I was able to generate a Zone.Cache Purge token for CLOUDFLARE_API_TOKEN similar to your screenshot. The INSTALL.md says “CLOUDFLARE_ZONE_ID - this can be found in the right hand column of your Cloudflare dashboard in the API section.” and I’m not sure where to find this or maybe what I’m looking for.

I’ve tried just building PieFed in docker with as few things changed as possible and I am still running getting the same message when I try to log in. The CSRF tokens do not match.

The only change I made was in the .env.docker file which was SERVER_NAME=‘pi.DOMAINNAME.ca:8030’

This is what the reverse proxy in nginx looks like now:

upstream app_server {  
    # fail_timeout=0 means we always retry an upstream even if it failed  
    # to return a good HTTP response  

    # for UNIX domain socket setups  
    # server unix:/tmp/gunicorn.sock fail_timeout=0;  

    # for a TCP configuration  
    server 192.168.40.140:5000 fail_timeout=0;  
    keepalive 4;  
}  

server {  
    server_name pi.DOMAINNAME.ca;  
    root /home/USERNAME/pyfedi/app;  

    keepalive_timeout 30;  
    ssi off;  

    location / {  
        # Proxy all requests to Gunicorn  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_set_header X-Forwarded-Proto $scheme;  
        proxy_set_header Host $http_host;  
        proxy_redirect off;  
        proxy_http_version 1.1;  
        proxy_set_header Connection "";  
        proxy_pass http://app_server;  
        ssi off;  
    }  

   # Serve static files directly with nginx  
    location ~* /static/ {  
        alias /home/USERNAME/pyfedi/app/static/;  
        expires max;  
        access_log off;  
    }  

}  

I’ve tried changing ports, commenting out different parts and it’s still the same. I’ve even checked the port forwarding settings and I still getting the same message. I did notice when I ran netstat -tunpl I didn’t see any ports from docker for port 5000. If I understand how the reverse proxy works, I should have a connection coming in from the outside on port 8030 and be redirected by nginx to port 5000 on the local machine where PieFed is hosted? If that’s right, then nginx isn’t sending anything through 5000 locally and just through 8030 I think.

No worries, I’m at least learning a lot about network communication and using the terminal in linux more comfortably. In this case I learned how virtual environments work.

Also since it’s a Pi, I’ve been copying and swapping SD cards at certain points as a backup. It’s easy to clean up learning mistakes along the way. It’s also good practice before I do it all over again on a proper storage device.

There is just one PieFed running in docker on the Pi. My labeling might be a little confusing there.

I followed the easy instructions up until getting PieFed running in the background then skipped down to the Running PieFed in production section. I didn’t see any of the files mentioned in that section and thought to continue from there.

To start, if I load PieFed first, then nginx I get an error like below:

nginx error:

× nginx.service - nginx - high performance web server  
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)  
     Active: failed (Result: exit-code) since Thu 2025-01-02 17:26:07 EST; 22s ago  
   Duration: 5min 39.898s  
       Docs: https://nginx.org/en/docs/  
    Process: 9406 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)  
        CPU: 6ms  

Jan 02 17:26:06 pi nginx[9406]: nginx: [emerg] bind() to 0.0.0.0:5000 failed (98: Address already in use)  
Jan 02 17:26:06 pi nginx[9406]: nginx: [emerg] bind() to [::]:5000 failed (98: Address already in use)  
Jan 02 17:26:06 pi nginx[9406]: nginx: [emerg] bind() to 0.0.0.0:5000 failed (98: Address already in use)  
Jan 02 17:26:06 pi nginx[9406]: nginx: [emerg] bind() to [::]:5000 failed (98: Address already in use)  
Jan 02 17:26:07 pi nginx[9406]: nginx: [emerg] bind() to 0.0.0.0:5000 failed (98: Address already in use)  
Jan 02 17:26:07 pi nginx[9406]: nginx: [emerg] bind() to [::]:5000 failed (98: Address already in use)  
Jan 02 17:26:07 pi nginx[9406]: nginx: [emerg] still could not bind()  
Jan 02 17:26:07 pi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE  
Jan 02 17:26:07 pi systemd[1]: nginx.service: Failed with result 'exit-code'.  
Jan 02 17:26:07 pi systemd[1]: Failed to start nginx.service - nginx - high performance web server.  

If I do the opposite and load nginx before PieFed, PieFed will make a similar complaint about sharing the same port.

The pyfedi.service, celery.service and celeryd files all look similar to the examples from the INSTALL.md except I changed the directory names to match my name in the appropriate places.

Here are the error messages I am getting from systemctl:

pyfedi.service error/celery.service error:

sudo systemctl status celery.service  
× pyfedi.service - Gunicorn instance to serve PieFed application  
     Loaded: loaded (/etc/systemd/system/pyfedi.service; enabled; preset: enabled)  
     Active: failed (Result: exit-code) since Thu 2025-01-02 14:28:27 EST; 4h 42min ago  
   Duration: 126ms  
    Process: 6699 ExecStart=/home/USERNAME/pyfedi/venv/bin/gunicorn --config gunicorn.conf.py --preload pyfedi:app (code>  
   Main PID: 6699 (code=exited, status=1/FAILURE)  
        CPU: 126ms  

Jan 02 14:28:27 pi systemd[1]: pyfedi.service: Scheduled restart job, restart counter is at 5.  
Jan 02 14:28:27 pi systemd[1]: Stopped pyfedi.service - Gunicorn instance to serve PieFed application.  
Jan 02 14:28:27 pi systemd[1]: pyfedi.service: Start request repeated too quickly.  
Jan 02 14:28:27 pi systemd[1]: pyfedi.service: Failed with result 'exit-code'.  
Jan 02 14:28:27 pi systemd[1]: Failed to start pyfedi.service - Gunicorn instance to serve PieFed application.  
lines 1-13/13 (END)  

----------  

× celery.service - Celery Service  
     Loaded: loaded (/etc/systemd/system/celery.service; enabled; preset: enabled)  
     Active: failed (Result: exit-code) since Thu 2025-01-02 14:28:26 EST; 4h 42min ago  
    Process: 6694 ExecStart=/bin/sh -c ${CELERY_BIN} multi start -A ${CELERY_APP} ${CELERYD_NODES} --pidfile=${CELERY>  
        CPU: 341ms  

Jan 02 14:28:26 pi sh[6695]:   File "<frozen importlib._bootstrap_external>", line 940, in exec_module  
Jan 02 14:28:26 pi sh[6695]:   File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed  
Jan 02 14:28:26 pi sh[6695]:   File "/home/USERNAME/pyfedi/celery_worker.py", line 3, in <module>  
Jan 02 14:28:26 pi sh[6695]:     from app import celery, create_app  
Jan 02 14:28:26 pi sh[6695]:   File "/home/USERNAME/pyfedi/app/__init__.py", line 7, in <module>  
Jan 02 14:28:26 pi sh[6695]:     from flask import Flask, request, current_app, session  
Jan 02 14:28:26 pi sh[6695]: ModuleNotFoundError: No module named 'flask'  
Jan 02 14:28:26 pi systemd[1]: celery.service: Control process exited, code=exited, status=2/INVALIDARGUMENT  
Jan 02 14:28:26 pi systemd[1]: celery.service: Failed with result 'exit-code'.  
Jan 02 14:28:26 pi systemd[1]: Failed to start celery.service - Celery Service.  

At this point I am stuck and not sure where to go from here.

You’re right, it was outdated. It seems I got mixed up after a fresh OS install on my Pi. I used APT to download and install docker which is extremely outdated. I now have proper repositories set up for both docker and nginx and everything is up to date. I didn’t need to make any changes to the dockerfile with the proper version.

I’m having issues getting nginx, pyfedi.service and celery.service to work.

Below are some snippets from my notes which should lay out all the steps I’ve taken, hopefully that will explain where I am currently at.

<br>
Steps from fresh OS Install:

## Apt software  
sudo apt install ddclient gufw -y  

# ddclient -> Account/Password/Domain Address  
# gufw  

## Repository Software  
# Docker -> Install-> https://docs.docker.com/engine/install/debian/  
# nginx -> Install -> https://nginx.org/en/linux_packages.html#Debian  
        -> sudo nano /etc/nginx/nginx.conf  
           -> Add line -> include /etc/nginx/sites-enabled/DOMAINNAME;  
        -> sudo nano /etc/nginx/sites-enabled/DOMAIN -> Copy DOMAINNAME reverse proxy settings from USB  
        -> sudo nginx -t  
        -> sudo service nginx restart  

## Docker Images  
# PieFed -> Install: Easy/Docker -> https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL.md  
  ->Edit file entries  
    -env.docker  
     -> SECRET_KEY='k3avh6fp'  
     -> SERVER_NAME='pi.DOMAINNAME.ca:5000'  
    -compose.yaml  
     -> ports: - '8030:5000' -> - '5000:5000'  

## Running In Production  
# Virtual Environment -> Gunicorn & Celery  
  -> python -m venv ~/home/USERNAME/pyfedi/venv  
  -> source ~/home/USERNAME/pyfedi/venv/bin/activate  
  -> pip3 install gunicorn celery  
  -> deactivate  
# Copy file celery_worker.default.py -> celery_worker.py  
  -> Change -> DATABASE_URL -> postgresql+psycopg2://piefed:piefed@db/piefed  
  -> Change -> SERVER_NAME -> pi.DOMAINNAME.ca:5000  
# Create Background Service Files -> Copy EACH from USB  
  -> sudo nano /etc/systemd/system/pyfedi.service  
  -> sudo nano /etc/systemd/system/celery.service  
  -> sudo nano /etc/default/celeryd  
# Enable/Start Background Services  
  -> sudo systemctl enable pyfedi.service  
  -> sudo systemctl enable celery.service  
  -> sudo systemctl start pyfedi.service  
  -> sudo systemctl start celery.service  

<br>
/etc/nginx/sites-enabled/DOMAIN file:

upstream app_server {  
    # fail_timeout=0 means we always retry an upstream even if it failed  
    # to return a good HTTP response  

