Federation, haha.
terribleplan
joined 2 years ago
I am pretty sure what I described is only when --log.level=DEBUG or
[log]
level = "DEBUG"
The syntax errors are weird/concerning if it says there are errors but it still seems to load the config anyway (based on you seeing them in the dashboard).
Back when I used the file provider I pointed it at a directory and put every router/service in its own file with that volume'd in to e.g. /traefik-conf. That's probably more just advice than being your problem though.
Yeah, as someone who used Mastodon back in the day this wasn't surprising, as they sorta highlighted your vs local vs public timeline, but I can totally see how it could be confusing expecting Lemmy to just be a "reddit clone". And TBF it is a reddit clone of sorts if you disable federation, "All" is everything your instance can possibly access, but then you lose out on what IMO is the killer feature.
There is probably a way you could spider instances and scrape content to get an "All" of sorts...
Your logs (at debug level at least, which is where I keep my server, haha) should have entries something along the lines of:
- Receiving configuration from the file provider
- What routers and services it sets up based on the configuration
- Whether certificate generation is needed for the routers
- What happens when LEGO tries to generate the certificate (created account, got challenge, passed/failed challenge, got cert, etc)
Use a site like browse.feddit.de to find communities you want to join and join them. Every instance only "has" their local communities plus whatever remote communities the users of the instance join. With more users it is more likely someone else has subscribed to something you are interested in, but someone on e.g. lemmy.world had to be the first user there to search and subscribe to any community that isn't based on that instance.
Yeah, you could also set up some sort of caching proxy in the cloud just for images and host those on a different domain (e.g cdn.lemmyinstance.com) if you want to host large images still and be as self-hosted as is possible given the constraints.
Is traefik successfully getting the cert via LE? It sounds like for one reason or another it is still using the built-in/default cert for those services. You can check the traefik log's LEGO lines, and/or look at your /letsencrypt/acme.json.
In my example I specified entrypoints.https.http.tls.domains, but I think that is only necessary when you're doing wildcard domains with a DNS solver.
edit: You may need to use the file provider rather than trying to specify stuff in the main config toml... traefik differentiates from "static" config that it has to know at boot time and can't change and "dynamic" config like routers and stuff.
Most of your traffic will be incoming, not outgoing. Unless you are posting to a community hosted on your instance the only time you send stuff will be when you post or comment, and even then you only send that to the instance hosting the community.
edit: Also if you post an image in a post/comment that would get loaded from your instance.
Traefik. It has a GUI that I can use to see things, and (depending on your setup) you define the routes and stuff as part of your container definitions, minimal extra work required, makes setup and teardown a breeze. It is also nice that you can use it in all sorts of places, I have used it as Kubernetes ingress and as the thing that routed traffic to a Nomad cluster.
I went from Apache to Nginx (manually configured, including ACME) to Traefik over the course of the past ~10 years. I tried Caddy when I was making the switch to Traefik and found it very annoying to use, too much magic in the wrong places. I have never actually used NPM, as it doesn't seem useful for what I want...
Anyway, with traefik you can write your services in docker compose like this, and traefik will just pick them up and do the right thing:
version: "3"
services:
foo-example-com:
image: nginx:1.24-alpine
volumes: ['./html:/usr/share/nginx/html:ro']
labels:
'traefik.http.routers.foo-example-com.rule': Host(`foo.example.com`)
restart: unless-stopped
networks:
- traefik
networks:
traefik:
name: traefik-expose-network
external: true
It will just work most of the time, though sometimes you'll have to specify 'traefik.http.services.foo-example-com.loadbalancer.server.port': whatever or other labels according to the traefik docs if you want specific behaviors or middleware or whatever.
And your deployment of traefik would look something like this:
version: '3'
services:
traefik:
image: traefik:v2
command: >-
--accesslog=true
--api=true
--api.dashboard=true
--api.debug=true
--certificatesresolvers.le.acme.dnschallenge.provider=provider
--certificatesresolvers.le.acme.storage=acme.json
[ ... other ACME stuff ... ]
--entrypoints.http.address=:80
--entrypoints.http.http.redirections.entrypoint.to=https
--entrypoints.http.http.redirections.entrypoint.scheme=https
--entrypoints.https.address=:443
--entrypoints.https.http.tls.certresolver=le
--entrypoints.https.http.tls.domains[0].main=example.com
--entrypoints.https.http.tls.domains[0].sans=*.example.com
--entrypoints.https.http.tls=true
--global.checknewversion=false
--global.sendanonymoususage=false
--hub=false
--log.level=DEBUG
--pilot.dashboard=false
--providers.docker=true
environment:
[ ... stuff for your ACME provider ... ]
ports:
# this assumes you just want to do simple port forwarding or something
- 80:80
- 443:443
# - 8080:8080 uncomment if you want to hit port 8080 of this machine for the traefik gui
working_dir: /data
volumes:
- ./persist:/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
restart: unless-stopped
networks:
traefik:
name: traefik-expose-network
external: true
Note that you'd have to create the traefik-expose-network manually for this to work, as that is how traefik will talk to your different services. You can get even fancier and set it up to expose your sites by default and auto-detect what to call them based on container name and stuff, but that is beyond the scope of a comment like this.
Technically my setup is a little more complex to allow for services on many different machines (so I don't use the built-in docker provider), and to route everything from the internet using frp using proxy protocol so I don't expose my home IP... I think this illustrates the point well regardless.
- Up to you, I would just avoid big instances like .world or .ml. People do congregate on big instances in most of the fediverse, so IDK that "professional" enters into it. It's not as if you're running a law firm on a @hotmail email address. I like hosting stuff for myself, so I am running my own instance.
- For yourself you could get away with spending around $5-$10/mo, plus ~$10/yr for the domain name. More users/load would need more resources, .world is spending >$150/mo for the server(s) alone, and that will only grow as the instance grows.
- Big thing would be site-wide moderation and managing federation. Dealing with reports, illegal content, communities that break server rules, users that are harassing others, etc. If you slack too much on that (or have overly lax policies) you may end up defederated by instances. Making the decision to defederate other instances. Etc.
- Entirely gone.
- Mostly just changes what you'd see on local. Federation can be wonky/slow at times, but that is true of federation between big instances as well, it's just something you have to get used to when using Lemmy.
"Initial sync" isn't a thing. Things only federate from communities after you subscribe to it. Old posts will make their way over if someone interacts with it (comments/votes on it). I think old comments may make their way over under the same conditions. Old votes will not make their way over so your vote count on old posts will never be right.
You can search for a post or comment to force your instance to load it (copy the federation link, the rainbow-web-looking icon) just like you would do for communities. I think there are scripts out there that may automate this process to force your instance to load old content, but you're putting more load on an already strained system.
And yes, lemmy.world is probably overloaded. Usually this just means that federation from it isn't instant and may take a little time.
There is an "Actions" feature coming that is very similar to GitHub actions for CI and similar use-cases. It's still behind a feature flag as it's not quite ready for prime-time, but you can enable it on a self-hosted instance if you want. I believe this is also in Gitea as well, so you don't have to use the Forgejo fork, but I have moved my instance over due to the whole situation leading to the fork.