I have played around with yunohost and other similar tools. I know how to open ports on router, configure port forwarding. I am also interested on hosting my own stuff for experiments, but I also have a VPN enabled for privacy reasons on my router at all times. If you haven’t guessed already, I am very reserved on revealing my home IP for selfhosting, as contradictory as it sounds.

I am aware that it’s better to rent a VPS, not to mention the dynamic IP issues, but here it goes: assuming my VPN provider permits port forwarding, is it possible to selfhost anything from behind a VPN, including the virtual machine running all the necessary softwares?

edit: title

edit2: I just realized my VPN provider is discontinuing port forwarding next month. Why?!

  • sven@l.mchome.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Hopefully this will help someone. This seems to work for me. Subscribed communities update, I am able to post. I’m the only user right now on my server. NPM took me a bit of messing around with the config but I think I have everything working, some of this may be redundant / non functional but I don’t have the will to go line by line to see what more I can take out. Here is how I have it configured. Note that some things go to the Lemmy UI port and some to the Lemmy port. These should be defined in your docker-compose if you’re using that. (Mine is below)

    On the first tab in NPM, “Details” I have the following:

     Scheme: http
     Hostname: <docker ip>
    Port: <lemmy-ui port>
    Block Common Exploits and Websockets Support are enabled.
    

    On the Custom Locations page, I added 4 locations, you have to do one for each directory even though the ip/ports are the same.

    Location: /api
    Scheme: http
    Hostname: <docker ip>
    Port: <lemmy port>
    

    Repeat the above for “/feeds”, “/pictrs”, and “/nodeinfo”. The example file they give also says to have “.well_known” in there but as far as I know that’s just for Let’s Encrypt which NPM should be handling for us.

    On the SSL tab, I have a Let’s Encrypt certificate set up. Force SSL, HTTP/2 Support, and HSTS Enabled.

    On the Advanced tab, I have the following:

     location / {
    
       set $proxpass "http://<docker ip>:<lemmy-ui port>";
       if ($http_accept = "application/activity+json") {
    
         set $proxpass "http://<docker ip>:<lemmy-ui port>";`
       }
       if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
         set $proxpass "http://<docker ip>:<lemmy-ui port>";
       }
       if ($request_method = POST) {
         set $proxpass "http://<docker ip>:<lemmy-ui port>";
       }
       proxy_pass $proxpass;
       
       rewrite ^(.+)/+$ $1 permanent;
        # Send actual client IP upstream
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
    

    I probably should add in my docker compose file as well… I’m far from a docker expert. This is reasonably close to their examples and others I found. I removed nginx from in here since we already have a proxy. I disabled all the debug logging because it was using disk space. I also removed all the networking lines because I’m not smart enough to figure it all out right now. If you use this, look out for the < > sections, you need to set your own domain/hostname, and postgres user/password.

    version: "3.3"
    
    services:
      lemmy:
        image: dessalines/lemmy:0.17.3
        hostname: lemmy
        restart: always
        ports:
          - 8536:8536
        environment:
          - RUST_LOG="warn"
          - RUST_BACKTRACE=full
        volumes:
          - ./lemmy.hjson:/config/config.hjson:Z
        depends_on:
          - postgres
          - pictrs
    
      lemmy-ui:
        image: dessalines/lemmy-ui:0.17.4
        # use this to build your local lemmy ui image for development
        # run docker compose up --build
        # assuming lemmy-ui is cloned besides lemmy directory
        # build:
        #   context: ../../lemmy-ui
        #   dockerfile: dev.dockerfile
        ports:
          - 1234:1234
        environment:
          # this needs to match the hostname defined in the lemmy service
          - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
          # set the outside hostname here
          - LEMMY_UI_LEMMY_EXTERNAL_HOST=< domain name>
          - LEMMY_HTTPS=false
          - LEMMY_UI_DEBUG=true
        depends_on:
          - lemmy
        restart: always
    
      pictrs:
        image: asonix/pictrs:0.4.0-beta.19
        # this needs to match the pictrs url in lemmy.hjson
        hostname: pictrs
        # we can set options to pictrs like this, here we set max. image size and forced format for conversion
        # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
        environment:
          - PICTRS_OPENTELEMETRY_URL=http://otel:4137
          - PICTRS__API_KEY=API_KEY
          - RUST_LOG=debug
          - RUST_BACKTRACE=full
          - PICTRS__MEDIA__VIDEO_CODEC=vp9
          - PICTRS__MEDIA__GIF__MAX_WIDTH=256
          - PICTRS__MEDIA__GIF__MAX_HEIGHT=256
          - PICTRS__MEDIA__GIF__MAX_AREA=65536
          - PICTRS__MEDIA__GIF__MAX_FRAME_COUNT=400
        user: 991:991
        volumes:
          - ./volumes/pictrs:/mnt:Z
        restart: always
    
      postgres:
        image: postgres:15-alpine
        # this needs to match the database host in lemmy.hson
        # Tune your settings via
        # https://pgtune.leopard.in.ua/#/
        # You can use this technique to add them here
        # https://stackoverflow.com/a/30850095/1655478
        hostname: postgres
        command:
          [
            "postgres",
            "-c",
            "session_preload_libraries=auto_explain",
            "-c",
            "auto_explain.log_min_duration=5ms",
            "-c",
            "auto_explain.log_analyze=true",
            "-c",
            "track_activity_query_size=1048576",
          ]
        ports:
          # use a different port so it doesnt conflict with potential postgres db running on the host
          - "5433:5432"
        environment:
          - POSTGRES_USER=< dbuser >
          - POSTGRES_PASSWORD=< dbpassword>
          - POSTGRES_DB=lemmy
        volumes:
          - ./volumes/postgres:/var/lib/postgresql/data:Z
        restart: always