The idea here is you clone this repo, and configure your .env
and then bring the compose stack online, and you should have a functioning lemmy instance.
There are a couple of ways to deploy Lemmy, I like deploying it using Traefik as the reverse proxy, I made this since the ansible template is hard to get running, and doesn't support Traefik.
Lemmy doesn't officially support Traefik, so I'm providing this as a place to start out getting it working.
I have added some really basic tests to make sure this stack always brings up a working container (at least in GitHub Workflows)
- Clone:
git clone https://github.com/tgxn/lemmy-ezmode.git
- Configure: Copy
.env.example
to.env
and edit the values - Start:
docker-compose up -d
- Access: Visit the
LEMMY_BASE
URL
- Pull:
git pull
- Update:
docker-compose pull
- Recreate:
docker-compose up -d --build --force-recreate
config/lemmy.hjson
will be generated on the first run, as long as one is not found in the config directory.
You can edit this file to configure your lemmy instance further.
Docker-Compose supports an "Overrides" file, which is used to add additional services to the stack, or override existing services. This means anything in docker-compose.override.yaml
will be merged with docker-compose.yaml
when you run docker-compose up -d
.
There are also examples for SMTP in docker-compose.override.example.yaml
Make a copy of this file to docker-compose.override.yaml
, then you can uncomment whichever SMTP service you want to use. Or even add your own custom services!
This way, you don't need to worry if I make changes to docker-compose.yaml
from the repository, your custom services won't be overwritten.
Back up the ./volumes
directory, along with your .env
and config/lemmy.hjson
files.
That should be it. More complex backup scripts to come...
Traefik also supports DNS verification for LetsEncrypt, which means you can get a valid SSL certificate using DNS instead of http, if you need to.
If you wnat to enable CloudFlare DNS Validaiton for your Lemmy Domain, you can add the uncomment and configure the following in the .env
file:
#TRAEFIK_CF_API_EMAIL=
#TRAEFIK_CF_DNS_API_TOKEN=
This will enable the CloudFlare DNS Provider for Traefik, and automatically verify your domain using DNS. There is more documentation on this at the Traefik Docs and LEGO CloudFlare Docs
- Traefik Balancer
Runs on port 80, and 443
- Lemmy & Lemmy-UI Server
These run on the docker network, and are not exposed to the host.
These bind to local ports, and should only be accessible from your IPs.
These are admin services, firewall them off to your IP only.
- Traefik Admin Panel
Runs on port 81
- pgAdmin4 Container
Runs on port 82
This uses a Traefik server to reverse proxy to the Lemmy server. It uses the Traefik ACME challenge to automatically fetch and renew your certs.
You can optionally configure cloudflare credentials to automate SSL Certificate Verification with DNS.
You can either add services to the docker-compose.override.yaml
file, or you can run a seperate stack, and add the container to the same network.
The external stack must import the network that Traefik is running on, and the container you want to expose must be on this network.
Make the following changes to your docker-compose.yaml
file in your external stack:
(
YOUR_SERVICE
must be unique!)
...
# in the top level of the file
networks:
lemmy-traefik-net:
external: true
zipline-net:
name: zipline-net
...
services:
whatever_your_service_is_called:
...
# add in the service definition
networks:
- lemmy-traefik-net
- zipline-net
labels:
- "traefik.enable=true"
- "traefik.docker.network=lemmy-traefik-net"
- "traefik.http.services.YOUR_SERVICE.loadbalancer.server.port=1234" # put the port that you want published here
# Internet HTTPS
- "traefik.http.routers.YOUR_SERVICE_https.rule=Host(`YOUR_DOMAIN`)" # change your sub/domain name
- "traefik.http.routers.YOUR_SERVICE_https.entrypoints=https"
- "traefik.http.routers.YOUR_SERVICE_https.tls.certResolver=cert_resolver" # you can set this to `cert_resolver_staging` if you want to use the staging server
- "traefik.http.routers.YOUR_SERVICE_https.middlewares=secure_site@file,rate_limits@file" # you can remove rate limits here if you want
# Internet HTTP Redirect
- "traefik.http.routers.YOUR_SERVICE_http_redirect.rule=Host(`YOUR_DOMAIN`)" # change your sub/domain name
- "traefik.http.routers.YOUR_SERVICE_http_redirect.entrypoints=http"
- "traefik.http.routers.YOUR_SERVICE_http_redirect.middlewares=redirect_https@file"
First, make sure you copy docker-compose.override.example.yaml
to docker-compose.override.yaml
Then uncomment the following lines in docker-compose.override.yaml
:
...
lemmy:
labels:
- "traefik.http.routers.lemmy_https_net.tls.certResolver=cert_resolver_staging"
lemmy_ui:
labels:
- "traefik.http.routers.lemmy_ui_https_net.tls.certResolver=cert_resolver_staging"
this will change the cert resolver to the staging server, which will not count against your rate limits.
take the stack down, reset the repo, and rm any persistent volumes (this will WIPE ALL data)
You might use this while developing or testing integrations, where you jsut need a clean lemmy instance
docker-compose down
git reset --hard HEAD # optionally if you cloned this with git.
rm volumes/ -R
rm config/lemmy.hjson # if you want to reset lemmy config too
then update/edit your .env, and lemmy.hjson (if you didn't delete it) and you can try again:
docker-compose up -d