this post was submitted on 12 Jun 2023
369 points (99.2% liked)

Lemmy.World Announcements

29164 readers
73 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations ๐Ÿ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
 

I'm trying to fix this annoying slowness when posting to larger communities. (Just try replying here...) I'll be doing some restarts of the docker stack and nginx.

Sorry for the inconvenience.

Edit: Well I've changed the nginx from running in a docker container to running on the host, but that hasn't solved the posting slowness..

you are viewing a single comment's thread
view the rest of the comments
[โ€“] zikk_transport2 7 points 2 years ago (2 children)

Hey. From my own experience - Nginx is awesome and fast when it is working, but the more you want from it, the more difficult it becomes.

Give Caddy a try. This reverse proxy has always been excellent for me. It has HTTP3 (QUIC) support, automatic ACME and overall excellent configuration in terms of simplicity and user friendliness.

Caddy is not a good choice if you need TCP/UDP proxy. It's only HTTP/HTTPS proxy.

[โ€“] god 1 points 2 years ago* (last edited 2 years ago) (1 children)

Someone said this about Caddy "it injects advertising headers into your responses". Is this true? I don't know anything about caddy but that doesn't sound too good lo (to be fair it could be misinformation).

[โ€“] zikk_transport2 2 points 2 years ago* (last edited 2 years ago) (1 children)

Never heard about it. This is open source project, free to use.

In case you want to understand why it's good, check out Caddyfile example. Just specify something like this:

example.com {
  reverse_proxy backend:1234
}

And that's it! It automatically binds on 0.0.0.0:80 only for redirects to 0.0.0.0:443 + using ACME adds TLS, all behinds the scenes.

Add 1 more line to my given example and it adds compreasion.

I've been using it for my self-hosted stuff for prob 1-2 years and it kept working flawlessly all the time. Very satisfied.

[โ€“] god 1 points 2 years ago* (last edited 2 years ago) (2 children)

Sounds very cool. Does running with that file also handle the SSL certificate and validation automatically? Or are there extra steps?

[โ€“] zikk_transport2 3 points 2 years ago

Everything is automated. As long as you know how ACME is working (port 80, accessible from the internet), everything is done in the background, including TLS (SSL) certificate maintenance.

[โ€“] Perhyte 2 points 2 years ago

A minimal config like that will default to provisioning (and periodically renewing) an SSL certificate from Let's Encrypt automatically, and if there are any issues doing so it will try another free CA.

This requires port 80 and/or 443 to be reachable from the general Internet of course, as that's where those CAs are.

There's an optional extra step of putting

{
    email [email protected]
}

(with your actual e-mail address substituted) at the top of the config file, so that the Let's Encrypt knows who you are and can notify you if there are any problems with your certificates. For example, if any of your certificates are about to expire without being renewed^1^, or if they have to revoke certificates due to a bug on their side^2^ .

As long as you don't need wildcard certificates^3^, it's really that easy.


^1^: I've only had this happen twice: once when I had removed a subdomain from the config (so Caddy did not need to renew), and once when Caddy had "renewed" using the other CA due to network issues while contacting Let's Encrypt.

^2^: Caddy has code to automatically detect revoked certificates and renew or replace them before it becomes an issue, so you can likely ignore this kind of e-mail.

^3^: Wildcard certificates are supported, but require an extra line of configuration and adding in a module to support your DNS provider.