User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:lemmy [2025/01/27 17:39] willyservices:lemmy [2025/02/04 11:04] (current) willy
Line 1: Line 1:
 ====== Lemmy ====== ====== Lemmy ======
  
-[[https://join-lemmy.org|Lemmy]] ...+[[https://join-lemmy.org|Lemmy]] Lemmy is the [[https://en.wikipedia.org/wiki/Fediverse|Fediverse]] response to the //reddit like// social media, but of course, federatedWhat't not to like? And isn't it the best opportunity to self-host for your personal use and have your own Lemmy instance?
  
-Please note that Lemmy requires a dedicated subdomain that cannot be changed afterward, because that is the unique identifier of your instance.+Luckly, it's pretty easy to self-host and it seems not to require many resources, so far. 
 + 
 +**Note:** Lemmy requires a __dedicated subdomain__ that cannot be changed afterward, because that is the unique identifier of your instance.
  
  
 ==== Installation ==== ==== Installation ====
  
-Following [[https://join-lemmy.org/docs/administration/install_docker.html|this guide]].+I suggest you follow [[https://join-lemmy.org/docs/administration/install_docker.html|this guide]], which was my base, taking into consideration my following notes and detailed steps.
  
-Create the usual dedicated user. Also, all data needs to be located in a dedicated folder that will be **/data/lemmy**:+First of all, create the usual dedicated user. You alsoi need to create the data folder where all data needs to be located. As usual in my setup, the daemon folder will be **/data/daemons/lemmy** and the data folder will be **/data/lemmy**:
 <code> <code>
 useradd -d /data/daemons/lemmy -m lemmy useradd -d /data/daemons/lemmy -m lemmy
 mkdir /data/lemmy mkdir /data/lemmy
-chown lemmy:lemmy /data/lemmy+mkdir /data/lemmy/pictr 
 +chown lemmy:lemmy /data/lemmy -R 
 +chmod o+w /data/lemmy/pictr  
 </code> </code>
  
-There are four files that you need to edit, download the raw ones:+The **/data/lemmy/pictr** folder needs to exist but needs also be writable by //others// at this time because it will be populated by a subuid linked to the lemmy user, you can then change it's ownership and permissions after the first usccessfull start with the following commands __as root__: 
 +<code bash> 
 +cd /data/lemmy 
 +ls -l pictrs 
 +# Now grab the UID and GID of the files inside the pictrs folder and use them for the following command: 
 +chown UID:GIR -R pictrs 
 +chmod o-w pictrs -R 
 +</code> 
 + 
 +There are five files that you need to edit, download the raw ones:
 <code bash> <code bash>
 su - lemmy su - lemmy
-wget https://raw.githubusercontent.com/LemmyNet/lemmy-docs/main/assets/docker-compose.yml 
 wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/config.hjson -O /data/lemmy/lemmy.hjson wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/config.hjson -O /data/lemmy/lemmy.hjson
 wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx_internal.conf -O /data/lemmy/nginx_internal.conf wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx_internal.conf -O /data/lemmy/nginx_internal.conf
 wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/files/proxy_params -O /data/lemmy/proxy_params wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/files/proxy_params -O /data/lemmy/proxy_params
 +wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/customPostgresql.conf -O /data/lemmy/customPostgresql.conf
 +wget https://raw.githubusercontent.com/LemmyNet/lemmy-docs/main/assets/docker-compose.yml
 </code> </code>
 +Please pay attention that you moved the files to **/data/lemmy** and not in the same folder of the docker-compose.yml file (this is different from the above linked guide).
  
