Self-hosting an ActivityPub blog using a local computer and free tunnel

Background / why did I do this?

I already own a Raspberry Pi 4 board, so have been looking into self-hosting some things. Diving into the rabbit hole, I realized installing and maintaining a multi-user Fediverse instance (e.g. Mastodon) is probably not something I'd like to figure out and maintain at this time - but I'd still like to have an ActivityPub blog/writing presence on the public web that I have complete control over, as an exercise in decentralization.


My original plan was to host things using yunohost. Along the way, I discovered my router sucks and does not have any way to enable port forwarding, so I cannot expose something running in my local network to the public internet using port forwarding. I also did not want to purchase a new router or pay for a VPS. As a workaround, I'm using a cloudflare tunnel to expose my instance to the public internet.

This explanation will probably be overly verbose, and you could definitely follow the existing docs, but hopefully this write-up will be useful in tying things together for those less experienced in hosting things on the interwebz, without router port forward access.

WARNING: The way I currently have this set up means my traffic is visible to cloudflare, because I am using cloudflare tunnels. Accessing my instance should be generally secure since https can be used between end-users and cloudflare, and the tunnel between my server and cloudflare is also encrypted. However, if traffic being visible to cloudflare is part of your threat model, you should not follow these instructions or interact with this instance. (Since this is a public blog, it is a convenient and inexpensive solution for my purposes).


  • A domain name
  • A server. This can probably be any computer on any OS (Linux, Windows, Mac) that can run docker, docker-compose, and cloudflared.
  • An internet connection

Software we'll be using

Running locally

  • I used the docker instructions
  • After cloning the repository, enter the newly created directory for the following steps.
  • Configuration wizard notes:
    • I recommend setting your domain as a subdomain of the domain you hold. For example, I have the domain, so I set my domain as
    • I set https=false. Normally you wouldn't want to do this, but I'm relying on the tunnel to encrypt my traffic to cloudflare, and cloudflare will serve the instance to the public internet using https, with its own certificate.
    • To set your profile image, put it in the /app/static folder and set the icon_url to https://{domain}/static/{yourImageFile}
    • You can change your config after initial run of the configuration wizard by editing the /data/profile.toml file.
  • When ready, docker-compose up -d (or similar, depending on your OS). You should now be able to view and log into your micropub, either from localhost:8000 on the server itself, or from the local IP address of your server, something like http://192.168.10.XXX:8000, if you are accessing it from another device on your local network.

Exposing to public internet using cloudflared

  • about cloudflare tunnels
  • You'll need to create a (free) cloudflare account for this. You'll also need to add your domain as a cloudflare website, and to use cloudflare's domain nameservers
  • Follow the cloudflare tunnel documentation
    • On the traffic routing step, make sure the application hostname matches the domain setting used in your profile.toml
  • After completing the above, you should now be able to reach your micropub instance from the public internet via your domain.

Next steps

  • Check out the user guide for more profile configuration and instance customization, such as writing your summary in markdown, adding profile metadata, hiding followers/following, custom css & more.
  • Remote follow other ActivityPub accounts to interact :)

You'll only receive email when they publish something new.

More from zero
All posts