Auf ins Fediverse mit Firefish
Das Fediverse1 dürfte den meisten unter dem Schlagwort Mastodon2 bekannt sein. Und Mastodon ist zweifellos die bekannteste Anwendung dieses föderierten Netzwerks. Doch es gibt auch (kompatible) Alternativen. Eine davon ist CalckeyFirefish3.
Firefish (früher Calckey) ist ein Fork von Misskey4, der sich insbesondere dadurch auszeichnet, dass er die Umzugs einen Mastodon-Accounts hin zu Firefish (oder umgekehrt) ermöglicht. Außerdem ist Firefish etwas weniger - naja, sagen wir mal - "verspielt" als Misskey. Gegenüber Mastodon empfinden viele die Oberfläche als moderner. Bei einigen Funktionen muss man erst einmal ein klein wenig hineinfinden, leider ist die Dokumentation sehr dürftig, aber nach und nach erschließt sich eigentlich alles.
Die Inbetriebnahme mittels Docker (docker-compose
) ist denkbar einfach:
version: "3"
services:
web:
image: registry.joinfirefish.org/firefish/firefish
container_name: firefish_web
restart: unless-stopped
depends_on:
- db
- redis
ports:
- "3000:3000"
networks:
- calcnet
environment:
NODE_ENV: production
volumes:
- /docker/firefish/files:/firefish/files
- /docker/firefish/config:/firefish/.config:ro
logging:
driver: "json-file"
options:
max-size: "768k"
max-file: "1"
redis:
restart: unless-stopped
image: docker.io/redis:7.0-alpine
container_name: firefish_redis
networks:
- calcnet
volumes:
- /docker/firefish/redis:/data
logging:
driver: "json-file"
options:
max-size: "768k"
max-file: "1"
db:
restart: unless-stopped
image: docker.io/postgres:12.2-alpine
container_name: firefish_db
networks:
- calcnet
env_file:
- docker.env
volumes:
- /docker/firefish/db:/var/lib/postgresql/data
logging:
driver: "json-file"
options:
max-size: "768k"
max-file: "1"
sonic:
restart: unless-stopped
image: docker.io/valeriansaliou/sonic:v1.4.0
networks:
- calcnet
volumes:
- /docker/firefish/sonic:/var/lib/sonic/store
- /docker/firefish/sonic/config.cfg:/etc/sonic.cfg
networks:
calcnet
Die Abschnitte:
logging:
driver: "json-file"
options:
max-size: "768k"
max-file: "1"
habe ich aufgenommen, weil Firefish sehr viele Logdaten erzeugt. Leider lässt sich dieses Verhalten auch nicht wirklich konfigurieren. Daher beschränke ich die Logfilegröße einfach auf 768k und eine einzige Logdatei. Wer zusätzlich seine Datenträger schonen möchte, kann auch einfach driver: "none"
anstelle von driver: "json-file"
nutzen. Es werden dann gar keine Logdaten erzeugt.
Die Datei docker.env
enthält folgende Angaben:
POSTGRES_PASSWORD=meinsuperdupergeheimesdatenbankpasswort
POSTGRES_USER=firefish
POSTGRES_DB=firefish
Vor dem ersten Start sollten wir noch eine Konfigurationsdatei /docker/firefish/config/default.yml
erzeugen:
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# firefish configuration
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# After starting your server, please don't change the URL! Doing so will break federation.
# ┌─────┐
#───┘ URL └─────────────────────────────────────────────────────
# Final accessible URL seen by a user.
url: https://social.example.org/
# ┌───────────────────────┐
#───┘ Port and TLS settings └───────────────────────────────────
#
# Calckey requires a reverse proxy to support HTTPS connections.
#
# +----- https://example.com/ ------------+
# +------+ |+-------------+ +----------------+|
# | User | ---> || Proxy (443) | ---> | Calckey (3000) ||
# +------+ |+-------------+ +----------------+|
# +---------------------------------------+
#
# You need to set up a reverse proxy. (e.g. nginx, caddy)
# An encrypted connection with HTTPS is highly recommended
# because tokens may be transferred in GET requests.
# The port that your Calckey server should listen on.
port: 3000
# ┌──────────────────────────┐
#───┘ PostgreSQL configuration └────────────────────────────────
db:
host: localhost
port: 5432
#ssl: false
# Database name
db: calckey
# Auth
user: calckey
pass: meinsuperdupergeheimesdatenbankpasswort
# Whether disable Caching queries
#disableCache: true
# Extra Connection options
#extra:
# ssl:
# host: localhost
# rejectUnauthorized: false
# ┌─────────────────────┐
#───┘ Redis configuration └─────────────────────────────────────
redis:
host: localhost
port: 6379
#tls:
# host: localhost
# rejectUnauthorized: false
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
#pass: example-pass
#prefix: example-prefix
#db: 1
#user: default
# ┌─────────────────────────────┐
#───┘ Cache server configuration └─────────────────────────────────────
# A Redis-compatible server (DragonflyDB, Keydb, Redis) for caching
# If left blank, it will use the Redis server from above
#cacheServer:
#host: localhost
#port: 6379
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
#pass: example-pass
#prefix: example-prefix
#db: 1
# Please configure either MeiliSearch *or* Sonic.
# If both MeiliSearch and Sonic configurations are present, MeiliSearch will take precedence.
# ┌───────────────────────────┐
#───┘ MeiliSearch configuration └─────────────────────────────────────
#meilisearch:
# host: meilisearch
# port: 7700
# ssl: false
# apiKey:
# ┌─────────────────────┐
#───┘ Sonic configuration └─────────────────────────────────────
#sonic:
# host: localhost
# port: 1491
# auth: SecretPassword
# collection: notes
# bucket: default
# ┌───────────────┐
#───┘ ID generation └───────────────────────────────────────────
# No need to uncomment in most cases, but you may want to change
# these settings if you plan to run a large and/or distributed server.
# cuid:
# # Min 16, Max 24
# length: 16
#
# # Set this to a unique string across workers (e.g., machine's hostname)
# # if your workers are running in multiple hosts.
# fingerprint: my-fingerprint
# ┌─────────────────────┐
#───┘ Other configuration └─────────────────────────────────────
# Maximum length of a post (default 3000, max 100000)
#maxNoteLength: 3000
# Maximum length of an image caption (default 1500, max 8192)
#maxCaptionLength: 1500
# Reserved usernames that only the administrator can register with
reservedUsernames: [
'root',
'admin',
'administrator',
'me',
'system'
]
# Whether disable HSTS
#disableHsts: true
# Number of worker processes
#clusterLimit: 1
# Worker only mode
#onlyQueueProcessor: 1
# Job concurrency per worker
# deliverJobConcurrency: 128
# inboxJobConcurrency: 16
# Job rate limiter
# deliverJobPerSec: 128
# inboxJobPerSec: 16
# Job attempts
# deliverJobMaxAttempts: 12
# inboxJobMaxAttempts: 8
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4
# Syslog option
#syslog:
# host: localhost
# port: 514
# Proxy for HTTP/HTTPS
#proxy: http://127.0.0.1:3128
#proxyBypassHosts: [
# 'web.kaiteki.app',
# 'example.com',
# '192.0.2.8'
#]
# Proxy for SMTP/SMTPS
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
# Media Proxy
#mediaProxy: https://example.com/proxy
# Proxy remote files (default: false)
#proxyRemoteFiles: true
#allowedPrivateNetworks: [
# '127.0.0.1/32'
#]
# TWA
#twa:
# nameSpace: android_app
# packageName: tld.domain.twa
# sha256CertFingerprints: ['AB:CD:EF']
# Upload or download file size limits (bytes)
#maxFileSize: 262144000
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Congrats, you've reached the end of the config file needed for most deployments!
# Enjoy your Calckey server!
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Managed hosting settings
# >>> NORMAL SELF-HOSTERS, STAY AWAY! <<<
# >>> YOU DON'T NEED THIS! <<<
# Each category is optional, but if each item in each category is mandatory!
# If you mess this up, that's on you, you've been warned...
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
#maxUserSignups: 100
#isManagedHosting: true
#deepl:
# managed: true
# authKey: ''
# isPro: false
#
#email:
# managed: true
# address: 'example@email.com'
# host: 'email.com'
# port: 587
# user: 'example@email.com'
# pass: ''
# useImplicitSslTls: false
#
#objectStorage:
# managed: true
# baseUrl: ''
# bucket: ''
# prefix: ''
# endpoint: ''
# region: ''
# accessKey: ''
# secretKey: ''
# useSsl: true
# connnectOverProxy: false
# setPublicReadOnUpload: true
# s3ForcePathStyle: true
# !!!!!!!!!!
# >>>>>> AGAIN, NORMAL SELF-HOSTERS, STAY AWAY! <<<<<<
# >>>>>> YOU DON'T NEED THIS, ABOVE SETTINGS ARE FOR MANAGED HOSTING ONLY! <<<<<<
# !!!!!!!!!!
# Seriously. Do NOT fill out the above settings if you're self-hosting.
# They're much better off being set from the control panel.
Besonders wichtig ist die Zeile url: https://social.example.com/
, dies ist auch der Name, unter dem andere Server im Fediverse die Calckey-Instanz kennen und wird Teil aller Benutzernamen. Sie sollte daher nachträglich nicht mehr geändert werden.
Fehlt noch eine Proxy-Konfiguration, ich nehme hierzu nginx
:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443;
server_name social.example.org;
ssl_certificate /var/lib/dehydrated/certs/social.example.org/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/social.example.org/privkey.pem;
ssl_trusted_certificate /var/lib/dehydrated/certs/social.example.org/fullchain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
gzip off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.1;
location / {
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_pass http://127.0.0.1:8100/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_redirect off;
# If it's behind another reverse proxy or CDN, remove the following.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# For WebSocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Cache settings
proxy_cache cache1;
proxy_cache_lock on;
proxy_cache_use_stale updating;
add_header X-Cache $upstream_cache_status;
}
location /api/ {
proxy_pass http://127.0.0.1:8100/api/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_redirect off;
# If it's behind another reverse proxy or CDN, remove the following.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# For WebSocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
Nach einem reload
der Nginx-Konfiguration und einem docker-compose up
steht unsere Calckey-Instanz nach einer kurzen Wartezeit zur Verfügung und die Reise ins Fediverse kann beginnen.