-Edit the docker compose file:+Here are some notes on editing them, start with the guide linked above, then follow my notes. 
 + 
 +=== lemmy.hjson === 
 + 
 +This contains critical setup for your Lemmy instance: 
 +<file - lemmy.hjson> 
 +
 +  database: { 
 +    host: postgres 
 +    password: "<< here your custom database password >>" 
 +  } 
 +  hostname: "lemmy.mydomain.com" # DO NOT put "https://" here! 
 +  pictrs: { 
 +    url: "http://pictrs:8080/" 
 +    api_key: "<< here your custom database password >>" 
 +  } 
 +  email: { 
 +    smtp_server: "postfix:25" 
 +    smtp_from_address: "noreply@lemmy.mydomain.eu"  
 +    tls_type: "none" 
 +  } 
 +
 +</file> 
 + 
 +You could edit the email section and enable your own email server, if you have one, to get a better chance of your lemmy emails to reach users. 
 + 
 +=== nginx_internal.conf === 
 + 
 +This is the Lemmy internal NGINX web server setup. You need this even if you will be slapping an additional NGINX reverse proxy in front of it. 
 + 
 +There is only one line to edit here, which is the internal resolver address: 
 +<code> 
 +    resolver  10.89.0.1 valid=5s; 
 +</code> 
 + 
 +This is important, because this internal NGINX will need to resolve the other containers by name, and this can be achieved by enabling Podman internal name resolutions for the //lemmy-net//. Podman internal name resolution is disabled by default and need to be enabled in the docker-compose.yml like this: 
 +<code> 
 +networks: 
 +  lemmy-net: 
 +    dns_enabled: true  
 +</code> 
 + 
 +Differently from docker, in podman the internal resolver address is **10.89.0.1**. 
 + 
 +=== proxy_params === 
 + 
 +This file doesn't need to be modified. 
 + 
 + 
 +=== customPostgresql.conf === 
 + 
 +This file contains specific PostgreSQL setup to fine-tune the database to your hardware capabilties. Go to [[https://pgtune.leopard.in.ua/|this page]] to generate it's content based on your server specs. I suggest you downplay a bit your specs when you input them in the page. This will create a more conservative configuration, to play better with other shared services on your server. 
 + 
 +Yes, in other words, you can discard the content of the original downloaded file and replace it with the one generated by the page linked in this paragraph. 
 + 
 + 
 +=== docker-compose.yml === 
 + 
 +This is the most critical file. The following is derived from the one linked above, but i have done a few podman specific editings, noted below:
 <file - docker-compose.yml> <file - docker-compose.yml>
 +x-logging: &default-logging
 +  driver: "json-file"
 +  options:
 +    max-size: "50m"
 +    max-file: "4"
 +
 +services:
 +  proxy:
 +    image: nginx:1-alpine
 +    ports:
 +      - "10633:8536"  # Choose an available port on your server!
 +    volumes:
 +      - /data/lemmy/nginx_internal.conf:/etc/nginx/nginx.conf:ro,Z
 +      - /data/lemmy/proxy_params:/etc/nginx/proxy_params:ro,Z
 +    restart: always
 +    logging: *default-logging
 +    networks:
 +      - lemmy-net
 +    
 +  lemmy:
 +    image: dessalines/lemmy:0.19.8
 +    hostname: lemmy
 +    restart: always
 +    logging: *default-logging
 +    environment:
 +      - RUST_LOG="warn"
 +    volumes:
 +      - /data/lemmy/lemmy.hjson:/config/config.hjson:Z
 +    depends_on:
 +      - postgres
 +    networks:
 +      - lemmy-net
 +    
 +  lemmy-ui:
 +    image: dessalines/lemmy-ui:0.19.8
 +    environment:
 +      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
 +      - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.ml
 +      - LEMMY_UI_HTTPS=true
 +    volumes:
 +      - /data/lemmy/lemmy-ui/extra_themes:/app/extra_themes
 +    restart: always
 +    logging: *default-logging
 +    networks:
 +      - lemmy-net
 +
 +  pictrs:
 +    image: asonix/pictrs:0.5.16
 +    hostname: pictrs
 +    environment:
 +      - PICTRS_OPENTELEMETRY_URL=http://otel:4137
 +      - PICTRS__SERVER__API_KEY=<< here your lemmy postgres password >>
 +      - RUST_BACKTRACE=full
 +      - PICTRS__MEDIA__VIDEO__VIDEO_CODEC=vp9
 +      - PICTRS__MEDIA__ANIMATION__MAX_WIDTH=256
 +      - PICTRS__MEDIA__ANIMATION__MAX_HEIGHT=256
 +      - PICTRS__MEDIA__ANIMATION__MAX_FRAME_COUNT=400
 +    user: 991:991 # This 991 will be used to define the UID:GID you need to set ownership of the folder to, as stated above...
 +    volumes:
 +      - /data/lemmy/pictrs:/mnt:Z # this is the folder of which you need to set ownership. This folder must exist before first launch
 +    restart: always
 +    logging: *default-logging
 +    networks:
 +      - lemmy-net
 +
 +  postgres:
 +    image: pgautoupgrade/pgautoupgrade:17-alpine
 +    hostname: postgres
 +    environment:
 +      - POSTGRES_USER=lemmy
 +      - POSTGRES_PASSWORD=<< here your lemmy postgres password >> # the same as in the lemmy hjson above
 +      - POSTGRES_DB=lemmy
 +    shm_size: 1g
 +    volumes:
 +      - /data/lemmy/postgres:/var/lib/postgresql/data:Z
 +      - /data/lemmy/customPostgresql.conf:/etc/postgresql.conf
 +    restart: always
 +    logging: *default-logging
 +    networks:
 +      - lemmy-net
 +
 +  postfix:
 +    image: mwader/postfix-relay
 +    environment:
 +      - POSTFIX_myhostname="lemmy.mydomain.com" # DO NOT put the "https://" here
 +    restart: "always"
 +    logging: *default-logging
 +    networks:
 +      - lemmy-net
  
