惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
Know Your Adversary
Know Your Adversary
博客园 - 叶小钗
雷峰网
雷峰网
大猫的无限游戏
大猫的无限游戏
M
MIT News - Artificial intelligence
量子位
A
About on SuperTechFans
The Register - Security
The Register - Security
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
IT之家
IT之家
博客园 - 聂微东
Blog — PlanetScale
Blog — PlanetScale
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
有赞技术团队
有赞技术团队
阮一峰的网络日志
阮一峰的网络日志
云风的 BLOG
云风的 BLOG
人人都是产品经理
人人都是产品经理
Hacker News: Ask HN
Hacker News: Ask HN
T
The Exploit Database - CXSecurity.com
Vercel News
Vercel News
Stack Overflow Blog
Stack Overflow Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 司徒正美
NISL@THU
NISL@THU
V2EX - 技术
V2EX - 技术
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Schneier on Security
Schneier on Security
博客园 - 三生石上(FineUI控件)
T
The Blog of Author Tim Ferriss
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
T
Tenable Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
V
Vulnerabilities – Threatpost
美团技术团队
L
LangChain Blog
Google DeepMind News
Google DeepMind News
腾讯CDC
P
Privacy International News Feed
Spread Privacy
Spread Privacy
D
DataBreaches.Net
Engineering at Meta
Engineering at Meta
S
Security @ Cisco Blogs

IT Notes - gotosocial

IT Notes IT Notes
IT Notes
Stefano Marinelli · 2024-10-08 · via IT Notes - gotosocial

Decentralized technologies have always been of great interest to me. In my opinion, the decentralization of the Internet was one of the keys to its success, but year after year, we are gradually losing it. This is happening because we increasingly rely on "mainstream" services for convenience, habit, or trend.

I often hear colleagues say, "I've put my client's email on Y (Y = one of the major players in the email world) to avoid problems." The problems remain, but the colleague can "pass the buck" to the big player of the moment. And, in my experience, clients tend to be much more forgiving when the problem is with a big player.

Once, people used to say: "Nobody ever got fired for buying IBM." Today, I would say, "Nobody ever got fired for putting email on [Google, Microsoft, etc.]."

A few days ago, a colleague mentioned that he struggles to find some of his friends and colleagues on the fediverse because they are spread across various instances, and a simple search doesn't always yield the desired results.

Own Your Data

The fediverse is an extremely effective, resilient, autonomous decentralized communication technology. Unlike email, the many software implementations (such as Mastodon, GoToSocial, Mitra, Akkoma, Pleroma, etc. - soon snac will also support this type of operation) support the ability to "move" one's account. This means that when a user decides to relocate, the server will notify all followers that the user has moved. The followers will automatically stop following the original account and start following the new one. As of today, it is not possible to move past content (which will still be available on the old server).

In my opinion, every government, public entity, association, foundation, etc., that needs to communicate with the public should have its own communication channel, with full control over its data and the messages it delivers. When I read "my Discord server," I feel like responding "there's nothing 'yours' about it - tomorrow morning they could shut everything down, and you would have lost EVERYTHING.". Own your data!

Sometimes, I read that instances are not opened because of "costs not balanced by the number of users." But even public television channels are often economically unprofitable, yet they are considered an essential service for public communication. Open, decentralized technologies that ensure control over one's data should be treated the same way.

The problem, as with email, is tied to the address. A server change necessarily implies an address change, which can sometimes cause problems.

A Permanent Address

For this reason, I decided to implement a kind of "permanent" address that will provide the correct data based on my main server. I decided that this address should be linked to my email address, and since I control the entire domain (including the web server), I can do this quite simply. In this way, if I change servers, users who already follow me will be moved by the "move" operation, while those who do not yet follow me will still be able to find me using my "permanent" address, which will, in turn, provide the new user on the new server.

My setup will be very similar to what I found in an interesting blog post that I based my approach on.

In Practice

To achieve this, I modified the nginx configuration on the server that serves the "dragas.it" website.

Nginx Configuration

Before the server directive for dragas.it, I added this mapping:

map $query_string $account_name {
    ~resource=acct:stefano@dragas.it$ stefano;
    ~resource=acct%3Astefano%40dragas.it$ stefano;
}

This ensures that requests for those two resources (some clients send the second one, so I wanted to handle that situation) will assign the value "stefano" to the $account_name variable.

WebFinger Exception

Within the server directive of the dragas.it virtual host, I added an exception for webfinger (the protocol used to find user data):

location = /.well-known/webfinger {
    root  /usr/local/www/webfinger;

    if ($account_name) {
      rewrite ^(.*)$ /$account_name.json break;
    }

    try_files $uri = 404;
}

JSON File for WebFinger

At this point, I created the /usr/local/www/webfinger directory and added a file named stefano.json (matching $account_name) with the following content:

{
  "subject": "acct:stefano@dragas.it",
  "aliases": [
    "https://mastodon.bsd.cafe/@stefano",
    "https://mastodon.bsd.cafe/users/stefano"
  ],
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://mastodon.bsd.cafe/@stefano"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://mastodon.bsd.cafe/users/stefano"
    },
    {
      "rel": "http://ostatus.org/schema/1.0/subscribe",
      "template": "https://mastodon.bsd.cafe/authorize_interaction?uri={uri}"
    }
  ]
}

In practice, this will return a reference to my main Mastodon account.

Testing the Setup

After reloading the nginx configurations, it will be enough to test it:

# curl "https://dragas.it/.well-known/webfinger?resource=acct:stefano@dragas.it"

{
  "subject": "acct:stefano@dragas.it",
  "aliases": [
    "https://mastodon.bsd.cafe/@stefano",
    "https://mastodon.bsd.cafe/users/stefano"
  ],
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://mastodon.bsd.cafe/@stefano"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://mastodon.bsd.cafe/users/stefano"
    },
    {
      "rel": "http://ostatus.org/schema/1.0/subscribe",
      "template": "https://mastodon.bsd.cafe/authorize_interaction?uri={uri}"
    }
  ]
}

In this case, everything works perfectly. When you search for my email address from any fediverse instance, my BSD Cafe profile will appear.

Conclusion

This approach allows you to define multiple users for each domain. You just need to add the corresponding mapping in the nginx configuration and the .json file with all the data.