[SOLVED] How to configure Lemmy instance nginx proxy for websockets?
I'm playing around with my own instance of Lemmy but I keep getting a "websocket connection failed" error in my console. I'm having a really hard time understanding how to set up nginx for websockets - I'm more used to Apache and not familiar with WS at all. Is there documentation hiding somewhere that will help me set up my proxy forwarding properly?
If you're willing to use Caddy instead, it's infinitely easier. Websockets is just enabled by default, no shenanigans. Here is an example Caddyfile to use in a Docker deployment (but you can change those http urls to point to localhost for a non Docker deployment):
Caddy has some great plugins that allow you to automate https certificate renewal too, easy to add to any config.
I know you asked about nginx and I'm just telling you "haha just switch," but I had similar headaches with my own deployment when I tried using nginx, and I eventually just gave up and used Caddy. Saved me at least a few hours of headache.
I would recommend you ditch the second nginx layer. It's a waste of resources and it can cause a multitude of issues if the configuration isn't done correctly.
If you are hosting multiple domains on the same server, disable the nginx container in the docker-compose.yml file and copy Lemmy's nginx config into your system's nginx config (e.g. /etc/nginx/).
If you go this route you should also delete the lemmyexternalproxy network, delete internal: true on the lemmyinternal network (required to enable port forwarding) and add port forwards to the lemmy and lemmy-ui docker services. Here's what that would look like: https://www.diffchecker.com/vjfEFuz6/
If you are not hosting multiple domains on the same server, simply edit the port forwards in the docker-compose.yml file for the proxy service to bind to whatever your external facing IP is.
Got it working on my instance by using the following config for the nginx outside of the docker container (you'll need to change the server_name from the server sections and the path to the ssl keys) :
upstream lemmy {
# depending on your setup, you may want to update this
server 127.0.0.1:1380;
}
server {
listen 80;
listen [::]:80;
server_name lemmy.pierre-couy.fr;
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name lemmy.pierre-couy.fr;
# TLS
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/ssl/certs/pcouy.pem;
ssl_certificate_key /etc/ssl/private/pcouy.key;
# HSTS
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://lemmy;
proxy_set_header Host $host;
# include proxy_params;
}
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass "http://lemmy";
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
The nginx config provided in the Docker installation part contains everything needed for nginx. If you are installing lemmy directly on the machine you may need to use different upstreams.
The websocket part is basically the
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";```
part in the nginx config on that page.
I seem to be having a lot of lag at the moment, and my post was created twice so I'm just going to delete the other one and start from here...
So I have this set up per the instructions. My instance is on a Digital Ocean instance, and I'm using nginx on the host to point to localhost:1235, but that's about all that conf file is doing. Is there something else I need to do?
Ok, just to understand what you did.
You got an Digital Ocean droplet with Docker and used the instructions in the link I posted or different ones?
If you are using the instructions from my link nginx will also run in a docker container, which means that your upstream will not be on localhost, but rather the lemmy and lemmy-ui containers.
If you did install it locally then localhost:1235 could be correct.
It's turns out, my issue was that I had nginx on both the host and Docker container, so the host wasn't forwarding the websocket requests like this. I just removed the host nginx and configured the Docker conf to look at port 80 and it worked!