I haven’t had a chance to really test how Lemmy and PieFed work long term on the Pi 5 yet. So far it’s been quick and responsive and I’m still using wifi instead of a direct ethernet connection to the main modem. Ethernet is for the future. I still have more work to finish on the Pi 5.

The Pi 5 is also running Kiwix, Dufs for file sharing and a static page. All run through their own docker containers. With only me using it, everything seems to run just quite smoothly.

My goals with the Pi 5 aren’t long term. I’m using it more as a working example until I can get better equipment for hosting but that involves other plans for a local project I want to put my energy into now.

You’ll definitely want to use a reliable type of USB media storage with good read and write speeds. An SD card won’t do well considering these webapps are database heavy and will be constantly writing stuff.

Lemmy easy deploy seems interesting, if you can get caddy in that script to handle TLS encryption certificates, It should do nicely. I struggled with Let’s Encrypt and went a different route for now.

When I get the motivation again I will give this a try. A while ago I was wondering if a tool like this existed so it’s nice to see it pop up now. Thank you for this.

For verification I used the built in certificate manager in Nginx Proxy Manager. I generate an API key from Cloudflare for a DNS zone:zone:edit key with the domain I am using. Then I chose DNS verification in Proxy Manager and put the API key in the edit box. This has been successful every time.

Do you use Cloudflare Tunnel or are you using Cloudflare as a Dynamic DNS? I’ve had issues with certbot but I think I just wasn’t using it properly, what process did you use for DNS verification?

I’ll give your suggestions a try when I get the motivation to try again. Sort of burnt myself out at the moment and would like to continue with other stuff.

I am actually using the Cloudflare Tunnel with SSL enabled which is how I was able to achieve that in the first place.

For the curious here are the steps I took to get that to work:

This is on a Raspberry Pi 5 (arm64, Raspberry Pi OS/Debian 12)

# Cloudflared -> Install & Create Tunnel & Run Tunnel
                 -> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/
                    -> Select option -> Linux
                    -> Step 4: Change -> credentials-file: /root/.cloudflared/<Tunnel-UUID>.json -> credentials-file: /home/USERNAME/.cloudflared/<Tunnel-UUID>.json
              -> Run as a service
                 -> Open new terminal
                 -> sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml
                 -> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/
              -> Configuration (Optional) -> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/configuration-file/
                 -> sudo systemctl restart cloudflared
              -> Enable SSL connections on Cloudflare site
                 -> Main Page -> Websites -> DOMAINNAME.COM -> SSL/TLS -> Configure -> Full -> Save
                    -> SSL/TLS -> Edge Certificates -> Always Use HTTPS: On -> Opportunistic Encryption: On -> Automatic HTTPS Rewrites: On -> Universal SSL: Enabled

Cloudflared complains about ~/.cloudflared/config.yml and /etc/cloudflared/config.yml not matching. I just edit ~/.cloudflared/config.yml and run sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml again followed by sudo systemctl restart cloudflared whenever I make any changes.

The configuration step is just there as reference for myself, it’s not necessary for a simple setup.

The tunnel is nice and convenient. It does the job well. I just have a strong personal preference to not depend on large organizations. I’ve installed Timeshift as a backup management for myself so I can easily revisit this topic later when my brain is ready.

Nginx Proxy Manager has been handling certs for me, I’m not sure how it handles certs since it’s packaged in a docker container. I can only assume it does something similar to Caddy which also automatically handles certificate registration and renewals. So probably certbot.

All I know is that NPM has an option for DNS challenges which is how I got my certs in the first place.

That’s what I thought. NPM is handling the certs just fine.

Could it be that I’m setting up the reverse proxy wrong? Whenever I enable SSL on that reverse proxy, the connection just hangs and drops after a minute. I’m not understanding why it’s doing that.