GoToSocial on OpenBSD, a Fediverse adventure
1935 words, 10 minutes
In early 2019, I got fed up with Twitter Ads and recommendations etc. So I started looking for alternatives and read about Mastodon. As I was especially looking for OpenBSD news, tricks etc, I finally landed on bsd.network. It turned out to be a really nice place to hang out ; and not BSD-centric at all. People there are great. And MastoAdmins are kind and caring people.
A couple of years later, I decided that I would host my own instance on the Fediverse. And the journey began.
There were no particular reasons to host my on instance server. And as one say: only because you can does not mean you should. But this is how I learn things.
So I created a bunch of accounts in various Fediverse instances using Mastodon, Friendica, PixelFed, Misskey, GNUsocial, Pleroma. I also installed Honk and GoToSocial. Then I started testing how they all worked together. And I finally decided to go with GoToSocial .
If you care about why I didn’t choose any of the other tested options, here’s my compliance checklist:
- must run on OpenBSD ;
- should be packaged ;
- should be coded in Shell, C, C++, Python or Go ;
- must be simple / no big-mama ;
- must be compatible with Mastodon and PixelFed.
Install and run GoToSocial
GTS is available as a package in OpenBSD. As of now, I’m using OpenBSD 7.2 and
GoToSocial 0.5.2 0.6.0, available in HEAD ports. I compiled this package in a full
7.2 environment. This is not the recommended way to do it but I don’t want
to run -CURRENT on my server. After reading the installation
guide
, you may
proceed.
# pkg_add gotosocial
# cp /usr/local/share/examples/gotosocial/gotosocial.yaml /etc/gotosocial.yaml
# vi /etc/gotosocial.yaml
(...)
host: "piou.foolbazar.eu"
account-domain: ""
protocol: "https"
bind-address: "127.0.0.1"
port: 8080
trusted-proxies:
- "127.0.0.1/32"
db-type: "sqlite"
db-address: "/var/gotosocial/sqlite.db"
(...)
# rcctl enable gotosocial
# rcctl start gotosocial
Note that GTS will be listening to localhost only. The service will be exposed via a reverse-proxy mechanism.
The domain name is quite an important notion in ActivityPub. As for e-mail,
this is how you’re joinable. But It seems to be a little less flexible
than e-mail as users / actors seem to be identified by their ID and a
cryptographic key. What’s to be remembered is “backup your instance and
user identification data”. And do not simply replace a working
installation with an empty one using the same FQDN.
GoToSocial has a nice feature that allows some kind of masquerading. You
can set your account to @me@somewhere.home while running the service on
a server called vps.somewhere.home. The magic is done via /.well-known/
URLs. But this also means that it can only be done once per domain. So I
decided not to use it and to configure a specific (sub)domain.
Administrative tasks are done in the console. There’s no GUI for those
tasks (yet) ; and I LOVE IT!
I created an Admin user and a normal user.
# doas -u _gotosocial gotosocial --config-path /etc/gotosocial.yaml \
admin account create --username <adminUID> --email <adminEMAIL> \
--password '<adminPASSWD>'
# doas -u _gotosocial gotosocial --config-path /etc/gotosocial.yaml \
admin account confirm --username <adminUID>
# doas -u _gotosocial gotosocial --config-path /etc/gotosocial.yaml \
admin account promote --username <adminUID>
# doas -u _gotosocial gotosocial --config-path /etc/gotosocial.yaml \
admin account create --username <myUID> --email <myEMAIL> \
--password '<myPASSWD>'
# doas -u _gotosocial gotosocial --config-path /etc/gotosocial.yaml \
admin account confirm --username <myUID>
Keep in mind that <UID>
is how you’ll appear in the Fediverse. People
will talk to @UID@DOMAINNAME
. The <EMAIL>
is used as a username when it
comes to authentification, in Apps or to configure your profile from the
Web GUI. The <PASSWD>
is… well… your password.
Expose GoToSocial to the Fediverse
I’m not exposing GTS directly on the Internet. I use the stock relayd(8) and httpd(8) to deal with TLS certificates, HTTP headers and publication.
I used /etc/examples/httpd.conf
to setup the HTTP to HTTPS redirection and
Let’s Encrypt TLS certificate management.
Then I modified my /etc/relayd.conf
to expose GoToSocial.
# cat /etc/relayd.conf
localhost="127.0.0.1"
table <piou> { $localhost }
http protocol www {
block
pass request quick header "Host" value "piou.foolbazar.eu" forward to <localhost>
}
relay www {
listen on $ext_addr port 80
protocol www
forward to <localhost> port http
}
http protocol wwwtls {
tcp { nodelay, socket buffer 65536 }
tls keypair foolbazar.eu
http websockets
match request header append "X-Forwarded-For" \
value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request tagged "piou" header set "X-Forwarded-Proto" \
value "https"
match response header set "Permissions-Policy" \
value "accelerometer=(none), camera=(none), \
geolocation=(none), gyroscope=(none), magnetometer=(none), \
microphone=(none), payment=(none), usb=(none)"
match response header set "Referrer-Policy" value "strict-origin"
match response header set "Strict-Transport-Security" \
value "max-age=31536000; includeSubDomains"
match response header set "X-Content-Type-Options" value "nosniff"
match response header set "X-Frame-Options" value "SAMEORIGIN"
match response header set "X-XSS-Protection" value "1; mode=block"
block
match request header "Host" value "piou.foolbazar.eu" tag "piou"
pass request quick tagged "piou" forward to <piou>
}
relay wwwtls {
listen on $ext_addr port 443 tls
protocol wwwtls
forward to <piou> port 8080
}
The reasons for the tags is because I have several services exposed by relayd(8) and I apply various configuration depending on the service. I extracted the ones needed for GTS here.
Once this is done, reload relayd(8) and you’re reading to explore the Fediverse.
Online configuration
There are a few URL that can be used to check and/or modify data.
- https://mydomain displays a summary of the instance. Its name, the number of registered users, the number of public posts and the number of instances it is federated with. It also explains that GTS has no Web client and that you should use a dedicated one. I’m using Pinafore and Metatext for iOS .
- https://mydomain/@me display the profile page for the “me” user. One can see the general information provided by the account, when the user joined the instance and a few metrics about posts and follows.
- https://mydomain/users/me is redirected to /@me.
- https://mydomain/admin requires authentication using an admin user. When authenticated, you gain access to some configuration parameters. Some are configured in the YAML file and you can change their values here. Some like the description of this instance can be edited there. The Blocks section allows management of the instances you wish to not federate with. It can be done instance by instance or by exporting / importing a file.
- https://mydomain/user allows user authentication. This is where the profile information can be modified. Upload header and avatar picture, set up Display name and Bio, … This is also where you configure the default post privacy and change your password.
Connecting Web and/or App client
As stated by the instance summary, there is no Web client provided by GoToSocial. Mastodon ships with one. Here, we have to either install a compatible Web client and/or connect to the instance using an App.
I installed and run Pinafore on my OpenBSD instance. I just followed the installation directive and start the daemon in a tmux session. The client is exposed via relayd(8). Everything works like a charm and you get a Mastodon-like user experience.
I tried using several applications. Some work, some don’t. The official
Mastodon client works. So does Twidere X and Metatext. The CLI and TUI
client named toot does not work. So doesn’t feed2toot and ephemetoot. As
far as I could understand, this is because urn:ietf:wg:oauth:2.0:oob
is not yet well supported. But I was told on gotosocial-help
that this
should be solved in the next release.
Migrating from Mastodon
DON’T DO IT. Like REALLY!
Do not do it unless you know what will fail and accept to not go whining
in the benevol developers ears ;-)
Quoting GTS:
GoToSocial is still ALPHA SOFTWARE. It is already deployable and useable, and it federates cleanly with many other Fediverse servers (not yet all). However, many things are not yet implemented, and there are plenty of bugs! We foresee entering beta somewhere in 2023.
Quoting GoToSocial Help:
several people now have tried to hackily drop-in replace mastodon or pleroma with gts and it is very likely to cause issues. in future we’ll present a properly tested means of migrating, but for now you do such things at your own risk ;)
As I am an idiot, I tried it anyway.
First thing I did, was to configure a “redirect”. From the Mastodon Web
interface, go to Account / Account settings / Move to a different
account. Then click the Alternatively, you can only put up a redirect
on your profile link. Enter the new account reference and your current
password. Finally click “Set Redirect”.
From now on, the Mastodon account has a note saying This account is
marked as moved to @me@mydomain, and may thus not accept new follows.
From an account that was already following my redirected account,
nothing really happened. If you try to get information for that
redirected account, you’ll get the notification that this account is
redirected.
From an account that was not already following my redirected account, it
is impossible to follow it. You have to follow the target account.
The second step would be to actually move the account. Which, according
to the doc, should move all your followers to the new account. As of
now, there were no automatic migration of the followers to the new
account. People had to manually follow the new account.
Using the “Move to a different account” feature did not work. I think
the reason lies here:
The new account must first be configured to back-reference this one
and as far as I could understand, GTS does not implement alias
yet.
So trying to proceed to the migration ends up with
Something isn’t quite right yet! Please review the error below
DO NOT TRY TO MIGRATE YOUR MASTODON ACCOUNT TO GOTOSOCIAL
Just create a new one, tell your followers and take the opportunity to
clean your following / followers lists ;-)
So what?
All in all, I don’t regret setting up my own Fediverse instance using GoToSocial. And I think I will keep using my account with GTS.
There are a few things I used on Mastodon that I noticed do not work yet with GoToSocial:
- Toots can’t be pinned.
- Polls are published as toots, not polls.
- Metatext don’t get notifications. Pinafore does.
- Hashtag searches produce no results.
Keep and eye on the roadmap to see what happens and what to expect from GoToSocial. Things will change with time.
When you run your own instance and you’re the only user on it, the Local
and Federated Timelines get a bit less interested than what they were on
a populated instance.
The Home Timeline is composed of a mix of your activity and the activity
from people you follow. You got their posts, their favorites, their
retoots and various replies.
The Local Timeline is basically the list of toots you, the only user,
made. Hence, not very interesting. Unless you don’t know what you toot
:)
The Federated Timeline may be populated in different manner depending on
the software. From what I understood and identified, the Federated
Timeline using GoToSocial and being the only user on the instance will
contain the following things:
- what you tooted ;
- what the people/accounts you follow tooted, favorited, retooted ;
- what people you don’t follow tooted while mentioning people/accounts you follow.
I thought the Federated Timeline would contain all the public posts from the instances hosting people/accounts I follow. But its not. Discovering new people/accounts will require an alternate method.
Now, happy tooting! And if you wish to, I’m tootable as
@joel@piou.foolbazar.eu
.
Updated on 2022-12-07 with relayd(8) corrections and GTS 0.6.0 updates.