Holy hell
ActuallyRuben
joined 2 years ago
I’m not sure if there is an easy URL to a specific post on a certain instance though, for example this post is https://feddit.nl/post/39577 for me and does not contain any information that this post is actually on [email protected].
You should be able to see a very colorful button on every post and comment, this button will link to the post/comment on the instance it was sent from.
I mounted an S3 bucket to my VPS using s3fs, and set that as the folder for pict-rs. I haven't noticed any issues with this method yet.
It might also be possible to do using docker storage drivers, but I haven't looked into that.
The left is a link to the post on the current instance, the right is a link to the post on the instance it was posted from.
:3
It's possible to get a post on your local instance by searching the URL for the post on instance it was posted from (the link from the rainbowy button in lemmy's UI), it would be nice to have some automatic link rewriting, when a post contains such a link.
Unless it already does that? https://lemmy.world/post/94456
Here's the config file that I use, of course you do need to make sure that the ssl certificate files are located in the right folders. Another change I made is that application/json requests are redirected to the backend as well, this behavior seems to match most big instances.
worker_processes 1;
events {
worker_connections 1024;
}
http {
upstream lemmy {
# this needs to map to the lemmy (server) docker service hostname
server "lemmy:8536";
}
upstream lemmy-ui {
# this needs to map to the lemmy-ui docker service hostname
server "lemmy-ui:1234";
}
server {
# this is the port inside docker, not the public one yet
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/actuallyruben.nl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/actuallyruben.nl/privkey.pem;
# change if needed, this is facing the public web
server_name actuallyruben.nl;
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# frontend general requests
location / {
# distinguish between ui requests and backend
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
set $proxpass "http://lemmy-ui";
if ($http_accept = "application/activity+json") {
set $proxpass "http://lemmy";
}
if ($http_accept = "application/json") {
set $proxpass "http://lemmy";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "http://lemmy";
}
if ($request_method = POST) {
set $proxpass "http://lemmy";
}
proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass "http://lemmy";
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Sounds to me like the server had their caching misconfigured, resulting in a personalised page being put in a public cache. Normally only static resources such as images and static webpages would be put in a public cache.
Currently I don't think there's any private information that could be leaked this way in lemmy, but it might be wise to notify the instance admins about this.
Kan het maar nooit zeker genoeg weten!
[removed by Leddit]