this post was submitted on 07 Jun 2023
4 points (100.0% liked)
Lemmy Support
4645 readers
1 users here now
Support / questions about Lemmy.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
(1/2) Alright, thanks for helping.
docker-compose.yml
spoiler
The NGINX I am using is not the one that came with the stack, but a separate single container for nginx-proxy-manager. I did not customize the conf that it installed with, and only used the UI to set up the proxy host and SSL, both of which are working (front end, at least.). The config seems to be unrelated on this, however I can share it if the rest of the information below is not enough.
nginx config and lemmy.hjson would be useful as well
Sure thing. lemmy.hjson:
spoiler
I am not certain if I am somehow getting the wrong location of the config in the container. There is no volume or link for a conf file from host:container, so I am just grabbing from the default area /etc /nginx/nginx.conf:
spoiler
it seems there is no config for lemmy nginx here.. might be in other files?
I may be mistaken in my choice of proceeding, but as many are reporting, the install guide provided docker-compose and general docker instructions dont quite seem to work as expected. I have been trying to piecemeal this together, and the Included lemmy nginx service container was completely excluded (edited out/deleted) once I had the standalone nginx-proxy-manager setup and working for regular 80,443 ->1234 proxy requests to the lemmy-ui container.
Does the lemmy nginx have a specific role or tie in? I am still fairly new to reverse proxying in general.
yeah, nginx config for lemmy is not very straighforward. you need to mimic this:
also - can you check if all containers are running? just do
docker-compose ps
in the lemmy dir.All containers are running. I handle them with Portainer, though I build the stack from the CLI in the lemmy dir, so Portainer cant fully manage them. Reboots and logs and networking and such work fine though.
As for the nginx config, the nginx proxy manager I use currently has all proxy-host/settings setup from the webGUI, where I use the GUI to set up the proxy host information and SSL information. I did no manual edits to any configurations or settings of the container during or after compose. Only GUI actions. When looking at the nginx.conf I replied with here (my current conf), I do not see anything related to that proxy host I created from the GUI. I am not sure if that is normal or not, or if I maybe have a wrong .conf included here.
With that in mind, would you suggest I simply overwrite and/or add your snippet to my existing conf file?
try to look here for the config file:
btw, i think port in lemmy.bulwarkob.com:1236 in docker-compose is not needed for you, should be just lemmy.bulwarkob.com
I appreciate your patience and clear assistance.
conf.d/* has two configurations that appear to be some form of default. default.conf and production.conf. production.conf is only for the admin GUI. default.conf:
Container has a volume set /lemmy/docker/nginx-proxy-manager/data:/data
I have those folders and more, and they DO seem to have the correct custom item.
Specifically, in the proxy_host folder I have a configuration for the proxy host I set up (1.conf) in the GUI:
spoiler
The rest of the folders are empty:
okay, i don't know how npm works, could you check this tutorial to see if you have set it up similarly?
https://youtu.be/6lQFZvCCe7U
also - check docker-compose.yml settings to remove port for lemmy host and i think you need to set use https to true as it is provided by npm
I actually started with this tutorial a few days ago after failing the official guide. I followed it but was unable to get it running due to unexpected errors. Im guessing this tutorial is somewhat out of date. Ive made progress since using that guide though so I will see if I can pull any useful bits out of it later today and continue.
Worst case, I could also just ditch NPM if I can get another NGINX set up in a way that you might know how to do correctly.
