Mastodon (and the Fediverse in general) are quite trendy. Every time something strange happens to a "traditional" social, many users search for a different place to stay. Millions of people are landing to the Fediverse and many of them in one of the thousands "Mastodon" instances, already populated and well organized. The problem is that many of them are unprepared and are suffering from slowdowns, moderation problems, etc.
I've decided to install some instances. At first I decided to proceed with Akkoma/Soapbox but, after some days, I've had some problems I'll describe in a future post.
I've already installed and maganed Mastodon in the past, (as many do) as a Docker stack in a Linux machine. This time I decided to install Mastodon on a FreeBSD jail, managed by BastilleBSD.
There's not much documentation as everything related to Mastodon seems quite Linux-centric.
I'll describe a simple, one jail installation, not security oriented nor explaining any single option. If you're managing an instance, you should be skilled enough to understand what you're doing here. It would be better to separate the services (Redis, PostgreSQL, etc.) but, for simplicity, I'll just put everything in a nice single (movable) jail.
Let's start creating the jail:
bastille create mdontest 13.1-RELEASE 10.0.0.42 bastille0
As we're going to install postgres in the jail, we should put some lines in the jail's jail.conf:
Now let's restart the jail and start installing:
bastille restart mdontest
bastille console mdontest
Let's follow the official installation guide, but with some differences:
pkg install -y curl wget gnupg gmake git-lite node16 yarn rubygem-bundler postgresql14-server postgresql14-contrib ImageMagick7 ffmpeg autoconf nginx redis py39-certbot py39-certbot-nginx sudo
Let's now enable redis, nginx, postgresql:
service redis enable
service nginx enable
service postgresql enable
Redis won't allow a connection without authentication. As we're in a jail - even if it's not the safest thing to do - modify the /usr/local/etc/redis.conf and set protected-mode to no. Please remember to fix it, sooner or later.
Let's initialize the postgresql db:
service postgresql initdb
Let's now modify postgresql to accept connections from the jail's services. Edit the /var/db/postgres/data14/pg_hba.conf and add the following line:
host all all 10.0.0.42/32 trust
Let's now start postgresql and redis:
service postgresql start
service redis start
Time to create the database:
sudo -u postgres psql
CREATE USER mastodon CREATEDB;
A dedicated user is always a good idea:
pw add user mastodon -m
echo 'export LC_ALL="en_US.UTF-8"' >> /home/mastodon/.profile
As mastodon user, it's time to install Mastodon:
su -l mastodon
yarn set version classic
git clone https://github.com/mastodon/mastodon.git live && cd live
git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)
At the time of writing, this will set the target version to 4.0.2.
Now the Ruby stuff:
bundle config deployment 'true'
bundle config without 'development test'
bundle install -j$(getconf _NPROCESSORS_ONLN)
yarn install --pure-lockfile
The software has been installed. Now:
RAILS_ENV=production bundle exec rake mastodon:setup
Remember to set PostgreSQL host to 127.0.0.1 (or 10.0.0.42).
At the end of the configuration process, everything will be ready and you should also have already configured an admin user.
In the dist/ directory you'll find an nginx.conf - it's not a full nginx.conf, but just a part of it. I won't describe nginx configuration as your setup may vary. You could be behind a reverse proxy or expose the jail directly. Many admins suggest to avoid exposing your Mastodon via Cloudflare as it seems to randomly block some APIs and mess up the entire Fediverse.
In the dist directory there are also three systemd services - mastodon-sidekiq.service, mastodon-streaming.service and mastodon-web.service.
In FreeBSD we don't need them at all but are useful to create a proper rc file to launch the services. I've created some quick & dirty simple rc files to launch the services. You can find my mastodon_sidekiq rc script, the mastodon_web rc script and the mastodon_streaming rc script following the links. Just put those scripts into the /usr/local/etc/rc.d directory and enable them:
service mastodon_sidekiq enable
service mastodon_web enable
service mastodon_streaming enable
Restart the container - or start the services - their logs will be appended to /var/log/messages.
Now you have your updated and working Mastodon FreeBSD jail. All the services are run by "daemon" and supervised.
Have fun with your new instance!