s0
/
Mastodon-Server-Setup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Instructions to set up a mastodon instance on a VPS, with object storage. Still very much under construction.
5 Commits
1 Branch
0 Tags
38 KiB
Go to file
cortices d56af444a7 Fix more MD indentation whoopsie 2021-02-13 01:16:12 +11:00
.gitignore Part 1, first revision. 2021-02-13 01:01:49 +11:00
Readme.html Add HTML version to bypass bad MD renderer 2021-02-13 01:11:06 +11:00
Readme.md Fix more MD indentation whoopsie 2021-02-13 01:16:12 +11:00

Readme.md

Mastodon instance setup instructions

Part 1: Creating & accessing the server

Prerequisites

  1. Linux/Unix terminal environment (Linux, Mac, or Windows Subsystem for Linux).
  2. Password manager (e.g. OnePassword) installed & setup.

Steps

  1. Register a new VPS. 4GB RAM & 2 CPU cores is recommended, but 2GB/1 core will work for a small instance. Install the LTS version of Ubuntu Server ("20.04 LTS", at time of writing). Take note of the IP or domain name provided to you for it by the hosting provider.

  2. Think up a name for your server (as distinct from the name of the mastodon instance it will host). This sounds silly but helps a lot with remembering things.

  3. Decide on a username you will use to administer the server. It can be anything as long as its not root.

  4. Open a terminal.

  5. Make sure you know your package manager. On Mac this would be homebrew (3rd party) (see https://brew.sh) on Ubuntu/Debian/WSL it would be apt.

  6. Install up-to-date openssh package with your package manager:

    1. sudo apt install openssh OR
    2. brew install openssh && brew link openssh

  7. Generate a new SSH key for accessing your server

    1. ssh-keygen -t ecdsa -f ~/.ssh/{serverUsername}@{servername}_ecdsa
    2. Follow the prompts, adding a passphrase. Store the passphrase in your password manager. This may seem like a convoluted process to use a password to log in the the server like you can just do anyway, but I promise its tons more secure — you need both the password and the secret key file were creating.

  8. SSH into your server with the temporary root account & password

    1. ssh root@{server domain or IP}

  9. Now youre logged in, create the user youll be using from now to administer.

    1. adduser {serverUsername} sudo
    2. Follow the prompts but leave the random fields as default/blank. Set a randomly generated secure password, and also store it in a password manager.

  10. Exit SSH with exit

  11. Upload your new authentication key:

    1. ssh-copy-id {serverUsername}@{server domain/IP} ~/.ssh/{the key you made}
    2. When asked for a password, provide the one you just created recently, not the root one.

  12. Test that public key authentication works.

    1. ssh {serverUsername}@{server} -i ~/.ssh/{key file}
    2. You should be asked for the key passphrase, and not the login password for the user. Yay, secure authentication!
    3. exit from the server again.

  13. Open ~/.ssh/config in a code editor

    1. touch ~/.ssh/config

    2. chmod 600 ~/.ssh/config

    3. Open the file in a code editor and insert the following:

      Host {server name (not domain)}
	HostName {server domain/IP}
	IdentityFile ~/.ssh/{key file}
	User {serverUsername}

  14. Try to SSH using the new host config:

  15. ssh {servername}

  16. Now weve confirmed you can effectively log in as your custom user with SSH key, its time to disable SSH password authentication and root user login. This protects you from 99% of hacking attempts.

    1. Still on the server, open /etc/ssh/sshd_config in a command line editor such as nano or vim.
    2. Find the line with PasswordAuthentication and change the value to no, making sure its not commented out.
    3. Find the line with PermitRootLogin and change that to no as well.

  17. Run systemctl restart ssh. You will be disconnected by the server.

  18. Re-SSH into the server to show that it still works with only public key authentication.