Some notes from when an associate and I decided to set up a Mastodon instance, mostly just to prove to ourselves that we could.
The instance is hosted on a Scaleway ARM64-4GB cloud server (6 CPU cores, 4 GB of RAM and 100 GB of disk) running Debian 9. This spec is enough for small-to-medium sized Mastodon instances, and is way more than enough for our purposes for the moment. Scaleway's ARM servers are also cheaper than the x86_64 equivalents. There's a slight gotcha in that the 100 GB of disk is split into two 50 GB volumes -- at present, we're only using the 50 GB system disk, but we might need to put some thought into how best to utilise our storage in the future if we get more users at our instance.
The Mastodon git repository has deployment instructions for a whole variety of scenarios. We're doing a bare metal deployment, mostly because I'm stubborn and refuse to learn how to work with Docker. The instructions are for Ubuntu of recent vintage, but they work on Debian with no changes. Minor annoyance: why must I
curl a shell script and pipe it to a shell interpreter just to get an apt repository for node.js? Just give me a
sources.list listing and I'll do it myself. The rest of the setup is really pretty easy, even if it does take some time for ruby to be downloaded and compiled and for the web assets to be precompiled. Another minor annoyance: why, oh why, does the puma process listen on the wildcard address and not localhost? I just reached for
iptables(8) instead of trying to work out how to configure puma properly.
Turns out we also require SMTP infrastructure (and there was much rejoicing). Mastodon gets really unhappy if it can't send emails, so I initially tried to set up a black-holing SMTP server. I then had some sleep, and then decided that a simple send-only MTA would probably be workable.
The current setup is as follows: local users (i.e. using the
sendmail program) are only able to send to other local users, which makes cron mails work; anything connecting to localhost port 25 can relay to the outside world, in which case the mail is signed with DKIM; and no incoming mail is processed.
sudo apt-get install opensmtpd dkimproxy bsd-mailx. As always, with OpenSMTPD, the configuration is amazingly simple:
listen on localhost port 25 tag LOCAL_OUT listen on localhost port 10029 tag DKIM_OUT table aliases file:/etc/aliases limit mta inet4 # No IPv6 reverse DNS, unfortunately accept from local for local alias <aliases> deliver to mbox accept tagged LOCAL_OUT for ! local relay via smtp://127.0.0.1:10028 accept tagged DKIM_OUT for any relay
/etc/default/dkimproxy and ensure that only
dkimproxy_out is running, then edit
/etc/dkimproxy/dkimproxy_out.conf as necessary.
(What do you mean "yeesh, this person really likes writing OpenSMTPD tutorials..."?)