Asklemmy

43400 readers

884 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

New Lemmy Spanish-speaking instance: Lemido (lemido.freakspot.net)

submitted 2 years ago by jorgesumle@lemmy.pt to c/asklemmy@lemmy.ml

10 comments fedilink hide all child comments

Hi, I've just created an instance for Spanish speakers. I want to federate, but according to the documentation I have to ask other servers to federate with me:

Federation is not set up by default. You can add this this federation block to your lemmy.hjson, and ask other servers to add you to their allowlist.

Do you want to federate with my instance? Do I need to ask to every instance with which I want to federate?

top 10 comments

sorted by: hot top controversial new old

[–] nutomic@lemmy.ml 0 points 2 years ago (1 children)

The documentation is outdated then, as most instances use open federation by now. So what you need to do is simply take the url of a community/post on another instance, and paste it into the search bar of your instance. It will get fetched and you can directly interact with it.

[–] jorgesumle@lemmy.pt 0 points 2 years ago (1 children)

I can read and post doing that, but my posts don't appear on the original forum and everything has 0 votes, and I can't see any comment.

[–] nutomic@lemmy.ml 1 points 2 years ago (1 children)

When fetching a community or post for the first time, votes or comments are not fetched. You can subscribe, and will later receive new content.

Your instance is currently not configured correctly for federation. The following request should return json, but gives error 404: curl -H 'Accept: application/activity+json' https://lemido.freakspot.net/u/lemmy (compare with curl -H 'Accept: application/activity+json' https://lemmy.ml/u/nutomic). The default Lemmy installation has an nginx config which takes care of this.

[–] jorgesumle@lemmy.pt 1 points 2 years ago (1 children)

I copied the default nginx config, but for some reason I don't know it doesn't work, and I don't know how to troubleshoot it, because I don't see any error message.

[–] nutomic@lemmy.ml 1 points 2 years ago (1 children)

Did you install manually? Then you need to ensure that the ports for lemmy and lemmy-ui are set correctly in nginx config. You also need to apply changes with nginx -s reload

[–] jorgesumle@lemmy.pt 1 points 2 years ago

Did you install manually?

No, I followed the instructions for Docker.

Then you need to ensure that the ports for lemmy and lemmy-ui are set correctly in nginx config.

I think they are. This is the nginx config file:

limit_req_zone $binary_remote_addr zone=lemido.freakspot.net_ratelimit:10m rate=1r/s;

server {
    listen 80;
    listen [::]:80;
    server_name lemido.freakspot.net;
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name lemido.freakspot.net;

    ssl_certificate /etc/letsencrypt/live/freakspot.net-0002/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/freakspot.net-0002/privkey.pem;

    # Various TLS hardening settings
    # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets on;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Hide nginx version
    server_tokens off;

    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
    # It might be nice to compress JSON, but leaving that out to protect against potential
    # compression+encryption information leak attacks like BREACH.
    gzip on;
    gzip_types text/css application/javascript image/svg+xml;
    gzip_vary on;

    # Only connect to this site via HTTPS for the two years
    add_header Strict-Transport-Security "max-age=63072000";

    # Various content security headers
    add_header Referrer-Policy "same-origin";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";

    # Upload limit for pictrs
    client_max_body_size 500M;

    # frontend
    location / {
      # The default ports:
      # lemmy_ui_port: 1235
      # lemmy_port: 8536

#      Also tried this, but it didn't work

#      set $proxpass "http://0.0.0.0:1235";
#      if ($http_accept = "application/activity+json") {
#      set $proxpass "http://0.0.0.0:8536";
#      }
#      if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
#      set $proxpass "http://0.0.0.0:8536";
#      }
#      proxy_pass $proxpass;

      set $proxpass "http://0.0.0.0:1235";
      if ($http_accept ~ "^application/.*$") {
        set $proxpass "http://0.0.0.0:8536";
      }
      if ($request_method = POST) {
        set $proxpass "http://0.0.0.0:8536";
      }
      proxy_pass $proxpass;

      rewrite ^(.+)/+$ $1 permanent;

      # Send actual client IP upstream
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # backend
    location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
      proxy_pass http://0.0.0.0:8536;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      # Rate limit
      limit_req zone=lemido.freakspot.net_ratelimit burst=30 nodelay;

      # Add IP forwarding headers
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    # Redirect pictshare images to pictrs
    location ~ /pictshare/(.*)$ {
      return 301 /pictrs/image/$1;
    }

}

# Anonymize IP addresses
# https://www.supertechcrew.com/anonymizing-logs-nginx-apache/
map $remote_addr $remote_addr_anon {
  ~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
  ~(?P<ip>[^:]+:[^:]+):       $ip::;
  127.0.0.1                   $remote_addr;
  ::1                         $remote_addr;
  default                     0.0.0.0;
}
access_log /var/log/nginx/access.log combined;

You also need to apply changes with nginx -s reload

I did restart with systemctl and also used your command, but it still doesn't work.

[–] juh@lemmy.ml 0 points 2 years ago (1 children)

I can't subscribe to https://lemido.freakspot.net/c/noticias

[–] jorgesumle@lemmy.pt 0 points 2 years ago (1 children)

Maybe I've configured something wrong, but I don't know what.

[–] gorilophobia@lemmy.ml 1 points 2 years ago (1 children)

Still not working to me :(

[–] jorgesumle@lemmy.pt 1 points 2 years ago

Yes, apparently I didn't install it correctly. Federation doesn't work, but I still don't know what is wrong with my configuration.