Mastodon and Pleroma on the Raspberry Pi 3

Wim Vanderbauwhede edited this page Apr 2, 2018 · 15 revisions

Mastodon and Pleroma on the Raspberry Pi 3

This is a little guide a wrote for myself when setting up Mastodon and Pleroma on my Raspberry Pi 3.

The Raspberry Pi is a very popular Arm-based system that runs Linux. It has a quad-core Arm Cortex-A53 CPU and 1GB or memory.

Raspberry Pi 3 board

Summary

  • Setting up Mastodon following the documentation is straightforward. I used this guide for installing Rails and PostgreSQL on the Pi and the official Mastodon production guide to install Mastodon.
  • One point to note: you need extra swap for Mastodon, I increased it to 256MB.
  • Setting up Pleroma is also straightforward, but the info on the repo page is rather terse, I followed this guide. For Pleroma you need Elixir, and the instructions for installing it on the Pi are here.
  • Update: there is also this guide for installing on Debian/Ubuntu.
  • Usually you would set up and test Mastodon or Pleroma on a local port as a first step.
  • But Mastodon only federates if you have a proper domain for your instance, and most ISPs don't allow that for ordinary users. So you need to arrange some form of dynamic DNS. I used FreeMyIP, see below.
  • Typically your home router will have a firewall, so you'll have to make sure people can talk to it from the outside. If you have an Apple Airport this is very easy using the Airport Utility.
  • You need to sort out encryption certificates for your domain, I used LetsEncrypt, see below.
  • I use a different subdomain for Mastodon and Pleroma, each with their own certificates. Because I have only one external IP address I can't run both at the same time.

Getting started on the Raspberry Pi 3

The easiest way to get started is to connect a display, keyboard and mouse. The Pi will boot straight in to a graphical desktop. It will also automatically find your WiFi. You can then do some basic admin like enabling VNC, setting up wired Ethernet access and creating extra accounts.

Increasing swap space

Mastodon requires a lot of memory, so I had to increase the swap space to 256MB. This is very easy: edit /etc/dphys-swapfile to set CONF_SWAPSIZE=256, then restart the service:

/etc/init.d/dphys-swapfile restart

Accounts

Apart from the default pi account, which I only use for VNC access, I created three other accounts:

  • pleroma: to run Pleroma, no SSH access allowed
  • mastodon: to run Mastodon, no SSH access allowed
  • wim: for SSH access, I use key-based access

Edit /etc/ssh/sshd_config:

AllowUsers wim
DenyUsers pi pleroma mastodon
$ sudo systemctl restart ssh

I allowed all three sudo access for convenience.

IP Setup for wired access

If it is for some reason not possible to create a fixed IP for WiFi access to your Pi you can use wired access. I set up the eth0 interface with a fixed IP of 192.168.x.y.

dhcpcd.conf:static ip_address=192.168.x.y/24
hosts:192.168.x.y	rpi
hosts:192.168.x.y	rpi.limited.systems

Installing Mastodon

Setting up Mastodon following the documentation is straightforward. I used this guide for installing Ruby, Rails and PostgreSQL on the Pi. This is because the Ruby version on the Pi is 2.3.3 and Mastodon requires 2.4 (and will soon require 2.5).

Then I used the official Mastodon production guide to install Mastodon.

The problem I ran into is that you can't really try out Mastodon unless you have a domain with an SSL certificate for your instance. As long as that is not the case, you can use it on its local port (3000 by default). So I point my browser at 10.0.x.y:3000 for testing.

Also, the guide says to edit the .env.production file. A few points there:

  • My PostgreSQL database settings are a bit different from the guide:
    DB_HOST=localhost
    DB_USER=mastodon
    DB_NAME=mastodon
    DB_PASS=mastodon
    
  • The comments in the .env.production file tell you how to generate a number of secret keys, you must generate them, don't leave them blank!
  • I have a single-user instance:
    SINGLE_USER_MODE=true
    

Mastodon administration

I ran into some trouble with Mastodon and found the following to be very helpful:

Adding a user on command line

mastodon@rpi:~ $ RAILS_ENV=production bundle exec rails mastodon:add_user
Mastodon user ..., pwd ...

