📚 Lemmy 0.16.7 on OpenBSD 7.2
💡 Newskategorie: Programmierung
🔗 Quelle: dev.to
Summary
Lemmy is one of Fediverse implementations, which focuses on link aggregators. It also works as a platform for forums and microblogging.
On technical aspects, used are Rust Actix, an actor-model web framework good at concurrency, and InfernoJS, a blazingly fast client framework inspired by React. Therefore, it runs comfortably fast.
This post shows how to install Lemmy and configure it on OpenBSD, a solid operating system.
As to Rust's platform support, OpenBSD stands in Tier 3, the lowest in Target Tier Policy, and, however, it works !!
Environment
- OS: OpenBSD 7.2
- Database: PostgreSQL 14.5 (released on Aug 11, 2022)
- Object Storage: MinIO - AWS S3-compatible (Optional)
- Web Server: relayd
- Apps
Tutorial
PostgreSQL
Install PostgreSQL server and configure it (if undone)
This post should help.
Create database
Start psql
:
$ psql -U <your-postgres-user>
Run to create role:
create user lemmy with encrypted password '(...)';
The output was:
CREATE ROLE
Then run to create database belonging to the role:
create database lemmy with owner lemmy \
ENCODING 'UTF-8' template template0 LC_COLLATE 'C' LC_CTYPE 'C';
The output was:
CREATE DATABASE
MinIO (Optional)
This post may help.
Lemmy server
Suppose directories will be created as below:
/var
+-- /lemmy
+-- /lemmy
+-- /lemmy-ui
+-- /pict-rs
Prepare Rust packages
$ doas pkg_add rust
The output was:
quirks-6.42 signed on 2023-01-13T18:22:41Z
rust-1.63.0p0:libssh2-1.10.0p0: ok
rust-1.63.0p0: ok
Add a Lemmy user
Run:
$ doas useradd -d /var/lemmy -m _lemmy
Then act as the user:
$ doas su - _lemmy
The login shell is perhaps ksh
.
You must be in the home directory:
$ pwd
/var/lemmy
Build Lemmy server
First, get the source of lemmy server:
$ git clone https://github.com/LemmyNet/lemmy.git --recursive --branch 0.16.7 --single-branch
The output was:
Cloning into 'lemmy'...
remote: Enumerating objects: 39173, done.
remote: Counting objects: 100% (84/84), done.
remote: Compressing objects: 100% (38/38), done.
remote: Total 39173 (delta 57), reused 46 (delta 46), pack-reused 39089
Receiving objects: 100% (39173/39173), 10.10 MiB | 14.84 MiB/s, done.
Resolving deltas: 100% (27466/27466), done.
Note: switching to '31530e1be409930c6be3e15106991ae35cd6a847'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
(...)
Submodule 'crates/utils/translations' (https://github.com/LemmyNet/lemmy-translations.git) registered for path 'crates/utils/translations'
Cloning into '/var/lemmy/lemmy/crates/utils/translations'...
remote: Enumerating objects: 2208, done.
remote: Counting objects: 100% (546/546), done.
remote: Compressing objects: 100% (151/151), done.
Receiving objects: 100% (2208/2208), 678.71 KiB | 4.06 MiB/s, done.
remote: Total 2208 (delta 439), reused 464 (delta 395), pack-reused 1662
Resolving deltas: 100% (1820/1820), done.
Submodule path 'crates/utils/translations': checked out '454debaede4cc932ac15fea9bf620cf1daf1ae4c'
Go inside:
$ cd lemmy
You are now in /var/lemmy/lemmy
and have lemmy server code written in Rust.
Wait, please. You cannot compile it on OpenBSD soon. There are two (or three) problems to be fixed beforehand.
Fix cargo build
failed due to ssl
First, you have to modify Cargo.lock:
$ nvim Cargo.lock
to delete the lines about three packages. They were in 2481-2512 lines in my case:
(...)
- [[package]]
- name = "openssl"
- (...)
- [[package]]
- name = "openssl-probe"
- (...)
- [[package]]
- name = "openssl-sys"
- (...)
- dependencies = [
- (...)
- ]
(...)
Otherwise, the error below will occur in running cargo build
:
error: failed to run custom build command for `openssl-sys v0.9.72`
Caused by:
process didn't exit successfully: `/var/lemmy/lemmy/target/release/build/openssl-sys-e37967ef67b14e0e/build-script-main` (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rerun-if-env-changed=X86_64_UNKNOWN_OPENBSD_OPENSSL_LIB_DIR
X86_64_UNKNOWN_OPENBSD_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_OPENBSD_OPENSSL_INCLUDE_DIR
X86_64_UNKNOWN_OPENBSD_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=X86_64_UNKNOWN_OPENBSD_OPENSSL_DIR
X86_64_UNKNOWN_OPENBSD_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
(...)
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rustc-link-lib=ssl
cargo:rerun-if-env-changed=PKG_CONFIG_x86_64-unknown-openbsd
cargo:rustc-link-lib=crypto
(...)
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-changed=build/expando.c
OPT_LEVEL = Some("3")
TARGET = Some("x86_64-unknown-openbsd")
HOST = Some("x86_64-unknown-openbsd")
CC_x86_64-unknown-openbsd = None
CC_x86_64_unknown_openbsd = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-openbsd = None
CFLAGS_x86_64_unknown_openbsd = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
DEBUG = Some("false")
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-Wall" "-Wextra" "-E" "build/expando.c"
exit status: 0
cargo:rustc-cfg=osslconf="OPENSSL_NO_BUF_FREELISTS"
(...)
cargo:rustc-cfg=osslconf="OPENSSL_NO_SEED"
cargo:conf=OPENSSL_NO_BUF_FREELISTS,OPENSSL_NO_COMP,OPENSSL_NO_KRB5,OPENSSL_NO_PSK,OPENSSL_NO_SRP,OPENSSL_NO_SSL3_METHOD,OPENSSL_NO_SEED
cargo:rustc-cfg=libressl
cargo:rustc-cfg=libressl251
(...)
cargo:rustc-cfg=libressl332
cargo:libressl_version_number=3060000f
--- stderr
thread 'main' panicked at '
This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3.0.0), or LibreSSL 2.5
through 3.4.1, but a different version of OpenSSL was found. The build is now aborting
due to this version mismatch.
', /home/nabbisen/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.72/build/main.rs:295:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
Fix cargo build
failed due to rust-fmt
Next, switch back to you own user and install the package:
$ exit
$ doas pkg_add rust-rustfmt
The output was:
quirks-6.42 signed on 2023-01-13T18:22:41Z
rust-rustfmt-1.63.0p0: ok
Then, switch to _lemmy
again:
$ doas su - _lemmy
$ cd lemmy
and edit Cargo.toml
:
$ nvim Cargo.toml
to add the dependency to rustfmt
:
(...)
[dependencies]
(...)
+ rustfmt = "*"
Besides, in my case, the actual version was "0.10.0".
Otherwise, rustfmt
doesn't work in compiling translations
in lemmy_utils
. Therefore you will meet the error below in running cargo build
:
error: failed to run custom build command for `lemmy_utils v0.16.7 (/var/lemmy/lemmy/crates/utils)`
Caused by:
process didn't exit successfully: `/var/lemmy/lemmy/target/release/build/lemmy_utils-c59f10bc7bf13f2b/build-script-build` (exit status: 1)
--- stdout
cargo:rerun-if-changed=translations/email/en.json
cargo:rerun-if-changed=translations/email/ko.json
cargo:rerun-if-changed=translations/email/fi.json
cargo:rerun-if-changed=translations/email/pt.json
--- stderr
Error: Fmt(Os { code: 2, kind: NotFound, message: "No such file or directory" })
warning: build failed, waiting for other jobs to finish...
