Hey. I really like the idea of the fediverse and Lemmy and would want to know as a beginner/not so experienced regarding selfhosting what would be the best way to get started? I saw there are vps options, but don’t know of I’m looking in the right direction.

  • fox@lemmy.fakecake.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago
    • why use two networks, instead they shouldn’t expose any internal ports if using reverse proxy container within compose (I’m using a separate external load balancer/reverse proxy, so I exposed lemmy & lemmy-backend only);
    • stuff like hostname: shouldn’t be needed because it matches service name;
    • instead of using generic nginx container image with custom nginx.conf you need to place somewhere manually they should pre-build a container which would work OOTB with the compose setup, this would also solve current situation where nginx.conf and compose file are seemingly maintained separately because they don’t match (i had to change one to match the other);
    • a minor thing but i would appreciate environment-based setup instead of needing configuration files (lemmy.hjson) on the filesystem (my ansible-based container deploy system has provisions for this stuff, still its something that i’d rather not have to use…);
    • in general compose setup feels like development environment because of all the debugging that is enabled, i think it also tries to build one of lemmy components instead of using an image by default;

    it’s all minor stuff, really, but it adds up and people who are not particularly savvy might give up on self-hosting lemmy because of if. so some polish and cleanup might be a good idea.

    i know there’s an ansible role too but i haven’t looked through it. i have to do way too much ansible code review & refactoring at work. :)

    • ipkpjersi
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m planning on self-hosting an instance (and some other web apps) on my local server at home, but over a VPN on a public VPS. I feel like that’s gonna make an overcomplicated setup even more overcomplicated lol

      • fox@lemmy.fakecake.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        i’m hosting lemmy on a vds using an S3 storage hosted at home (over wireguard). :)

        i’ve decided against hosting lemmy at home because there’s no way to setup a proxy for outbound connections (or i couldn’t find it) so any federation request your lemmy instance makes reveals your home IP to owners of that particular instance.

        • ipkpjersi
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          i’ve decided against hosting lemmy at home because there’s no way to setup a proxy for outbound connections (or i couldn’t find it) so any federation request your lemmy instance makes reveals your home IP to owners of that particular instance.

          Wait, how would that work? If I’m using OpenVPN, would it not be using the source and/or destination IP as my OpenVPN client IP, and not my home IP? After all, OpenVPN is completely bypassing my routing and NAT from my home connection, and it just tunnels traffic through the VPN instead.

          I believe the source IP would be the IP of any server trying to contact my server, and then the destination IP would be my VPN client IP because of the DNAT rule I have on my VPN server (say 10.0.0.2) so it would not expose my home IP, or is that not correct? If both Lemmy and Nginx are either using a local docker IP (not on my home network) or the OpenVPN client IP from tun0, how would they even be aware of my home IP which would be on a separate network interface?

          Are you saying I’d be exposing my IP if I tried my home-based VPN port forwarded setup? I am pretty sure it wouldn’t be exposing my home IP, but maybe I am mistaken.

            • ipkpjersi
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Good to know, thanks!

              I also asked ChatGPT because I was curious, and ChatGPT said since I am using a VPN, when my home server makes outbound requests, they will first go through the VPN tunnel and emerge from the VPS which means that to external systems (like the servers receiving my federation requests), the source IP will appear to be the public IP of my VPS, not my home IP.

              Very cool stuff! It makes sense that VPNs can be used to mask home IPs even in this way, since VPNs are literally designed for security and privacy lol