I’m playing around with my own instance of Lemmy but I keep getting a “websocket connection failed” error in my console. I’m having a really hard time understanding how to set up nginx for websockets - I’m more used to Apache and not familiar with WS at all. Is there documentation hiding somewhere that will help me set up my proxy forwarding properly?
EDIT: Solved! Check out my solution here: https://lemmy.world/comment/141648. Thanks everyone!
The default Lemmy nginx config should handle websockets properly. Are you putting it behind a second nginx layer?
I might be. See my response here: https://lemmy.world/comment/101425
I would recommend you ditch the second nginx layer. It’s a waste of resources and it can cause a multitude of issues if the configuration isn’t done correctly.
- If you are hosting multiple domains on the same server, disable the nginx container in the
docker-compose.yml
file and copy Lemmy’s nginx config into your system’s nginx config (e.g./etc/nginx/
).- If you go this route you should also delete the
lemmyexternalproxy
network, deleteinternal: true
on thelemmyinternal
network (required to enable port forwarding) and add port forwards to thelemmy
andlemmy-ui
docker services. Here’s what that would look like: https://www.diffchecker.com/vjfEFuz6/
- If you go this route you should also delete the
- If you are not hosting multiple domains on the same server, simply edit the port forwards in the
docker-compose.yml
file for theproxy
service to bind to whatever your external facing IP is.
AHA. That did it. Getting rid of the host’s nginx fixed the issue. Now websockets work as expected and I can log in!
- If you are hosting multiple domains on the same server, disable the nginx container in the
If you’re willing to use Caddy instead, it’s infinitely easier. Websockets is just enabled by default, no shenanigans. Here is an example Caddyfile to use in a Docker deployment (but you can change those http urls to point to localhost for a non Docker deployment):
(caddy-common) { encode gzip header { -Server Strict-Transport-Security "max-age=31536000; include-subdomains;" X-XSS-Protection "1; mode=block" X-Frame-Options "DENY" X-Content-Type-Options nosniff Referrer-Policy no-referrer-when-downgrade X-Robots-Tag "none" } } your.lemmy.url { import caddy-common reverse_proxy http://lemmy-ui:1234 @lemmy { path /api/* path /pictrs/* path /feeds/* path /nodeinfo/* path /.well-known/* } @lemmy-hdr { header Accept application/* } handle @lemmy { reverse_proxy http://lemmy:8536 } handle @lemmy-hdr { reverse_proxy http://lemmy:8536 } @lemmy-post { method POST } handle @lemmy-post { reverse_proxy http://lemmy:8536 } }
Caddy has some great plugins that allow you to automate https certificate renewal too, easy to add to any config.
I know you asked about nginx and I’m just telling you “haha just switch,” but I had similar headaches with my own deployment when I tried using nginx, and I eventually just gave up and used Caddy. Saved me at least a few hours of headache.
A +1 from me for Caddy. It works quite well.
Hmmm I might consider this. I’ll need to look into it more though, I’ve never heard of Caddy before. Thanks for the heads up :D
You can try add these to your nginx conf inside
location / {
:proxy_set_header Connection "keep-alive, Upgrade"; proxy_set_header Upgrade websocket;
like this:
location / { .... proxy_set_header Connection "keep-alive, Upgrade"; proxy_set_header Upgrade websocket; }
I launched my instance last weekend and this was my issue as too.
It’s turns out, my issue was that I had nginx on both the host and Docker container, so the host wasn’t forwarding the websocket requests like this. I just removed the host nginx and configured the Docker conf to look at port 80 and it worked!
Got it working on my instance by using the following config for the nginx outside of the docker container (you’ll need to change the
server_name
from theserver
sections and the path to the ssl keys) :upstream lemmy { # depending on your setup, you may want to update this server 127.0.0.1:1380; } server { listen 80; listen [::]:80; server_name lemmy.pierre-couy.fr; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name lemmy.pierre-couy.fr; # TLS ssl_protocols TLSv1.2; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/ssl/certs/pcouy.pem; ssl_certificate_key /etc/ssl/private/pcouy.key; # HSTS add_header Strict-Transport-Security "max-age=31536000"; location / { proxy_pass http://lemmy; proxy_set_header Host $host; # include proxy_params; } location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_pass "http://lemmy"; # proxy common stuff proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
The nginx config provided in the Docker installation part contains everything needed for nginx. If you are installing lemmy directly on the machine you may need to use different upstreams.
The websocket part is basically the
# proxy common stuff proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
part in the nginx config on that page.
I seem to be having a lot of lag at the moment, and my post was created twice so I’m just going to delete the other one and start from here…
So I have this set up per the instructions. My instance is on a Digital Ocean instance, and I’m using nginx on the host to point to
localhost:1235
, but that’s about all that conf file is doing. Is there something else I need to do?Ok, just to understand what you did. You got an Digital Ocean droplet with Docker and used the instructions in the link I posted or different ones?
If you are using the instructions from my link nginx will also run in a docker container, which means that your upstream will not be on localhost, but rather the lemmy and lemmy-ui containers.
If you did install it locally then localhost:1235 could be correct.
I think this is where my lack of experience with Docker is showing.
I spun up a DO droplet and installed nginx, Docker CE, and Docker Compose. Then I went through the instructions on the page you linked to and it set it up just fine but when I went to my droplets IP address it wouldn’t connect. I had to add a config file that pointed traffic coming into the droplet on port 80 to redirect to the Docker container instead. Am I overcomplicating it?
No, you are right. If you are using the nginx container from the docker installation guide then you will also need to add port 80 atleast in order to see anything, as nginx will otherwise not listen on the port 80 of the droplet.
How does your nginx.conf look now?
deleted by creator
The one meant for the Docker container or the one on the host?
Ah, so you added another nginx on the host by installing it from the package store of the distro and have that proxy port 80 to the docker nginx?
If you do that then you also need to add the websocket settings I had in the first comment to the host nginx.
What I meant what that the nginx in the docker-compose from lemmy also listens to port 80 and you just need to add
server { listen 80; server_name my_domain.tld; location / { proxy_pass http://localhost:LEMMY_PORT; proxy_set_header Host $host; include proxy_params; } }
to the nginx.conf of the container.
Then you should have it accessable from port 80 without the host nginx (of course you need to stop the host nginx then).
So looking at this again now, am I taking that whole block and adding it to the container’s nginx.conf? If so, does that mean I have to change what port it’s currently listening to (because there’s already a rule in the file for port 80)?
There’s a comment in that server rule that says “this is the port inside docker” and a comment immediately after that says “this is facing the public web”, which confuses me.
Ahaaaa ok. I’ll try that a little later this afternoon. Thanks for explaining it to me.