User Tools

This is an old revision of the document!

Lemmy

Lemmy

Please note that Lemmy requires a dedicated subdomain that cannot be changed afterward, because that is the unique identifier of your instance.

Installation

Following this guide.

Create the usual dedicated user. Also, all data needs to be located in a dedicated folder that will be /data/lemmy: 

useradd -d /data/daemons/lemmy -m lemmy
mkdir /data/lemmy
mkdir /data/lemmy/pictr
chown lemmy:lemmy /data/lemmy -R
chmod o+w /data/lemmy/pictr  # need to be improved in the future

There are four files that you need to edit, download the raw ones: 

su - lemmy
wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/config.hjson -O /data/lemmy/lemmy.hjson
wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx_internal.conf -O /data/lemmy/nginx_internal.conf
wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/files/proxy_params -O /data/lemmy/proxy_params
wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/customPostgresql.conf -O /data/lemmy/customPostgresql.conf
wget https://raw.githubusercontent.com/LemmyNet/lemmy-docs/main/assets/docker-compose.yml

then edit the first three files following the guide linked above. Please pay attention that you moved the files to /data/lemmy and not in the same folder of the docker-compose.yml file.

For the nginx_internal.conf you need to specify 10.89.0.1 as resolver, since this is the one used by podman, and the above linked guide is for docker.

I will post here my docker-compose.yml since it's the one that gets the most edits:

docker-compose.yml
x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "50m"
    max-file: "4"

services:
  proxy:
    image: nginx:1-alpine
    ports:
      # Listen for outside connections on port 10633. You can freely change the left-side
      # number to a different port, eg using port 80 if you don't need a reverse proxy.
      - "10633:8536"
    volumes:
      - /data/lemmy/nginx_internal.conf:/etc/nginx/nginx.conf:ro,Z
      - /data/lemmy/proxy_params:/etc/nginx/proxy_params:ro,Z
    restart: always
    logging: *default-logging
    networks:
      - lemmy-net
    
  lemmy:
    image: dessalines/lemmy:0.19.8
    hostname: lemmy
    restart: always
    logging: *default-logging
    environment:
      - RUST_LOG="warn"
    volumes:
      - /data/lemmy/lemmy.hjson:/config/config.hjson:Z
    depends_on:
      - postgres
    networks:
      - lemmy-net
    
  lemmy-ui:
    image: dessalines/lemmy-ui:0.19.8
    environment:
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.ml
      - LEMMY_UI_HTTPS=true
    volumes:
      - /data/lemmy/lemmy-ui/extra_themes:/app/extra_themes
    restart: always
    logging: *default-logging
    networks:
      - lemmy-net

  pictrs:
    image: asonix/pictrs:0.5.16
    # this needs to match the pictrs url in lemmy.hjson
    hostname: pictrs
    # we can set options to pictrs like this, here we set max. image size and forced format for conversion
    # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
    environment:
      - PICTRS_OPENTELEMETRY_URL=http://otel:4137
      - PICTRS__SERVER__API_KEY=<< here your lemmy postgres password >>
      - RUST_BACKTRACE=full
      - PICTRS__MEDIA__VIDEO__VIDEO_CODEC=vp9
      - PICTRS__MEDIA__ANIMATION__MAX_WIDTH=256
      - PICTRS__MEDIA__ANIMATION__MAX_HEIGHT=256
      - PICTRS__MEDIA__ANIMATION__MAX_FRAME_COUNT=400
    user: 991:991
    volumes:
      - /data/lemmy/pictrs:/mnt:Z
    restart: always
    logging: *default-logging
    networks:
      - lemmy-net

  postgres:
    image: pgautoupgrade/pgautoupgrade:17-alpine
    hostname: postgres
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=<< here your lemmy postgres password >>
      - POSTGRES_DB=lemmy
    shm_size: 1g
    volumes:
      - /data/lemmy/postgres:/var/lib/postgresql/data:Z
      - /data/lemmy/customPostgresql.conf:/etc/postgresql.conf
    restart: always
    logging: *default-logging
    networks:
      - lemmy-net

  postfix:
    image: mwader/postfix-relay
    environment:
      - POSTFIX_myhostname="https://lemmy.mydomain.com"
    restart: "always"
    logging: *default-logging
    networks:
      - lemmy-net

networks:
  lemmy-net:
    dns_enabled: true # this is very important!

Please note that this compose file is a bit different from the original one. Note the network, which enabled DNS internal name resolver, which is disabled by default in podman but needs to be enabled for the proxy to work. Also note that the depends lines have been changed a bit from the docker original example.

Last, edit the customPostgresql.conf with the output generated from this page.

Now pull it: 

podman compose pull

Reverse Proxy

Lemmy not only must have it's own (sub-)domain, but that also identifies your instance. This means that you need to carefully plan the domain name and/or subdomain because you will not be able to change it afterward.

I assume it will be reachable as https://lemmy.mydomain.com.

Following this page create a NGINX config file called /etc/nginx/com.mydomain/lemmy/lemmy.conf like this:

lemmy.mydomain.conf
server {
    listen 443 ssl;
    listen 8443 ssl;
    http2 on;

    server_name lemmy.mydomain.com;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets on;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Hide nginx version
    server_tokens off;

    # Upload limit, relevant for pictrs
    client_max_body_size 20M;

    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
    # It might be nice to compress JSON, but leaving that out to protect against potential
    # compression+encryption information leak attacks like BREACH.
    gzip on;
    gzip_types text/css application/javascript image/svg+xml;
    gzip_vary on;

    # Various content security headers
    add_header Referrer-Policy "same-origin";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";

    location / {
      proxy_pass http://127.0.0.1:10633;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
      proxy_no_cache $cookie_jwt $http_authorization;
      proxy_cache_bypass $cookie_jwt $http_authorization;
  }
}

Autostart

To start it, and set it up on boot, as usual follow my indications Using Containers on Gentoo, so link the user-containers init script: 

ln -s /etc/init.d/user-containers /etc/init.d/user-containers.lemmy

and create the following config file:

/etc/conf.d/user-containers.lemmy
USER=lemmy
DESCRIPTION="Decentralized forum"

Add the service to the default runlevel and start it now: 

rc-update add user-containers.lemmy default
rc-service user-containers.lemmy start

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information