Installing Mastodon Inside a FreeBSD Jail
Last update: 04 June 2024
Mastodon (and the Fediverse in general) are quite trendy. Every time something strange happens to a “traditional” social, many users search for a different place to stay. Millions of people are landing to the Fediverse and many of them in one of the thousands “Mastodon” instances, already populated and well organized. The problem is that many of them are unprepared and are suffering from slowdowns, moderation problems, etc.
I’ve decided to install some instances. At first I decided to proceed with Akkoma/Soapbox but, after some days, I’ve had some problems I’ll describe in a future post.
I’ve already installed and maganed Mastodon in the past, (as many do) as a Docker stack in a Linux machine. This time I decided to install Mastodon on a FreeBSD jail, managed by BastilleBSD.
There’s not much documentation as everything related to Mastodon seems quite Linux-centric.
I’ll describe a simple, one jail installation, not security oriented nor explaining any single option. If you’re managing an instance, you should be skilled enough to understand what you’re doing here. It would be better to separate the services (Redis, PostgreSQL, etc.) but, for simplicity, I’ll just put everything in a nice single (movable) jail.
Let’s start creating the jail:
|
|
As we’re going to install postgres in the jail, we should put some lines in the jail’s jail.conf:
|
|
Now let’s restart the jail and start installing:
|
|
Let’s follow the official installation guide, but with some differences:
|
|
Let’s now enable redis, nginx, postgresql:
|
|
Redis won’t allow a connection without authentication. As we’re in a jail - even if it’s not the safest thing to do - modify the /usr/local/etc/redis.conf and set protected-mode to no. Please remember to fix it, sooner or later.
Let’s initialize the postgresql db:
|
|
Let’s now modify postgresql to accept connections from the jail’s services. Edit the /var/db/postgres/data15/pg_hba.conf and add the following line:
|
|
Let’s now start postgresql and redis:
|
|
Time to create the database:
|
|
A dedicated user is always a good idea:
|
|
As mastodon user, it’s time to install Mastodon:
|
|
At the time of the last article update, this will set the target version to 4.2.9.
Now the Ruby and Node stuff:
|
|
The software has been installed. Now:
|
|
Remember to set PostgreSQL host to 127.0.0.1 (or 10.0.0.42).
At the end of the configuration process, everything will be ready and you should also have already configured an admin user.
In the dist/ directory you’ll find an nginx.conf - it’s not a full nginx.conf, but just a part of it. I won’t describe nginx configuration as your setup may vary. You could be behind a reverse proxy or expose the jail directly. Many admins suggest to avoid exposing your Mastodon via Cloudflare as it seems to randomly block some APIs and mess up the entire Fediverse.
In the dist directory there are also three systemd services - mastodon-sidekiq.service, mastodon-streaming.service and mastodon-web.service.
In FreeBSD we don’t need them at all but are useful to create a proper rc file to launch the services. I’ve created some quick & dirty simple rc files to launch the services. You can find my mastodon_sidekiq rc script, the mastodon_web rc script and the mastodon_streaming rc script following the links. Just put those scripts into the /usr/local/etc/rc.d directory and enable them:
|
|
Restart the container - or start the services - their logs will be appended to /var/log/messages.
Now you have your updated and working Mastodon FreeBSD jail. All the services are run by “daemon” and supervised.
Have fun with your new instance!
Related Content
- How We Are Migrating (Many Of) Our Servers From Linux to FreeBSD - Part 1 - System and Jails Setup
- FreeBSD - Assign OVH Failover IPs to FreeBSD Jails
- How We Are Migrating (Many Of) Our Servers From Linux to FreeBSD - Part 2 - Backups and Disaster Recovery
- Why We're Migrating (Many Of) Our Servers From Linux to FreeBSD
- Creating an Alpine Linux VM on Bhyve - With Root on ZFS (Optionally Encrypted)