Hosting behind nginx?

[arisudesu]

Title says it all. In the real world deployments, we are not limited to Caddy. Providing instructions on how to host behind nginx would be a great addition.

[bernd289]

-> https://github.com/bluesky-social/pds/blob/main/installer.sh#L320C1-L320C37

I just replaced caddy with cloudflared, so nginx will also work :-)

[JuliaVonKreutzer]

I'm not sure what to do with that, I'm not familiar with docker nor caddy at all. I would also like to have instructions on how to host behind nginx

[FedericoAntoniazzi]

Once you set up your site on nginx, you can set proxy_pass http://pds:3000.

if you are running nginx on your node (not as container), you have to add the following entry into the docker compose

services:
  pds:
    ports:
      - 127.0.0.1:3000:3000

and then setting proxy_pass http://localhost:3000

[kkretsch]

Is it possible to configure the PORT or HOST where the container will listen to? It seems hardcoded to 3000 and that is already used by other containers. And listen on the any interface is not helpful either here. It should at maximum listen on the docker network interface for that group of containers. ... Adding one thing I found out, setting PDS_PORT=3002 in pds.env seems to help in my case. At least the port is now changed.

[FedericoAntoniazzi]

You can decide to map the port 7001 of the host to port 3000 in the container. Just change it to

services:
  pds:
    ports:
      - 127.0.0.1:7001:3000

Specifying the address (127.0.0.1) will map the port only on that address instead of all NICs of the node.

I'd recommend reading the docker documentation for further doubts.

[kkretsch]

You can decide to map the port 7001 of the host to port 3000 in the container. Just change it to

services:
  pds:
    ports:
      - 127.0.0.1:7001:3000

Specifying the address (127.0.0.1) will map the port only on that address instead of all NICs of the node.

I'd recommend reading the docker documentation for further doubts.

Well, that didn't fix my problem. As the inner docker container makes a listen to the any interface on 3000 it is already to late to map that port to another one. I have several nodejs containers in that server and some other is also using port 3000, so that gives an bind error on startup. But when change the port via PDS_PORT is is now solved in my case.

[FedericoAntoniazzi]

Once you edit the compose file, you must restart the involved containers to make the changes take effect.

As per container basics, each container has its own dedicated network namespace and the process can bind to whatever port it needs. When the containers are executed, the engine (in this case docker) has to expose the ports in another network, which could be the host or a virtual network. Also, a single IP can have only one process listening on a single port, which is the case you are facing by mapping all container ports to 127.0.0.1.

I guess this explains the context

[benharri]

this is the nginx config i came up with for running without docker: https://benharri.org/bluesky-pds-without-docker/#nginx

[JuliaVonKreutzer]

Once you set up your site on nginx, you can set proxy_pass http://pds:3000.

if you are running nginx on your node (not as container), you have to add the following entry into the docker compose

services:
  pds:
    ports:
      - 127.0.0.1:3000:3000

and then setting proxy_pass http://localhost:3000

I got it working behind nginx by doing the following :

• Install using the install script
• Remove the whole caddy part in /pds/compose.yaml so it seems you don't need to add these ports related lines.
• Use @benharri nginx config file
• Restart using systemctl restart pds

Side note: I didn't know I could have one cert for the wildcard and the domain, so I actually needed to have two server blocks in the nginx config, one for the wildcard and one for the domain.

I didn't need to change the port.

[seansimonanimation]

I have a NGINX webhost running a Wordpress server that is set up with automatic 404 redirects.

FYI my server is set up with an HTTP to HTTPS redirect, so I put this location directive in the HTTPS server slot. My BlueSky shares a box with NGINX so if you don't do that then you can change 127.0.0.1 to whatever you need.

location /xrpc/ {
    include proxy_params;
    proxy_http_version 1.1;
    proxy_pass http://127.0.0.1:3000/xrpc/;
}

Then point your browser to http://yourwebsite.com/xrpc/_health and as long as your ports are configured, you should be golden.

edit: I later changed it so that the whole thing is under a subdomain.

[benharri]

I think if you wanted to also put something on the main site you'd need to proxy /.well-known as well. That should be the only two routes needed for the PDS.