Add environment variable to allow requests to some private addresses #2279
Comments
|
I use and develop lemmy within a private network a lot, so I don't fully understand what's going on. Why can't you access it at its IP address internally, IE And if you have it external, then you must have an nginx server with a hostname, and your router set up to forward to that port, which should also work for any other computers on your network. |
|
WAN = Internet, only one IP available I can tell Mastodon with the variable "ALLOWED_PRIVATE_ADDRESSES" to accept the communication with the IP 192.168.100.21, now I should be able to do the same with Lemmy.
|
|
Lemmy doesn't do any routing, it just exposes itself as a service at a specific IP and port. Is there any reason why you can't use nginx or a router port forward to do routing to the correct VM? |
Yes, as I said before, the IP cannot do a 180 degree turn. I use the Nginx Proxy Manager to direct the incoming requests to the correct VM. The problem is that a VM from the internal network would have to go out and come back in and the IP just can't do that. So Mastodon and Lemmy have to communicate with each other in the vLAN. |
|
Do you have public domain names for these services? IE mastodon.myserver.com and lemmy.myserver.com ? |
|
Yes, I have. |
but you have public domain names, which should be routed to the correct VM. Why can't activitypub requests from mastodon go out, then come back in routed to the correct VM? |
Because the IP can't do that, I don't know why it was never put into the protocol. You would have to ask the inventors of the protocol. |
|
Why isn't your request to lemmy.rollenspiel.... being routed to the correct machine? This seems to be an issue with your vlan setup, its not forwarding requests to the correct IP and port. On routers this is port forwarding. |
|
The routing is set the same way as for roleplay.events and it works there |
|
So you are saying that the server at rollenspiel.social cant DNS resolve the domain lemmy.rollenspiel.monster? If so, that sounds like a broken setup, which should be fixed. We also have multiple servers that run more than one Lemmy instance each, and they federate just fine over normal DNS. Adding a workaround for this in Lemmy sounds very complex, and just not worth the effort. Will mark this as wontfix. |
Nutomic
added
type: wontfix
do these servers also run under a single public ip address and can federate with each other? the problem is that the requests made in the internal vlan are rejected. Mastodon has its own config variable in which you can enable vlan ip's. Via vpn I can get into the vlan; if I then go to the ip of the lemmy vm I can get into the lemmy ui normally and interact with the instance. i also see "old" posts from before the move but no new ones |
Yes they do. Even on the same machine. We've correctly set up nginx to make sure requests get routed to the correct IP and port. Again this is a routing issue, you need to configure your vlan to route the request to the correct machine. Lemmy does no routing whatsoever. |
i know that, i have 15 VM's with one service each working correctly |
For front end issues, use lemmy-ui
Is your proposal related to a problem?
I only have one public IP address for my project and therefore route the http traffic internally to the necessary instances as the IP protocol does not allow a request to be made to the IP making the request.
Describe the solution you'd like
Add an environment variable to allow a list of comma-separated specific addresses/subnets in outgoing HTTP queries.
Additional context
The Mastodon solution
mastodon/mastodon#14722
The text was updated successfully, but these errors were encountered: