Network Configuration<!-- --> | <!-- -->Ben Pettis
Ben Pettis

Network Configuration

December 15, 2022

A screenshot of green text on a black background in a terminal session. It is displaying the DNS information for the URL mastodon.benpettis.ninja

Back to Self-Hosted Mastodon Project Description


Server Environment/Architecture

I have two machines, and have two planned purposes for each:

  1. Basic HTTP/S - handle simple static sites and proxy to other services in my network - Importantly, this means that all SSL certs are handled here

  2. More intensive Web apps, such as Mastodon - I want to try and set this up as similarly as possible to what other guides/documentation say. This means that it will likely need to be running nginx

Network

I'm poor and have a basic residential ISP. aka a dynamic IP address. That's not great for running sites and web apps.

I use a Dynamic DNS service - noip.com - to accommodate changing external IP addresses My Synology RackStation supports automatic updating, which I am happy to use!

This gives me a stable URL that I can reliably use to point to my network: bpettis.hopto.org

In most cases, I use my domain registrar (in my case, name.com) to edit the DNS records for any domain I have. I create a CNAME record (though sometimes an ANAME record, which is a name.com specific thing) from my domain name to bpettis.hopto.org

As an example, I have a stupid little side project at https://musklesstwitter.com - its DNS is as follows:

; <<>> DiG 9.10.6 <<>> musklesstwitter.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28805
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;musklesstwitter.com.		IN	A

;; ANSWER SECTION:
musklesstwitter.com.	300	IN	CNAME	bpettis.hopto.org.
bpettis.hopto.org.	60	IN	A	24.240.108.201

;; Query time: 87 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Mon Dec 12 20:45:25 CST 2022
;; MSG SIZE  rcvd: 95

My immediate reaction was "oh shit I need to hide my IP address" - as if I hadn't just given all the information that you would need to dig for that information yourself...

My router (EdgeRouterX) is configured to block most outside requests. All HTTP and HTTPS traffic (e.g. port 80 or port 443) is sent to Machine #1 (as outlined above)

From there, we use virtual host routing to direct the request to the appropriate location--whether that's a local directory with static files, another box, or a VM elsewhere on the network.

Planned Domain Names

My plan is to do something similar for Mastodon:

Per the mastodon docs, this is possible by setting the LOCAL_DOMAIN and WEB_DOMAIN values (https://docs.joinmastodon.org/admin/config/#local_domain)

Planned Request Routing

  • continue to direct all HTTPS traffic to machine #1
  • Use Apache's Proxy and Virtual Host routing on machine #1 to send all traffic for mastodon.benpettis.ninja to machine #2
  • On Machine #2, use nginx to send traffic to specific localhost ports:
    • :3000 - presumably for puma / ruby on rails
    • :4000 - presumably for node
    • to the public/static files

Dealing with redirects

BUT - I want to continue to have benpettis.ninja redirect to benpettis.com in most cases. Because this will be an instance just for me (and my silly lil bots), I don't really need to have as obvious of a public-facing URL. Plus I think I have this URL in a few other random sites and can't be asked to fix it all. This might be possible

Currently benpettis.ninja is pointed at bpettis.hopto.org, and machine #1 is redirecting those requests back to the .com site.

<VirtualHost *:80>
        ServerName benpettis.ninja
        ServerAlias www.benpettis.ninja
        Redirect / https://benpettis.com
</VirtualHost>

For Mastodon, we will need to handle requests to https://benpettis.ninja/.well-known/webfinger - and make sure that they go to machine #2

I think this certainly should be doable using a similar redirect setup in the Apache config

**Note to self: I will definitely need to figure out what's going on with www.benpettis.ninja. Currently, there is no DNS record for www at all. And maybe it should stay this way.

This site (https://discourse.joinmastodon.org/t/nginx-reverse-proxy-on-another-server/485) has a useful overview of something similar to what I'm hoping to set up.


Back to Self-Hosted Mastodon Project Description