Federation of my Lemmy instances doesnt work (please help)
I hope this is the right place for this.
So, here is the thing: my lemmy instance is accessible in the browser via its domain, everything is fine, but no other communities are shown. When I test federation with "curl -H “Accept: application/activity+json” my-instance.com/u/some-local-user" I get a SSL certificate error.
So I figured that it has something to do with my reverse proxy and modified the nginx.conf like described in the documentation.
But the error persists.
This is my nginx.config in /etc/nginx/sites-enables/<my-domain>:
" limit_req_zone $binary_remote_addr zone={{ my_domain }}_ratelimit:10m rate=1r/s;
server { listen 80; listen [::]:80; server_name {{ my_domain }}; # Hide nginx version server_tokens off; location / { return 301 https://$host$request_uri; } }
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name {{ my_domain }};
<span style="color:#323232;"># Replace these lines with your own certificate and key paths
</span><span style="color:#323232;">ssl_certificate /etc/ssl/certs/{{ my_certs }};
</span><span style="color:#323232;">ssl_certificate_key /etc/ssl/certs/{{ my_keys }};
</span><span style="color:#323232;">
</span><span style="color:#323232;">ssl_protocols TLSv1.2 TLSv1.3;
</span><span style="color:#323232;">ssl_prefer_server_ciphers on;
</span><span style="color:#323232;">ssl_ciphers {{ cipher_encrypt }};
</span><span style="color:#323232;">ssl_session_timeout 10m;
</span><span style="color:#323232;">ssl_session_cache shared:SSL:10m;
</span><span style="color:#323232;">ssl_session_tickets on;
</span><span style="color:#323232;">ssl_stapling on;
</span><span style="color:#323232;">ssl_stapling_verify on;
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Hide nginx version
</span><span style="color:#323232;">server_tokens off;
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Upload limit, relevant for pictrs
</span><span style="color:#323232;">client_max_body_size 20M;
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Enable compression for JS/CSS/HTML bundle, for improved client load times.
</span><span style="color:#323232;">gzip on;
</span><span style="color:#323232;">gzip_types text/css application/javascript image/svg+xml;
</span><span style="color:#323232;">gzip_vary on;
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Various content security headers
</span><span style="color:#323232;">add_header Referrer-Policy "same-origin";
</span><span style="color:#323232;">add_header X-Content-Type-Options "nosniff";
</span><span style="color:#323232;">add_header X-Frame-Options "DENY";
</span><span style="color:#323232;">add_header X-XSS-Protection "1; mode=block";
</span><span style="color:#323232;">
</span><span style="color:#323232;">#location / {
</span><span style="color:#323232;"># proxy_pass http://0.0.0.0:1236;
</span><span style="color:#323232;"># proxy_http_version 1.1;
</span><span style="color:#323232;"># proxy_set_header Upgrade $http_upgrade;
</span><span style="color:#323232;"># proxy_set_header Connection "upgrade";
</span><span style="color:#323232;"># proxy_set_header X-Real-IP $remote_addr;
</span><span style="color:#323232;"># proxy_set_header Host $host;
</span><span style="color:#323232;"># proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span><span style="color:#323232;">#}
</span><span style="color:#323232;">
</span><span style="color:#323232;">
</span><span style="color:#323232;">location / {
</span><span style="color:#323232;"> set $proxy_pass "http://0.0.0.0:1236";
</span><span style="color:#323232;"> if ($http_accept = "application/activity+json") {
</span><span style="color:#323232;"> set $proxy_pass "http://0.0.0.0:8536";
</span><span style="color:#323232;"> }
</span><span style="color:#323232;"> if ($http_accept = "application/ld+json; profile="https://www.w3.org/ns/activitystreams"") {
</span><span style="color:#323232;"> set $proxy_pass "http://0.0.0.0:8536";
</span><span style="color:#323232;"> }
</span><span style="color:#323232;"> proxy_pass $proxy_pass;
</span><span style="color:#323232;"> proxy_http_version 1.1;
</span><span style="color:#323232;"> proxy_set_header Upgrade $http_upgrade;
</span><span style="color:#323232;"> proxy_set_header Connection "upgrade";
</span><span style="color:#323232;"> proxy_set_header X-Real-IP $remote_addr;
</span><span style="color:#323232;"> proxy_set_header Host $host;
</span><span style="color:#323232;"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span><span style="color:#323232;">}
</span>
}
access_log /var/log/nginx/access.log combined;
"(end of file)
Maybe, someone has an idea how to solve this. I’m really at the end of my wits here :(