Table of Contents
Tips
RSS feed
Its pretty simple to get and RSS feed of an account, just add .rss
to the end of the URL.
An example of embedding Mastodon feeds on your site you can use emfed.
Sources
Server Setup
I have a VPS (I use OVH) and figured I could just host my own. My VPS runs Arch Linux and there is a package for Mastodon on AURappear
- snippet.bash
$ cd ~ $ git clone https://aur.archlinux.org/mastodon.git $ cd mastodon $ makepkg -sri <<< enter password >>>
Ok installed but unfortunately the promised post-install message didn't appear. So lets read the official documentation which recommends three things…
- Only allowing SSH key-based login (I already have this configured).
- Installing fail2ban to block repeated logins.
- Install a firewall and only allow SSH, HTTP and HTTPS ports
SSH key-based login
I took some steps to harden my SSH login some time ago. They are minor but make a small difference. In /etc/ssh/sshd.config
change the following…
- snippet.bash
PermitRootLogin no Port <insert-port-number> PasswordAuthentication no
Note however that before changing PasswordAuthentication
to no
you MUST upload your public SSH key to your account on your VPS otherwise you will lock yourself out.
- snippet.bash
rsync -av ~/.ssh/<keyname>.pub <username>@<vps-server-name|ip-address>:~/.ssh/.
You should now be able to login using your SSH key and its even easier if you use keychain.
fail2ban
Under Arch Linux install with the following (as root
)…
- snippet.bash
# pacman -Syu fail2ban
As per instructions you could add the following to /etc/fail2ban/jail.local
.
- snippet.bash
[DEFAULT] destemail = your@email.here sendername = Fail2Ban [sshd] enabled = true port = 22 [sshd-ddos] enabled = true port = 22
However, I don't…
- Want lots of emails telling me about failed login attempts (like anyone is ever going to read what I write here!).
- Don't run
sshd
on port22
and instead use some other random port to reduce exposure to attacks (not perfect but its one simple step to take).
For obvious reasons I'm not posting what I have entered here and you should interpolate your own values for the relevant fields. Once you have configured fail2ban
appropriately you can enable/restart the service.
- snippet.bash
systemctl enable --now fail2ban.service
Firewall, SSH and HTTPS (not HTTP)
I've already configured nginx which I use for serving the sites I host on my VPS to redirect http
requests on port 80 to https
on port 443 and use certbot to provide valid certificates. I'm not going to allow any firewall to allow http
connections then. As mentioned above I configure sshd
to run on a port other than 22
. To which end my installation of iptables
is somewhat different from the recommended.
TODO Finish off.
Links
About
Switching
- Fedifinder Find Fediverse accounts of your Twitter followings
Emacs
Verification
Hosting
- Ross A. Baker: WebFinger ## Technical
- Automatically post your Flickr photos to your Mastodon account – Steven Can Plan (find your RSS feed for Flickr with this).