I was hoping to get some help from you all, since I assume there are a good number of people here selfhosting their own instance of Lemmy. There doesn’t appear to be a search bar for per community searching, so I thought I’d post my question in case anyone else has a similar one. I’ve created my own Lemmy instance running in Docker based on the dev’s provided documentation. Used their example docker-compose.yml file and others, and just customized the needed options. I’ve got everything working except one important part, TLS/SSL certs. I’m not familiar with nginx at all, but it seems like I simply need to map another volume from local:container for the cert, however when I’ve mapped certbot/conf/:/etc/nginx/ssl/ and restart all the containers, this doesn’t enable HTTPS.

I’ve read a couple different places online that talk about adding CertBot as a service etc, however none of these were specially for Lemmy. So I wasn’t sure this would work given the extra config file for nginx. Any advice on how you all got this to work would be appreciated! Thank you in advance :)

Edit: thanks for all the advice everyone! Sounds like I’ll be going the reverse proxy route, either with caddy or npm. Both seem simple enough to implement. Thanks again, and happy Friday!

  • Mikel@lemmy.farley.pro
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    I’ve been using Caddy instead of nginx for years now. As long as your port forwarding is already setup, it’ll pull TLS certs for every domain in the config automatically and keep it up-to-date forever.

    It’s also super easy to use as a reverse proxy, so you can run one caddy server for all your sites on the same machine pretty easily.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    HTTP Hypertext Transfer Protocol, the Web
    HTTPS HTTP over SSL
    SSL Secure Sockets Layer, for transparent encryption
    TLS Transport Layer Security, supersedes SSL
    nginx Popular HTTP server

    4 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.

    [Thread #22 for this sub, first seen 11th Aug 2023, 03:15] [FAQ] [Full list] [Contact] [Source code]

  • Dr. Jenkem@lemmy.blugatch.tube
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Nginx-proxy-manager makes dealing with certs easier imo. You can either have it setup to double proxy (point to the nginx you already have running) or replace the existing nginx (you’ll have to copy the config into nginx-proxy-manager ui).

      • Aux@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Standalone nginx is confusing because it was designed to be as fast as possible. Developers have sacrificed everything for this goal.

  • Excel@lemmy.megumin.org
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    You need to get a cert from Let’s Encrypt (using certbot), then look up directions for configuring nginx to use the cert files generated by certbot.

  • gabe [he/him]@literature.cafe
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m using a custom docker image for lemmy made by a friend of mine that uses traefik instead of nginx/caddy and it automatically manages certs, but I do know that caddy is quite simple in a similar way as well.

  • Dandroid@dandroid.app
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    it seems like I simply need to map another volume from local:container for the cert, however when I’ve mapped certbot/conf/:/etc/nginx/ssl/ and restart all the containers, this doesn’t enable HTTPS.

    I originally did it this way. You need to modify your nginx config to enable SSL and use the certs.

    Eventually I decided that I wanted to host more than one web page, so I ended up going with the reverse proxy approach. With that approach, your docker containers are only using http with no encryption, and your reverse proxy is adding the SSL/TLS to it and making it HTTPS. This made it much easier to manage the certificates, imo.