fediverse guides

This will be a collection of how-to's and documentation for setting up various servers in the fediverse.

I welcome constructive feedback – so please feel free to let me know what you think, how I could improve them, and generally what else you'd like to see here.

This post will serve as the table of contents

Pre Setup prior to installing instances

Buying a Domain and Pointing it to DigitalOcean Setting up SSH & Keys Purchasing an SMTP Provider Setting up a New Droplet on Digital Ocean Prepping the Server for use

Fediverse Instances/Services/Applications

writefreely ownCast Matrix / Synapse

#howto #fediverse #federated #writefreely #opensource #documentation #help #guide

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

Finding a Domain Registrar

There are several domain registrars to choose from – but personally I prefer gandi.net – they're easy to use, buy, import existing domains bought elsewhere and usually the cheapest as well. This guide assumes that gandi will be used as the domain registrar.

gandi.net

Other registrars include

• godaddy.com
• ionos.com

Finding a domain and purchasing

Once registered with the registrar – time to find a domain name. On the left hand side of the screen – click on / select “Domain”

Then click on the “Register” button on the right hand side of the screen.

This brings you to a search box:

From this point – a typical shopping cart experience. If your chosen domain is not available – several alternatives will be presented that are available. If none of those work – then keep trying various combinations until a suitable domain is secured.

Once purchased – it takes around 2 to 5 minutes for the domain to become available for use.

Pointing domain to DigitalOcean

This guide is assuming that Digital Ocean digitalocean.com is going to be the hosting provider for your websites/instances.

However, it should be noted that most hosting provider works the same.

Click on the domain that was recently purchased and a series of tabs will appear – click on “Nameservers”

Click on “External Nameservers” and input the following:

ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.com

Click save.

This could take a bit to propagate over to digitalocean. Personally I have seen this take anywhere from 5 minutes but up to 2 hours. It will make it there -but depending on the amount of traffic it could just take some time. DigitalOcean's official policy is that it could take up to 24 hours.

At this point your newly purchased domain is now directing to digitalocean for hosting and site setup.

#hosting #selfhosting #fediverse #guides #digitalocean #gandi.net #domain #opensource #how-to #howto

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

Working with digital ocean (or any hosting platform) the easiest way to interact and deploy software is using a terminal based ssh client. This will be daunting and confusing at first – but over time and with practice (and a good google-fu) one can master the terminal.

This guide is assuming that the domain has been purchased and DigitalOcean as the hosting provider. Please keep this in mind as, while it should be very similar regardless of where the site is going to be hosted.

Downloading a SSH client

By default Linux and MacOS come with terminals built in. Windows, however, does not. Having said that – there are plenty of 3rd party applications out there that can be utilized.

Here are some:

Windows

• PuTTy
• Microsoft Powershell
• MobaXterm
• mRemoteNG

MacOS

• Terminal comes preinstalled
• iTerm2

Linux

• Terminal is built into Linux and by far the best to use

iOS

• blink.sh

Android

• Termux

OS Agnostic

• Terminator

Once one of these applications are downloaded and installed – launch the application. A screen should be presented as such:

Setup Keys

Keys are important to security and logging in to your server. Think of them as complex passwords and stored in such a way that the computer that you are using can communicate with the remote server.

In very basic terminology – its a way to tell the remote server “you can trust this computer that is logging into you and issue commands”.

Once the application is launched – the terminal will sit and wait for commands to be entered. Copy and paste the following command:

ssh-keygen

A prompt will appear to save the key as a file – just press enter to accept the default file name given.

Enter a passphrase (not required – but heavily recommended).

Enter the passphrase again to confirm.

Two files will be generated. id_rsa and id_rsa.pub

Finally – issue the following command and copy/paste it into a notepad/text editor.

cat ~/.ssh/id_rsa.pub

Adding Key to DigitalOcean

Once logged into DigitalOcean – navigate to settings from the menu along the left hand side. Switch to the “Security” tab.

Click “Add SSH Key” button on the right hand side.

Paste the contents from the command issued directly above into the box.

Finally give this SSH Key a name – syntax doesn't matter – but name it in such a way you can recognize it when assigning it to a droplet.

Footnotes

Apparently generating ssh-keys is slightly different when using PuTTy on Windows – please follow this guide

#howto #how-to #guides #guide #fediverse #federated #ssh #terminal #linux #ubuntu #digitalocean #selfhost #selfhosting #windows #putty

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

Purchasing a SMTP provider will help in several areas. This will let the server app (whatever that may be) to send out email to users. This could be used to validate that users are legit (not bots), sending out site notifications, or any number of other reasons.

Using an SMTP provider over your own email providers smtp can help the ease on your own server. Might also prevent your server from getting flagged for spam which may affect your email address and being able to send or receive email.

For this – it is recommended to use mailgun.com. They are fairly cheap (one of the cheaper services that I found), easy to set up and deploy.

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

Setting up a droplet on Digital Ocean is fairly straight forward and simple.

Things to consider before setting up and configuring a droplet are the intentions of the server. For instance; if a server is only going to be for a single user or serving a small application, then the server requirement doesn’t need to be very strong.

The more users that are going to be using the server/application or if the application requires a bunch of processing power then a more powerful server will be needed.

Spaces and Content Delivery Network (CDN)

Another thing to consider is what type of applications are going to be running. If the application is going to be more content heavy (i.e. mastodon or pixelfed) then a droplet with enough diskspace is going to be needed for all the content assests. However, there are ways to mitigate server space in lieu for using digital ocean’s spaces. Digital Ocean Spaces are cheap ($5/mo for 250gigs of space) and speed up how the content assets are delivered.

Digital Ocean spaces are not required for any application for the fediverse but are recommended if servers are going to be handling a lot of traffic and users.

Obtaining a Droplet

Click on “Create” green button that is in the top bar on the right hand side of the screen.

A dropdown will appear – select “Droplets”.

Region & DataCenters

A choice of region will appear. While it doesn’t really matter which region is chosen, best to use one for your country, followed by the one closest to you. For instance – I use New York Datacenter 3 – as I am based on the East Coast. However, I could choose San Francisco – which if I intend on the majority of my users are based on the west coast.

~If spaces are going to be deployed for your server/instance they will need to be in the same datacluster.~

Once the region is chosen; select the specific datacenter. Doesn’t really matter which data center is chosen. Just make sure to keep everything in the same datacenter across various servers, spaces and instances.

Operating System

All Guides on fedi-verse.info are under the assumption that Ubuntu 22.10 will be used. Ubuntu is based on Debian so these two are basically interchangeable. Having said that – Ubuntu is the best, solid Operating System (OS). Any Linux will be fine to use and is up to personal preference.

Droplet Type (CPU & Ram)

For clarification – CPU is the processing power. The more CPU cores the more processing power the server will have. As stated above – the more processing power – the more users can use the system. RAM is how many things can happen at once. The more RAM a server has the more users and functionality can be handled. CPU and RAM tend to go hand in hand; which is why you choose them together.

The more users you intend on having, the more content trying to be delivered, the higher the CPU and Ram should be.

For example – the mastodon server I run – is currently on 4 GB RAM, 2 CPU and 60 Gigs of RAM + 250 GIG of Spaces. As of Feb 2023, this is estimated around $33/mo. I am also assuming that this server will stay under 250 users – however, I would expect it to get above 500 users and still be okay.

The beauty of Digital Ocean is that droplets can be resized to be stronger, faster with more HD space. Keep this in mind – because you can not downsize. Downsizing would entail destroying the droplet and rebuilding. However, upgrading is always an option.

For most use cases; 4GB Ram, 2CPU and 80Gigs of SSD will be perfect. However, the minimum should be 2 GB Ram, 1 CPU and 50 SSD.

Choose Authentication Method

Follow guide SSH Clients and Keys for this section. If this was done prior – the key generated should be listed here for selection.

If no key is listed here – click on the “New SSH Key” button and follow the guide above.

Finalize Details

Last thing to do is assigning a hostname. This name is just for the server and a way to identify the server instance for when logged into it via ssh.

#fediverse #guides #guide #howto #how-to #sysadmin #systemadmin #digitalocean #help #opensource #foss

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

This guide is to walk a user through prepping a newly set up droplet for use. This guide is assuming that Digital Ocean is the provider.

Prerequisites

Configure SSH Keys Setup and Configure a Droplet

Grabbing IP Addresses

Log into Digital Ocean and click on “Droplets” on the left hand side menu

Find the droplet that is to be prepped and click on the ip address to copy the ip address to the server. An IP address are a series of numbers seperated by a period between numbers. An example IP Address would be: 64.233.160.120.

IP Addresses are specific addresses read by computers to locate that specific server in the internet. DNS servers (aka Domain Name Servers) can translate those numbers into easier to remember domain names). For example, typing in that address above – the browser will take you to google.com. Of course telling users to go to a series of numbers isn't very easy to remember – its easier to simply state “to search – just go to google.com”.

Once the IP address is copied to the clipboard, open up your favorite SSH terminal.

Logging into the Server

Once at the prompt of the terminal – enter the following command to log into the remote server

ssh root@<paste in the IP address copied into clip board>

If the SSH Keys were implemented and set up as per this guide – then the prompt should simply change to show root@.

Update the server

Once logged in – as a root user – you will have full read/write access to the entire server. Be very careful of commands being entered as root because with this level of access – it is very easy to simply delete very important files required to run the server.

All commands posted on this site are very straight forward and will not pose any threats to the server.

Running these next commands will tell the system to grab the latest updates and patches. This is important as it will fix any security flaws or simply bring new functionality to the server.

apt-get update apt-get upgrade apt-get dist-upgrade

Depending on all of the updates – this could be quick – or it could take several minutes. It is also good practice to run these commands every so often (bi-weekly if not weekly).

Conclusion

This is all thats required to prep the server for whatever application that is about to be installed and serve.

#linux #ubuntu #server #sysadmin #digitalocean #security #prep

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

This guide will help users set up the federated blog writing software WriteFreely. It will be assumed the user is using DigitalOcean. Guide can be used with other hosting sites, even self-hosted, as the commands and steps are universal.

Pre-requisites

• Buying a Domain & Pointing it towards DigitalOcean
• Setting up SSH Clients and Keys
• Setting up a New Droplet on DigitalOcean
• Prepping the Server for use

Installing additional needed software

Once you log into your new droplet – a prompt should appear

Install all needed software that WriteFreely will need to run

apt-get install nginx certbot python3-certbot-nginx mysql-server golang-go

Press 'Y' to continue the installation – this could take a few minutes to update, run, and install everything

Set up the Database with MySQL

While still logged in with root user – enter

mysql

This will be using the MySQL application and the prompt will change to show mysql

First step is to create the database

CREATE DATABASE writefreely;

Note the “;” at the end of the statement – all MySQL statements need to end with “;” to execute.

Next is to create a user for the database

CREATE USER 'writefreely'@'localhost' IDENTIFIED BY '<Set your own complex password>';

Now – tie the user to the database

GRANT ALL PRIVILEGES ON writefreely.* to 'writefreely'@'localhost';

All statements should complete with “Query OK”

Exit by quitting

quit;

Starting the WriteFreely Install

This guide will install writefreely into the /var/www folder of Ubuntu Server – change to this directory

cd /var/www

Download the latest version of WriteFreely – as of this document the version is v0.13.2. To find the latest version click here

wget https://github.com/writefreely/writefreely/releases/download/v0.13.2/writefreely_0.13.2_linux_amd64.tar.gz

Extract the files to the /writefreely/ directory

tar -xvzf writefreely_0.13.2_linux_amd64.tar.gz writefreely

Star Configuration of WriteFreely

Move to the WriteFreely directory

cd writefreely

Run the config

./writefreely --config

This will start an interactive setup where navigation between options can be done via up/down keys.

1. Environment – choose 'Production, behind reverse proxy'
2. Local port – leave default to 8080
3. Database Driver – leave default to MySQL
4. MySQL Username – enter writefreely
5. MySQL Password – enter password chosen from previous step
6. MySQL Database Name – enter writefreely
7. MySQL Host – leave default localhost
8. MySQL Port – leave default 3306
9. Site Type – Choose Single User if this instance will be for you or one user. Multi-User will allows to add other users to write entries. For this guide – choose Single User Blog
10. Admin username – enter username to use to log into
11. Admin password – enter password to use to log into
12. Blog name – Enter the name of the site (not your domain, but they could be similar). This will typically show up in page titles, etc
13. Public URL – enter the domain name that was secured for this domain – be sure to enter https:// as well: https://purchased-domain-name.com
14. Federation – Enable – default
15. Usage Stats – Public (can change to private if desired)
16. Instance Metadata – Public (can be changed to private if desired)

A bunch of text will now scroll by showing updates being made/executed

Next – executed the key-gen command to generate some random keys for encryption

./writefreely --gen-keys

Again, several lines of text showing success while executing command

Finally run some final database configurations. I got a mix of errors and success messages – but still worked appropriately

./writefreely --init-db

Change ownership of files to www-data

This is so that the user www-data (which runs the webserver nginx) can read/use the files. While still using root and in the /var/www/writefreely directory – execute the following command

chown www-data:www-data * -R

Setting up nginx

Navigate to the following directory

cd /etc/nginx/sites-available

Create a new file for the nginx configuration file

nano writefreely.conf

Paste the following into the file

server {

    server_name domainname.com; #Update this to your domain name

    gzip on;
    gzip_types
      application/javascript
      application/x-javascript
      application/json
      application/rss+xml
      application/xml
      image/svg+xml
      image/x-icon
      application/vnd.ms-fontobject
      application/font-sfnt
      text/css
      text/plain;
    gzip_min_length 256;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_vary on;

    location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://127.0.0.1:8080;
        proxy_redirect off;
    }

    location ~ ^/(css|img|js|fonts)/ {
        root /var/www/writefreely/static;
        # Optionally cache these files in the browser:
        # expires 12M;
    }

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://127.0.0.1:8080;
        proxy_redirect off;
    }

}

Save the file (Ctrl-X, Y, Press Enter)

Next step is to link this to being enabled

ln -s /etc/nginx/sites-available/writefreely.conf /etc/nginx/sites-enabled/writefreely.conf

Validate there are no errors by restarting/reloading the nginx service

service nginx reload

Enable https by using certbot

Run the following command to start certbot let's encrypt

certbot --nginx

After a few lines going by – a menu will appear

Choose the domain (should be the only one to choose) that was purchased and implemented.

Follow the prompts to enter a valid email address to which the Let's Encrypt verify.

Agree to the terms.

Finally another prompt will ask if you wish to redirect or not. Choose the 2nd option to redirect. This will tell the webserver to always go to the secure site at https://

Running Writefreely upon Start

To ensure WriteFreely always starts when the server is rebooted – it is easiest to create a systemd file to ensure this happens.

Still using root user create a file

nano /etc/systemd/system/writefreely.service

Paste the following

[Unit]
Description=WriteFreely Instance
After=syslog.target network.target
# If MySQL is running on the same machine, uncomment the following
# line to use it, instead.
After=syslog.target network.target mysql.service

[Service]
Type=simple
StandardOutput=syslog
StandardError=syslog
WorkingDirectory=/var/www/writefreely
ExecStart=/var/www/writefreely/writefreely
Restart=always

[Install]
WantedBy=multi-user.target

Save the file and exit (Ctrl-X, Y, Press Enter)

Enable it

systemctl enable writefreely.service

Start it

Systemctl start writefreely.servce

Conclusion

Congratulations on getting writefreely up and running. Navigate to the server via your favorite web browser and go to the domain purchased.

