Cookie Consent by TermsFeed

Installing Mastodon inside a FreeBSD jail

Installing Mastodon inside a FreeBSD jail

Last update: 11 December 2023

Mastodon (and the Fediverse in general) are quite trendy. Every time something strange happens to a “traditional” social, many users search for a different place to stay. Millions of people are landing to the Fediverse and many of them in one of the thousands “Mastodon” instances, already populated and well organized. The problem is that many of them are unprepared and are suffering from slowdowns, moderation problems, etc.

I’ve decided to install some instances. At first I decided to proceed with Akkoma/Soapbox but, after some days, I’ve had some problems I’ll describe in a future post.

I’ve already installed and maganed Mastodon in the past, (as many do) as a Docker stack in a Linux machine. This time I decided to install Mastodon on a FreeBSD jail, managed by BastilleBSD.

There’s not much documentation as everything related to Mastodon seems quite Linux-centric.

I’ll describe a simple, one jail installation, not security oriented nor explaining any single option. If you’re managing an instance, you should be skilled enough to understand what you’re doing here. It would be better to separate the services (Redis, PostgreSQL, etc.) but, for simplicity, I’ll just put everything in a nice single (movable) jail.

Let’s start creating the jail:

bastille create mdontest 14.0-RELEASE 10.0.0.42 bastille0

As we’re going to install postgres in the jail, we should put some lines in the jail’s jail.conf:

sysvmsg=new;
Sysvsem=new;
sysvshm=new;

Now let’s restart the jail and start installing:

bastille restart mdontest
bastille console mdontest

Let’s follow the official installation guide, but with some differences:

pkg install -y curl wget gnupg gmake git-lite node16 yarn-node16  postgresql15-server postgresql15-contrib ImageMagick7 ffmpeg autoconf nginx redis py39-certbot py39-certbot-nginx sudo rubygem-bundler rubygem-posix-spawn

Let’s now enable redis, nginx, postgresql:

service redis enable
service nginx enable
service postgresql enable

Redis won’t allow a connection without authentication. As we’re in a jail - even if it’s not the safest thing to do - modify the /usr/local/etc/redis.conf and set protected-mode to no. Please remember to fix it, sooner or later.

Let’s initialize the postgresql db:

service postgresql initdb

Let’s now modify postgresql to accept connections from the jail’s services. Edit the /var/db/postgres/data15/pg_hba.conf and add the following line:

 host    all             all             10.0.0.42/32            trust

Let’s now start postgresql and redis:

service postgresql start
service redis start

Time to create the database:

sudo -u postgres psql
CREATE USER mastodon CREATEDB;
\q

A dedicated user is always a good idea:

pw add user mastodon -m
echo 'export LC_ALL="en_US.UTF-8"' >> /home/mastodon/.profile

As mastodon user, it’s time to install Mastodon:

corepack enable
su -l mastodon
yarn set version classic
git clone https://github.com/mastodon/mastodon.git live && cd live
git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)

At the time of the last article update, this will set the target version to 4.2.4.

Now the Ruby and Node stuff:

export CONFIGURE_ARGS="--with-cflags=\"-Wno-error=incompatible-function-pointer-types\""
export NODE_OPTIONS="--openssl-legacy-provider"
bundle config deployment 'true'
bundle config without 'development test'
bundle install -j$(getconf _NPROCESSORS_ONLN)
yarn install --pure-lockfile

The software has been installed. Now:

RAILS_ENV=production bundle exec rake mastodon:setup

Remember to set PostgreSQL host to 127.0.0.1 (or 10.0.0.42).

At the end of the configuration process, everything will be ready and you should also have already configured an admin user.

In the dist/ directory you’ll find an nginx.conf - it’s not a full nginx.conf, but just a part of it. I won’t describe nginx configuration as your setup may vary. You could be behind a reverse proxy or expose the jail directly. Many admins suggest to avoid exposing your Mastodon via Cloudflare as it seems to randomly block some APIs and mess up the entire Fediverse.

In the dist directory there are also three systemd services - mastodon-sidekiq.service, mastodon-streaming.service and mastodon-web.service.

In FreeBSD we don’t need them at all but are useful to create a proper rc file to launch the services. I’ve created some quick & dirty simple rc files to launch the services. You can find my mastodon_sidekiq rc script, the mastodon_web rc script and the mastodon_streaming rc script following the links. Just put those scripts into the /usr/local/etc/rc.d directory and enable them:

service  mastodon_sidekiq enable
service  mastodon_web enable
service  mastodon_streaming enable

Restart the container - or start the services - their logs will be appended to /var/log/messages.

Now you have your updated and working Mastodon FreeBSD jail. All the services are run by “daemon” and supervised.

Have fun with your new instance!


See also