When I get the motivation again I will give this a try. A while ago I was wondering if a tool like this existed so it’s nice to see it pop up now. Thank you for this.
For verification I used the built in certificate manager in Nginx Proxy Manager. I generate an API key from Cloudflare for a DNS zone:zone:edit key with the domain I am using. Then I chose DNS verification in Proxy Manager and put the API key in the edit box. This has been successful every time.
Do you use Cloudflare Tunnel or are you using Cloudflare as a Dynamic DNS? I’ve had issues with certbot but I think I just wasn’t using it properly, what process did you use for DNS verification?
I’ll give your suggestions a try when I get the motivation to try again. Sort of burnt myself out at the moment and would like to continue with other stuff.
I am actually using the Cloudflare Tunnel with SSL enabled which is how I was able to achieve that in the first place.
For the curious here are the steps I took to get that to work:
This is on a Raspberry Pi 5 (arm64, Raspberry Pi OS/Debian 12)
# Cloudflared -> Install & Create Tunnel & Run Tunnel
-> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/
-> Select option -> Linux
-> Step 4: Change -> credentials-file: /root/.cloudflared/<Tunnel-UUID>.json -> credentials-file: /home/USERNAME/.cloudflared/<Tunnel-UUID>.json
-> Run as a service
-> Open new terminal
-> sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml
-> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/
-> Configuration (Optional) -> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/configuration-file/
-> sudo systemctl restart cloudflared
-> Enable SSL connections on Cloudflare site
-> Main Page -> Websites -> DOMAINNAME.COM -> SSL/TLS -> Configure -> Full -> Save
-> SSL/TLS -> Edge Certificates -> Always Use HTTPS: On -> Opportunistic Encryption: On -> Automatic HTTPS Rewrites: On -> Universal SSL: Enabled
Cloudflared complains about ~/.cloudflared/config.yml and /etc/cloudflared/config.yml not matching. I just edit ~/.cloudflared/config.yml and run sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml
again followed by sudo systemctl restart cloudflared
whenever I make any changes.
The configuration step is just there as reference for myself, it’s not necessary for a simple setup.
The tunnel is nice and convenient. It does the job well. I just have a strong personal preference to not depend on large organizations. I’ve installed Timeshift as a backup management for myself so I can easily revisit this topic later when my brain is ready.
Nginx Proxy Manager has been handling certs for me, I’m not sure how it handles certs since it’s packaged in a docker container. I can only assume it does something similar to Caddy which also automatically handles certificate registration and renewals. So probably certbot.
All I know is that NPM has an option for DNS challenges which is how I got my certs in the first place.
That’s what I thought. NPM is handling the certs just fine.
Could it be that I’m setting up the reverse proxy wrong? Whenever I enable SSL on that reverse proxy, the connection just hangs and drops after a minute. I’m not understanding why it’s doing that.
When I was young, my elders told me stories of planting trees. Not for myself but for future generations. Instead they took the land, the wealth, the knowledge and the bits of whatever scraps left behind that made them feel powerful.
Then they turned around and insulted me, belittled me and blamed me for not caring enough about their every wants and fragile emotions. Demanded I work harder while they stood there watching me to criticize my every move. Accused me of selfishness for not following all the awful and outdated advice they constantly forced upon me. Hated me for not following step by step in their traditions that caused so much division and suffering. Bullied me for attempting to express myself freely.
They never got around to planting their trees. They just flicked the cigarette butt and watched the other trees burn.
The elders that left me feeling inspired and comfortable with me being myself are so few and far between that it hurts. It’s hard for me to not feel betrayed by the majority of my elders.
I want to be inspired to do good from people who already do good things. Instead I feel like my empathy for others is being built up out of spite against my elders actions. Their words are so empty and meaningless to me.
I’ve also chosen to not let my future self become a burden on the younger people that follow me. I’ve already chosen my retirement plan. Extreme sports. Wing suit would be fun. I’d easily settle for trying to kick a cop in the nuts.
I haven’t had a chance to really test how Lemmy and PieFed work long term on the Pi 5 yet. So far it’s been quick and responsive and I’m still using wifi instead of a direct ethernet connection to the main modem. Ethernet is for the future. I still have more work to finish on the Pi 5.
The Pi 5 is also running Kiwix, Dufs for file sharing and a static page. All run through their own docker containers. With only me using it, everything seems to run just quite smoothly.
My goals with the Pi 5 aren’t long term. I’m using it more as a working example until I can get better equipment for hosting but that involves other plans for a local project I want to put my energy into now.
You’ll definitely want to use a reliable type of USB media storage with good read and write speeds. An SD card won’t do well considering these webapps are database heavy and will be constantly writing stuff.
Lemmy easy deploy seems interesting, if you can get caddy in that script to handle TLS encryption certificates, It should do nicely. I struggled with Let’s Encrypt and went a different route for now.