this post was submitted on 17 Dec 2023
18 points (100.0% liked)

PixelFed: A free and ethical photo sharing platform.

45 readers
3 users here now

Photo sharing. For everyone.

Federated image sharing platform, will it go over Instagram?

founded 4 years ago
MODERATORS
 

I can install and run pixelfed on a subdomain, for example, pixelfed.example.com. However, I also run mastodon.example.com. My webfinger points at mastodon. How do I configure a webfinger for both pixelfed and mastodon? How do you all have your webfingers setup when you run multiple activitypub-based services?

Edit: I should also add that I'm trying to tie my mastodon account to [email protected], not specific to the mastodon subdomain, but specific to my user email identity. My mastodon domain would be sometime like mastodon.domain.com, which would normally make my user [email protected].

I do see this as a potential solution - I could route the specific service based on user agent to the correct webfinger: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725

So here is the issue on github:

https://github.com/pixelfed/pixelfed/issues/3563

If folks have GitHub accounts, could you please bump this/thumbs up?

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago (1 children)

This doesn’t answer your exact question and I haven’t done this with webfingers, but I’ve done this with a reverse proxy like nginx (or traefik) and no special DNS tricks. Your example.com will point to 1.2.3.4 IP and then the subdomain routing is handled by the reverse proxy. I’ve had upwards of 8 different domains and subdomains all running on a single box taking advantage of docker containers.

[–] thisisawayoflife 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yes, the subdomains are routed via a reverse proxy. My primary issue is that pixelfed and mastodon ask for the same resource. My identity, [email protected] is requested by ActivityPub services and if they all ask for the same resource, they get my Mastodon account. I'm wondering if people have a fix for this that allows Pixelfed services to get my pixelfed account, mastodon my mastodon account, Funkwhale, etc. Problem is, I dont think there is short of having some logic that looks at the incoming user agent and then routes it to the proper resource.

Edit: something like this might work: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725

Edit 2: when I say resource, I really mean "link relation".

[–] [email protected] 1 points 1 year ago (3 children)

Hmm. Ok, but mastodon and pixelfed are unrelated services at the authentication level. When you hit the home page of each it’ll ask you to authenticate. Even if you use the precise same info (e.g. name, email, password even), each one will be authenticating separately. Or am I missing something still?

[–] thisisawayoflife 2 points 1 year ago

Here's a link to a better description of what someone is trying to do with webfinger. It's critical to federation, and services piggybacking on mastodons configuration sort of break that - eg a pixelfed instance querying for [email protected] (trying to follow the pixelfed user for that user) would end up returning the mastodon profile. And while that works, and the third party pixelfed instance will follow the mastodon user, the pixelfed user won't get that follow. Federation will end up being broken on pixelfed, IIRC.

https://www.hanselman.com/blog/use-your-own-user-domain-for-mastodon-discoverability-with-the-webfinger-protocol-without-hosting-a-server

[–] thisisawayoflife 2 points 1 year ago (1 children)

Aaaannnnnddddd here's the issue. I guess others have noticed this too.

https://github.com/pixelfed/pixelfed/issues/3563

[–] [email protected] 2 points 1 year ago

Glad you found similar issues. At least you know “it isn’t me”.

[–] thisisawayoflife 1 points 1 year ago* (last edited 1 year ago) (1 children)

Yes, that's correct. Both mastodon and pixelfed support OAurh, though, so if you ran an oauth provider, you should theoretically be able to authenticate with a single set of credentials.

[–] [email protected] 1 points 1 year ago (1 children)

I’m seeing posts about OIDC support in mastodon but not yet for pixelfed.

[–] thisisawayoflife 1 points 1 year ago

Sorry I thought this was a different thread. I'm speaking about account discovery, not authentication.

For auth, this is all I see for pixelfed: https://docs.pixelfed.org/technical-documentation/api/#authorization.