this post was submitted on 14 Jun 2023
5 points (85.7% liked)

Selfhosted

39435 readers
12 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

EDIT: I have it working now! I had to set up DKIM and configure my server so Digital Ocean created the proper PTR records. Now email is being sent to spam but at least it's making it through!

Hopefully this is the last time I need to bug you guys here about stuff. :)

I added a postfix relay to my Lemmy instance and configured the email settings in my lemmy.conf file but no matter what I do I keep getting a "no_email_setup" error when I try to test the SMTP server. Is there an obvious step I'm missing?

This is my full docker-compose.yml:

version: "3.3"

networks:
  lemmyexternalproxy:
  lemmyinternal:
    driver: bridge
    internal: true

services:
  proxy:
    image: nginx:1-alpine
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    ports:
      # only ports facing any connection from outside
      - 80:80 
      - 443:443
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      # setup your certbot and letsencrypt config 
      - ./certbot:/var/www/certbot
      - /etc/letsencrypt:/etc/letsencrypt
    restart: always
    depends_on:
      - pictrs
      - lemmy-ui

  lemmy:
    image: dessalines/lemmy:0.17.3
    hostname: lemmy
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    restart: always
    environment:
      - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
    volumes:
      - ./lemmy.hjson:/config/config.hjson
    depends_on:
      - postgres
      - pictrs

  lemmy-ui:
    image: dessalines/lemmy-ui:0.17.3
    networks:
      - lemmyinternal
    environment:
      # this needs to match the hostname defined in the lemmy service
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      # set the outside hostname here
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
      - LEMMY_HTTPS=true
    depends_on:
      - lemmy
    restart: always

  pictrs:
    image: asonix/pictrs:0.3.1
    # this needs to match the pictrs url in lemmy.hjson
    hostname: pictrs
    # we can set options to pictrs like this, here we set max. image size and forced format for conversion
    # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
    networks:
      - lemmyinternal
    environment:
      - PICTRS__API_KEY=API_KEY
    user: 991:991
    volumes:
      - ./volumes/pictrs:/mnt
    restart: always

  postgres:
    image: postgres:15-alpine
    # this needs to match the database host in lemmy.hson
    hostname: postgres
    networks:
      - lemmyinternal
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=PASSWORD
      - POSTGRES_DB=lemmy
    volumes:
      - ./volumes/postgres:/var/lib/postgresql/data
    restart: always
  
  postfix:
    image: mwader/postfix-relay
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    environment:
      - POSTFIX_myhostname=myhostname.here
      - POSTFIX_inet_protocols=ipv4
    restart: always

And my lemmy.hjson has this block:

email: {
  smtp_server: "postfix:25"
  smtp_from_address: "Lemmy <[email protected]>"
  tls_type: "none"
}
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago

You should be concerned, because there is always a risk, but there is also a risk when you are just using internet even without selfhosting. It is good to remember some rules:

  1. Keep apps up to date
  2. Open only that ports, that you need (80, 443, maybe 22 for ssh)
  3. If you open ssh port, use keys authentication and cut possibility logging with password
  4. Do not expose apps, that you are not need in this form, for example Yunohost allows to hide apps behind Yunohost SSO logging page
  5. Using cloudflare or/and Fail2Ban is cool
  6. Maybe I am a little bit paranoic, but I do not expose apps, that can be used anonymously by everyone, for example link shorters or pastebin alternatives.

It is not all of course.