My nginx.conf for lemmy-nginx is below, sorry if it’s a bit messy. I prefer to comment than remove working config. You’ll have to change
worker_processes 1;
events {
worker_connections 1024;
}
http {
#Beginning of kbin fix# We construct a string consistent of the "request method" and "http accept header"# and then apply soem ~simply regexp matches to that combination to decide on the# HTTP upstream we should proxy the request to.## Example strings:## "GET:application/activity+json"# "GET:text/html"# "POST:application/activity+json"## You can see some basic match tests in this regex101 matching this configuration# https://regex101.com/r/vwMJNc/1## Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
map "$request_method:$http_accept"$proxpass {
# If no explicit matches exists below, send traffic to lemmy-ui
default "http://lemmy-ui";# GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.## These requests are used by Mastodon and other fediverse instances to look up profile information,# discover site information and so on."~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json""http://lemmy";# All non-GET/HEAD requests should go to lemmy## Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually# we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values"~^(?!(GET|HEAD)).*:""http://lemmy";
}
### end of kbin fix
upstream lemmy {
# this needs to map to the lemmy (server) docker service hostname
server "lemmy:8536";
}
upstream lemmy-ui {
# this needs to map to the lemmy-ui docker service hostname
server "lemmy-ui:1234";
}
server {
# this is the port inside docker, not the public one yet
listen 1236;
listen 8536;# change if needed, this is facing the public web#server_name localhost;
server_name ;
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;# Upload limit, relevant for pictrs
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";# frontend general requests
location / {
# distinguish between ui requests and backend# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top# set $proxpass "http://lemmy-ui";# if ($http_accept = "application/activity+json") {# set $proxpass "http://lemmy";# }# if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {# set $proxpass "http://lemmy";# }# if ($request_method = POST) {# set $proxpass "http://lemmy";# }
proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent;# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass "http://lemmy";# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
#error_log /var/log/nginx/error.log debug;
My nginx.conf for lemmy-nginx is below, sorry if it’s a bit messy. I prefer to comment than remove working config. You’ll have to change
worker_processes 1; events { worker_connections 1024; } http { #Beginning of kbin fix # We construct a string consistent of the "request method" and "http accept header" # and then apply soem ~simply regexp matches to that combination to decide on the # HTTP upstream we should proxy the request to. # # Example strings: # # "GET:application/activity+json" # "GET:text/html" # "POST:application/activity+json" # # You can see some basic match tests in this regex101 matching this configuration # https://regex101.com/r/vwMJNc/1 # # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html map "$request_method:$http_accept" $proxpass { # If no explicit matches exists below, send traffic to lemmy-ui default "http://lemmy-ui"; # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy. # # These requests are used by Mastodon and other fediverse instances to look up profile information, # discover site information and so on. "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy"; # All non-GET/HEAD requests should go to lemmy # # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values "~^(?!(GET|HEAD)).*:" "http://lemmy"; } ### end of kbin fix upstream lemmy { # this needs to map to the lemmy (server) docker service hostname server "lemmy:8536"; } upstream lemmy-ui { # this needs to map to the lemmy-ui docker service hostname server "lemmy-ui:1234"; } server { # this is the port inside docker, not the public one yet listen 1236; listen 8536; # change if needed, this is facing the public web #server_name localhost; server_name ; server_tokens off; gzip on; gzip_types text/css application/javascript image/svg+xml; gzip_vary on; # Upload limit, relevant for pictrs client_max_body_size 100M; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # frontend general requests location / { # distinguish between ui requests and backend # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top # set $proxpass "http://lemmy-ui"; # if ($http_accept = "application/activity+json") { # set $proxpass "http://lemmy"; # } # if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { # set $proxpass "http://lemmy"; # } # if ($request_method = POST) { # set $proxpass "http://lemmy"; # } proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # backend location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_pass "http://lemmy"; # proxy common stuff proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } #error_log /var/log/nginx/error.log debug;
This is the nginx.conf file for my external proxy:
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ; include /config/nginx/ssl.conf; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; # set $upstream_app lemmy; set $upstream_app proxy; set $upstream_port 8536; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; # proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 50M; } } access_log /var/log/nginx/access.log combined; You’ll need to change to the appropriate value. I’m forwarding requests to the proxy container referenced by the compose file