Once you add things to the AllowList, only things in the AllowList federate. You probably want to use empty AllowList + populate BlockList as needed.
Once you add things to the AllowList, only things in the AllowList federate. You probably want to use empty AllowList + populate BlockList as needed.
I expect that should be fine, but there’s a URL signature scheme that is apparently involved, I’m worried that should I turn up a new instance, it won’t federate with e.g. mastodon.social
doingmypart.jpg I can have my own 502s as a treat
pineapple’s comment has the right location line
I haven’t used it yet, but I wrote a small service to combine webfinger from subdomains into a primary domain, and ended up abandoning it. You’d need to handle more than just the webfinger stuff, and be able to route activity pubs as well, and I’m still learning about the protocol enough to see if this is possible. I think the best case is that locally you might be name@someinstance.example.com, but would federate as name@example.com, and webfinger/mentions would work for that, and something at example.com would route activity pubs appropriately to the “real” hosts with name rewriting.
I deleted it because I posted it from my user (not mod) account, so I guess the alt is blown lol. Interesting to see how deletion works/propagates in Lemmy anyhow. I originally had ^/(inbox|api|pictrs|feeds|nodeinfo|.well-known)/
and added an explict /inbox
rule. I found it because I was watching proxy logs and was seeing that path 400, so if you’re not seeing 400s in your logs, it’s probably something else.
You’ll only get new comments after federation started working, it’s never retroactive.
For me closely monitoring the reverse proxy logs and the HTTP status therein solved it. Fixing the /inbox routing also fixed the “Susbscription pending” problem for me.
I’m not a frontend dev, and I feel like CORS stuff comes into play here, but it should be possible to do something like the “Sign In With Facebook” or “Pay with Paypal” type of redirect after asking the user for their host. At very worst it should be possible to have Instance B’s backend send a call to Instance A after the user provides it with the name of the other instance, but you need to be careful about validating the legitimacy of the request in that case. There’s a lot of room for better cryptography/signatures in activitypub I’d imagine that could help.
If Twitter were a store, people would have no problem boycotting it. I think the mentality change that is necessary for the 2020s is that you have a choice where to “spend” your generated content, just like you have a choice where to spend your money (ostensibly at least: ISPs, privatized utilities need not apply).
Another problem with “everyone just joins lemmy.ml” is that eventually it becomes the weakest link, and other instances will either accept the hordes for the volume/content, or be forced to isolate. It’s much better if we hide the cost of decentralization from users but also keep the decentralization as much as possible. It’s not an easy problem, but it’s worth solving.
At the simplest I feel a chrome extension or similar would be straightforward. A more native flow doing some sort of faux login/modal that could subscribe on the primary host would be better.
Your reverse proxy is doing websockets incorrectly, there’s some bogosity in the spec for websockets that makes them single hop and the proxy needs to propagate the upgrade request. Search for “nginx reverse proxy websocket”, e.g. https://www.nginx.com/blog/websocket-nginx/
The backend especially is not too demanding (thanks to using a compiled binary via Rust). The database demands probably scale, but postgres scaling is relatively well understood. I think right now the least scalable parts look like the frontend node and websocket stuff, but that can be improved. I’m not sure how I feel about Activity Pub protocol wise, it feels pretty chatty, so transit scalability might be something else to consider.
It feels a little more like pre-September internet than Reddit
It’s likely to increase performance by running the CPU cooler when idle and better mapping thermal behavior to performace, so it’s an improvement for things like the steam deck or gaming as well.