I’m trying to fix this annoying slowness when posting to larger communities. (Just try replying here…) I’ll be doing some restarts of the docker stack and nginx.

Sorry for the inconvenience.

Edit: Well I’ve changed the nginx from running in a docker container to running on the host, but that hasn’t solved the posting slowness…

  • God@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Sounds very cool. Does running with that file also handle the SSL certificate and validation automatically? Or are there extra steps?

    • Perhyte@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      A minimal config like that will default to provisioning (and periodically renewing) an SSL certificate from Let’s Encrypt automatically, and if there are any issues doing so it will try another free CA.

      This requires port 80 and/or 443 to be reachable from the general Internet of course, as that’s where those CAs are.

      There’s an optional extra step of putting

      {
          email admin@emailprovider.com
      }
      

      (with your actual e-mail address substituted) at the top of the config file, so that the Let’s Encrypt knows who you are and can notify you if there are any problems with your certificates. For example, if any of your certificates are about to expire without being renewed1, or if they have to revoke certificates due to a bug on their side2 .

      As long as you don’t need wildcard certificates3, it’s really that easy.


      1: I’ve only had this happen twice: once when I had removed a subdomain from the config (so Caddy did not need to renew), and once when Caddy had “renewed” using the other CA due to network issues while contacting Let’s Encrypt.

      2: Caddy has code to automatically detect revoked certificates and renew or replace them before it becomes an issue, so you can likely ignore this kind of e-mail.

      3: Wildcard certificates are supported, but require an extra line of configuration and adding in a module to support your DNS provider.

    • zikk_transport2@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Everything is automated. As long as you know how ACME is working (port 80, accessible from the internet), everything is done in the background, including TLS (SSL) certificate maintenance.