#howto #digitalocean #writefreely #fediverse #federated #guides #helpguide #ubuntu #linux

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

Owncast is a federated streaming service akin to twitch.tv.

Pre-requisites

As OwnCast transcodes input video file thats streamed – it is required (if its not required, it should be) to use a beefy pc with a dedicated graphics card. This doesn't required an overly powerful machine – so an older pc laying around is perfect for this application. Just make sure there's a dedicated graphics card – or can have one installed.

Also – an application is needed to record the gameplay and 'stream' it to the OwnCast Server. It is recommended to use OBS Broadcaster for this endenvor. Its free, and open source and runs on any OS.

Download at https://obsproject.com/

Offsite link

I was absolutely impressed with how easy and simple it is to get OwnCast installed and running. When I set this up and started taking notes to write this document – I found that I didn't really need to. Just by following this guide here – I was able to be up and running in less than 5 minutes.

Having said that there were parts of the guide that didn't really explain how to stream behind a reverse proxy with nginx.

Luckily @lefractal@mstdn.social helped me by pointing me to his guide that he wrote and it is much easier to just follow their site for soup to nuts installation.

To follow their guide – please refer to this link here.

All kudos should be given to @lefractal@mstdn.social for this guide.

Tags

#owncast #federated #writely #mastodon #guides #guide #install #linux #streaming

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com

Matrix / Synapse are a messaging platform/server. It is a federated application that allows people to IM/Chat/Video chat. Kind of like IRC or Internet Relay Chat that can connect to other federated chat servers.

While this is federated, it will not work with mastodon/pixelfed instances. While it may look similar, they cannot talk to one another. An example of a mastodon user would be @kristophr@the-gathering.space – while an example of matrix would be @kristophr:chat.gaymers.me. Notice the use of : between the username and server for matrix whereas there's an @ symbol between a username and instance for mastodon (pixelfed, etc).

For the record – there is a package that is installable directly in Ubuntu/Debian flavors of Linux. However, I was never able to get them to work correctly. This guide will step you through on how to set everything up and work as it should.

This guide is assuming that a domain has been purchased and being hosted via DigitalOcean droplet. Also mailgun will be used as the smtp outgoing server for email.

Pre Setup prior to installing instances

Buying a Domain and Pointing it to DigitalOcean Setting up SSH & Keys Purchasing an SMTP Provider Setting up a New Droplet on Digital Ocean Prepping the Server for use

Log into server

Using your favorite terminal, launch it and log in

ssh root@IP_Address_of_remote_server or ssh root@domain.com

Install required software

sudo apt install build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev nginx certbot python3-certbot-nginx

Press Y and press enter to begin installation

Staging the server and installing Matrix Synapse

Once everything is installed from previous command, create a directory to install Synapse.

mkdir -p ~/synapse

This will create a folder located in /root/synapse

Create a virtual environment by issuing the following command:

virtualenv -p python3 ~/synapse/env

Use Source to use specific environment variables to install synapse

source ~/synapse/env/bin/activate

The prompt should now look like the following

Use pip to install the following commands

pip install --upgrade pip pip install --upgrade setuptools pip install matrix-synapse

Generate config file

While still in the new environment – execute the following commands to create a server yaml file. This file is how to configure the server upon launching.

First navigate to the folder (if not done so)

cd ~/synapse

Execute the following command to generate the yaml file. Make sure to update the server-name with the domain that will be used.

python -m synapse.app.homeserver \
    --server-name CHANGEME.DOMAIN.URL \
    --config-path homeserver.yaml \
    --generate-config \
    --report-stats=yes

Should look something like this when done:

Update the homeserver.yaml file

Edit the file nano homeserver.yaml

Opening Registrations to your server

If you want users to be able to register themselves you will need to allow that in your homeserver.yaml file. Paste the following sections into the config file.

