Questions about setting up a new instance

taters · 8 days ago

Questions about setting up a new instance

Rimu · edit-2 8 days ago

Yes there is a setting to disable the creation of image posts. Don’t worry too much about space usage - after 1 year of operation piefed.social is only using 20 GB for media storage.

For the blocked ports - look into using Cloudflare tunnels aka their Zero Trust product. It’s free and very easy to set up. You just need a daemon running on your server which keeps the tunnel open and you configure it all from within the CF dashboard. Just remember to exclude the url “/inbox” from the WAF.

SSL is required but if you use Cloudflare they will take care of SSL for you.

You only need to send email, not receive it so your ISP won’t block that. You’ll need a SMTP server or AWS SES account. The free tier of https://www.smtp2go.com gives you 200 emails per day which should be plenty.

For more info please see https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL.md. Using docker makes it easier but it’s still a moderately challenging beast to set up so perhaps not ideal if you have never self-hosted anything before. Good luck!

taters · 8 days ago

Thanks for the information.

I have a more questions about account registration/logins. If I understand correctly, they will require SSL.

Before I ask anything, I just want to explain what it is I want to do so it’s easier to understand where I’m coming from.

I want to start a seed library for my local community in my town. Unless Monsanto is targeting libraries for heritage seeds, I feel my risk is quite low.

I would like a simple place for people to talk, share information and organize events. I’m also trying to create everything as independent from outside services as possible. The reason being that if any of these outside services experience an extended outage, I can physically move my Raspberry Pi box to central location with local internet/wifi (a library for example) and people will still be able to access all the information. Think of the pi box as becoming a digital community board. In this situation, federation is completely unimportant.

If Cloudflare tunneling experiences issues or outages, can people still create and login to accounts locally? I’m going to assume any disruptions to any email services would also have an effect since that is used for registration as well.

I prefer the Reddit/Lemmy/Piefed style and the markdown language works well with the other parts of my project. It’s not necessary and I may keep searching around for something that suites my use case better.

I’ll most likely go ahead and try installing PieFed anyways with Cloudflare tunneling(or Let’s Encrypt if I don’t have to worry about blocked ports) and smtp2go. At the very least it’ll be an experience and a good place to start for my needs. I can move on from there if I feel the need to.

Thanks again.

Rimu · edit-2 7 days ago

You can convert an instance to run locally over http without SSL, yes. All you need to do is change your SERVER_NAME environment variable to 127.0.0.1:5000 or whatever your IP address is. Federation won’t work but that’s ok for this scenario.

I ran piefed.social without cloudflare for a few weeks, until the network activity caused by federation required better caching. I used Nginx to listen on port 443 (and to integrate with Lets Encrypt for SSL) and forward requests through to port 5000. This is the setup I documented in the “the hard way” installation instructions. Hopefully your ISP does not use CGNAT and you’ll simply be able to open a port on your router and send it through to your Pi.

You don’t really really need email to work because you can create accounts manually through the admin area. Other than during registration the other other function email is used for is notifications about replies, new posts, etc which isn’t crucial.

taters · 7 days ago

So after a few attempts, I was able to get PieFed working by accessing it through pi.MyDomainName.ca:5000

I changed the SERVER_NAME in .env.docker to match the address above, but with my actual domain name. I also changed the port numbers from 8030:5000 to 5000:5000 in the compose.yaml

I am running into an issue when I attempt to use the login information after the database initialization steps. I get the error “The CSRF tokens do not match.” above the username field on the login screen. I’m not sure what that means exactly.

Other than that, using the docker was fairly straight forward except for some information I forgot to put in correctly the first couple times.

Rimu · 7 days ago

Congrats :)

Does your SERVER_NAME include :5000 on the end? It probably should.

CSRF is a type of hack where the attacker sends fake requests to a web app, from another domain. If PieFed thinks a normal form submission is coming from another domain then that makes me think your reverse proxy (Nginx? Caddy?) needs to add a header that tells PieFed what the domain of the original request was, before it was forwarded on to PieFed. Or are you not using a reverse proxy at all?

taters · 5 days ago

I decided to start over today with a fresh OS install on my Pi. I did everything according to a checklist I started so nothing new has changed from my knowledge. I am getting errors trying to get past the

export DOCKER_BUILDKIT=1  
docker-compose up --build

part of the INSTALL.md for the docker instructions.

I’ve saved a copy of my terminal but I’m not sure where a good spot to paste it is since it’s long. There were a lot of permission error 13’s so I tried

sudo docker-compose up --build

and things started to download and proceed up until a point before another error showed up.

Step 1/14 : FROM --platform=$BUILDPLATFORM python:3-alpine AS builder  
failed to parse platform : "" is an invalid component of "": platform specifier component must match "^[A-Za-z0-9_-]+$": invalid argument  
ERROR: Service 'celery' failed to build : Build failed

I’m quite confident I did nothing different this time so I don’t know what would be causing issues today. I can provide you with the outputs from my terminal if that will help you.

Rimu · 5 days ago

I have only tried building the docker image on my laptop, which has a different CPU architecture than a Pi. On your system the buildplatform variable is empty for some reason. You could try editing the file Dockerfile to have --platform=linux/arm64/v8 or maybe try removing it entirely so the line is just FROM python:3-alpine AS builder.

Do you have a quite old version of docker? Try running docker version to check.

taters · 2 days ago

You’re right, it was outdated. It seems I got mixed up after a fresh OS install on my Pi. I used APT to download and install docker which is extremely outdated. I now have proper repositories set up for both docker and nginx and everything is up to date. I didn’t need to make any changes to the dockerfile with the proper version.

I’m having issues getting nginx, pyfedi.service and celery.service to work.

Below are some snippets from my notes which should lay out all the steps I’ve taken, hopefully that will explain where I am currently at.

<br>
Steps from fresh OS Install:

## Apt software  
sudo apt install ddclient gufw -y  

# ddclient -> Account/Password/Domain Address  
# gufw  

## Repository Software  
# Docker -> Install-> https://docs.docker.com/engine/install/debian/  
# nginx -> Install -> https://nginx.org/en/linux_packages.html#Debian  
        -> sudo nano /etc/nginx/nginx.conf  
           -> Add line -> include /etc/nginx/sites-enabled/DOMAINNAME;  
        -> sudo nano /etc/nginx/sites-enabled/DOMAIN -> Copy DOMAINNAME reverse proxy settings from USB  
        -> sudo nginx -t  
        -> sudo service nginx restart  

## Docker Images  
# PieFed -> Install: Easy/Docker -> https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL.md  
  ->Edit file entries  
    -env.docker  
     -> SECRET_KEY='k3avh6fp'  
     -> SERVER_NAME='pi.DOMAINNAME.ca:5000'  
    -compose.yaml  
     -> ports: - '8030:5000' -> - '5000:5000'  

## Running In Production  
# Virtual Environment -> Gunicorn & Celery  
  -> python -m venv ~/home/USERNAME/pyfedi/venv  
  -> source ~/home/USERNAME/pyfedi/venv/bin/activate  
  -> pip3 install gunicorn celery  
  -> deactivate  
# Copy file celery_worker.default.py -> celery_worker.py  
  -> Change -> DATABASE_URL -> postgresql+psycopg2://piefed:piefed@db/piefed  
  -> Change -> SERVER_NAME -> pi.DOMAINNAME.ca:5000  
# Create Background Service Files -> Copy EACH from USB  
  -> sudo nano /etc/systemd/system/pyfedi.service  
  -> sudo nano /etc/systemd/system/celery.service  
  -> sudo nano /etc/default/celeryd  
# Enable/Start Background Services  
  -> sudo systemctl enable pyfedi.service  
  -> sudo systemctl enable celery.service  
  -> sudo systemctl start pyfedi.service  
  -> sudo systemctl start celery.service

<br>
/etc/nginx/sites-enabled/DOMAIN file:

upstream app_server {  
    # fail_timeout=0 means we always retry an upstream even if it failed  
    # to return a good HTTP response  

