Hi all !
I just run over a cool new “twitter” replacement Mastodon.
Some of you maybe already heard about it.
I think it looks relay nice.
Any tots?
It seems cool, but I’m not sure how many people will use it 
Maybe it could be useful for some mid-sized company.
Another social media that will be dead in a couple of months…
Actualy, Mastodon still exists and is growing… slowly but steadily…
Unfortunately you can not run Mastodon on the same server as, for instance, diaspora*. See: https://discourse.diasporafoundation.org/t/diaspora-and-mastodon/2313
I just wanted to bump this topic for the discussion on Twitter and Mastodon is becoming more active since Elon Musk took over Twitter.
Any thoughts on running Mastodon on Nethserver?
It’s kind of funny, and kind of sad, to watch people completely losing their minds over the thought that (other) people will be able to say things on Twitter that they don’t like. Hardcore porn is fine, literal terrorists are fine, but letting a satire news site point out (correctly) that Admiral Richard Levine is a man dressed as a woman is a bridge too far.
But be that as it may, that’s the biggest problem with TwitFaceTube: they centralize control, and thus enable censorship, of what’s designed to be a highly decentralized system. And if the current reaction to Twitter, however insane it is, drives significant numbers of users to the Fediverse, I’d consider that a good thing.
Though their own docs seem to be lacking on the subject, Mastodon provides a docker-compose.yml file, which seems like the natural way to do this and get all the relevant dependencies bundled together. It would remain only to set up a reverse proxy in NS and it should be good to go.
3 Likes
Indeed.
I’ve done some reading on installing Mastodon on NS7 and it seems a Docker install is the (cleanest and less harmful) way to go on NS 7. I lack the skills to perform up a Docker (in general) Mastodon install.
Does anybody have to ‘free time’ on their hands and the ‘willpower’ to give this a go/start please? ( cc @stephdl , @mrmarkuz )
Thanks!
1 Like
I have free time at the moment (recovering from surgery), but I’m not sure I have the focus for that same reason. But I think my guide for PeerTube using docker-compose would likely make a good starting point:
1 Like
I hope you recover and get well soon. Thanks.
2 Likes
Think to use systemd to manage docker-compose, it will basically start and stop your containers
2 Likes
It’d sure be nice if the Mastodon folks provided some official documentation on installing via Docker (they provide a docker-compose.yml file in their repo, so it would seem to be officially supported), but no such luck. So I had a go at it with this as my starting point:
https://peterbabic.dev/blog/running-mastodon-with-docker-compose/
Install Mastodon on NS7
Prerequisites
- Installed and fully updated NS7 system
- Web hosting installed in Software Center
- Nothing else is installed; I haven’t tested for conflicts with anything else or deconflicted any ports that are being used here
- Mastodon will use its own virtual host, so decide on a name for it, make whatever DNS entries are required so that name resolves to your NS install, and obtain a TLS cert for that name
Install nethserver-docker and docker-compose
yum install nethserver-docker
curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Download Mastodon
cd /opt/
git clone https://github.com/mastodon/mastodon
cd mastodon
Database setup
docker run --name postgres14 -v /opt/mastodon/postgres14:/var/lib/postgresql/data -e POSTGRES_PASSWORD=password --rm -d postgres:14-alpine
docker exec -it postgres14 psql -U postgres
Enter the following commands:
> CREATE USER mastodon WITH PASSWORD 'password' CREATEDB;
> exit
docker stop postgres14
Set up Mastodon
touch .env.production
docker-compose run --rm web bundle exec rake mastodon:setup
It will take some time for this command to complete, and will eventually prompt you for setup information. Answer the questions as below:
| Question | Enter |
|---|---|
| Domain name: | The FQDN you chose above |
| Do you want to enable single user mode? | No |
| Are you using Docker to run Mastodon? | Yes |
| PostgreSQL host: | mastodon_db_1 |
| PostgreSQL port: | 5432 |
| Name of PostgreSQL database: | mastodon |
| Name of PostgreSQL user: | mastodon |
| Password of PostgreSQL user: | password |
| Redis host: | mastodon_redis_1 |
| Redis port: | 6379 |
| Redis password: | (blank) |
| Do you want to store uploaded files on the cloud? | No |
| Do you want to send e-mails from localhost? | Yes |
| E-mail address to send e-mails “from”: | (press Enter) |
| Send a test e-mail with this configuration right now? | No |
| Save configuration? | Yes |
You’ll now be shown the contents of the configuration file, which will look like this:
# Generated with mastodon:setup on 2022-11-03 12:27:03 UTC
# Some variables in this file will be interpreted differently whether you are
# using docker-compose or not.
LOCAL_DOMAIN=toot.yourdomain.org
SINGLE_USER_MODE=false
SECRET_KEY_BASE=9adbeda17a4d0688f3a6b82b47a68a94ccbfd45e8c2cee20e9c0901d89b5985eb634e9e523fcb74c6702c06ffcc4ea97e3a5544304c4c6c97e97a6bbc2a5646d
OTP_SECRET=5635320b899a14148473fbe6f8b740607e08c9327c93a058c86804d3ad5b8db5023d3732fb4c0eb17e73e8adac689cc62b84c4c88299556934bd8780b5e8e6a4
VAPID_PRIVATE_KEY=KNjW5mNneoMTkmPG0NPl5jh3CfEaXAath9PgNUUkMWI=
VAPID_PUBLIC_KEY=BMWD6scX3Opxl9ROKZeFoSdr3olZWkNq--OblOgOIwhxbxOoDa6fMLcKAWf2lUNnZQcOMQVi7VpG8wYtJdjDi7w=
DB_HOST=mastodon_db_1
DB_PORT=5432
DB_NAME=mastodon
DB_USER=mastodon
DB_PASS=password
REDIS_HOST=mastodon_redis_1
REDIS_PORT=6379
REDIS_PASSWORD=
SMTP_SERVER=localhost
SMTP_PORT=25
SMTP_AUTH_METHOD=none
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_FROM_ADDRESS=Mastodon <notifications@toot.yourdomain.org>
Despite what the terminal tells you, the configuration file has not been saved. You’ll need to save it yourself, so in another terminal, run:
cd /opt/mastodon
nano .env.production
Paste in these contents, save the file, and exit. Now return to the first terminal, where it’s asking more questions:
| Question | Enter |
|---|---|
| Prepare the database now? | Yes |
| Do you want to create an admin user straight away? | Yes |
| Username: | Whatever you want; default is admin
|
| E-mail: | A usable email address |
…and here’s where it died on me, with this:
rake aborted!
Redis::CannotConnectError: Error connecting to Redis on localhost:6379 (Errno::ECONNREFUSED)
More to follow, maybe.
2 Likes
Many thanks!! Will report back asap
Be sure to read to the end–it didn’t work for me as written. I got farther if I told it to not create the admin user, but it still isn’t running.
What if I already have Redis installed?
rake aborted!
Redis::CannotConnectError: Error connecting to Redis on localhost:6379 (Errno::ECONNREFUSED)
1 Like
I also tried it without success. Same redis connection error.
It doesn’t matter because docker-compose creates a redis container without redirected ports. So Mastodon uses it’s own redis in an internal docker network.
2 Likes
I see that on my server the dir /opt/mastodon/redis is completely empty?
I already started over, I’ll check the directory after my next try…
It would make sense that the directory is empty as the db cannot be created due to the connection error.
EDIT:
I have a file dump.rdb but same redis connection error.
[root@testserver2 mastodon]# ls -lisa redis/
total 8
52230906 0 drwxr-xr-x 2 polkitd root 22 Nov 3 19:54 .
50865494 4 drwxr-xr-x 21 root root 4096 Nov 3 19:47 ..
52230918 4 -rw------- 1 polkitd 1000 3430 Nov 3 19:54 dump.rdb
1 Like
The redis error can be ignored. It’s working (login, mailing, registration, fave) but with nginx on port 443 so one needs to disable httpd which is a NethServer base package required for all apps.
I used this gist in addition to the documentation provided by @danb35
So next step is migrating the nginx reverse proxy configuration to apache if possible…
Installation:
yum -y install https://mrmarkuz.dynu.net/mirror/mrmarkuz/7/noarch/nethserver-mrmarkuz-0.0.1-6.ns7.noarch.rpm
yum -y install nethserver-docker nethserver-nginx
curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
mkdir /opt/mastodon
cd /opt/mastodon
Just get docker-compose.yml from github, the whole build environment isn’t needed:
wget https://raw.githubusercontent.com/mastodon/mastodon/main/docker-compose.yml
Comment the build statements to not build the images, this saves a lot of time (only needed if we like to change mastodon code)
sed -i "s/ build/#build/g" docker-compose.yml
Start setup:
touch .env.production
docker-compose run --rm web bundle exec rake mastodon:setup
As already explained set a password for postgres, no password for redis needed.
Copy the admin password and write the configuration output of the setup to the file .env.production.
Start docker and connect required aqua network for reverse proxy:
docker-compose up -d
docker network connect aqua mastodon_web_1
Add https redirect and reverse proxy by creating /etc/nginx/conf.d/mastodon.conf with following content and replace domain.org with the used domain name:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name domain.org;
root /opt/mastodon/public;
# Useful for Let's Encrypt
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.org;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/pki/tls/certs/localhost.crt;
ssl_certificate_key /etc/pki/tls/private/localhost.key;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /opt/mastodon/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
Disable httpd and enable nginx
systemctl disable httpd --now
systemctl enable nginx
systemctl restart nginx
Browse to the configured domain and login with admin mail and the noted password from the setup.
5 Likes