this post was submitted on 20 Jul 2023
7 points (88.9% liked)
Lemmy Support
4661 readers
67 users here now
Support / questions about Lemmy.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Okay, I keep getting this question re: "reverse proxys", but I'm having trouble answering this because the guide does not use that language. There are no steps that direct me to edit, add, modify a "reverse proxy". So if there is a step in the guide that you know to be a "reverse proxy" then please tell me what it is. I am following the guides EXACTLY. There are a lot of missing steps, but most of these are things that were implied by the guide and not explicitly stated.
I have tried the docker method. I have gotten close with this, as in, I can use the IP to access the instance, but I have not been able to get the domain to work. My A record is set up correctly. I used lemmy-easy-deploy to get it working the first time and it DID, but that dev does not support instances made for actual deployment so many features just don't work. It's not feasible at all. But my domain DID work. So I know my A record is set up correctly.
I have tried the scratch method. That was a nightmare and nothing worked as expected. I am more than happy to try if you are willing to help me negotiate it.
I have tried the ansible method. My local PC will not connect to the server with ansible. I have created a dozen new keys and NONE of them work. Ansible WILL NOT CONNECT. I have been using Putty to access the server and it works flawlessly, all day, every day. So I obviously have a working key. Ansible is not working. It just keeps saying "UNREACHABLE". I have googled this and found no solution that even remotely addressed what I am trying to do.
I don't know what to do so you tell me and I'll fucking do it. Would you like me to start with the docker method? Would you like me to try the ansible method? Would you like me to try the scratch method? You tell me. I don't know. I don't care. I just want to get it working.
Is the server you're trying to deploy in a local network? Have you setup your ISP router to route ports 80 and 443 to your server? Or are you using Cloudflare Tunnel?
As for reverse proxy, it's usually Caddy or nginx-proxy to get a SSL certificate (for HTTPS) for your service.
I am using digital ocean.
I don't know what that is. What is an ISP router? Is that a config file on my server? You really need to spell it out. I am following the guides. That is what I know. If you have a better guide that uses this verbiage then please send it. I am happy to learn.
And during the docker method, I was trying to set up nginx and the status is inactive. It will not start.
Here is the status message:
ISP = Internet Service Provider, so your Telco provider. By ISP router I was meaning the box you use at home to connect to the Internet as I presumed you were self-hosting at home. But since you are on Digital Ocean this is irrelevant.
I'm not familiar with Digital Ocean, do you have access to a standard Linux box with SSH or are you using some sort of Web UI like cPanel to manage it?
Oh, so my router, 🤣 lol, my bad.
And yes, I use Putty to access the server currently. root@IP with an RSA key. It works perfectly on Putty. Ansible just will not connect. No idea what to do there. It just says "UNREACHABLE". I have added and removed a dozen or so keys generated on the WSL Ubuntu Ansible local machine and none of them work.
Look in /etc/nginx/nginx.conf, it probably
include
s ./sites-available/*.conf, look in there forssl_certificate
(_key
) that mentions that fullchain.pem, remove/comment(#
) and restart nginx. It may still bitch about not having a cert for ssl, in which case take that out of thelisten
directives too.There are 2 reverse proxies involved. One is Nginx which is used to front both the Lemmy UI and the Lemmy backend. That's what the 'proxy' container in the docker compose file is for. It seems to be a required component of the application stack as different request types to the same host FQDN are sent to different backends ('upstreams' in network speak). You could use Caddy here instead if you wanted, which is the point of this page: https://join-lemmy.org/docs/administration/caddy.html. However, that config doesn't work for the latest version of Caddy (you'll get an error about stuff being outside of the site block).
The other one (could either be Nginx again or Caddy or anything else you want instead) is to front the whole thing and provide TLS termination using Letsencrypt. This bit is explained here: https://join-lemmy.org/docs/administration/install_docker.html#reverse-proxy--webserver