Instructions to set up a mastodon instance on a VPS, with object storage. Still very much under construction.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cortices d56af444a7 Fix more MD indentation whoopsie 2 years ago
.gitignore Part 1, first revision. 2 years ago
Readme.html Add HTML version to bypass bad MD renderer 2 years ago
Readme.md Fix more MD indentation whoopsie 2 years ago

Readme.md

Mastodon instance setup instructions

Part 1: Creating & accessing the server

Prerequisites

  1. Linux/Unix terminal environment (Linux, Mac, or Windows Subsystem for Linux).
  2. Password manager (e.g. OnePassword) installed & setup.

Steps

  1. Register a new VPS. 4GB RAM & 2 CPU cores is recommended, but 2GB/1 core will work for a small instance. Install the LTS version of Ubuntu Server ("20.04 LTS", at time of writing). Take note of the IP or domain name provided to you for it by the hosting provider.

  2. Think up a name for your server (as distinct from the name of the mastodon instance it will host). This sounds silly but helps a lot with remembering things.

  3. Decide on a username you will use to administer the server. It can be anything as long as it’s not ‘root’.

  4. Open a terminal.

  5. Make sure you know your package manager. On Mac this would be homebrew (3rd party) (see https://brew.sh) on Ubuntu/Debian/WSL it would be apt.

  6. Install up-to-date openssh package with your package manager:

    1. sudo apt install openssh OR
    2. brew install openssh && brew link openssh
  7. Generate a new SSH key for accessing your server

    1. ssh-keygen -t ecdsa -f ~/.ssh/{serverUsername}@{servername}_ecdsa
    2. Follow the prompts, adding a passphrase. Store the passphrase in your password manager. This may seem like a convoluted process to use a password to log in the the server like you can just do anyway, but I promise it’s tons more secure — you need both the password and the secret key file we’re creating.
  8. SSH into your server with the temporary root account & password

    1. ssh root@{server domain or IP}
  9. Now you’re logged in, create the user you’ll be using from now to administer.

    1. adduser {serverUsername} sudo
    2. Follow the prompts but leave the random fields as default/blank. Set a randomly generated secure password, and also store it in a password manager.
  10. Exit SSH with exit

  11. Upload your new authentication key:

    1. ssh-copy-id {serverUsername}@{server domain/IP} ~/.ssh/{the key you made}
    2. When asked for a password, provide the one you just created recently, not the root one.
  12. Test that public key authentication works.

    1. ssh {serverUsername}@{server} -i ~/.ssh/{key file}
    2. You should be asked for the key passphrase, and not the login password for the user. Yay, secure authentication!
    3. exit from the server again.
  13. Open ~/.ssh/config in a code editor

    1. touch ~/.ssh/config

    2. chmod 600 ~/.ssh/config

    3. Open the file in a code editor and insert the following:

      Host {server name (not domain)}
      	HostName {server domain/IP}
      	IdentityFile ~/.ssh/{key file}
      	User {serverUsername}
      

      ``

  14. Try to SSH using the new host config:

  15. ssh {servername}

  16. Now we’ve confirmed you can effectively log in as your custom user with SSH key, it’s time to disable SSH password authentication and root user login. This protects you from 99% of hacking attempts.

    1. Still on the server, open /etc/ssh/sshd_config in a command line editor such as nano or vim.
    2. Find the line with PasswordAuthentication and change the value to no, making sure it’s not commented out.
    3. Find the line with PermitRootLogin and change that to no as well.
  17. Run systemctl restart ssh. You will be disconnected by the server.

  18. Re-SSH into the server to show that it still works with only public key authentication.