Hi, I’ve just created an instance for Spanish speakers. I want to federate, but according to the documentation I have to ask other servers to federate with me:
Federation is not set up by default. You can add this this federation block to your lemmy.hjson, and ask other servers to add you to their allowlist.
Do you want to federate with my instance? Do I need to ask to every instance with which I want to federate?
I copied the default nginx config, but for some reason I don’t know it doesn’t work, and I don’t know how to troubleshoot it, because I don’t see any error message.
Did you install manually? Then you need to ensure that the ports for lemmy and lemmy-ui are set correctly in nginx config. You also need to apply changes with
nginx -s reload
No, I followed the instructions for Docker.
I think they are. This is the nginx config file:
limit_req_zone $binary_remote_addr zone=lemido.freakspot.net_ratelimit:10m rate=1r/s; server { listen 80; listen [::]:80; server_name lemido.freakspot.net; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name lemido.freakspot.net; ssl_certificate /etc/letsencrypt/live/freakspot.net-0002/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/freakspot.net-0002/privkey.pem; # Various TLS hardening settings # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets on; ssl_stapling on; ssl_stapling_verify on; # Hide nginx version server_tokens off; # Enable compression for JS/CSS/HTML bundle, for improved client load times. # It might be nice to compress JSON, but leaving that out to protect against potential # compression+encryption information leak attacks like BREACH. gzip on; gzip_types text/css application/javascript image/svg+xml; gzip_vary on; # Only connect to this site via HTTPS for the two years add_header Strict-Transport-Security "max-age=63072000"; # Various content security headers add_header Referrer-Policy "same-origin"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options "DENY"; add_header X-XSS-Protection "1; mode=block"; # Upload limit for pictrs client_max_body_size 500M; # frontend location / { # The default ports: # lemmy_ui_port: 1235 # lemmy_port: 8536 # Also tried this, but it didn't work # set $proxpass "http://0.0.0.0:1235"; # if ($http_accept = "application/activity+json") { # set $proxpass "http://0.0.0.0:8536"; # } # if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { # set $proxpass "http://0.0.0.0:8536"; # } # proxy_pass $proxpass; set $proxpass "http://0.0.0.0:1235"; if ($http_accept ~ "^application/.*$") { set $proxpass "http://0.0.0.0:8536"; } if ($request_method = POST) { set $proxpass "http://0.0.0.0:8536"; } proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # backend location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_pass http://0.0.0.0:8536; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Rate limit limit_req zone=lemido.freakspot.net_ratelimit burst=30 nodelay; # Add IP forwarding headers proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # Redirect pictshare images to pictrs location ~ /pictshare/(.*)$ { return 301 /pictrs/image/$1; } } # Anonymize IP addresses # https://www.supertechcrew.com/anonymizing-logs-nginx-apache/ map $remote_addr $remote_addr_anon { ~(?P<ip>\d+\.\d+\.\d+)\. $ip.0; ~(?P<ip>[^:]+:[^:]+): $ip::; 127.0.0.1 $remote_addr; ::1 $remote_addr; default 0.0.0.0; } access_log /var/log/nginx/access.log combined;
I did restart with systemctl and also used your command, but it still doesn’t work.