Skip to content

Instantly share code, notes, and snippets.

@AndrewKvalheim
Last active February 9, 2024 18:30
Show Gist options
  • Save AndrewKvalheim/a91c4a4624d341fe2faba28520ed2169 to your computer and use it in GitHub Desktop.
Save AndrewKvalheim/a91c4a4624d341fe2faba28520ed2169 to your computer and use it in GitHub Desktop.
Notes on running a personal Mastodon instance

Personal Mastodon instance

Effective total cost: $3–5/mo

Setup

Decide on an EC2 instance type:

  1. At AWS Console → EC2 → Instance Types, filter for ≥1 GB RAM and sort by price.
    • t4g.micro is lowest.
  2. Look up what t4g.micro means:
    • t: general-purpose with a burstable CPU quota
    • 4: the current generation
    • g: ARM architecture
    • micro: the second lowest configuration
  3. Calculate cost:
    • $6.15/mo when paying hourly
    • $3.59mo when paying annually
    • $2.31/mo when paying every 3 years

Prepare your AWS account:

  • Set up an alarm for your estimated monthly bill so you're notified early of any unanticipated expenses.
  • Import your SSH public key. (EC2 → us-west-2 → Key pairs)

Have ready:

  • a domain name and DNS host
  • an outgoing mail server
    • I use AWS SES since it's easy (decent reputation, automatic DKIM, etc.) and inexpensive ($0.01/mo), but any SMTP provider will do, and you could also set up a traditional mail server on the EC2 instance.
  • static file storage/hosting
    • I use AWS S3 ($1/mo), but a variety of providers offer "S3-compatible" service, and you could also just use the filesystem on the EC2 instance.

Start an EC2 instance:

  1. Launch an instance (EC2 → us-west-2 → Instances) with:
    • Name: Mastodon
    • Image: Ubuntu Server 22.04 LTS (HVM), SSD Volume Type (64-bit ARM)
    • Type: t4g.micro
    • Auto-assign public IP: Disable
    • Security Group:
      • Name: Mastodon
      • SSH from anywhere
      • HTTP from anywhere
      • HTTPS from anywhere
    • Storage: 8 GiB standard (HDD, $0.40/mo)
    • Termination protection: Enable
    • Credit specification: Standard
  2. At EC2 → us-west-2 → Elastic IPs, allocate and associate a static IP address.
  3. Publish an A record at your preferred DNS host.

Prepare the host:

  1. SSH in as ubuntu.
  2. Add 1 GB of swap:
    1. Make a swap file at /swapfile.
    2. Add a swap entry in /etc/fstab.
  3. Add swap on compressed RAM:
    1. Install package systemd-zram-generator.
    2. Set zram-fraction = 1 and compression-algorithm = zstd in /etc/systemd/zram-generator.conf.
  4. Configure unattended upgrades:
    1. Enable Automatic-Reboot in /etc/apt/apt.conf.d/50unattended-upgrades.
  5. Update and upgrade packages.
  6. Reboot.

Install Mastodon:

  1. Follow Mastodon's instructions.
    • To tune PostgreSQL, set:
      • effective_cache_size = 256MB
    • Tune Node.js to use enough memory:
      • Set export NODE_OPTIONS='--max-old-space-size=1024' in ~mastodon/.bashrc.
    • When editing .env.production, pay particular attention to:
      • LOCAL_DOMAIN
      • SINGLE_USER_MODE
      • SMTP…
      • S3… and AWS…
    • When registering services, set:
      • mastodon-sidekiq: --concurrency 1
      • mastodon-web: MAX_THREADS=2 and WEB_CONCURRENCY=1
  2. Schedule the recommended periodic cleanup tasks.
    • Set --concurrency 1 on both tasks.
  3. Reboot.
  4. Sign in to the web interface and review/configure admin settings.

Try out the setup for a few days/weeks, then commit to a longer payment term:

  1. At EC2 → Reserved Instances → Purchase, filter for t4g.micro, sort by effective rate, and purchase a reservation.
  2. Wait a few hours for payment processing to complete.
  3. At EC2 → Reserved Instances, confirm that the reservation is active.
@k-tatgenhorst
Copy link

I am having a lot of difficulty getting mine to use SES for email.
I have the SMtP credentials correct, but I am not sure the other settings. Can you share your email settings (minus credentials of course)?

Here is mine:
SMTP_SERVER=email.us-east-2.amazonaws.com
SMTP_PORT=587
SMTP_LOGIN=-username-
SMTP_PASSWORD=-password-
#SMTP_SSL=true
#SMTP_ENABLE_STARTTLS_AUTO=false
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_FROM_ADDRESS='Mastodon <notifications@-mydomain->'

I have verified DKIM and the account shows healthy. I have not "created a configuration set" or any tags.

@AndrewKvalheim
Copy link
Author

Looks like mine except that SMTP_SERVER is set to the API endpoint instead of the SMTP endpoint. You need the entry from the second table here.

@k-tatgenhorst
Copy link

Thank you! I think that is part of the problem, though it is not yet sending. The account is in a "Sandbox" and while it says "You can do most things in the sandbox" it does mention only sending to approved addresses and does not seem to offer a means to approve them. I have an open case asking to move into production.

Thank you for taking the time and spotting an error.

@dbaynard
Copy link

dbaynard commented Nov 6, 2022

Thanks, I've been looking for some costings; this is helpful.

What monthly egress do you see from the instance?

