mirror of
https://github.com/LemmyNet/lemmy-docs.git
synced 2024-11-25 05:41:10 +00:00
Update to fix nginx proxy config (#186)
Co-authored-by: Jax Gauthier <jax@gauthier.id>
This commit is contained in:
parent
9a99880e96
commit
4249465e99
1 changed files with 81 additions and 1 deletions
|
@ -18,6 +18,82 @@ sudo chown -R 991:991 volumes/pictrs
|
||||||
|
|
||||||
If you'd like a different database password, you should also change it in the `docker-compose.yml` **before** your first run.
|
If you'd like a different database password, you should also change it in the `docker-compose.yml` **before** your first run.
|
||||||
|
|
||||||
|
You'll also need to copy the following to `nginx.conf` in the root of your `lemmy` folder. This will ensure the proxy setup by `docker-compose` will function properly:
|
||||||
|
|
||||||
|
```
|
||||||
|
worker_processes 1;
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
http {
|
||||||
|
upstream lemmy {
|
||||||
|
# this needs to map to the lemmy (server) docker service hostname
|
||||||
|
server "lemmy:8536";
|
||||||
|
}
|
||||||
|
upstream lemmy-ui {
|
||||||
|
# this needs to map to the lemmy-ui docker service hostname
|
||||||
|
server "lemmy-ui:1234";
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
# this is the port inside docker, not the public one yet
|
||||||
|
listen 80;
|
||||||
|
# change if needed, this is facing the public web
|
||||||
|
server_name localhost;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_types text/css application/javascript image/svg+xml;
|
||||||
|
gzip_vary on;
|
||||||
|
|
||||||
|
# Upload limit, relevant for pictrs
|
||||||
|
client_max_body_size 20M;
|
||||||
|
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
|
||||||
|
# frontend general requests
|
||||||
|
location / {
|
||||||
|
# distinguish between ui requests and backend
|
||||||
|
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
|
||||||
|
set $proxpass "http://lemmy-ui";
|
||||||
|
|
||||||
|
if ($http_accept = "application/activity+json") {
|
||||||
|
set $proxpass "http://lemmy";
|
||||||
|
}
|
||||||
|
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
|
||||||
|
set $proxpass "http://lemmy";
|
||||||
|
}
|
||||||
|
if ($request_method = POST) {
|
||||||
|
set $proxpass "http://lemmy";
|
||||||
|
}
|
||||||
|
proxy_pass $proxpass;
|
||||||
|
|
||||||
|
rewrite ^(.+)/+$ $1 permanent;
|
||||||
|
# Send actual client IP upstream
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
|
||||||
|
# backend
|
||||||
|
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
|
||||||
|
proxy_pass "http://lemmy";
|
||||||
|
# proxy common stuff
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
# Send actual client IP upstream
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
After this, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it, in particular the hostname, and possibly the db password. Then run:
|
After this, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it, in particular the hostname, and possibly the db password. Then run:
|
||||||
|
|
||||||
`docker-compose up -d`
|
`docker-compose up -d`
|
||||||
|
@ -26,6 +102,8 @@ You can access the lemmy-ui at `http://localhost:80`
|
||||||
|
|
||||||
To make Lemmy available outside the server, you need to set up a reverse proxy, like Nginx. You can use the following simple proxy:
|
To make Lemmy available outside the server, you need to set up a reverse proxy, like Nginx. You can use the following simple proxy:
|
||||||
|
|
||||||
|
Note: If you are planning on running your reverse proxy on port 80, you'll need to update the docker-compose.yml file you just downloaded to change the internal proxy's listening port. If you are setting up Let's Encrypt on the same machine, you'll need to do this.
|
||||||
|
|
||||||
```
|
```
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
@ -39,6 +117,8 @@ server {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Let's Encrypt
|
||||||
|
|
||||||
You should also setup TLS, for example with [Let's Encrypt](https://letsencrypt.org/). [Here's a guide for setting up letsencrypt on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04).
|
You should also setup TLS, for example with [Let's Encrypt](https://letsencrypt.org/). [Here's a guide for setting up letsencrypt on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04).
|
||||||
|
|
||||||
For federation to work, it is important that you do not change any headers that form part of the signature. This includes the `Host` header - you may need to refer to the documentation for your proxy server to pass through the `Host` header unmodified.
|
For federation to work, it is important that you do not change any headers that form part of the signature. This includes the `Host` header - you may need to refer to the documentation for your proxy server to pass through the `Host` header unmodified.
|
||||||
|
|
Loading…
Reference in a new issue