Lemmy via Docker Compose, using Traefik and CloudFlare
Lemmy via Docker Compose, using Traefik and CloudFlare
Disclaimers:
First thing first, I'm new to the whole Fediverse, and Lemmy thing, so please don't hesitate to point out any problems you're foreseeing.
Secondly, I'm by no means saying this is the ideal implementation, something something see above. Please don't hesitate to make recommendations for improvements.
Lastly, I'm not sure if it is completely working. I'm still noticing a few issues that I will document and monitor towards the end of the post. If you know of the cause or how to debug further, please do let me know!
Notes and Assumptions:
- I am using an ARM server. So I'm using ARM images, you will need to make sure you're using the correct architecture image.
- I assume you have Traefik up and running in a separate network. I used docker compose to bring traefik up, minimal configurations, and I'm just hijacking the
default
network there (project folder wasgateway
so the complete network name isgateway_default
)... there's probably better ways to do this. - On note of networks, I really don't like the fact that the default postgres was left wide open on the
lemmyexternalproxy
network. I think I've locked my down, but you may wish to double check my work. - I'm not sure if what I am doing with the hostnames are correct, but it seems to work for the most part, so I'm not complaining. If there is a better way, please do advise!
- I used an override file for docker compose to apply extra settings. This allows me to keep the original
docker-compose.yml
untouched, and I can just pull in new changes (theoretically). - Since I'm using traefik, I don't need nginx running doing nothing. I replaced it with a light weight alpine image that just shuts down successfully, so it doesn't use resources.
Without further delays, here's my files:
docker-compose.override.yml
:
undefined
version: "3.3" networks: lemmyexternalproxy: internal: true lemmygateway: name: gateway_default external: true services: lemmy: image: dessalines/lemmy:0.17-linux-arm64 labels: - "traefik.enable=true" - "traefik.http.routers.lemmy.entrypoints=websecure" - "traefik.http.routers.lemmy.rule=Host(`lemmy.chiisana.net`) && HeadersRegexp(`Accept`, `^application/`) || Host(`lemmy.chiisana.net`) && Method(`POST`) || Host(`lemmy.chiisana.net`) && PathPrefix(`/{path:(api|pictrs|feeds|nodeinfo|.well-known)}`)" - "traefik.http.routers.lemmy.tls=true" - "traefik.http.services.lemmy-svc.loadbalancer.server.port=8536" - "traefik.docker.network=gateway_default" networks: - lemmygateway lemmy-ui: image: dessalines/lemmy-ui:0.17-linux-arm64 environment: - LEMMY_UI_HOST=0.0.0.0:1234 - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536 - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.chiisana.net - LEMMY_UI_HTTPS=true - LEMMY_UI_DEBUG=false labels: - "traefik.enable=true" - "traefik.http.routers.lemmy-ui.entrypoints=websecure" - "traefik.http.routers.lemmy-ui.rule=Host(`lemmy.chiisana.net`)" - "traefik.http.routers.lemmy-ui.tls=true" - "traefik.http.services.lemmy-ui-svc.loadbalancer.server.port=1234" - "traefik.docker.network=gateway_default" networks: - lemmygateway proxy: image: alpine:latest command: "true" entrypoint: "true" restart: "no" pictrs: image: asonix/pictrs:0.4.0-rc.3
lemmy.hjson
:
{
setup: { admin_username: "chiisana" admin_password: "password-redacted-duh" site_name: "chiisana lemmy site" } database: { host: "postgres" user: "lemmy" password: "password-redacted-duh" database: "lemmy" } email: { smtp_server: "smtp.mailgun.org:587" smtp_login: "lemmy@chiisana.net" smtp_password: "password-redacted-duh" smtp_from_address: "lemmy@chiisana.net" tls_type: "tls" } pictrs: { url: "http://pictrs:8080/" api_key: "API_KEY" } hostname: "lemmy.chiisana.net" bind: "0.0.0.0" port: 8536 tls_enabled: true }
Known issue(s)?
I have my registration disabled as the instance is supposed to be just for my own auth not be depended on other instances. In myEdit: Looks like this is just the way the system is designed, and not a configuration error on my part! All good here. Thanks for clarifying it @lemmy@endlesstalk.org !/admin
section, I'm seeing a ton of users fromendlesstalk.org
pop up as banned users. I have no idea what that is about, asendlesstalk.org
seems to also be used only by one user. I'll be monitoring this and see what's to come of it.- I'm not sure if I'm getting all the messages federated. In this community, for example, I can see most if not all recent threads. However, most threads have no comments in it. Some newer threads, I see comments, but it seems to be incomplete. I'm not sure if I'm only supposed to receive new messages, or if something else is happening. I'll be monitoring this, and hoping the federation will just catch up over time.
- Edit: It would appear this post itself is not federating to !selfhosted@lemmy.world for some reason... I'm partially hoping it is just caught in some kind of moderation queue, but seeing other posts made after this appear on the list leads me to believe there's still something amiss.
If you encounter any other issue, please do post back so we can try to debug it together. Hope this helps someone!