Skip to content

Instantly share code, notes, and snippets.

@nileshtrivedi

nileshtrivedi/README.md

Last active March 1, 2025 08:44
Show Gist options
  • Save nileshtrivedi/19b7f5a287784a1321d686277b132a6c to your computer and use it in GitHub Desktop.
Save nileshtrivedi/19b7f5a287784a1321d686277b132a6c to your computer and use it in GitHub Desktop.
Download ZIP
How to set up your own fediverse instance
Raw
README.md

How to set up your own fediverse instance

FYI, we offer free managed hosting to Indian organizations (media, academia, institutions and non-profit/for-profit companies).

We're sharing our approach here to make it easy for those who want to do it themselves.

What you need

  • A domain name: A typical practice is to use a subdomain. For example, if your org website is at thinktank.com, you can set up your fediverse instance at social.thinktank.com. This will allow your users to have an email address like [email protected] and fediverse address as @[email protected]. It's also possible to run the fediverse instance on your top-level domain (eg: thinktank.com). In this case, both the email address and fediverse address will be [email protected]. But users visiting thinktank.com in the browser will directly land on your fediverse instance which can't be customized as much as a proper website can be.

  • Members: There should be at least 10 or more users in your org who are planning to be active on fediverse. Maintaining your own instance is not quite easy and therefore, might not be worth the effort for just a couple of users. An alternative solution is to use managed hosting providers like masto.host

  • Infrastructure

    • A linux server with minimum 1GB RAM with Docker installed
    • An AWS S3 or Minio or Cloudflare R2 bucket where static files like images, videos etc be stored for long-term.
    • A PostgreSQL database (eg: AWS RDS or neon.tech)

We will use the following (free) tools:

  • GoToSocial as your ActivityPub server
  • Traefik as reverse proxy
  • LetsEncrypt as SSL certificate provider

Steps:

  • Generate a HTTP Basic username, password to access Traefik dashboard. We will use this value in our docker-compose.yml file: echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g

  • Point your domain's A record in DNS to your linux server's IP address

  • Modify this docker-compose.yml file (eg: replace yourdomain with your actual domain name):

version: '3.9'

services:
  reverse-proxy:
    image: traefik:v2.10
    container_name: traefik
    command:  
      - "--log.level=DEBUG"
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      # We will comment the line below once configuration is complete
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "[email protected]"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock"
    labels:
      traefik.enable: true
      traefik.http.routers.traefik_https.rule: Host(`traefik.yourdomain.com`)
      traefik.http.services.traefik_https.loadbalancer.server.port: 8080
      traefik.http.routers.traefik_https.entrypoints: websecure
      traefik.http.routers.traefik_https.tls: true
      traefik.http.routers.traefik_https.tls.certResolver: myresolver
      traefik.http.routers.traefik_https.service: api@internal
      traefik.http.routers.traefik_https.middlewares: basic-auth-global
      traefik.http.middlewares.basic-auth-global.basicauth.users: admin:password
  
  social_yourdomain:
    image: superseriousbusiness/gotosocial:0.10.0
    container_name: social_yourdomain
    user: 1000:1000
    volumes:
      - ~/goto/social_yourdomain:/gotosocial/storage
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.social_yourdomain.rule=Host(`social.yourdomain.com`)
      - traefik.http.services.social_yourdomain.loadbalancer.server.port=8080
      - traefik.http.routers.social_yourdomain.entrypoints=websecure
      - traefik.http.routers.social_yourdomain.tls.certresolver=myresolver
    environment:
      GTS_HOST: social.yourdomain.com
      GTS_DB_TYPE: postgres
      #GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
      #neon.tech db details
      GTS_DB_ADDRESS: database_host
      GTS_DB_PORT: 5432
      GTS_DB_TLS_MODE: require
      GTS_DB_USER: database_username
      GTS_DB_PASSWORD: database_password
      GTS_DB_DATABASE: database_db_name
      GTS_LETSENCRYPT_ENABLED: "false"
      GTS_LETSENCRYPT_EMAIL_ADDRESS: ""
      GTS_TRUSTED_PROXIES: "172.19.0.0/16"
      GTS_STORAGE_BACKEND: s3
      GTS_STORAGE_S3_ENDPOINT: s3.ap-south-1.amazonaws.com
      GTS_STORAGE_S3_ACCESS_KEY: YOUR_S3_ACCESS_KEY
      GTS_STORAGE_S3_SECRET_KEY: YOUR_S3_SECRET_KEY
      GTS_STORAGE_S3_BUCKET: yourdomain-gotosocial
  • Create your first user by running:
docker exec -it CONTAINER_NAME_OR_ID /gotosocial/gotosocial admin account create --username admin --email [email protected] --password 'yourpassword'
  • Promote this user to admin role:
docker exec -it CONTAINER_NAME_OR_ID /gotosocial/gotosocial admin account promote --username admin
  • Now you can login to https://social.yourdomain.com/admin/
  • Optional: Uncheck "Manually approve follow requests" in your profile settings
  • Optional: Change default listing type from unlisted to public

Now, you can use apps like Tusky and Elk to connect and start using your network.

Cheers :)

Credits

  • @[email protected] for suggesting Cloudflare R2 (cheaper due to no egress fees) and explicit image version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment