fix federation between lemmy and other activitypub services

[awful.systems.git] / lemmy / dev / module.nix

diff --git a/lemmy/dev/module.nix b/lemmy/dev/module.nix
index 8ae458df009511e09c1f061248c6e674e01fcbf1..97887c09aae3d1cc5b7160e7c978ea230026ea04 100644 (file)
--- a/lemmy/dev/module.nix
+++ b/lemmy/dev/module.nix
@@ -154,12 +154,30 @@ in {
       };
     };
 
-    services.nginx = mkIf cfg.nginx.enable {
+    services.nginx = let
+      ui = "http://127.0.0.1:${toString cfg.ui.port}";
+      backend = "http://127.0.0.1:${toString cfg.settings.port}";
+    in mkIf cfg.nginx.enable {
       enable = mkDefault true;
-      virtualHosts."${cfg.settings.hostname}".locations = let
-        ui = "http://127.0.0.1:${toString cfg.ui.port}";
-        backend = "http://127.0.0.1:${toString cfg.settings.port}";
-      in {
+      appendHttpConfig = ''
+        map "$request_method:$http_accept" $proxpass {
+            # If no explicit matches exists below, send traffic to lemmy-ui
+            default "${ui}";
+
+            # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
+            #
+            # These requests are used by Mastodon and other fediverse instances to look up profile information,
+            # discover site information and so on.
+            "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "${backend}";
+
+            # All non-GET/HEAD requests should go to lemmy
+            #
+            # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
+            # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
+            "~^(?!(GET|HEAD)).*:" "${backend}";
+        }
+      '';
+      virtualHosts."${cfg.settings.hostname}".locations = {
         "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
           # backend requests
           proxyPass = backend;
@@ -171,17 +189,6 @@ in {
           proxyPass = "$proxpass";
           recommendedProxySettings = true;
           extraConfig = ''
-            set $proxpass "${ui}";
-            if ($http_accept = "application/activity+json") {
-              set $proxpass "${backend}";
-            }
-            if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
-              set $proxpass "${backend}";
-            }
-            if ($request_method = POST) {
-              set $proxpass "${backend}";
-            }
-
             # Cuts off the trailing slash on URLs to make them valid
             rewrite ^(.+)/+$ $1 permanent;
           '';
@@ -238,7 +245,8 @@ in {
 
       environment = {
         LEMMY_UI_HOST = "127.0.0.1:${toString cfg.ui.port}";
-        LEMMY_UI_LEMMY_INTERNAL_HOST = "127.0.0.1:${toString cfg.settings.port}";
+        LEMMY_UI_LEMMY_INTERNAL_HOST =
+          "127.0.0.1:${toString cfg.settings.port}";
         LEMMY_UI_LEMMY_EXTERNAL_HOST = cfg.settings.hostname;
         LEMMY_UI_HTTPS = "false";
       };