Your self-hosted, globally interconnected microblogging community
Go to file
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
app Add recovery code support for two-factor auth (#1773) 2017-04-15 13:26:03 +02:00
bin Upgrade to Rails 5.0.0.1 2016-08-17 17:58:00 +02:00
config Add recovery code support for two-factor auth (#1773) 2017-04-15 13:26:03 +02:00
db Add recovery code support for two-factor auth (#1773) 2017-04-15 13:26:03 +02:00
docs Fix redirect link on Tuning.md (#1595) 2017-04-12 12:40:37 +02:00
lib Add tasks for open/close registration (#1823) 2017-04-15 13:17:07 +02:00
log Initial commit 2016-02-20 22:53:20 +01:00
public Improve emojis - use SVGs where possible 2017-03-29 22:27:24 +02:00
spec Add recovery code support for two-factor auth (#1773) 2017-04-15 13:26:03 +02:00
storybook Fix up storybook 2017-03-02 18:55:15 +01:00
streaming Dev Tooling fixes (eslint/editorconfig) (#1398) 2017-04-11 00:36:03 +02:00
vendor/assets Initial commit 2016-02-20 22:53:20 +01:00
.babelrc Debounce autosuggestions requests 2016-11-13 13:13:36 +01:00
.buildpacks Install nodejs before ruby 2017-04-05 13:53:30 +02:00
.codeclimate.yml Exclude javascript locale file from dup check (#1677) 2017-04-13 13:40:25 +02:00
.dockerignore Optimize Dockerfile 2017-04-06 15:42:16 +08:00
.editorconfig Dev Tooling fixes (eslint/editorconfig) (#1398) 2017-04-11 00:36:03 +02:00
.env.production.sample Add REDIS_DB env variable to configure Redis database (#1366) 2017-04-15 02:21:13 +02:00
.env.test Add recovery code support for two-factor auth (#1773) 2017-04-15 13:26:03 +02:00
.env.vagrant Add a default LOCAL_DOMAIN=mastodon.dev to .env.vagrant 2017-01-26 19:22:59 +11:00
.eslintignore Dev Tooling fixes (eslint/editorconfig) (#1398) 2017-04-11 00:36:03 +02:00
.eslintrc Don't show statuses to blocked users 2016-12-26 19:13:56 +01:00
.gitignore Ignore postgres/redis folder from docker-compose (#1645) 2017-04-13 16:04:20 +02:00
.nvmrc update Node to 6.x LTS (#1228) 2017-04-15 02:05:41 +02:00
.rspec Adding a Mention model, test stubs 2016-02-25 00:17:01 +01:00
.rubocop.yml Fix tests, add applications to eager loading/cache for statuses, fix 2017-01-15 14:01:33 +01:00
.ruby-version Version bumps for ruby and misc gems (#1159) 2017-04-10 22:47:41 +02:00
.slugignore Updates slugignore. 2017-04-06 07:53:48 -04:00
.travis.yml update Node to 6.x LTS (#1228) 2017-04-15 02:05:41 +02:00
app.json More SMTP customization (#1372) 2017-04-10 21:48:30 +02:00
Capfile Speed up capistrano deployments 2017-02-16 02:34:21 +01:00
config.ru Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 16:56:29 +01:00
CONTRIBUTING.md Request documentation (#1616) 2017-04-12 18:27:33 +02:00
docker-compose.yml Use image too in docker-compose (#1109) 2017-04-15 02:07:59 +02:00
Dockerfile Version bumps for ruby and misc gems (#1159) 2017-04-10 22:47:41 +02:00
Gemfile add basic microformats tests (#1803) 2017-04-15 02:37:00 +02:00
Gemfile.lock add basic microformats tests (#1803) 2017-04-15 02:37:00 +02:00
ISSUE_TEMPLATE.md Fix typo in ISSUE_TEMPLATE 2017-04-04 14:49:31 +02:00
LICENSE Fix #49 - License changed from GPL-2.0 to AGPL-3.0 2016-09-21 23:04:34 +02:00
package.json Fix #1491 - Fix broken notifications, broken Link header parsing for exclude_types (#1548) 2017-04-11 22:53:58 +02:00
Procfile Force UTF8 encoding on generated XML (#1140) 2017-04-07 11:09:14 +02:00
Rakefile Initial commit 2016-02-20 22:53:20 +01:00
README.md Fix getting started commands out of order (#1737) 2017-04-14 11:04:19 +02:00
scalingo.json More SMTP customization (#1372) 2017-04-10 21:48:30 +02:00
Vagrantfile Remove current directory from PATH (#1779) 2017-04-14 19:10:38 +02:00
yarn.lock Fix #1491 - Fix broken notifications, broken Link header parsing for exclude_types (#1548) 2017-04-11 22:53:58 +02:00

Mastodon

Build Status Code Climate

Mastodon is a free, open-source social network server. A decentralized solution to commercial platforms, it avoids the risks of a single company monopolizing your communication. Anyone can run Mastodon and participate in the social network seamlessly.

An alternative implementation of the GNU social project. Based on ActivityStreams, Webfinger, PubsubHubbub and Salmon.

Click on the screenshot to watch a demo of the UI:

Screenshot

The project focus is a clean REST API and a good user interface. Ruby on Rails is used for the back-end, while React.js and Redux are used for the dynamic front-end. A static front-end for public resources (profiles and statuses) is also provided.

