Hello I am trying to install my instance of Lemmy with ubergeek77 method. I’m using Debian server and Cloudflare proxy.

In the troubleshooting it’s said I should put my Cloudflare API Token, is that the “Read All” token I create?

I have SSL pre-isntalled with the server, should I issue new one from Cloudflare, or I can use the pre-installed one?

My server comes with nginx and apache installed, should I disable them before I continue with installation?

Basically at the end I get Server Down error 521 and this error as well:

Error response from daemon: driver failed programming external connectivity on endpoint lemmy-easy-deploy-proxy-1 (3ab1001f9db85c9f2a0ffe06718561e7a40c2a201c903c7655570c9342e61f03): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

  • Decronym@lemmy.decronym.xyzBEnglish
    3·
    11 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CF CloudFlare
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    SSL Secure Sockets Layer, for transparent encryption
    nginx Popular HTTP server

    4 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

    [Thread #222 for this sub, first seen 17th Oct 2023, 12:15] [FAQ] [Full list] [Contact] [Source code]

  • ShunkW@lemmy.worldEnglish
    3·
    11 months ago

    So the error is because a service is already running on port 80 (http). This could be nginx or apache depending on configuration. Nginx is very useful if you plan to run more than one service in the container. And it’s more trusted security wise than I would trust Lemmy right now tbh. I would maybe configure Lemmy to run on a different port locally, and setup an nginx site to proxy to port 80.

    It’s been a while since I’ve messed with devops stuff though, so I may be misremembering a bit.

  • bless@lemmy.worldEnglish
    2·
    11 months ago

    The error is telling you you already have something listening on port 80 so docker is unable to bind to 80 again until that is released. Try disabling nginx and apache as you stated.

    You can run

    netstat -pln

    to show you what’s running on what port on your host is you want to verify

  • Im_old@lemmy.worldEnglish
    2·
    11 months ago

    As other people said, there is already a process running on port 80. To find what exactly you can use the command sudo ss -lptn 'sport = :80' or sudo netstat -nlp | grep :80 (both require)

    Also, what do you mean by

    I have SSL pre-isntalled with the server

    It’s a self-signed cert or letsencrypt (or similar)?

    Looking at the Ubergeek77 method, I can see in the docker-compose that they have specified to use caddy to run on port 80 and 443. So my guess is that you don’t need neither nginx nor Apache (caddy is a reverse proxy as well) . Also, why have you installed both? I guess you selected “web server” during the OS installation.

    So remove apache and nginx, and try running the install script again.

    • lemmyselfhosted@lemmy.worldOPEnglish
      2·
      11 months ago

      Thank you for the replies. Nginx was causing the issue. I installed it, but now I face the 526 Invalid SSL certificate error.

      I tried putting my API Token in the conf.env and redeply with ./deploy -f but the error persists. Maybe I should somehow manually enter the Cloudflare certificate, but I’m not sure where (or if) I should do it.

      From where I bought the domain, they do not let me to use their DNS servers to point to anything but their servers, so I used Coudflare for setting up the DNS records for the domain.

      When I first opened the https:// on my server after I got it, the nginx had SSL certificate, the connection was secure. I suppose I have to manually do something here, but not sure what.

      • Im_old@lemmy.worldEnglish
        1·
        11 months ago

        looking at the install instructions it doesn’t say you have to use CF cert, only the api token in the conf.env file. So if you have done that you should be ok.

        I’m curious about the DNS thing from your registrar. If they are the authoritative DNS, even putting the right records in CF won’t make a difference. But maybe you can tell your registrar that CF DNS is authoritative, by creating a SOA DNS record in your registrar, pointing at CF DNS (I can only fnid references to 1.1.1.1 or adam.ns.cloudflare.com).

        Looking at the deployment templates it doesn’t say that you have to use ANY certificate. I think caddy generates one (or import one from CF) at deployment. If I was you I’d start from scratch with a new OS installation WITHOUT nginx/apache. Base OS, docker/docker-compose, and run the script again (after you fixed the DNS). If you want to find who is the SOA for your domain I think the command should be dig @9.9.9.9 SOA youlemmydomain.com

        That should answer with the CF DNS you configured.

        Also a dig @9.9.9.9 youlemmydomain.com should answer with the A records you configured in CF.