Just wanted to know if I should expect any issues with this set-up. 1st proxy is NGINX on the host machine (Ansible-setup). 2nd proxy is NGINX on OPNsense. I’m using self signed certs on the host machine because I don’t want port 80 left open. OPNsense ACME plugin manages my certificates.

I’ve noticed that a lot of comments do not get pulled with posts. Also, I am unable to log in to my server with Jerboa.

Does lemmy use port 80 for anything besides getting SSL certs? Will the double proxy screw up federation or my ability to log in through 3rd party solutions?

  • seang96@spgrn.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I am running mine with two nginx proxies in lurbenetes for similar reasons. i run a nginx container with the standard nginx.config from the docs, then I have an ingress with let’s encrypts SSL certificate and domain info. I added a annotation for websocksts and just pointed to the first proxies / path for the parent proxies path.

    Comments don’t sync right right now because of the federation setup and people hosting so many private instances / shutting them off. There is a timeout that is being exceeding so not all instances are getting the update from the main instance that there was an update.

    • stown@sedd.itOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Maybe web sockets aren’t setup properly for me on OPNSense NGINX. I’ll have to look into that. Could be that Jerboa needs websockets to log in?

  • mlaga97@lemmy.mlaga97.space
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I am currently using a double proxy: HAProxy handling SSL termination and the outward facing ports on one host, pointed at NGINX from the docker-compose file with the SSL termination stuff removed running on another host.

    Websockets can be/are a pain, so it may be that imo.

  • useful_idiot@lemmy.eatsleepcode.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I will do you one better, I have my instance behind 3.

    WAN -> haproxy -> traefik ingress w/ letsencrypt -> Lemmy nginx -> Lemmy-ui

    I can probably remove the lemmy nginx but it only uses ~10mb of ram and didn’t want my changes getting in the way when sorting federation issues(which work fine!).