Fix lemmy nginx

2025-12-06 08:07:45 +00:00 · 2025-05-17 11:26:36 +00:00 · 2025-05-17 11:26:36 +00:00 · 91519a558f
commit 91519a558f
parent ed26516625
2 changed files with 36 additions and 32 deletions
--- a/hosts/ports.nix
+++ b/hosts/ports.nix
@ -17,7 +17,6 @@
      chat = 3008;
      # dash = 3009;
      ntfy = 3010;
      lemmy = 3011;
      search = 8081;
      videos = 8082;
@ -26,7 +25,8 @@
    mods.server.local.ports = {
      # grav = 5001
      lemmy-api = 5002;
-      pict-rs = 5003;
+      lemmy-ui = 5003;
      pict-rs = 5004;
    };
  };
 }
--- a/modules/nixos/server/lemmy.nix
+++ b/modules/nixos/server/lemmy.nix
@ -3,7 +3,7 @@ let
  inherit (lib) mkEnableOption;
  cfg = config.mods.server.lemmy;
  port = config.mods.server.local.ports.lemmy-api;
-  port-ui = config.mods.server.nginx.ports.lemmy;
+  port-ui = config.mods.server.local.ports.lemmy-ui;
  port-pict = config.mods.server.local.ports.pict-rs;
  hostname = "lemmy.muon.host";
  bind = "0.0.0.0";
@ -42,40 +42,44 @@ in {
      address = "0.0.0.0";
    };
-    services.nginx.virtualHosts."${hostname}".locations = let
+    services.nginx.virtualHosts."${hostname}" = let
      ui = "http://10.0.0.3:${toString port-ui}";
      backend = "http://10.0.0.3:${toString port}";
    in lib.mkIf config.mods.server.nginx.enable {
-      "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
+      forceSSL = true;
-        # backend requests
+      enableACME = true;
-        proxyPass = backend;
+      locations = {
-        proxyWebsockets = true;
+        "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
-        recommendedProxySettings = true;
+          # backend requests
-      };
+          proxyPass = backend;
-      "/" = {
+          proxyWebsockets = true;
-        # mixed frontend and backend requests, based on the request headers
+          recommendedProxySettings = true;
-        extraConfig = ''
+        };
-          set $proxpass "${ui}";
+        "/" = {
-          if ($http_accept = "application/activity+json") {
+          # mixed frontend and backend requests, based on the request headers
-            set $proxpass "${backend}";
+          extraConfig = ''
-          }
+            set $proxpass "${ui}";
-          if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
+            if ($http_accept = "application/activity+json") {
-            set $proxpass "${backend}";
+              set $proxpass "${backend}";
-          }
+            }
-          if ($request_method = POST) {
+            if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
-            set $proxpass "${backend}";
+              set $proxpass "${backend}";
-          }
+            }
            if ($request_method = POST) {
              set $proxpass "${backend}";
            }
-          # Cuts off the trailing slash on URLs to make them valid
+            # Cuts off the trailing slash on URLs to make them valid
-          rewrite ^(.+)/+$ $1 permanent;
+            rewrite ^(.+)/+$ $1 permanent;
-          proxy_pass $proxpass;
+            proxy_pass $proxpass;
-          # Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
+            # Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
-          # The other headers are optional, for the sake of better log data.
+            # The other headers are optional, for the sake of better log data.
-          proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header Host $host;
+            proxy_set_header Host $host;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        '';
+          '';
        };
      };
    };
  };