Fix cargo build
failed due to PostgreSQL libraries
$ exit
$ doas pkg_add postgresql-client postgresql-contrib
The output was:
quirks-6.42 signed on 2023-01-13T18:22:41Z
postgresql-client-14.5: ok
postgresql-contrib-14.5: ok
Besides, as to postgresql-client
, possibly it has been already installed.
Then switch to _lemmy
again:
$ doas su - _lemmy
$ cd lemmy
Well, here are supplementary descriptions.
If postgresql-client
is not installed, you will probably meet the error below.
The lack of libpg
causes it:
$ cargo build --release
(...)
Compiling lemmy_server v0.16.7 (/var/lemmy/lemmy)
error: linking with `cc` failed: exit status: 1
|
= note: "cc" "-m64" "/tmp/rustcSracqC/symbols.o"
(...)
"-Wl,--gc-sections" "-pie" "-Wl,-zrelro,-znow" "-Wl,-O1" "-nodefaultlibs"
= note: ld: error: unable to find library -lpq
cc: error: linker command failed with exit code 1 (use -v to see invocation)
error: could not compile `lemmy_server` due to previous error
If postgresql-contrib
is not installed, it will print the error below:
$ cargo run --release
(...)
Finished release [optimized] target(s) in 0.37s
Running `target/release/lemmy_server`
Error: LemmyError { message: None, inner: Failed with: could not open extension control file "/usr/local/share/postgresql/extension/pgcrypto.control": No such file or directory, context: "SpanTrace" }
Compile the server
Now cargo build
is ready. Let's run:
$ cargo build --release
It will work and end with success :)
(...)
Compiling pq-sys v0.4.6
(...)
Compiling diesel v1.4.8
Compiling lemmy_server v0.16.7 (/var/lemmy/lemmy)
Finished release [optimized] target(s) in 14m 36s
In case of failure on missing PostgreSQL libraries (Optional)
I have met error which seemed to have something to do with missing PostgreSQL libraries.
In case that you doubt you meet the same error, using env
to specify the location might solve it:
$ env PQ_LIB_DIR=/usr/local/lib \
cargo build --release
Configure (Optional)
$ cp -p config/config.hjson config/config.hjson.org
Edit as needed:
$ nvim config/config.hjson
For example, overwrite host (FQDN), database connection and pict-rs server:
- host: lemmy-alpha
+ host: <your-fqdn>
(...)
+ bind: 127.0.0.1
+ #port: 8536
+ database: {
+ # Username to connect to postgres
+ user: "lemmy"
+ # Password to connect to postgres
+ password: "lemmy"
+ # Host where postgres is running
+ host: "127.0.0.1"
+ # Port where postgres can be accessed
+ port: 5432
+ # Name of the postgres database for lemmy
+ database: "lemmy"
+ # Maximum number of active sql connections
+ pool_size: 5
+ }
+ pictrs_url: "http://127.0.0.1:8080"
}
Too few pool_size
may cause server failure due to SpanTrace
Be careful you may have to set "3" or greater at at pool_size
in above.
When I set "2", the server couldn't return response to client (of curl
) and I got the error below:
$ cargo run --release
Finished release [optimized] target(s) in 0.34s
Running `target/release/lemmy_server`
(...)
2023-01-14T07:23:24.946120Z INFO blocking operation: lemmy_server::code_migrations: Running user_updates_2020_04_02
(...)
2023-01-14T07:23:24.953272Z INFO lemmy_server::scheduled_tasks: Updating active site and community aggregates ...
Starting http server at 0.0.0.0:8536
2023-01-14T07:23:24.977263Z INFO lemmy_server::scheduled_tasks: Done.
2023-01-14T07:23:24.977313Z INFO lemmy_server::scheduled_tasks: Updating banned column if it expires ...
