Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
My nginx.conf for lemmy-nginx is below, sorry if it’s a bit messy. I prefer to comment than remove working config. You’ll have to change
worker_processes 1;
events {
worker_connections 1024;
}
http {
#Beginning of kbin fix# We construct a string consistent of the "request method" and "http accept header"# and then apply soem ~simply regexp matches to that combination to decide on the# HTTP upstream we should proxy the request to.## Example strings:## "GET:application/activity+json"# "GET:text/html"# "POST:application/activity+json"## You can see some basic match tests in this regex101 matching this configuration# https://regex101.com/r/vwMJNc/1## Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
map "$request_method:$http_accept"$proxpass {
# If no explicit matches exists below, send traffic to lemmy-ui
default "http://lemmy-ui";
# GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.## These requests are used by Mastodon and other fediverse instances to look up profile information,# discover site information and so on."~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json""http://lemmy";
# All non-GET/HEAD requests should go to lemmy## Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually# we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values"~^(?!(GET|HEAD)).*:""http://lemmy";
}
### end of kbin fix
upstream lemmy {
# this needs to map to the lemmy (server) docker service hostname
server "lemmy:8536";
}
upstream lemmy-ui {
# this needs to map to the lemmy-ui docker service hostname
server "lemmy-ui:1234";
}
server {
# this is the port inside docker, not the public one yet
listen 1236;
listen 8536;
# change if needed, this is facing the public web#server_name localhost;
server_name ;
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Upload limit, relevant for pictrs
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# frontend general requests
location / {
# distinguish between ui requests and backend# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top# set $proxpass "http://lemmy-ui";# if ($http_accept = "application/activity+json") {# set $proxpass "http://lemmy";# }# if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {# set $proxpass "http://lemmy";# }# if ($request_method = POST) {# set $proxpass "http://lemmy";# }
proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass "http://lemmy";
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
#error_log /var/log/nginx/error.log debug;
My nginx.conf for lemmy-nginx is below, sorry if it’s a bit messy. I prefer to comment than remove working config. You’ll have to change
worker_processes 1; events { worker_connections 1024; } http { #Beginning of kbin fix # We construct a string consistent of the "request method" and "http accept header" # and then apply soem ~simply regexp matches to that combination to decide on the # HTTP upstream we should proxy the request to. # # Example strings: # # "GET:application/activity+json" # "GET:text/html" # "POST:application/activity+json" # # You can see some basic match tests in this regex101 matching this configuration # https://regex101.com/r/vwMJNc/1 # # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html map "$request_method:$http_accept" $proxpass { # If no explicit matches exists below, send traffic to lemmy-ui default "http://lemmy-ui"; # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy. # # These requests are used by Mastodon and other fediverse instances to look up profile information, # discover site information and so on. "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy"; # All non-GET/HEAD requests should go to lemmy # # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values "~^(?!(GET|HEAD)).*:" "http://lemmy"; } ### end of kbin fix upstream lemmy { # this needs to map to the lemmy (server) docker service hostname server "lemmy:8536"; } upstream lemmy-ui { # this needs to map to the lemmy-ui docker service hostname server "lemmy-ui:1234"; } server { # this is the port inside docker, not the public one yet listen 1236; listen 8536; # change if needed, this is facing the public web #server_name localhost; server_name ; server_tokens off; gzip on; gzip_types text/css application/javascript image/svg+xml; gzip_vary on; # Upload limit, relevant for pictrs client_max_body_size 100M; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # frontend general requests location / { # distinguish between ui requests and backend # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top # set $proxpass "http://lemmy-ui"; # if ($http_accept = "application/activity+json") { # set $proxpass "http://lemmy"; # } # if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { # set $proxpass "http://lemmy"; # } # if ($request_method = POST) { # set $proxpass "http://lemmy"; # } proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # backend location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_pass "http://lemmy"; # proxy common stuff proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } #error_log /var/log/nginx/error.log debug;
This is the nginx.conf file for my external proxy:
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ; include /config/nginx/ssl.conf; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; # set $upstream_app lemmy; set $upstream_app proxy; set $upstream_port 8536; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; # proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 50M; } } access_log /var/log/nginx/access.log combined; You’ll need to change to the appropriate value. I’m forwarding requests to the proxy container referenced by the compose file