Hey, if you still feel like helping out :D
Ive been through a boatload of changes today since earlier. Ive rebuilt using mostly the provided yml in the official guide, and after some tweaking, almost everything is working. The internal proxy is now working, and the containers are working amongst themselves fully as far as I can tell. I do not know how to setup a web facing reverse proxy in a way that works around the internal proxy already running (other than the already in place NPM). I turned the NPM back on, and was able to get it working to reach the site, however I cannot reach any other communities from within my site. I believe the reverse proxy NPM is just not set up right. Error message in lemmy:
spoiler
I would be happy to remove NPM from this stack if its not too difficult to get a correctly working reverse proxy set up. The documentation doesnt give much to work with in it.
from the log it seems that lemmy cannot reach https://midwest.social/ - if you have more such operation timed outs - probably there is some networking issue with outgoing requests - maybe you have some kind of firewall? i can reach your instance from other direction: https://group.lt/c/[email protected]
probably the easiest way to setup lemmy and another front facing reverse proxy is to use nginx that comes with lemmy on another port and setup simple reverse proxying with NPM to it. i myself using caddy for reverse proxying, using this config: https://join-lemmy.org/docs/en/administration/caddy.html
I see that the instance can be reached, and posts are shown, however comments are not. I have found in the official docs that there is a config snippet for a web facing reverse proxy. https://join-lemmy.org/docs/en/administration/troubleshooting.html https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/nginx.conf
And this config appears quite different from the "Install with Docker" config instructions: https://join-lemmy.org/docs/en/administration/install_docker.html
spoiler
Do you know if I should expect to have TWO unique NGINX proxy instances (assuming I use NGINX)? One in-stack, and one separate for web facing reverse proxy? Or do I need a combination of the two configs into one instance?
I am going to see if I can get a caddy reverse proxy setup in the meantime and see how it performs given your configuration there.
you can have two nginx proxy instances, one as a front (serving other sites besides lemmy instance) and another - coupled with lemmy instance. in such case the first one can be configured minimally with basic proxy stuff to internal lemmy one, no need for this fancy lemmy and lemmy-ui proxying.
I believe I have the simple set up for the NPM reverse proxy. Just as you say, it points to the docker address of the lemmyInstance NGINX. I can get to my instance with HTTPS secured and good. Just getting errors when communicating to other instances. I can only imagine it is web socket related, but I am not familiar enough to look at the proxy configs and determine what might be wrong with it unfortunately. I might need to try and find someone to essentially look through it with me in real time.
spoiler
spoiler
from the logs it seems that lemmy docker does not communicate with outside servers.
also i have a bit different config for lemmy.hjson
also check in admin interface if federation is enabled and you do not blacklist instances
(https://lemmy.bulwarkob.com/admin) and maybe you can try to enable federation debug mode for awhile
The differences I see are the otel link, and the TLS setting:
I see you dont have it on there, which I would assume means you cant be federated? I have added the otel link and enabled the debug mode. Federation is already enabled and the instance is set to "ALL". Still no luck on this end. Same status, except now im not getting any log errors in the container logs (Viewed from Portainer).
Including this in case it is a possible issue: federation enabled, host is lemmy.bulwarkob.com
Starting http server at 0.0.0.0:8536
also pictrs: { url: "http://pictrs:8080/" # api_key: "API_KEY" }
about tls setting - don't remember why i have removed it, but group.lt federates fine. not sure about what you mean instance set to ALL.
what about network isolation in portainer? maybe it is on?
I see my Pictrs appears to be the same as what you had sent over. Protainer network isolation does not appear to be in place. All are bridged networks, and I would assume access issues would be more encompassing if that were a direct correlation to the issue. Im still betting on User Error for configuration so far. Being myself, of course.
well probably you are right about the user error, but from the logs it seems that it cannot reach other instances - can you enter the shell of the container and check if you are able to ping/curl https://group.lt for example? and network isolation is a checkbox in portainer, according to docs.
for the federation itself i have also experienced it not working, when my nginx config was pointing wrongly to lemmy and lemmy-ui depending on the headers.
as i have said before - i can reach your instance from my lemmy, but don't receive anything back.
It would seem it was called "Internal" as opposed to isolated on my Portainer. That appears to have been it though. I can get to other communities now. Still having disparity with posts and comments showing up, but Im hoping that will be something to update in time.
fantastic ;)
I will endeavour to pay it forward by helping others if I can.