FYI, we offer free managed hosting to Indian organizations (media, academia, institutions and non-profit/for-profit companies).
We're sharing our approach here to make it easy for those who want to do it themselves.
-
A domain name: A typical practice is to use a subdomain. For example, if your org website is at thinktank.com, you can set up your fediverse instance at social.thinktank.com. This will allow your users to have an email address like john@thinktank.com and fediverse address as @john@social.thinktank.com. It's also possible to run the fediverse instance on your top-level domain (eg: thinktank.com). In this case, both the email address and fediverse address will be john@thinktank.com. But users visiting thinktank.com in the browser will directly land on your fediverse instance which can't be customized as much as a proper website can be.
-
Members: There should be at least 10 or more users in your org who are planning to be active on fediverse. Maintaining your own instance is not quite easy and therefore, might not be worth the effort for just a couple of users. An alternative solution is to use managed hosting providers like masto.host
-
Infrastructure
- A linux server with minimum 1GB RAM with Docker installed
- An AWS S3 or Minio or Cloudflare R2 bucket where static files like images, videos etc be stored for long-term.
- A PostgreSQL database (eg: AWS RDS or neon.tech)
We will use the following (free) tools:
- GoToSocial as your ActivityPub server
- Traefik as reverse proxy
- LetsEncrypt as SSL certificate provider
-
Generate a HTTP Basic username, password to access Traefik dashboard. We will use this value in our
docker-compose.ymlfile:echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g -
Point your domain's A record in DNS to your linux server's IP address
-
Modify this
docker-compose.ymlfile (eg: replaceyourdomainwith your actual domain name):
version: '3.9'
services:
reverse-proxy:
image: traefik:v2.10
container_name: traefik
command:
- "--log.level=DEBUG"
- "--api.insecure=false"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
# We will comment the line below once configuration is complete
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=you@email.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock"
labels:
traefik.enable: true
traefik.http.routers.traefik_https.rule: Host(`traefik.yourdomain.com`)
traefik.http.services.traefik_https.loadbalancer.server.port: 8080
traefik.http.routers.traefik_https.entrypoints: websecure
traefik.http.routers.traefik_https.tls: true
traefik.http.routers.traefik_https.tls.certResolver: myresolver
traefik.http.routers.traefik_https.service: api@internal
traefik.http.routers.traefik_https.middlewares: basic-auth-global
traefik.http.middlewares.basic-auth-global.basicauth.users: admin:password
social_yourdomain:
image: superseriousbusiness/gotosocial:0.10.0
container_name: social_yourdomain
user: 1000:1000
volumes:
- ~/goto/social_yourdomain:/gotosocial/storage
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.social_yourdomain.rule=Host(`social.yourdomain.com`)
- traefik.http.services.social_yourdomain.loadbalancer.server.port=8080
- traefik.http.routers.social_yourdomain.entrypoints=websecure
- traefik.http.routers.social_yourdomain.tls.certresolver=myresolver
environment:
GTS_HOST: social.yourdomain.com
GTS_DB_TYPE: postgres
#GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
#neon.tech db details
GTS_DB_ADDRESS: database_host
GTS_DB_PORT: 5432
GTS_DB_TLS_MODE: require
GTS_DB_USER: database_username
GTS_DB_PASSWORD: database_password
GTS_DB_DATABASE: database_db_name
GTS_LETSENCRYPT_ENABLED: "false"
GTS_LETSENCRYPT_EMAIL_ADDRESS: ""
GTS_TRUSTED_PROXIES: "172.19.0.0/16"
GTS_STORAGE_BACKEND: s3
GTS_STORAGE_S3_ENDPOINT: s3.ap-south-1.amazonaws.com
GTS_STORAGE_S3_ACCESS_KEY: YOUR_S3_ACCESS_KEY
GTS_STORAGE_S3_SECRET_KEY: YOUR_S3_SECRET_KEY
GTS_STORAGE_S3_BUCKET: yourdomain-gotosocial
- Create your first user by running:
docker exec -it CONTAINER_NAME_OR_ID /gotosocial/gotosocial admin account create --username admin --email you@yourdomain.com --password 'yourpassword'
- Promote this user to admin role:
docker exec -it CONTAINER_NAME_OR_ID /gotosocial/gotosocial admin account promote --username admin
- Now you can login to https://social.yourdomain.com/admin/
- Optional: Uncheck "Manually approve follow requests" in your profile settings
- Optional: Change default listing type from
unlistedtopublic
Now, you can use apps like Tusky and Elk to connect and start using your network.
Cheers :)
- @sahil@mas.to for suggesting Cloudflare R2 (cheaper due to no egress fees) and explicit image version