We just came back from seeing the Queen of the Night bloom at the succulent collection in Zürich. Fantastic! 😀
Sadly, my system administration isn’t going as well.
I’m trying to install GoToSocial.
GoToSocial is an ActivityPub social network server, written in Golang. – README
I was following the instructions for a binary install.
This is the binary installation guide for GoToSocial. It is assumed that you already have a properly configured VPS running in the cloud, or a suitable homeserver that is accessible with port forwarding. – Binary Installation From Release
Binary Installation From Release
Install as a new user:
adduser --system --home=/home/gotosocial --group gotosocial cd /home/gotosocial sudo -u gotosocial mkdir -p storage/certs sudo -u gotosocial wget https://github.com/superseriousbusiness/gotosocial/releases/download/v0.3.4/gotosocial_0.3.4_linux_amd64.tar.gz sudo -u gotosocial tar -xzf gotosocial_0.3.4_linux_amd64.tar.gz sudo -u gotosocial cp example/config.yaml .
Edit configs is next, edit “/home/gotosocial/config.yaml” as user gotosocial.
43c43 < host: "localhost" --- > host: "social.alexschroeder.ch" 81c81 < port: 8080 --- > port: 4025 100c100 < db-type: "postgres" --- > db-type: "sqlite" 115c115 < db-address: "" --- > db-address: "sqlite.db" 177c177 < accounts-registration-open: true --- > accounts-registration-open: false 213c213 < media-description-max-chars: 500 --- > media-description-max-chars: 5000 224c224 < media-remote-cache-days: 30 --- > media-remote-cache-days: 7 243c243 < storage-local-base-path: "/gotosocial/storage" --- > storage-local-base-path: "/home/gotosocial/storage" 382c382 < smtp-host: "" --- > smtp-host: "alexschroeder.ch" 387c387 < smtp-port: 0 --- > smtp-port: 587 394c394 < smtp-username: "" --- > smtp-username: "alex@alexschroeder.ch" 400c400 < smtp-password: "" --- > smtp-password: "*secret*" 405c405 < smtp-from: "" --- > smtp-from: "fedi@alexschroeder.ch"
I did set up “fedi@alexschroeder.ch” as an identity on the Migadu admin site.
I also configured the “social.alexschroeder.ch” subdomain on the Gandi admin site.
I also edited the domain list for dehydrated, adding “social.alexschroeder.ch” to the domains for “alexschroeder.ch” and regenerated my certs, as root.
dehydrated -c
Next, proxying social.alexschroeder.ch → localhost:4025 by editing “/etc/apache2/sites-available/100-alexschroeder.ch.conf” as root. I added the following section:
<VirtualHost *:443>
ServerAdmin alex@alexschroeder.ch
ServerName social.alexschroeder.ch
ProxyPass / http://localhost:4025/
SSLEngine on
SSLCertificateFile /var/lib/dehydrated/certs/alexschroeder.ch/cert.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/alexschroeder.ch/privkey.pem
SSLCertificateChainFile /var/lib/dehydrated/certs/alexschroeder.ch/chain.pem
SSLVerifyClient None
</VirtualHost>
Reload the Apache config:
apache2ctl graceful
Run server, create first account, confirm it, and promote it:
sudo -u gotosocial ./gotosocial --config-path ./config.yaml server start sudo -u gotosocial ./gotosocial --config-path ./config.yaml admin account create --username alex --email alex@alexschroeder.ch --password '*secret*' sudo -u gotosocial ./gotosocial --config-path ./config.yaml admin account confirm --username alex sudo -u gotosocial ./gotosocial --config-path ./config.yaml admin account promote --username alex
Setup systemd:
cp /home/gotosocial/example/gotosocial.service /etc/systemd/system/gotosocial.service
Edit it:
17,18c17,18 < ExecStart=/gotosocial/gotosocial --config-path config.yaml server start < WorkingDirectory=/gotosocial --- > ExecStart=/home/gotosocial/gotosocial --config-path config.yaml server start > WorkingDirectory=/home/gotosocial
Make sure the log file directory exists:
sudo mkdir /var/log/gotosocial chown gotosocial.adm /var/log/gotosocial
Enable the service:
sudo systemctl enable --now gotosocial.service
Sadly, it doesn’t work. Currently, if I search on another instance for `@alex@social.alexschroeder.ch` nothing happens and the logs say:
time=2022-06-09T00:27:29+02:00 level=info msg=authentication not passed for public key owner https://octodon.social/actor; signature value was 'keyId="https://octodon.social/actor#main-key",algorithm="rsa-sha256",headers="(request-target) host date accept",signature="…' func=UsersGETHandler url=/users/alex
These URLs all seem to work:
https://social.alexschroeder.ch/@alex
https://social.alexschroeder.ch/.well-known/webfinger?resource=acct:alex@social.alexschroeder.ch
I guess I’m stuck.
I do hate the fact that ActivityPub is basically a system that burns through subdomains and usernames. At first I had used “fedi.alexschroeder.ch” but a long time I go I had already used this subdomain so the keys the others servers had kept would surely not match. I switched to “goto.alexschroeder.ch” but didn’t delete the database so the “alex” user still had some URLs pointing to the “fedi” subdomain (the webfinger contained the wrong URLs, and contacting those would get you SSL errors). I created more users, hoping that those would be OK but it just didn’t work, so I deleted the sqlite database file and tried again, this time using “social.alexschroeder.ch” but it kept refusing the other requests (as seen above). I realised that I might have wiped the sqlite database file but not the storage directory. Thinking that perhaps this third installation had not “spread” anywhere, I deleted both the sqlite database file and the storage directory and started for the fourth time. Again, connecting via a client like Pinafore works, but searching for the account to follow from another instance does not, and “authentication not passed for public key owner” keeps getting logged for those requests.
Anyway, I’m leaving for a trip tomorrow and this is making me very sad and tired so I think I’ll just drop it for the moment.
#Mastodon #Fediverse #GoToSocial #Administration
(Please contact me if you want to remove your comment.)
⁂
Returning to this issue, looking at my instance’s logs while trying to search for my account from a different one.
social.alexschroeder.ch:443 74.51.207.68 - - [12/Aug/2022:10:09:54 +0200] "GET /.well-known/webfinger?resource=acct:alex@social.alexschroeder.ch HTTP/1.1" 200 5381 "-" "http.rb/5.0.4 (Mastodon/3.5.3; +https://linuxrocks.online/)" social.alexschroeder.ch:443 74.51.207.68 - - [12/Aug/2022:10:09:55 +0200] "GET /users/alex HTTP/1.1" 401 5237 "-" "http.rb/5.0.4 (Mastodon/3.5.3; +https://linuxrocks.online/)"
OK, the second request gets a 401 Unauthorized. But why? Using curl:
curl https://social.alexschroeder.ch/users/alex
The HTML return looks malformed but it also contains “Unauthorized: http request wasn’t signed or http signature was invalid”
… OK? But strangely enough the logs show this as a 303 error telling me to go back to /@alex!
social.alexschroeder.ch:443 2a02:168:4822:0:536f:836a:393a:5e61 - - [12/Aug/2022:10:30:10 +0200] "GET /users/alex HTTP/1.1" 303 6488 "-" "curl/7.64.0"
So now I’m thinking: OK, Mastodon is in fact sending some signature but GoTo Social thinks it’s wrong.
– Alex 2022-08-12 08:32 UTC
---
See 2022-12-22 GoToSocial instead of snac.
2022-12-22 GoToSocial instead of snac
– Alex 2022-12-22 22:34 UTC