This right here.
Op, if you’re not ready to moderate, don’t spin up your own server or do your own private instance. If you’re going to moderate, do it properly and don’t spew bad ideas while hiding behind a dumb “alert” throwaway.
- 0 Followers
- 0 Following
- 3 Posts
Everyone has an opinion, and at the end of the day, whatever works best for you is what you should stick with.
I like Traefik because you can mount /var/run/docker.sock:/var/run/docker.sock:ro to Traefik, then it can read labels from containers, and automatically wire up new instances based on labels on them. I'm sure there's equivalent in other reverse proxy solutions, but as I said, it works for me and I like it.
Lemmy is very “open” right now; some might say by design, other might say flawed. OP is maybe coming from a good place and actually wants to help, but instead of doing it tactfully, OP is becoming the exact thing they’re advocating against — a spammer posting garbage.
testy mctest message
I did some quick google'ing when I saw it... otel is probably opentelemetry, but the Lemmy developers didn't include that in the released docker-compose. Perhaps it is something they're using internally. I haven't notice any telemetry related issues, yet, so I'm just keeping my fingers crossed for now...
I have shared them in a separate post; though, it would appear that there are still some federation issues as the post appears to be some what de-sync on my own instance and lemmy.world. I'm also for some strange reason unable to see your reply on my own instance, hence why I'm replying with my lemmy world account instead... If you do make some more progress, please do share it with the community at large so more of us can have the setup we'd like!
Lemmy via Docker Compose, using Traefik and CloudFlare - Lemmy!
Disclaimers: First thing first, I’m new to the whole Fediverse, and Lemmy thing, so please don’t hesitate to point out any problems you’re foreseeing. Secondly, I’m by no means saying this is the ideal implementation, something something see above. Please don’t hesitate to make recommendations for improvements. Lastly, I’m not sure if it is completely working. I’m still noticing a few issues that I will document and monitor towards the end of the post. If you know of the cause or how to debug further, please do let me know! Notes and Assumptions: 1. I am using an ARM server. So I’m using ARM images, you will need to make sure you’re using the correct architecture image. 2. I assume you have Traefik up and running in a separate network. I used docker compose to bring traefik up, minimal configurations, and I’m just hijacking the default network there (project folder was gateway so the complete network name is gateway_default)… there’s probably better ways to do this. 3. On note of networks, I really don’t like the fact that the default postgres was left wide open on the lemmyexternalproxy network. I think I’ve locked my down, but you may wish to double check my work. 4. I’m not sure if what I am doing with the hostnames are correct, but it seems to work for the most part, so I’m not complaining. If there is a better way, please do advise! 5. I used an override file for docker compose [https://docs.docker.com/compose/extends/] to apply extra settings. This allows me to keep the original docker-compose.yml untouched, and I can just pull in new changes (theoretically). 6. Since I’m using traefik, I don’t need nginx running doing nothing. I replaced it with a light weight alpine image that just shuts down successfully, so it doesn’t use resources. Without further delays, here’s my files: docker-compose.override.yml: version: "3.3" networks: lemmyexternalproxy: internal: true lemmygateway: name: gateway_default external: true services: lemmy: image: dessalines/lemmy:0.17-linux-arm64 labels: - "traefik.enable=true" - "traefik.http.routers.lemmy.entrypoints=websecure" - "traefik.http.routers.lemmy.rule=Host(`lemmy.chiisana.net`) && HeadersRegexp(`Accept`, `^application/`) || Host(`lemmy.chiisana.net`) && Method(`POST`) || Host(`lemmy.chiisana.net`) && PathPrefix(`/{path:(api|pictrs|feeds|nodeinfo|.well-known)}`)" - "traefik.http.routers.lemmy.tls=true" - "traefik.http.services.lemmy-svc.loadbalancer.server.port=8536" - "traefik.docker.network=gateway_default" networks: - lemmygateway lemmy-ui: image: dessalines/lemmy-ui:0.17-linux-arm64 environment: - LEMMY_UI_HOST=0.0.0.0:1234 - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536 - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.chiisana.net - LEMMY_UI_HTTPS=true - LEMMY_UI_DEBUG=false labels: - "traefik.enable=true" - "traefik.http.routers.lemmy-ui.entrypoints=websecure" - "traefik.http.routers.lemmy-ui.rule=Host(`lemmy.chiisana.net`)" - "traefik.http.routers.lemmy-ui.tls=true" - "traefik.http.services.lemmy-ui-svc.loadbalancer.server.port=1234" - "traefik.docker.network=gateway_default" networks: - lemmygateway proxy: image: alpine:latest command: "true" entrypoint: "true" restart: "no" pictrs: image: asonix/pictrs:0.4.0-rc.3 lemmy.hjson: { setup: { admin_username: "chiisana" admin_password: "password-redacted-duh" site_name: "chiisana lemmy site" } database: { host: "postgres" user: "lemmy" password: "password-redacted-duh" database: "lemmy" } email: { smtp_server: "smtp.mailgun.org:587" smtp_login: "[email protected]" smtp_password: "password-redacted-duh" smtp_from_address: "[email protected]" tls_type: "tls" } pictrs: { url: "http://pictrs:8080/" api_key: "API_KEY" } hostname: "lemmy.chiisana.net" bind: "0.0.0.0" port: 8536 tls_enabled: true } ---- Known issue(s)? 1. I have my registration disabled as the instance is supposed to be just for my own auth not be depended on other instances. In my /admin section, I’m seeing a ton of users from endlesstalk.org pop up as banned users. I have no idea what that is about, as endlesstalk.org seems to also be used only by one user. I’ll be monitoring this and see what’s to come of it. Edit: Looks like this is just the way the system is designed, and not a configuration error on my part! All good here. Thanks for clarifying it @[email protected] ! 2. I’m not sure if I’m getting all the messages federated. In this community, for example, I can see most if not all recent threads. However, most threads have no comments in it. Some newer threads, I see comments, but it seems to be incomplete. I’m not sure if I’m only supposed to receive new messages, or if something else is happening. I’ll be monitoring this, and hoping the federation will just catch up over time. 3. Edit: It would appear this post itself is not federating to [email protected] [/c/[email protected]] [https://lemmy.world/c/selfhosted] for some reason… I’m partially hoping it is just caught in some kind of moderation queue, but seeing other posts made after this appear on the list leads me to believe there’s still something amiss. If you encounter any other issue, please do post back so we can try to debug it together. Hope this helps someone!
Yeah, the entire setup is quite finicky still. Part of me thinks Fediverse is forced into the spotlight by Twitter (Mastadon) and Reddit (Lemmy), and the whole thing is not quite baked yet. Don't get me wrong, having a more open space is great, but there are so many things that's not quite ready for prime time. I hope the dev team behind the platform (not the self hosted instance admins) will be more open to ideas and rapidly improve the platform.
I am new to the fediverse, and I don't use Friendica, so I could be entirely wrong about this. However, from what is described, perhaps Friendica has some sort of feature in which would trigger your instance to go out to fetch some data from another instance. Someone exploited this feature, spammed your instance with content from assortment of subdomains on the
*.activitypub-troll.cf domain, and most if not all of them are probably non-existent. As result of that, your server is re-checking every 10 minutes to see if they've came back online. This would also explain why shutting down the Friendica service resolved the problem for you.
[Request] Community link open via mlem app
Yeah, I really do think we need both:
!gaming@... or !gaming@ which aggregates [email protected], [email protected], ... etc. that I've subscribed to into a single feed; and
#gaming which I can put !gaming@..., !pcgaming@..., and !consolegaming@... into a single collection.
This way we'd get the flexibility to pick and choose what we'd want to see more easily.