    # for UNIX domain socket setups  
    # server unix:/tmp/gunicorn.sock fail_timeout=0;  

    # for a TCP configuration  
    server 192.168.40.140:5000 fail_timeout=0;  
    keepalive 4;  
}  

server {  
    listen 5000;  
    listen [::]:5000;  
    server_name pi.DOMAINNAME.ca;  
    root /home/USERNAME/pyfedi/app;  

    keepalive_timeout 30;  
    ssi off;  

    location / {  
        # Proxy all requests to Gunicorn  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_set_header X-Forwarded-Proto $scheme;  
        proxy_set_header Host $http_host;  
        proxy_redirect off;  
        proxy_http_version 1.1;  
        proxy_set_header Connection "";  
        proxy_pass http://app_server;  
        ssi off;  
    }  

    # Serve static files directly with nginx  
    location ~* /static/ {  
        alias /home/USERNAME/pyfedi/app/static/;  
        expires max;  
        access_log off;  
    }  

}  

I decided to start over today with a fresh OS install on my Pi. I did everything according to a checklist I started so nothing new has changed from my knowledge. I am getting errors trying to get past the

export DOCKER_BUILDKIT=1  
docker-compose up --build  

part of the INSTALL.md for the docker instructions.

I’ve saved a copy of my terminal but I’m not sure where a good spot to paste it is since it’s long. There were a lot of permission error 13’s so I tried

sudo docker-compose up --build  

and things started to download and proceed up until a point before another error showed up.

Step 1/14 : FROM --platform=$BUILDPLATFORM python:3-alpine AS builder  
failed to parse platform : "" is an invalid component of "": platform specifier component must match "^[A-Za-z0-9_-]+$": invalid argument  
ERROR: Service 'celery' failed to build : Build failed  

I’m quite confident I did nothing different this time so I don’t know what would be causing issues today. I can provide you with the outputs from my terminal if that will help you.

Yeah, I had :5000 at the end, otherwise I would have gotten an error with the initial website connection from a browser saying the domain did not match. That’s how I figured out to change the port in the compose.yaml from an earlier attempt.

I did not create a reverse proxy. I got excited at getting the site to load that I missed that. I’ll try that in a couple days when I’m free again.

Docker decided to randomly disappear my PieFed image an hour after I finished working on it. The PyFedi folder and all it’s contents have vanished. A very quick search showed that it has happened to other people with other images. So it’s a thing maybe? Strange but fortunately it was all fresh and nothing was lost.

So after a few attempts, I was able to get PieFed working by accessing it through pi.MyDomainName.ca:5000

I changed the SERVER_NAME in .env.docker to match the address above, but with my actual domain name. I also changed the port numbers from 8030:5000 to 5000:5000 in the compose.yaml

I am running into an issue when I attempt to use the login information after the database initialization steps. I get the error “The CSRF tokens do not match.” above the username field on the login screen. I’m not sure what that means exactly.

Other than that, using the docker was fairly straight forward except for some information I forgot to put in correctly the first couple times.

Thanks for the suggestions, I’ll have a look into them and see how they fit my needs. I am looking for something that uses markdown language. I’m using that in other parts of this project as a way to keep things unified and simple for others to participate or contribute.

I don’t do blogs or anything but I do intend to make a community on slrpnk.net in addition to my local instance on my pi. The Solarpunk community will focus more on creating a guide for others to create their own local communities and knowledge base.

The ultimate goal is making sure it’s simple and accessible to as many people as possible.

Once I set up an instance or some sort of community page, I plan to write up an outline of decision choices and future goals in order to help people understand what’s going on and where to begin contributing. I’ll be able to use my seed library as a working example.

I am hoping to be ready within the next couple weeks. I can let you know when the Solarpunk community goes up so you can check it out.

Thanks for the information.

I have a more questions about account registration/logins. If I understand correctly, they will require SSL.

Before I ask anything, I just want to explain what it is I want to do so it’s easier to understand where I’m coming from.

I want to start a seed library for my local community in my town. Unless Monsanto is targeting libraries for heritage seeds, I feel my risk is quite low.

I would like a simple place for people to talk, share information and organize events. I’m also trying to create everything as independent from outside services as possible. The reason being that if any of these outside services experience an extended outage, I can physically move my Raspberry Pi box to central location with local internet/wifi (a library for example) and people will still be able to access all the information. Think of the pi box as becoming a digital community board. In this situation, federation is completely unimportant.

If Cloudflare tunneling experiences issues or outages, can people still create and login to accounts locally? I’m going to assume any disruptions to any email services would also have an effect since that is used for registration as well.

I prefer the Reddit/Lemmy/Piefed style and the markdown language works well with the other parts of my project. It’s not necessary and I may keep searching around for something that suites my use case better.

I’ll most likely go ahead and try installing PieFed anyways with Cloudflare tunneling(or Let’s Encrypt if I don’t have to worry about blocked ports) and smtp2go. At the very least it’ll be an experience and a good place to start for my needs. I can move on from there if I feel the need to.

Thanks again.