2023-01-14T07:23:24.977616Z INFO lemmy_server::scheduled_tasks: Reindexing table concurrently post_aggregates ...
(...)
2023-01-14T07:23:54.980299Z WARN background_jobs_actix::server: Not restarting ticker, arbiter is dead
2023-01-14T07:23:54.980444Z INFO Worker{worker.id=ef80d3fd-8ffb-4a12-8917-f82d1a26dc90 worker.queue=default worker.operation.id=417634dd-b934-4c31-bde3-ed38c515a22a worker.operation.name=closing}: background_jobs_actix::worker: Worker closing
(...)
2023-01-14T07:23:55.003481Z INFO Worker{worker.id=145bad22-bc83-4ba8-9155-0a77b86cf4b5 worker.queue=default worker.operation.id=432facee-ed0c-471c-bb7f-d19389fa53a8 worker.operation.name=closing}: background_jobs_actix::worker: Worker closing
2023-01-14T07:23:55.003562Z WARN background_jobs_actix::worker: Not restarting worker, Arbiter is dead
2023-01-14T07:23:55.003643Z INFO Worker{worker.id=4626ccc8-48a9-41ac-b128-9c23b62b33cb worker.queue=default worker.operation.id=32df578b-c3ea-4fad-bdeb-02ffeb295f5b worker.operation.name=closing}: background_jobs_actix::worker: Worker closing
2023-01-14T07:23:55.003717Z WARN background_jobs_actix::worker: Not restarting worker, Arbiter is dead
Error: LemmyError { message: None, inner: timed out waiting for connection, context: "SpanTrace" }
Run Lemmy server
Now you are ready to start the server. Let's run:
$ cargo run --release
In my case, it started with
2023-01-14T07:24:11.308525Z INFO blocking operation: lemmy_server::code_migrations: Running user_updates_2020_04_02
(...)
It was followed by "Starting http server at 0.0.0.0:8536":
(...)
2023-01-14T07:24:11.315945Z INFO lemmy_server::scheduled_tasks: Updating active site and community aggregates ...
Starting http server at 0.0.0.0:8536
2023-01-14T07:24:11.339697Z INFO actix_server::builder: Starting 1 workers
2023-01-14T07:24:11.340446Z INFO actix_server::server: Actix runtime found; starting in Actix runtime
federation enabled, host is lemmy-alpha
2023-01-14T07:24:11.342172Z INFO lemmy_server::scheduled_tasks: Done.
(...)
Yay. Building Lemmy server is completed !!
Go on to the next step:
Lemmy-UI server
Prepare Node.js
Switch back to your own user:
$ exit
Then run:
$ doas pkg_add yarn
The output was:
quirks-6.42 signed on 2023-01-13T18:22:41Z
yarn-1.22.18:brotli-1.0.9p0: ok
yarn-1.22.18:gmake-4.3: ok
yarn-1.22.18:flock-20110525p1: ok
yarn-1.22.18:icu4c-71.1v0: ok
yarn-1.22.18:openssl-1.1.1q: ok
yarn-1.22.18:libcares-1.18.1: ok
yarn-1.22.18:node-16.17.1v0: ok
yarn-1.22.18: ok
--- +node-16.17.1v0 -------------------
You may wish to add /usr/local/lib/node_modules/npm/man to /etc/man.conf
--- +openssl-1.1.1q -------------------
You may wish to add /usr/local/lib/eopenssl11/man to /etc/man.conf
Build Lemmy-UI server
Switch to _lemmy
:
$ doas su - _lemmy
Then get the source:
$ git clone https://github.com/LemmyNet/lemmy-ui.git --recursive --branch 0.16.7 --single-branch
The output was:
Cloning into 'lemmy-ui'...
remote: Enumerating objects: 4489, done.
remote: Total 4489 (delta 0), reused 0 (delta 0), pack-reused 4489
Receiving objects: 100% (4489/4489), 2.39 MiB | 5.86 MiB/s, done.
Resolving deltas: 100% (3371/3371), done.
Note: switching to '44f22ad3b7f7afb17cd0ac6ee293b11bbbdf6087'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
(...)
Submodule 'lemmy-translations' (https://github.com/lemmynet/lemmy-translations) registered for path 'lemmy-translations'
Cloning into '/var/lemmy/lemmy-ui/lemmy-translations'...
remote: Enumerating objects: 2208, done.
remote: Counting objects: 100% (546/546), done.
remote: Compressing objects: 100% (151/151), done.
Receiving objects: 100% (2208/2208), 678.71 KiB | 2.71 MiB/s, done.
remote: Total 2208 (delta 439), reused 464 (delta 395), pack-reused 1662
Resolving deltas: 100% (1820/1820), done.
Submodule path 'lemmy-translations': checked out 'a099f9f02d9c8a7e24349154880b5515e3c45362'
Go inside:
$ cd lemmy-ui
Run to get the dependencies:
$ yarn install --pure-lockfile
The output was:
yarn install v1.22.18
[1/5] Validating package.json...
[2/5] Resolving packages...
[3/5] Fetching packages...
[4/5] Linking dependencies...
(...)
[5/5] Building fresh packages...
warning Your current version of Yarn is out of date. The latest version is "1.22.19", while you're on "1.22.18".
$ husky install
husky - Git hooks installed
Done in 59.79s.
Then run to build:
$ yarn build:prod
The output was:
yarn run v1.22.18
$ yarn clean && node generate_translations.js
$ yarn run rimraf dist
$ /var/lemmy/lemmy-ui/node_modules/.bin/rimraf dist
$ webpack --mode=production
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Why you should do it regularly: https://github.com/browserslist/browserslist#browsers-data-updating
(...)
Entrypoint main [big] 927 KiB = styles/styles.css 16.7 KiB js/server.js 910 KiB
(...)
Entrypoint main [big] 1.78 MiB = styles/styles.css 16.7 KiB js/client.js 1.77 MiB
(...)
webpack 5.72.0 compiled successfully in 35738 ms
Done in 37.47s.
To follow the guide printed above, run in addition:
$ npx browserslist@latest --update-db
You will be asked:
Need to install the following packages:
browserslist@4.21.4
Ok to proceed? (y) y
The output was:
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Why you should do it regularly: https://github.com/browserslist/browserslist#browsers-data-updating
Latest version: 1.0.30001444
Installed version: 1.0.30001298
Removing old caniuse-lite from lock file
Installing new caniuse-lite version
$ yarn add -W caniuse-lite
(...)
caniuse-lite has been successfully updated
Target browser changes:
- and_chr 96
+ and_chr 108
(...)
- ios_saf 12.2-12.5
+ ios_saf 16.2
(...)
- safari 13.1
+ safari 16.2
(...)
npm notice New major version of npm available! 8.15.0 -> 9.3.0
npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.3.0
npm notice Run npm install -g npm@9.3.0 to update!
npm notice
Now you are ready to start Lemmy UI server:
$ yarn start
The output was:
arn run v1.22.18
$ yarn build:dev --watch
$ yarn clean && node generate_translations.js
$ yarn run rimraf dist
$ /var/lemmy/lemmy-ui/node_modules/.bin/rimraf dist
$ webpack --mode=development --watch
[RunNodeWebpackPlugin] Starting node script: js/server.js
Inferno is in development mode.
httpbase: http://0.0.0.0:8536
wsUri: ws://0.0.0.0:8536/api/v3/ws
isHttps: false
No JWT cookie found.
http://0.0.0.0:1234
assets by status 4.37 MiB [cached] 36 assets
Entrypoint main [big] 1.68 MiB = styles/styles.css 19.4 KiB js/server.js 1.66 MiB
cached modules 1.19 MiB (javascript) 17.6 KiB (css/mini-extract) 937 bytes (runtime) [cached] 149 modules
webpack 5.72.0 compiled successfully in 405 ms
(...)
