Mastodon — P1 — Start to Finish

This may be a bit winded, so I’m going to break this up into multiple parts. For your and my own sanity. I’ll probably refer back to this more so than anyone else. I do hope that someone does find this helpful though.

Environment Setup

I have already setup an Office 365 tenant for other uses but also am very familiar with it which is why I went with the choices in this article, I am aware that for most this will be unique. Especially for an individual just getting into this.

Let me detail what is setup and deployed in a list:

• Ubuntu 20.04 LTS Server, this is located in Microsoft Azure
• Wasabi S3 storage (cheap cloud storage for Mastodon)
• Exchange Online (used for SMTP relay)
• Linode & Namecheap for various DNS services

That goes over the “physical” architecture; for the software side I decided to use Docker and Docker-Compose for running Mastodon, Redis, and Postgres itself on the Ubuntu server. This allows me to use a single monolithic docker-compose.yml file for ease of use.

Trying to show how this is “physically” setup here as well as the services being used.

Requirements

If you do want to delve into something like this you will need a basic understanding in the following:

• Server deployment, preferably Linux
• Internet Routable Domain, I.E. thecybernetwork.us
• Docker and Docker-Compose
• S3 API Setup (in this case with Wasabi)
• Money — The ongoing costs are not free, I estimate mine to be ~$15/m. Azure is pricier than other options like Linode.
• Certificates (via Let’s Encrypt, or provider of your choice)

Applications in use

Docker, this is the workhorse of the setup here. It is what allows for extremely fast deployment of your mastodon environment with minimal configurations needed for the instance itself.

Mastodon, PostGres, and Redis are deployed via a single docker compose file that you can run on any machine that has docker installed. Here is my scrubbed compose file below. You can find instructions on how to generate the secret keys here: https://hub.docker.com/r/linuxserver/mastodon.

Don’t want to steal traffic, but just in case it changes that’s what the link above states at the time of writing this.

---
version: "3.8"
services:
  mastodon:
    image: linuxserver/mastodon:4.0.2
    container_name: mastodon
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - LOCAL_DOMAIN= # what you want your mastodon @handle to be
      - REDIS_HOST=redis
      - REDIS_PORT=6379
      - REDIS_PASSWORD= # generate
      - DB_HOST=postgres
      - DB_USER=mastodon
      - DB_NAME=mastodon
      - DB_PASS= # generate
      - DB_PORT=5432
      - ES_ENABLED=false # Elastic Search, if you wanted full text search functionatlity
      - SECRET_KEY_BASE= # need to generate this
      - OTP_SECRET= # need to generate this
      - VAPID_PRIVATE_KEY= # need to generate this
      - VAPID_PUBLIC_KEY= # need to generate this
      - SMTP_SERVER=smtp.office365.com # Exchange Online
      - SMTP_PORT=587
      - SMTP_LOGIN= # email address
      - SMTP_PASSWORD= # email password
      - SMTP_FROM_ADDRESS= # same as email unless you want to send as someone else
      - SMTP_ENABLE_STARTTLS_AUTO=true
      - SMTP_AUTH_METHOD=login
      - SMTP_OPENSSL_VERIFY_MODE=none
      - SMTP_DELIVERY_METHOD=smtp
      - SMTP_DOMAIN= # email domain
      - WEB_DOMAIN= #optional
      - ES_HOST=es #optional
      - ES_PORT=9200 #optional
      - ES_USER=elastic #optional
      - ES_PASS=elastic #optional
      - S3_ENABLED=false # optional 
      - S3_BUCKET= # s3 bucket name
      - S3_ENDPOINT=https://s3.wasabisys.com/ #optional
      - S3_PROTOCOL=https # optional
      - S3_REGION=us-west-1 # optional
      - AWS_ACCESS_KEY_ID=  #optional
      - AWS_SECRET_ACCESS_KEY= #optional
      - S3_ALIAS_HOST= #optional
    volumes:
      - ./config:/config
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    depends_on:
      - postgres
      - redis
  postgres:
    image: postgres
    restart: always
    environment:
      - POSTGRES_USER= # match above
      - POSTGRES_PASSWORD= # match above
    ports:
      - '5432:5432'
    volumes:
      - ./db:/var/lib/postgresql/data
  redis:
    image: redis
    restart: always
    ports:
      - '6379:6379'
    command: /bin/sh -c "redis-server --requirepass <password>" # match redis password above
    volumes: 
      - ./redis:/data

NOT REQUIRED — If you want a Web Interface to manage docker I personally like to use Portainer, which I would recommend installing outside fo the docker-compose file and on it’s own with the following command.

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest