mcmxci

joined 1 year ago
[–] mcmxci@mimiclem.me 7 points 4 months ago
[–] mcmxci@mimiclem.me 1 points 7 months ago

Nice! Downloaded and configured. Looks like a great gboard replacement

[–] mcmxci@mimiclem.me 7 points 7 months ago (2 children)

It makes me sad to hear someone reduce the institution of the Chicago dog to a pickle 😆

[–] mcmxci@mimiclem.me 1 points 7 months ago

600 symmetric, $60/mo

[–] mcmxci@mimiclem.me 2 points 7 months ago (1 children)

Orange sludge!

[–] mcmxci@mimiclem.me 20 points 8 months ago (3 children)

SHUN THE NON-BELIEVER! ~shunnnn...~

[–] mcmxci@mimiclem.me 10 points 1 year ago

Fastest reference I ever saw

[–] mcmxci@mimiclem.me 2 points 1 year ago* (last edited 1 year ago)

Added internal nginx and external proxy configs to a reply. I didn't make any changes to the postgres config.

Hope it helps

[–] mcmxci@mimiclem.me 2 points 1 year ago

This is the nginx.conf file for my external proxy:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name ;

    include /config/nginx/ssl.conf;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
#        set $upstream_app lemmy;
        set $upstream_app proxy;
        set $upstream_port 8536;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
#        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
#        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 50M;            
    }
}

access_log /var/log/nginx/access.log combined;

You’ll need to change  to the appropriate value. I’m forwarding requests to the proxy container referenced by the compose file
[–] mcmxci@mimiclem.me 2 points 1 year ago* (last edited 1 year ago) (1 children)

My nginx.conf for lemmy-nginx is below, sorry if it’s a bit messy. I prefer to comment than remove working config. You’ll have to change

worker_processes 1;
events {
    worker_connections 1024;
}
http {
#Beginning of kbin fix
# We construct a string consistent of the "request method" and "http accept header"
    # and then apply soem ~simply regexp matches to that combination to decide on the
    # HTTP upstream we should proxy the request to.
    #
    # Example strings:
    #
    #   "GET:application/activity+json"
    #   "GET:text/html"
    #   "POST:application/activity+json"
    #
    # You can see some basic match tests in this regex101 matching this configuration
    # https://regex101.com/r/vwMJNc/1
    #
    # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
    map "$request_method:$http_accept" $proxpass {
        # If no explicit matches exists below, send traffic to lemmy-ui
        default "http://lemmy-ui";

        # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
        #
        # These requests are used by Mastodon and other fediverse instances to look up profile information,
        # discover site information and so on.
        "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";

        # All non-GET/HEAD requests should go to lemmy
        #
        # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
        # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
        "~^(?!(GET|HEAD)).*:" "http://lemmy";
    }
### end of kbin fix
    upstream lemmy {
        # this needs to map to the lemmy (server) docker service hostname
        server "lemmy:8536";
    }
    upstream lemmy-ui {
        # this needs to map to the lemmy-ui docker service hostname
        server "lemmy-ui:1234";
    }

    server {
        # this is the port inside docker, not the public one yet
        listen 1236;
        listen 8536;
        # change if needed, this is facing the public web
        #server_name localhost;
	server_name ;
        server_tokens off;

        gzip on;
        gzip_types text/css application/javascript image/svg+xml;
        gzip_vary on;

        # Upload limit, relevant for pictrs
        client_max_body_size 100M;

        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        # frontend general requests
        location / {
            # distinguish between ui requests and backend
            # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
#            set $proxpass "http://lemmy-ui";

#            if ($http_accept = "application/activity+json") {
#              set $proxpass "http://lemmy";
#            }
#            if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
#              set $proxpass "http://lemmy";
#            }
#            if ($request_method = POST) {
#              set $proxpass "http://lemmy";
#            }
            proxy_pass $proxpass;

            rewrite ^(.+)/+$ $1 permanent;
            # Send actual client IP upstream
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        # backend
        location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
            proxy_pass "http://lemmy";
            # proxy common stuff
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Send actual client IP upstream
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}
#error_log /var/log/nginx/error.log debug;
[–] mcmxci@mimiclem.me 6 points 1 year ago

Commenting to vouch for lcs. It works well and isn’t resource heavy

[–] mcmxci@mimiclem.me 7 points 1 year ago* (last edited 1 year ago) (4 children)

Adding on to the comment by @RoundSparrow@lemmy.ml, Lemmy Community Seeder can help with populating your instance.

 

Was there recently a kbin backend change? I haven't been able to see kbin posts all week but they're populating now.

 

cross-posted from: https://mimiclem.me/post/76799

I'm looking to rebuild an old midtower into a smaller enclosure. Does anyone have any experience or thoughts regarding sfftime p-atx or n-atx?

 

I'm looking to rebuild an old midtower into a smaller enclosure. Does anyone have any experience or thoughts regarding sfftime p-atx or n-atx?

81
Firewall Alignment Chart (programming.dev)
submitted 1 year ago* (last edited 1 year ago) by mcmxci@mimiclem.me to c/networking@sh.itjust.works
 

Sorry if memes aren't appropriate

 

Thanks!

 

Thanks!

 

Thanks!

 

Thanks!

 

Thanks!

view more: next ›