Recaptcha was tough for me to figure out and get through – however, you will need a google account to register the recaptcha. When ready – go to the following link:

https://www.google.com/recaptcha/admin/create

This seems to be the only link that works to create the recaptcha keys for v2. My personal struggles were just googling recaptch and going to the recaptcha enterprise application. Do not do this – only create using the link above.

Also make sure that recaptcha v2 with checkmark is selected. This is the only version that Matrix/Synapse supports.

For emails, I use mailgun.com but any smtp server will work.

#Registrations
enable_registration: true 

#ReCaptcha
recaptcha_public_key: "<INSERT PUBLIC KEY"
recaptcha_private_key: "<INSERT PRIVATE KEY>"
enable_registration_captcha: True
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
public_baseurl: "UPDATE TO YOUR SERVER"

#Email
email:
    enable_notifs: true
    smtp_host: CHANGEME - SMTP SERVER
    smtp_port: CHANGEME - SMTP PORT
    smtp_user: "CHANGEME - USERNAME"
    smtp_pass: "CHANGEME - PASSWORD"
    require_transport_security: False
    notif_from: "Your Friendly %(app)s Home Server <CHANGEME - EMAILADDRESS>"
    app_name: Matrix
    notif_for_new_users: True

Enable users to create group chats

If you want your users to be able to create group chats – insert this line into the homeserver.yaml file

enable_group_creation: True

nginx set up

To put the newly created server behind a reverse proxy, we'll accomplish this by using nginx.

Create a conf file

nano /etc/nginx/sites-available/matrix.conf

Once the file is open, paste in the following text – make note to update the server_name with your domain. Make note to update the CHANGEME as noted below – usually all of these are identical

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # For the federation port
    listen 8448 ssl http2 default_server;
    listen [::]:8448 ssl http2 default_server;

    server_name CHANGEME; #Enter chosen domain name

    location ~* ^(\/_matrix|\/_synapse\/client) {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;

    # Synapse responses may be chunked, which is an HTTP/1.1 feature.
    proxy_http_version 1.1;

    }

location /.well-known/matrix/server {
     return 200 '{"m.server": "CHANGEME:443"}';
     add_header Content-Type application/json;
     default_type application/json;
     add_header Access-Control-Allow-Origin *;
    }

location /.well-known/matrix/client {
    return 200 '{"m.homeserver": {"base_url": "https://CHANGEME"}}';
    default_type application/json;
    add_header Access-Control-Allow-Origin *;
}

}

After making the changes – use Ctrl-X to exit, press Y to save and enter to confirm the file name

Enable the new config by executing the following command

ln -s /etc/nginx/sites-available/matrix.conf /etc/nginx/sites-enabled/matrix.conf

reload the nginx service

service nginx reload

Finally use Lets Encrypt to secure the newly enabled site

certbot --nginx

If this is your first time using nginx; accept the terms agreement, enter a valid email address, next – select the domain being set up in this guide, and finally select 2 so that the server will always redirect to https.

Time to start the server

To enable the server, while still at the prompt

synctl start

If everything went well – a green prompt will say that the server has started

If everything is successful – navigating in a browser to your newly established server – you'll simply get an nginx welcome page. This is expected as everything is running in the background.

Creating an admin user

Next, while still in the console, you'll create your admin user account. To do this, execute the following command

register_new_matrix_user -c homeserver.yaml http://localhost:8008

Enter in your favorite details and a success message should appear

Logging in with your favorite client

Everything up to this point is getting your SERVER up and running. A client (whether a local desktop app or a web app) is still required to make use of this server.

Personally I like Element; but I am certain there are others out there – you can download element here

Contact:

Mastodon: @kristophr@the-gathering.space Email: kristophr@live.com