    # for UNIX domain socket setups  
    # server unix:/tmp/gunicorn.sock fail_timeout=0;  

    # for a TCP configuration  
    server 192.168.40.140:5000 fail_timeout=0;  
    keepalive 4;  
}  

server {  
    listen 5000;  
    listen [::]:5000;  
    server_name pi.DOMAINNAME.ca;  
    root /home/USERNAME/pyfedi/app;  

    keepalive_timeout 30;  
    ssi off;  

    location / {  
        # Proxy all requests to Gunicorn  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_set_header X-Forwarded-Proto $scheme;  
        proxy_set_header Host $http_host;  
        proxy_redirect off;  
        proxy_http_version 1.1;  
        proxy_set_header Connection "";  
        proxy_pass http://app_server;  
        ssi off;  
    }  

    # Serve static files directly with nginx  
    location ~* /static/ {  
        alias /home/USERNAME/pyfedi/app/static/;  
        expires max;  
        access_log off;  
    }  

}

taters · 7 days ago

Yeah, I had :5000 at the end, otherwise I would have gotten an error with the initial website connection from a browser saying the domain did not match. That’s how I figured out to change the port in the compose.yaml from an earlier attempt.

I did not create a reverse proxy. I got excited at getting the site to load that I missed that. I’ll try that in a couple days when I’m free again.

Docker decided to randomly disappear my PieFed image an hour after I finished working on it. The PyFedi folder and all it’s contents have vanished. A very quick search showed that it has happened to other people with other images. So it’s a thing maybe? Strange but fortunately it was all fresh and nothing was lost.

@Evotech · 7 days ago

I wouldn’t worry about cloudflare reliability. Compared to your rasberrypi especially :p

Jeena · 8 days ago

For 1, you can disallow uploading pictures, videos are not possible to upload anyway. But people can link to videos and pictured hosted somewhere else.

For 2, yes that is not a problem. And even with the other port it can federate, but

For 3, you would need to run SSL for federation as far as I remember, but that should work on other ports that 443 too.

For 4, you can use your gmail server to send emails, you can set PieFed up with that.

hendrik · edit-2 8 days ago

A bit unrelated: But I’ve seen people also use Flarum and Mobilizon for local neighbourhood stuff. We’ve had a (more traditional NodeBB) web forum when I used to live in a student dormitory. Back then people used it for all kinds of stuff, recommendations, asking for help, a lot of classified ads and things to give away for free… Plus we had a large file-drop for photos of our events, summer party etc. Sadly everything fell into disuse when it got replaced by Facebook, WhatsApp, etc at some point. I think projects like this have quite some potential. The old forum had quite some more reach and nice activity, in contrast to today’s online groups.

If you get anywhere with your plans, I’d be interested to read some blog post or something like that. About how it turned out and if (and how) people make use of it. And if someone knows a federated classified ads platform… Please tell me. But I guess a web-forum or PieFed would work, too. Though, that one kind of requires pictures in the posts.

taters · 8 days ago

Thanks for the suggestions, I’ll have a look into them and see how they fit my needs. I am looking for something that uses markdown language. I’m using that in other parts of this project as a way to keep things unified and simple for others to participate or contribute.

I don’t do blogs or anything but I do intend to make a community on slrpnk.net in addition to my local instance on my pi. The Solarpunk community will focus more on creating a guide for others to create their own local communities and knowledge base.

The ultimate goal is making sure it’s simple and accessible to as many people as possible.

Once I set up an instance or some sort of community page, I plan to write up an outline of decision choices and future goals in order to help people understand what’s going on and where to begin contributing. I’ll be able to use my seed library as a working example.

I am hoping to be ready within the next couple weeks. I can let you know when the Solarpunk community goes up so you can check it out.

hendrik · edit-2 7 days ago

Thx, I’ll keep an eye out, so you don’t need to keep me posted. I’m always interested in the broad topic of making the world a slightly better place with technology, and random nice side-projects…

I agree, such things need to be simple, or they won’t take off. Simple to use and simple to sign up. Even coming up with a username and password is a major barrier for the target audience “regular people”. I hope your approach turns out well, because from my experience, onboarding a decent chunk of people is key to making a small and more general platform useful. And it’s hard.