this post was submitted on 12 Jun 2023
10 points (100.0% liked)

Selfhosted

573 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Resources:

> Any issues on the community? Report it using the report flag.

> Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
10
[SOLVED] How to configure Lemmy instance nginx proxy for websockets? (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by penguin_ex_machina@lemmy.world to c/selfhosted@lemmy.world
24 comments fedilink hide all child comments
 

I'm playing around with my own instance of Lemmy but I keep getting a "websocket connection failed" error in my console. I'm having a really hard time understanding how to set up nginx for websockets - I'm more used to Apache and not familiar with WS at all. Is there documentation hiding somewhere that will help me set up my proxy forwarding properly?

EDIT: Solved! Check out my solution here: https://lemmy.world/comment/141648. Thanks everyone!

you are viewing a single comment's thread
view the rest of the comments
[–] pcouy@lemmy.pierre-couy.fr 1 points 1 year ago* (last edited 1 year ago)

Got it working on my instance by using the following config for the nginx outside of the docker container (you'll need to change the server_name from the server sections and the path to the ssl keys) :

upstream lemmy {
    # depending on your setup, you may want to update this
    server 127.0.0.1:1380;
}

server {
    listen 80;
    listen [::]:80;
    server_name lemmy.pierre-couy.fr;
    location / { return 301 https://$host$request_uri; }
}
server {
    listen      443 ssl;
    listen [::]:443 ssl;
    server_name lemmy.pierre-couy.fr;

    # TLS
    ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_certificate     /etc/ssl/certs/pcouy.pem;
    ssl_certificate_key /etc/ssl/private/pcouy.key;

    # HSTS
    add_header Strict-Transport-Security "max-age=31536000";

    location / {
        proxy_pass http://lemmy;
        proxy_set_header Host $host;
        # include proxy_params;
    }

    location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
        proxy_pass "http://lemmy";
        # proxy common stuff
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Send actual client IP upstream
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}