nixos/lemmy: fix nginx backend to proxy needed headers

the nix `recommendedProxySettings` optiononly takes effect if `proxyPass` is set, but since we manually invoke `proxy_pass` inside nginx we need to also manually specify proxy settings. failing to do so leads to symptoms such as "Incoming activity has invalid signature". see: <https://github.com/LemmyNet/lemmy/issues/3273>
2024-04-26 11:59:58 +00:00 · 2024-04-26 11:59:58 +00:00 · bd87a38b86
parent b00f19626a
commit bd87a38b86
1 changed files with 5 additions and 1 deletions
--- a/nixos/modules/services/web-apps/lemmy.nix
+++ b/nixos/modules/services/web-apps/lemmy.nix
@ -204,7 +204,6 @@ in
          };
          "/" = {
            # mixed frontend and backend requests, based on the request headers
-            recommendedProxySettings = true;
            extraConfig = ''
              set $proxpass "${ui}";
              if ($http_accept = "application/activity+json") {
@ -221,6 +220,11 @@ in
              rewrite ^(.+)/+$ $1 permanent;

              proxy_pass $proxpass;
+              # Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
+              # The other headers are optional, for the sake of better log data.
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header Host $host;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            '';
          };
        };