Entrypoint main [big] 4.06 MiB = styles/styles.css 19.4 KiB js/client.js 4.04 MiB
cached modules 3.35 MiB (javascript) 17.6 KiB (css/mini-extract) 1.25 KiB (runtime) [cached] 735 modules
webpack 5.72.0 compiled successfully in 398 ms
Optionally, you may pass environment variables to customize the server:
$ env LEMMY_UI_HOST=0.0.0.0:1234 \
LEMMY_INTERNAL_HOST=127.0.0.1:8536 \
LEMMY_EXTERNAL_HOST=localhost:8536 \
LEMMY_WS_HOST=localhost:443 \
LEMMY_UI_DEBUG=false \
node dist/js/server.js
pict-rs server
Lemmy uses pict-rs to store image. It is a simple image hosting service which is open source and written in Rust, too.
Prepare for the dependencies
Switch back to your own user.
You have to install protobuf
, "Protocol Buffers - Google's data interchange format":
$ exit
$ doas pkg_add protobuf
The output was:
quirks-6.42 signed on 2023-01-13T18:22:41Z
protobuf-3.21.6: ok
Build pict-rs server
Switch to the _lemmy
:
$ doas su - _lemmy
Get the source of the stable:
$ git clone https://git.asonix.dog/asonix/pict-rs.git --branch v0.3.2 --single-branch
The output was:
Cloning into 'pict-rs'...
remote: Enumerating objects: 2707, done.
remote: Counting objects: 100% (2707/2707), done.
remote: Compressing objects: 100% (1932/1932), done.
remote: Total 2707 (delta 1806), reused 1077 (delta 687), pack-reused 0
Receiving objects: 100% (2707/2707), 2.21 MiB | 114.00 KiB/s, done.
Resolving deltas: 100% (1806/1806), done.
Note: switching to '4dff8de9851041911b8243a35bf9f6df4d612268'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
(...)
Go inside:
$ cd pict-rs
Then run to build:
$ cargo build --release
The output was:
Updating git repository `https://github.com/asonix/rust-s3`
(...)
Compiling rustls v0.20.6
(...)
Compiling actix-web v4.1.0
(...)
Compiling pict-rs v0.3.2 (/var/lemmy/pict-rs)
Finished release [optimized] target(s) in 20m 35s
Now you can run pict-rs server with -p
option to specify data directory:
$ cargo run --release -- -p data
The output was:
Finished release [optimized] target(s) in 0.24s
Running `target/release/pict-rs -p data`
2023-01-14T12:51:58.377271Z INFO restructure{store=FileStore { path_gen: "generator", root_dir: "data" }}: pict_rs::store::file_store::restructure: new
2023-01-14T12:51:58.377478Z INFO restructure{store=FileStore { path_gen: "generator", root_dir: "data" }}: pict_rs::store::file_store::restructure: close time.busy=11.3µs time.idle=197µs
2023-01-14T12:51:58.377627Z INFO actix_server::builder: Starting 1 workers
2023-01-14T12:51:58.377736Z INFO actix_server::server: Actix runtime found; starting in Actix runtime
Additionally, you can specify address to listen:
$ cargo run --release -- -a 127.0.0.1:8080 -p data
Additionally, you can modify its configuration:
$ nvim pict-rs.toml
For example:
- api_key = 'API_KEY'
- image_format = 'jpeg'
- opentelemetry_url = 'http://localhost:4317/'
+ opentelemetry_url = 'http://127.0.0.1:4317/'
Integrate pict-rs with MinIO (Optional)
pict-rs stores image files in their local directory by default.
Well, there is a way to introduce MinIO bucket usage by editting pict-rc.toml
as below:
- type = "file_store"
+ type = "s3_store"
+
+ region = "https://(minio-fqdn)"
+ bucket_name = "(...)"