 +networks:
 +  lemmy-net:
 +    dns_enabled: true # this is very important for the internal proxy
 </file> </file>
  
-...+Please also note that the //depends// lines have been changed a bit from the docker original example, maybe due to some podman differences
  
 +**Note:** first startup might fail because the postgress image takes too long to create the daabase and the lemmy image fails. In this case, just wait until it's done, stop it and restart it.
  
-Now pull it:+Now pull the images:
 <code bash> <code bash>
 podman compose pull podman compose pull
Line 49: Line 215:
 Following [[https://docs.searxng.org/admin/installation-nginx.html#installation-nginx|this page]] create a NGINX config file called **/etc/nginx/com.mydomain/lemmy/lemmy.conf** like this: Following [[https://docs.searxng.org/admin/installation-nginx.html#installation-nginx|this page]] create a NGINX config file called **/etc/nginx/com.mydomain/lemmy/lemmy.conf** like this:
  
-<file - grist.conf>+<file - lemmy.mydomain.conf> 
 +server { 
 +    listen 443 ssl; 
 +    listen 8443 ssl; 
 +    http2 on;
  
-</file>+    server_name lemmy.mydomain.com;
  
 +    ssl_protocols TLSv1.2 TLSv1.3;
 +    ssl_prefer_server_ciphers on;
 +    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 +    ssl_session_cache shared:SSL:10m;
 +    ssl_session_tickets on;
 +    ssl_stapling on;
 +    ssl_stapling_verify on;
 +
 +    # Hide nginx version
 +    server_tokens off;
 +
 +    # Upload limit, relevant for pictrs
 +    client_max_body_size 20M;
 +
 +    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
 +    # It might be nice to compress JSON, but leaving that out to protect against potential
 +    # compression+encryption information leak attacks like BREACH.
 +    gzip on;
 +    gzip_types text/css application/javascript image/svg+xml;
 +    gzip_vary on;
 +
 +    # Various content security headers
 +    add_header Referrer-Policy "same-origin";
 +    add_header X-Content-Type-Options "nosniff";
 +    add_header X-Frame-Options "DENY";
 +    add_header X-XSS-Protection "1; mode=block";
 +
 +    access_log /var/log/nginx/lemmy.mydomain.com_access_log main;
 +    error_log /var/log/nginx/lemmy.mydomain.com_error_log info;
 +
 +    location / {
 +      proxy_pass http://127.0.0.1:10633;
 +      proxy_http_version 1.1;
 +      proxy_set_header Upgrade $http_upgrade;
 +      proxy_set_header Connection "upgrade";
 +      proxy_set_header X-Real-IP $remote_addr;
 +      proxy_set_header Host $host;
 +      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +      proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
 +      proxy_no_cache $cookie_jwt $http_authorization;
 +      proxy_cache_bypass $cookie_jwt $http_authorization;
 +  }
 +}
 +</file>
  
  
Line 73: Line 287:
 rc-service user-containers.lemmy start rc-service user-containers.lemmy start
 </code> </code>
 +
 +
 +==== Usage Notes ====
 +
 +A few notes and hints i learned after setting everything up and running.
 +
 +  * Federation takes hours. Expect at least half day / one day for your new instance to propagate the fediverse and start being picked up by other lemmy instances. At least a few hours. Manually forcing specified instances by searching for communities on them will speed this up a bit, but not too much.
 +
 +  * Registering new users will just popup a notification in your admin panel, you will need to go there and accept them. At first i was expecting an email in my inbox (a real email), but i doesnt happen. At the same time, i strongly suggest you don't allow open registrations for legal issues and such.
 +
 +  * You might want to head to [[https://gui.fediseer.com|fediseer.com]] to register your instance. Just type your instance name and admin name, and you will receive an API key in your inbox. Place the key back into the website and your instance will be stored. You can then ask for a guarantee from other instances and provide your own to others.
 +
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information