If you would like, you can support the development of this project on Patreon. Alternatively, you can donate to this BTC address: 17j2g7vpgHhLuXhN4bueZFCvdxxieyRVWd

Resources

Features

  • Fully interoperable with GNU social and any OStatus platform Whatever implements Atom feeds, ActivityStreams, Salmon, PubSubHubbub and Webfinger is part of the network
  • Real-time timeline updates See the updates of people you're following appear in real-time in the UI via WebSockets
  • Federated thread resolving If someone you follow replies to a user unknown to the server, the server fetches the full thread so you can view it without leaving the UI
  • Media attachments like images and WebM Upload and view images and WebM videos attached to the updates
  • OAuth2 and a straightforward REST API Mastodon acts as an OAuth2 provider so 3rd party apps can use the API, which is RESTful and simple
  • Background processing for long-running tasks Mastodon tries to be as fast and responsive as possible, so all long-running tasks that can be delegated to background processing, are
  • Deployable via Docker You don't need to mess with dependencies and configuration if you want to try Mastodon, if you have Docker and Docker Compose the deployment is extremely easy

Configuration

  • LOCAL_DOMAIN should be the domain/hostname of your instance. This is absolutely required as it is used for generating unique IDs for everything federation-related
  • LOCAL_HTTPS set it to true if HTTPS works on your website. This is used to generate canonical URLs, which is also important when generating and parsing federation-related IDs

Consult the example configuration file, .env.production.sample for the full list. Among other things you need to set details for the SMTP server you are going to use.

Requirements

  • Ruby
  • Node.js
  • PostgreSQL
  • Redis
  • Nginx

Running with Docker and Docker-Compose

The project now includes a Dockerfile and a docker-compose.yml file (which requires at least docker-compose version 1.10.0).

Review the settings in docker-compose.yml. Note that it is not default to store the postgresql database and redis databases in a persistent storage location, so you may need or want to adjust the settings there.

Then, you need to fill in the .env.production file:

cp .env.production.sample .env.production
nano .env.production

Do NOT change the REDIS_* or DB_* settings when running with the default docker configurations.

You will need to fill in, at least: LOCAL_DOMAIN, LOCAL_HTTPS, PAPERCLIP_SECRET, SECRET_KEY_BASE, OTP_SECRET, and the SMTP_* settings. To generate the PAPERCLIP_SECRET, SECRET_KEY_BASE, and OTP_SECRET, you may use:

Before running the first time, you need to build the images:

docker-compose build


docker-compose run --rm web rake secret

Do this once for each of those keys, and copy the result into the .env.production file in the appropriate field.

Then you should run the db:migrate command to create the database, or migrate it from an older release:

docker-compose run --rm web rails db:migrate

Then, you will also need to precompile the assets:

docker-compose run --rm web rails assets:precompile

before you can launch the docker image with:

docker-compose up

If you wish to run this as a daemon process instead of monitoring it on console, use instead:

docker-compose up -d

Then you may login to your new Mastodon instance by browsing to http://localhost:3000/

Following that, make sure that you read the production guide. You are probably going to want to understand how to configure Nginx to make your Mastodon instance available to the rest of the world.

The container has two volumes, for the assets and for user uploads, and optionally two more, for the postgresql and redis databases.

The default docker-compose.yml maps them to the repository's public/assets and public/system directories, you may wish to put them somewhere else. Likewise, the PostgreSQL and Redis images have data containers that you may wish to map somewhere where you know how to find them and back them up.

Note: The --rm option for docker-compose will remove the container that is created to run a one-off command after it completes. As data is stored in volumes it is not affected by that container clean-up.

Tasks

  • rake mastodon:media:clear removes uploads that have not been attached to any status after a while, you would want to run this from a periodic cronjob
  • rake mastodon:push:clear unsubscribes from PuSH notifications for remote users that have no local followers. You may not want to actually do that, to keep a fuller footprint of the fediverse or in case your users will soon re-follow
  • rake mastodon:push:refresh re-subscribes PuSH for expiring remote users, this should be run periodically from a cronjob and quite often as the expiration time depends on the particular hub of the remote user
  • rake mastodon:feeds:clear_all removes all timelines, which forces them to be re-built on the fly next time a user tries to fetch their home/mentions timeline. Only for troubleshooting
  • rake mastodon:feeds:clear removes timelines of users who haven't signed in lately, which allows to save RAM and improve message distribution. This is required to be run periodically so that when they login again the regeneration process will trigger

Running any of these tasks via docker-compose would look like this:

docker-compose run --rm web rake mastodon:media:clear

Updating

This approach makes updating to the latest version a real breeze.

  1. git pull to download updates from the repository
  2. docker-compose build to compile the Docker image out of the changed source files
  3. (optional) docker-compose run --rm web rails db:migrate to perform database migrations. Does nothing if your database is up to date
  4. (optional) docker-compose run --rm web rails assets:precompile to compile new JS and CSS assets
  5. docker-compose up -d to re-create (restart) containers and pick up the changes

Deployment without Docker

Docker is great for quickly trying out software, but it has its drawbacks too. If you prefer to run Mastodon without using Docker, refer to the production guide for examples, configuration and instructions.

Deployment on Scalingo

Deploy on Scalingo

You can view a guide for deployment on Scalingo here.

Deployment on Heroku (experimental)

Deploy

Mastodon can run on Heroku, but it gets expensive and impractical due to how Heroku prices resource usage. You can view a guide for deployment on Heroku here, but you have been warned.

Development with Vagrant

A quick way to get a development environment up and running is with Vagrant. You will need recent versions of Vagrant and VirtualBox installed.

You can find the guide for setting up a Vagrant development environment here.

Contributing

You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository. Here are the guidelines for code contributions

IRC channel: #mastodon on irc.freenode.net

Extra credits

  • The Emoji One pack has been used for the emojis
  • The error page image courtesy of Dopatwo

Mastodon error image