Just wanted to know if I should expect any issues with this set-up. 1st proxy is NGINX on the host machine (Ansible-setup). 2nd proxy is NGINX on OPNsense. I’m using self signed certs on the host machine because I don’t want port 80 left open. OPNsense ACME plugin manages my certificates.

I’ve noticed that a lot of comments do not get pulled with posts. Also, I am unable to log in to my server with Jerboa.

Does lemmy use port 80 for anything besides getting SSL certs? Will the double proxy screw up federation or my ability to log in through 3rd party solutions?

  • ActuallyRuben@actuallyruben.nl
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    When initially fetching a post, existing comments won’t come along with it. New comments and new posts will only appear when at least one local user is subscribed to the corresponding community.

    • stown@sedd.itOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m well aware of this. However, I am the only user on my instance and I’ve subscribed to all the communities I wish to view comments on. But the comments do not pull, or maybe just a few pull.

  • useful_idiot@lemmy.eatsleepcode.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I will do you one better, I have my instance behind 3.

    WAN -> haproxy -> traefik ingress w/ letsencrypt -> Lemmy nginx -> Lemmy-ui

    I can probably remove the lemmy nginx but it only uses ~10mb of ram and didn’t want my changes getting in the way when sorting federation issues(which work fine!).

  • seang96@spgrn.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I am running mine with two nginx proxies in lurbenetes for similar reasons. i run a nginx container with the standard nginx.config from the docs, then I have an ingress with let’s encrypts SSL certificate and domain info. I added a annotation for websocksts and just pointed to the first proxies / path for the parent proxies path.

    Comments don’t sync right right now because of the federation setup and people hosting so many private instances / shutting them off. There is a timeout that is being exceeding so not all instances are getting the update from the main instance that there was an update.

    • stown@sedd.itOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Maybe web sockets aren’t setup properly for me on OPNSense NGINX. I’ll have to look into that. Could be that Jerboa needs websockets to log in?

  • SSUPII@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’ve never done this, but I want to drop my cents still. Maybe there are some settings in the client or in an instance left assuming something is working in a default environment?

    • stown@sedd.itOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I did have a server set up without the second proxy on OPNsense and I was able to log in via Jerboa but the comments issue was still there. When I set up the current one I basically just copied all the settings from the first server so I doubt it’s config problems.

      I’m guessing that my second proxy may be misconfigured. It’s hard for me to understand how some settings work because OPNsense uses a GUI to configure NGINX and it’s not as simple as copy and pasting from a .conf file.

  • mlaga97@lemmy.mlaga97.space
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I am currently using a double proxy: HAProxy handling SSL termination and the outward facing ports on one host, pointed at NGINX from the docker-compose file with the SSL termination stuff removed running on another host.

    Websockets can be/are a pain, so it may be that imo.