@AndrewKvalheim
Copy link
Author

AndrewKvalheim commented Nov 8, 2022

It’s varied a bit over the last year and I’m not sure what the explanation is:

Bytes per day over the last year

Monthly totalBytes per month over the last year

@dbaynard
Copy link

dbaynard commented Nov 8, 2022

That's brilliant! Thank you.

The spikiness might be S3 egress, for media, no? I'm presuming you'd know if a post of yours went super viral in early August.

@HankLloydRight
Copy link

Thanks for your tips, but why would you open SSH to the world?

SSH from anywhere

That seems like a huge security hole/risk.
Why not limit it to a set of known IPs or networks that only the admin can connect from?

I get that Ubuntu uses a key pair to login, but still, leaving SSH open to the world does not seem like best practices.

@richardmax
Copy link

Hi. I'd love a AWS Mastoden Server setting up for myself and my colleagues. Are you interested and how much would that be? Email: ricmax.uk@gmail.com

@bryan-harter
Copy link

This was great, thanks!

As a note, I was having trouble when mastodon was compiling the libraries after the setup, so I switched to a t2.xlarge server for 30 minutes to run the setup, and then switched back to a nano. Admittedly though I didn't play around with the swap space, that might have fixed the issue.

@HankLloydRight
Copy link

As a note, I was having trouble when mastodon was compiling the libraries after the setup, so I switched to a t2.xlarge server for 30 minutes to run the setup, and then switched back to a nano. Admittedly though I didn't play around with the swap space, that might have fixed the issue.

Two things. First, definitely add the swap space as described above.
Second, the code won't compile on t2.nano or t2.micro, but it will compile in 2 minutes on t2.small. I was switching between t2.large to compile the code and then back to t2.micro, but now I'm just leaving it on t2.small.

@AndrewKvalheim
Copy link
Author

AndrewKvalheim commented Nov 10, 2022

Asset compilation started OOMing at v3.5.0. I’ve since enabled zram and now swap peaks at about 25%.

@artfusion
Copy link

Thanks for your tips, but why would you open SSH to the world?

SSH from anywhere

That seems like a huge security hole/risk. Why not limit it to a set of known IPs or networks that only the admin can connect from?

I get that Ubuntu uses a key pair to login, but still, leaving SSH open to the world does not seem like best practices.

You can set up Bastion on another EC2 instance to act as a proxy to the ssh, and then it wont be open to the world.

@HankLloydRight
Copy link

You can set up Bastion on another EC2 instance to act as a proxy to the ssh, and then it wont be open to the world.

Please, that's overkill. All you need to do is set up the Security Group(s) correctly to only allow access from a known IP address or small subnet. Absolutely no need for another EC2 instance and/or Bastion.

@PunchMSX
Copy link

You should really consider looking into EC2 Spot instances... it's a real easy way to have bigger instances on the cheap for the common folk, instead of actually buying reserved EC2 instances that will probably not make much sense to someone if they stop using mastodon later and don't have any use to the reservation.

My t3.small instance runs almost half as cheap as a t3.micro on-demand instance (the "regular" priced instances). Here's a shot of the pricing graph for it, the price varies but more common instances like T or M almost always have a good, 50%+ discount over on-demand instances.
https://mast.pceninja.com/web/@punch/109328433145245539

@ntn888
Copy link

ntn888 commented Nov 13, 2022

i think the oracle offering with free vm 4core/24G mem would be ideal...

@cantino
Copy link

cantino commented Nov 25, 2022

Very helpful, thank you! The only things I had to do differently were:

  • setup certbot before symlinking the mastodon nginx configuration. mastodon/documentation#940
  • All requests were 404ing until I ran chmod +x /home/mastodon

@AndrewKvalheim
Copy link
Author

AndrewKvalheim commented Nov 25, 2022

The latter sounds like mastodon/mastodon#18257. The instructions still specify Ubuntu 20.04 LTS so perhaps they need to be updated for 22.04 LTS.

@dbaynard
Copy link

Thanks everybody; it would be great if those of you who aren't using oracle's free tier are about to come back in a few months with some details on egress and s3 use (the uncertain parts of billing).

@ntn888
Copy link

ntn888 commented Nov 26, 2022

Thanks everybody; it would be great if those of you who aren't using oracle's free tier are about to come back in a few months with some details on egress and s3 use (the uncertain parts of billing).

I actually moved on to a cheap european VPS provider (due to smtp port opening issues) & used backblaze b2 (S3 compat.) free 10G trial; it filled up in a week :( . And I'm the only user. Admittedly I have subscribed to relays.

@ntn888
Copy link

ntn888 commented Nov 26, 2022

Very helpful, thank you! The only things I had to do differently were:

* setup certbot before symlinking the mastodon nginx configuration. [mastodon/documentation#940](https://github.com/mastodon/documentation/issues/940)

* All requests were 404ing until I ran `chmod +x /home/mastodon`

yes precisely. on both debian 10/11 & ubuntu 20.04 uand 22.04. I think even the official instructions are a bit off.

@PunchMSX
Copy link

Thanks everybody; it would be great if those of you who aren't using oracle's free tier are about to come back in a few months with some details on egress and s3 use (the uncertain parts of billing).

I will report back later, but the results seem promising. And as for email, since the emails are only sent back to ME, I'm using SES and I didn't bother leaving the sandbox mode. Works pretty well.

@dbaynard
Copy link

Hello, how's everybody getting on — expenses reasonable?

@AndrewKvalheim
Copy link
Author

AWS has announced an approximate doubling of the price, making small-scale usage like this untenable for the foreseeable future.

I haven’t yet gotten a straight answer to whether they’re planning to apply the new pricing model to the three years I committed to under different terms.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment