How to run your own safe social network on an isolated Mastodon instance (Limited Federation Mode)

1. Introduction

The federated microblogging software Mastodon [1] has recently received strong interest after Elon Musk bought Twitter (“the bird site”) [2]. However, in this post I do not want to discuss public Mastodon instances, which are connected in the Fediverse, but the alternative to run a private Mastodon instance, which is disconnected from the Fediverse. Although this contradicts the principle of federation and decentralisation which is fundamental to the Mastodon software, this may be exactly what you did if you want to create a small protected social network, for example, in your neighbourhood, your school, or your local sports club.

This mode [LIMITED_FEDERATION_MODE] is intended for private use only, such as in academic institutions or internal company networks, as it effectively creates a data silo, which is contrary to Mastodon’s mission of decentralization.
– Mastodon Documentation [3]

2. Get A Mastodon Instance in Limited Federation Mode

A private, disconnected Mastodon instance can be created by activating the “Limited Federation Mode” during the installation and configuration of your Mastodon instance. This needs to be performed by the system administrator of your Mastodon instance, and cannot be done by a Mastodon administrator via the Mastodon GUI. An example of a Mastodon provider, who also offers instances in Limited Federation Mode, is masto.host [4].

The essential steps include:

  1. Buy a domain name, e.g. https://mydomain.social via Namecheap [5]
  2. Order a Mastodon instance, e.g. via MastoHost [6]
  3. Configure the DNS server of your domain at your domain name provider, e.g. Namecheap [5]
    [Tutorial] [7]
  4. Create a user account at your domain, e.g. https://mydomain.social
  5. Inform the system administrator
    1. to make your user account a Mastodon administrator
    2. to set your instance to Limited Federation Mode
  6.  Configure your Mastodon instance, so you as the Mastodon administrator has  to approve all user registrations via Profile > Administration > Site Settings > Registrations Mode > “Approval required for sign up”
  7. Check regularly to approve any pending user registration and, if so, approve them via Profile > Moderation > Accounts
  8. Enjoy 🙂

3. Connect Apps with your Mastodon Instance

Issues have been reported when trying to connect Mastodon clients on mobile phone apps to instances in Limited Federation Mode [8].

3.1 Server-side Solutions

Since a private Mastodon instance does not provide a json response by the nginx server, a static json response by the nginx server can be configured to be able to connect with Mastodon apps.

A tutorial is published on Github [8].

3.2 Client-side Solutions

Your Mastodon system administrator may not be able (or willing) to manually configure your instance as described in [8]. However, there are certain apps which can also connect to an instance in limited federation mode. The lists are not complete.

Note: The domain name may have to be entered in the format “@mydomain.social” or “https://mydomain.social” depending on the requirements of the app.

3.2.1 Android (incl. /e/ OS)

  • Works!
    • Tusky (V15.1)
    • Subway Tooter (V4.8.5)
  • Does not work!
    • Mastodon (Official Mastodon App, as of 2022/05)
    • Fedi  (V3.2.0)
    • Tooot (V3.5.4)

3.2.2 iOS

[not tested yet]

3.2.3 Apple/Windows

[not tested yet]

3.2.4 Linux

  • Works!
    • Tootle (1.0.0) [9]
  • Does not work!
    • Toot [10]
      Note: The command-line client “toot” can be manually configured with access token, client id, and client secret, but fails to return authorization code.

3.3 Recommendation

At present it is recommended to simply use one of the following apps which allow accessing “Mastodon” instances in “limited federation mode”, which avoids hassle reconfiguring the server.

  • Android OS: Tusky
  • Linux: Tootle
  • All other: Browser

4. Known Issues

4.1 Domain address does not link to “About” page

After entering the domain name, e.g. mydomain.social, in the web browser, the user is redirected to the sign-in page (https://mydomain.social/auth/sign_in) instead of the “About” page in regular mastodon instances (e.g. mastodon.social/about). Unfortunately, the sign-in page is neither informative nor welcoming to new users, and the “About” page with some basic info about the instance would be preferred (see Github , Feature Request [11]).

References:

[1] https://joinmastodon.org

[2] https://edition.cnn.com/2022/04/25/tech/elon-musk-twitter-sale-agreement/index.html

[3] https://docs.joinmastodon.org/admin/config/#limited_federation_mode

[4] https://masto.host

[5] https://www.namecheap.com

[6] https://masto.host/pricing/

[7] https://masto.host/dns

[8] https://github.com/mastodon/mastodon/discussions/17383?sort=old?sort=old

[9] https://snapcraft.io/tootle

[10] https://toot.readthedocs.io/en/latest/index.html#

[11] https://github.com/mastodon/mastodon/issues/18340

http://wilmarigl.de

en_USEnglish