrypt on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04).
|
||||
|
||||
For federation to work, it is important that you do not change any headers that form part of the signature. This includes the `Host` header - you may need to refer to the documentation for your proxy server to pass through the `Host` header unmodified.
|
||||
|
|
Loading…
Reference in a new issue