I hope this is the right place for this.
So, here is the thing: my lemmy instance is accessible in the browser via its domain, everything is fine, but no other communities are shown. When I test federation with "curl -H "Accept: application/activity+json" https://my-instance.com/u/some-local-user" I get a SSL certificate error.
So I figured that it has something to do with my reverse proxy and modified the nginx.conf like described in the documentation.
But the error persists.
This is my nginx.config in /etc/nginx/sites-enables/:
" limit_req_zone $binary_remote_addr zone={{ my_domain }}_ratelimit:10m rate=1r/s;
server { listen 80; listen [::]:80; server_name {{ my_domain }}; # Hide nginx version server_tokens off; location / { return 301 https://$host$request_uri; } }
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name {{ my_domain }};
# Replace these lines with your own certificate and key paths
ssl_certificate /etc/ssl/certs/{{ my_certs }};
ssl_certificate_key /etc/ssl/certs/{{ my_keys }};
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers {{ cipher_encrypt }};
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
# Hide nginx version
server_tokens off;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Various content security headers
add_header Referrer-Policy "same-origin";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
#location / {
# proxy_pass http://0.0.0.0:1236;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#}
location / {
set $proxy_pass "http://0.0.0.0:1236";
if ($http_accept = "application/activity+json") {
set $proxy_pass "http://0.0.0.0:8536";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxy_pass "http://0.0.0.0:8536";
}
proxy_pass $proxy_pass;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
access_log /var/log/nginx/access.log combined;
"(end of file)
Maybe, someone has an idea how to solve this. I'm really at the end of my wits here :(
Likely you needed to include the intermediate cert chain. Let's encrypt sets that up automatically so it's quite a bit easier to get right.