• 2 Posts
  • 29 Comments
Joined 1 year ago
cake
Cake day: June 26th, 2023

help-circle







  • This is the nginx.conf file for my external proxy:

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
    
        server_name ;
    
        include /config/nginx/ssl.conf;
    
        location / {
            include /config/nginx/proxy.conf;
            include /config/nginx/resolver.conf;
    #        set $upstream_app lemmy;
            set $upstream_app proxy;
            set $upstream_port 8536;
            set $upstream_proto http;
            proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    #        proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
    #        proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            client_max_body_size 50M;            
        }
    }
    
    access_log /var/log/nginx/access.log combined;
    
    You’ll need to change  to the appropriate value. I’m forwarding requests to the proxy container referenced by the compose file
    

  • mcmxci@mimiclem.metoSelfhosted@lemmy.worldLemmy Server on Unraid
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    My nginx.conf for lemmy-nginx is below, sorry if it’s a bit messy. I prefer to comment than remove working config. You’ll have to change

    worker_processes 1;
    events {
        worker_connections 1024;
    }
    http {
    #Beginning of kbin fix
    # We construct a string consistent of the "request method" and "http accept header"
        # and then apply soem ~simply regexp matches to that combination to decide on the
        # HTTP upstream we should proxy the request to.
        #
        # Example strings:
        #
        #   "GET:application/activity+json"
        #   "GET:text/html"
        #   "POST:application/activity+json"
        #
        # You can see some basic match tests in this regex101 matching this configuration
        # https://regex101.com/r/vwMJNc/1
        #
        # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
        map "$request_method:$http_accept" $proxpass {
            # If no explicit matches exists below, send traffic to lemmy-ui
            default "http://lemmy-ui";
    
            # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
            #
            # These requests are used by Mastodon and other fediverse instances to look up profile information,
            # discover site information and so on.
            "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";
    
            # All non-GET/HEAD requests should go to lemmy
            #
            # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
            # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
            "~^(?!(GET|HEAD)).*:" "http://lemmy";
        }
    ### end of kbin fix
        upstream lemmy {
            # this needs to map to the lemmy (server) docker service hostname
            server "lemmy:8536";
        }
        upstream lemmy-ui {
            # this needs to map to the lemmy-ui docker service hostname
            server "lemmy-ui:1234";
        }
    
        server {
            # this is the port inside docker, not the public one yet
            listen 1236;
            listen 8536;
            # change if needed, this is facing the public web
            #server_name localhost;
    	server_name ;
            server_tokens off;
    
            gzip on;
            gzip_types text/css application/javascript image/svg+xml;
            gzip_vary on;
    
            # Upload limit, relevant for pictrs
            client_max_body_size 100M;
    
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
    
            # frontend general requests
            location / {
                # distinguish between ui requests and backend
                # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
    #            set $proxpass "http://lemmy-ui";
    
    #            if ($http_accept = "application/activity+json") {
    #              set $proxpass "http://lemmy";
    #            }
    #            if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
    #              set $proxpass "http://lemmy";
    #            }
    #            if ($request_method = POST) {
    #              set $proxpass "http://lemmy";
    #            }
                proxy_pass $proxpass;
    
                rewrite ^(.+)/+$ $1 permanent;
                # Send actual client IP upstream
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    
            # backend
            location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
                proxy_pass "http://lemmy";
                # proxy common stuff
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
    
                # Send actual client IP upstream
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
    }
    #error_log /var/log/nginx/error.log debug;