Selfhosted

39275 readers

236 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

[email protected]

Modified docker compose file for Lemmy (lemitar.meta1203.com)

submitted 1 year ago by [email protected] to c/[email protected]

7 comments fedilink hide all child comments

Hi all! This is my first real post on the fediverse, coming to you live from my own Lemmy instance, which took me way too long to set up. Turns out, the provided docker-compose.yml file provided by the official Lemmy documentation does not allow outbound access to the internet, which prevents users from seeing other instances on yours. For SEO's sake, I was receiving the following error message: error trying to connect: dns error: failed to lookup address information: Try again

Anywho, I updated the docker-compose.yml file to put all containers on one network, and allow that network outbound access while restricting inbound access to only ports 80 and 443, which worked a treat.

version: "3.3"

networks:
  lemmy:
    internal: false

services:
  proxy:
    image: nginx:1-alpine
    networks:
      - lemmy
    ports:
      # only ports facing any connection from outside
      - 80:80
      - 443:443
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      # setup your certbot and letsencrypt config 
      - ./certbot:/var/www/certbot
      - ./letsencrypt:/etc/letsencrypt/live
    restart: always
    depends_on:
      - pictrs
      - lemmy-ui

  lemmy:
    image: dessalines/lemmy:0.17.4
    hostname: lemmy
    networks:
      - lemmy
    restart: always
    environment:
      - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
    volumes:
      - ./lemmy.hjson:/config/config.hjson
    depends_on:
      - postgres
      - pictrs

  lemmy-ui:
    image: dessalines/lemmy-ui:0.17.4
    networks:
      - lemmy
    environment:
      # this needs to match the hostname defined in the lemmy service
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      # set the outside hostname here
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
      - LEMMY_HTTPS=true
    depends_on:
      - lemmy
    restart: always

  pictrs:
    image: asonix/pictrs:0.3.1
    # this needs to match the pictrs url in lemmy.hjson
    hostname: pictrs
    # we can set options to pictrs like this, here we set max. image size and forced format for conversion
    # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
    networks:
      - lemmy
    environment:
      - PICTRS__API_KEY=API_KEY
    user: 991:991
    volumes:
      - ./volumes/pictrs:/mnt
    restart: always

  postgres:
    image: postgres:15-alpine
    # this needs to match the database host in lemmy.hson
    hostname: postgres
    networks:
      - lemmy
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=lemmy
    volumes:
      - ./volumes/postgres:/var/lib/postgresql/data
    restart: always

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 1 year ago

I can only imagine this is intentional to prevent people from accidentally exposing themselves to the internet before they intend to.

That said, a comment or something explaining this would be welcome.