+ access_key = "(...)"
+ secret_key = "(...)"
and, of course, creating MinIO bucket and service account, with bucket policy like:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"admin:*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::{bucket-name}",
"arn:aws:s3:::{bucket-name}/*"
]
}
]
}
Build network
The servers are ready !! Switch back to your own user (by executing exit
).
Here is the final network archtecture in this post.
All of Lemmy familly listen to lo
, the internal network, only.
[relayd] handles request/response between the external and the internal, including WebSocket Lemmy-UI uses.
[external] <--> [internal]
relayd <--> lemmy
<--> lemmy-ui
(websocket included)
<--> pict-rs
Be slightly careful about permissions of rc.d scripts.
Lemmy (server)
Create:
$ doas nvim /etc/rc.d/lemmy
to write in it:
#!/bin/ksh
daemon="target/release/lemmy_server"
daemon_user="_lemmy"
daemon_execdir="/var/lemmy/lemmy"
. /etc/rc.d/rc.subr
rc_cmd $1
Lemmy-UI
Create:
$ doas nvim /etc/rc.d/lemmy_ui
to write in it:
#!/bin/ksh
daemon="env LEMMY_UI_HOST=127.0.0.1:1234 LEMMY_INTERNAL_HOST=127.0.0.1:8536 LEMMY_EXTERNAL_HOST=<your-fqdb>:8536 LEMMY_WS_HOST=<your-fqdn>:443 node"
daemon_user="_lemmy"
daemon_flags="dist/js/server.js"
daemon_execdir="/var/lemmy/lemmy-ui"
. /etc/rc.d/rc.subr
rc_cmd $1
pict-rs
Create:
$ doas nvim /etc/rc.d/lemmy_pict_rs
to write in it:
#!/bin/ksh
daemon="target/release/pict-rs"
daemon_user="_lemmy"
daemon_flags="-c pict-rs.toml"
daemon_execdir="/var/lemmy/pict-rs"
. /etc/rc.d/rc.subr
rc_cmd $1
relayd.conf
Configuration about httpd
is optional.
When you have other services in the same machine, you may have to do manage them.
# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
# prefork 5
#table <httpd> { "127.0.0.1" }
lemmy_server_port = "8536"
table <lemmy_ui> { "127.0.0.1" }
lemmy_ui_port = "1234"
table <lemmy_server> { "127.0.0.1" }
lemmy_server_port = "8536"
your_fqdn = "<your-fqdn>"
cert_keypair = "<cert-keypair-name>"
http protocol "https-filter" {
return error
#match request forward to <httpd>
match request header "Host" value $your_fqdn forward to <lemmy_ui>
match request url "<your-fqdn>/api/" forward to <lemmy_server>
match request url "<your-fqdn>/pictrs/" forward to <lemmy_server>
http websockets
tls keypair $cert_keypair
}
relay "https-proxy" {
listen on egress port https tls
protocol "https-filter"
#forward to <httpd> port http check tcp
forward to <lemmy_ui> port $lemmy_ui_port check tcp
forward to <lemmy_server> port $lemmy_server_port check tcp
}
http protocol "lemmy-server" {
http websockets
tls keypair $cert_keypair
}
relay "lemmy-server" {
listen on $your_fqdn port $lemmy_server_port tls
protocol "lemmy-server"
forward to <lemmy_server> port $lemmy_server_port check tcp
}
Conclusion
Let's start the servers. Here are command lines to run them temporarily:
$ doas rcctl -f start {lemmy, lemmy_ui, lemmy_pict_rs, relayd}
* Besides, if you want to activate them, run rcctl enable
beforehand, and -f
option will be unnecessary.
Open your browser and access to <your-fqdn>. You will be welcomed.
After signing up, you will be guided to create an instance:
Then, voilà :)
Happy swimming across the fediverse.
...