Confirming an email (because I never bothered to set up email support)

mastodon@rpi:~ $ USER_EMAIL='...@...' RAILS_ENV=production bundle exec rails mastodon:confirm_email

Reactivating a previously deleted user

Start Rails console:

mastodon@rpi:~ $ RAILS_ENV=production bundle exec rails c

In rails console:

  account = Account.find_by(username: '...', domain: nil)
  account.suspended = false
  user = User.create!(email: '...@...', password: '...', account:   account)
  user.confirm
  account.save!
  user.save!

Installing Pleroma

For Pleroma you need Elixir, and the instructions for installing it on the Pi are here.

Setting up Pleroma is also straightforward, but the info on the repo page is rather terse, I followed this guide.

  • The configuration for Pleroma is, for development mode, in config/dev.exs which includes config/dev.secret.exs or, for production mode, config/prod.exs which includes config/prod.secret.exs.
  • To generate the secret key secret_key_base you can run the command
    pleroma@rpi:~/pleroma/config $ mix phx.gen.secret
  • By default, Pleroma runs in development mode. To use production mode,
    pleroma@rpi:~/pleroma MIX_ENV=prod mix phx.server

Making your instance visible from the internet

To make the Pi visible from the internet, you need to open a hole in your firewall, usually this means on your WiFi router.

Change firewall settings

  • I set the Pi WiFi internal IP to 10.0.x.y fixed using the MAC address of the wlan0 interface. The Pi will use this automatically.
  • I opened port 443 (SSL) for the Pi

Update Pi hosts file (optional)

  • I added the fixed IP to /etc/hosts, this is actually not needed for Mastodon or Pleroma.
root@rpi:/etc# grep -r 10.0.x.y
hosts:10.0.x.y	rpi
hosts:10.0.x.y	rpi.limited.systems

To get external IP and Dynamic DNS:

I use freemyip.com, I registered two subdomains, one for Mastodon and one for Pleroma. To bind the domain to the IP address of the Pi, I use a script with the following commands:

#!/usr/bin/env bash
# Find your external IP address
MY_IP=`dig +short myip.opendns.com @resolver1.opendns.com`
# Bind it to your domain
curl "https://freemyip.com/update?token=...&domain=...&myip=$MY_IP"

I created a service on the Pi to renew dynamic DNS, see the repo.

So now you can access your Mastodon and Pleroma instances via these domains. But this is not good enough because you can't get an SSL certificate for this domain, you need to use a domain that you own for that purpose.

Setting up a domain

I used Vidahost as provider for my domain, but this should be similar for other providers. I bought the domain limited.systems.

I added the domain rpi.limited.systems as follows:

Name Type Content
limited.systems NS ns1.vhdns.net
limited.systems NS ns2.vhdns.net
limited.systems A 192.30.252.153
www.limited.systems CNAME 192.30.252.153
rpi.limited.systems CNAME ...
pynq.limited.systems CNAME ...

The A and www. CNAME records point to GitHub.com, this was something I needed while I was setting up the domains.

Getting an SSL certificate

Like almost everybody else nowadays, I use LetsEncrypt.

Encryption via LetsEncrypt

I installed the letsencrypt tool, shut down nginx and generated a certificate for my domains.

  $ sudo apt-get install letsencrypt
  $ service nginx stop
  $ letsencrypt certonly --standalone -d rpi.limited.systems
  $ letsencrypt certonly --standalone -d pynq.limited.systems

Running Mastodon or Pleroma

With the above setup, there is one external IP address shared by the two instances, Mastodon on rpi.limited.systems and Pleroma on pynq.limited.systems. So you have to select one of them. This is easily done by having a separate nginx config file for each of them.

  • My Mastodon nginx config is almost identical to the one in the guide, except for the server_name and the port used for the streaming API, which I changed to 4042. I also changed this port number in /etc/systemd/system/mastodon-streaming.service.
  • My Pleroma nginx config is almost identical to the one in the guide, except for the server_name and the location / entry:
    location / {
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_pass http://127.0.0.1:4000;
     }
    
  • Both of these go in /etc/nginx/sites-enabled/.

Final Note

My Raspberry Pi is switched off most of the time so the instance urls will most likely not work.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.