I'm trying this on Ubuntu 22.04
Rust's cargo install seems to keep creating permission problems between what I have to install, compile and what gets published in the cargo "registry", which causes issues at runtime when I run as lemmy:lemmy through systemctl.
If I run:
cargo install lemmy_server --target-dir /usr/bin/ --locked --features embed-pictrs
as a non-root user, I get permission denied issues with /usr/bin/.future-incompat-report.json and /usr/bin/release
If I run the build as a root user, and then manually copy the binaries to /usr/bin and chmod them to lemmy:lemmy, then try to run as lemmy:lemmy, it appears the binary is trying to access some "registry" files in /root/.cargo/registry (for which of course it does not have permissions.)
How do I fix this?
The lemmy-ui steps, the next part - are pretty outdated. It has instructions to install NodeJS 12.x, which is really far back. I have no idea which version the Docker install is using...
The latest version of Node is 20
Before I even get there, the instructions say I should be able to run
And it should return some json structure.
But I see this returning 404
Is that the correct way to specify the version?
Is there a better log than journalctl which would actually tell me what REST endpoints it is using?
No, I had to dig around too, the correct command is:
curl localhost:8536/api/v3/siteThank you, again!
How was I to know {version} in the REST endpoint path was supposed to be "v3"?
Any luck with the lemmy-ui install?
I knew it was v3 because I saw a webapp failure on one of the Lemmy instance (lemmy.ml) I was using ;) We need to update those install documents.
It seems right now I can get a client to load, but websockets aren't working. Others on Reddit reported the same issue: https://old.reddit.com/r/Lemmy/comments/142sszq/spinning_up_lemmy_websockets_dont_connect/
EDIT: Ok, I solved the websocket problem by using proper nginx config that the instructions said. I was confused about the domain names with the certification generation as I already had some nginx certs for other subdomains in place.
Why are you tagged as bot account?
Oops. I was running some test code that IIRC set the bot field (it was code for creating a bot) on my own login. I just changed it. Thanks for letting me know.
Well, you are the only person really responding to me here with helpful information.
So if you are a bot, I welcome our new robot overlords.
I'm still trying to get the lemmy-ui installed. I'll check your links. Looks like they updated the join-lemmy.org page.
I owe you a beer, or a pint of 10w-40.
ha.
I didn't have much trouble with lemmu-ui, I ended up following instructions that put it at /var/lib/lemmy-ui on Ubuntu 22.04 server.
I already had nginx running for a different domain name on that server, so that confused me for a while. As the SSL certification instructions assume you have an empty nginx server, it won't prompt you for domain names if you already have some defined. Once I figured that out, the instructions worked fine.
I moved all my live site config files out of /etc/nginx/sites-enabled
ran the
certbot certonly --nginxcommand from the 'From Scratch" instructions, which now prompted me for domain names interactively.put back my previous sites-enabled files I removed in step 1.
Then the template in the 'From Scratch' instructions worked fine after the sed commands to modify it: https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx.conf
Are you stuck on updating NodeJS on your server? I already had Node apps on my server, so I followed my standard setup for node. I'm running lemmy-ui on Node.js v19.4.0, I think it probably wold work on version 20.x too. My npm --version says 9.3.1 and my yarn --version says 1.22.19
Thanks @RoundSparrow
I am able to bring things up and I can create an admin user by visiting the /setup URL.
Problem is, after I create my admin user, the /setup URL appears to still be active.
Is there some step I am missing to disable this /setup page after I have created my admin user?
There are security/data-exposure issues with this that I raised on Github.... https://github.com/LemmyNet/lemmy/issues/3060 (I'm RocketDerp)
My testing shows that visiting /setup on Lemmy isn't restricted. it behaves differently if you are logged-in or not logged-in. If not logged-in, it presents a form to create an admin user. If logged-in (even as a normal non-admin user) it shows the site configuration.
Since /setup has to be accessible to someone not logged-in, the whole design is a race condition for some script-kiddie to admin-create wen installing on a public remote server. The admin accounts should probably be managed from Linux shell and not from lemmy-ui
Ok, thanks for confirming that I am not entirely insane.
1 - I visited other lemmy instances and saw that the /setup URL was still accessible.
That seems like a huge bug / security issue.
2 - How did you configure and daemonize pictrs?
I don't want to run that as root, so I ended up creating a pictrsxx user
And a
systemdservice that runs as that user./etc/systemd/system/lemmy-pictrsxx.serviceWhich makes me wonder, what is the purpose of this "embed-pictrs" option.
cargo install lemmy_server --target-dir /usr/bin/ --locked --features embed-pictrs3 - email
Still can't get smtp to work.
It probably does something to the code to enable the hand-off of the pictures, but doesn't actually setup everything automatically. Not sure, just guessing.
pictrs(when run as a server) runs its own server, but it needs the /usr/bin/magick binary from ImageMagick, and it doesn't do a good job of complaining about it in the logs when it can't find that binary.it's a good catch if indeed you found it runs as root. I wonder of the Ansible instructions create an account for it.