Just wanted to know if I should expect any issues with this set-up. 1st proxy is NGINX on the host machine (Ansible-setup). 2nd proxy is NGINX on OPNsense. I’m using self signed certs on the host machine because I don’t want port 80 left open. OPNsense ACME plugin manages my certificates.
I’ve noticed that a lot of comments do not get pulled with posts. Also, I am unable to log in to my server with Jerboa.
Does lemmy use port 80 for anything besides getting SSL certs? Will the double proxy screw up federation or my ability to log in through 3rd party solutions?
When initially fetching a post, existing comments won’t come along with it. New comments and new posts will only appear when at least one local user is subscribed to the corresponding community.
I’m well aware of this. However, I am the only user on my instance and I’ve subscribed to all the communities I wish to view comments on. But the comments do not pull, or maybe just a few pull.
I will do you one better, I have my instance behind 3.
WAN -> haproxy -> traefik ingress w/ letsencrypt -> Lemmy nginx -> Lemmy-ui
I can probably remove the lemmy nginx but it only uses ~10mb of ram and didn’t want my changes getting in the way when sorting federation issues(which work fine!).
Are you able to log into your server using 3rd party apps like Jerboa?
I had no problems with mlem
I am running mine with two nginx proxies in lurbenetes for similar reasons. i run a nginx container with the standard nginx.config from the docs, then I have an ingress with let’s encrypts SSL certificate and domain info. I added a annotation for websocksts and just pointed to the first proxies / path for the parent proxies path.
Comments don’t sync right right now because of the federation setup and people hosting so many private instances / shutting them off. There is a timeout that is being exceeding so not all instances are getting the update from the main instance that there was an update.
Maybe web sockets aren’t setup properly for me on OPNSense NGINX. I’ll have to look into that. Could be that Jerboa needs websockets to log in?
My first thought when you mentioned those issues with Jerboa and comments was websockets. This is how the lemmy devs configure nginx, and I would make sure your setup on OPNSense is similar, specifically the “Upgrade” and “Connection” header bits.
Fun fact since 0.18.0 is out, they dropped websockets.
I’ve never done this, but I want to drop my cents still. Maybe there are some settings in the client or in an instance left assuming something is working in a default environment?
I did have a server set up without the second proxy on OPNsense and I was able to log in via Jerboa but the comments issue was still there. When I set up the current one I basically just copied all the settings from the first server so I doubt it’s config problems.
I’m guessing that my second proxy may be misconfigured. It’s hard for me to understand how some settings work because OPNsense uses a GUI to configure NGINX and it’s not as simple as copy and pasting from a .conf file.
I am currently using a double proxy: HAProxy handling SSL termination and the outward facing ports on one host, pointed at NGINX from the docker-compose file with the SSL termination stuff removed running on another host.
Websockets can be/are a pain, so it may be that imo.