I plan on using docker compose. Are there any security risks (other than the obvious of using a VLAN and reverse proxy) that I should know about? If I use a reverse proxy (say, either hosted in a colo hosting provider or Cloudflare), does federation still work properly?
Thanks!
Yes, PieFed works great with Cloudflare, including with a Zero Trust tunnel. It is best to exclude the path
/inboxfrom Cloudflare’s WAF.See https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL-docker.md to get started and also some of the bits and pieces in https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL.md apply to the docker method too. See how you go.
If you join the PieFed Security Announcements matrix room then you’ll be among the first to hear about any security issues. Or the admins channel on https://chat.piefed.social/
Awesome, thanks for the tips!
Lots of cloudflare-specific stuff here - https://codeberg.org/rimu/pyfedi/src/branch/main/INSTALL.md#cdn
