this post was submitted on 17 Dec 2023
17 points (100.0% liked)

PixelFed: A free and ethical photo sharing platform.

557 readers
1 users here now

Photo sharing. For everyone.

Federated image sharing platform, will it go over Instagram?

founded 4 years ago
MODERATORS
 

I can install and run pixelfed on a subdomain, for example, pixelfed.example.com. However, I also run mastodon.example.com. My webfinger points at mastodon. How do I configure a webfinger for both pixelfed and mastodon? How do you all have your webfingers setup when you run multiple activitypub-based services?

Edit: I should also add that I'm trying to tie my mastodon account to [email protected], not specific to the mastodon subdomain, but specific to my user email identity. My mastodon domain would be sometime like mastodon.domain.com, which would normally make my user [email protected].

I do see this as a potential solution - I could route the specific service based on user agent to the correct webfinger: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725

So here is the issue on github:

https://github.com/pixelfed/pixelfed/issues/3563

If folks have GitHub accounts, could you please bump this/thumbs up?

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 11 months ago (1 children)

This doesn’t answer your exact question and I haven’t done this with webfingers, but I’ve done this with a reverse proxy like nginx (or traefik) and no special DNS tricks. Your example.com will point to 1.2.3.4 IP and then the subdomain routing is handled by the reverse proxy. I’ve had upwards of 8 different domains and subdomains all running on a single box taking advantage of docker containers.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago) (1 children)

Yes, the subdomains are routed via a reverse proxy. My primary issue is that pixelfed and mastodon ask for the same resource. My identity, [email protected] is requested by ActivityPub services and if they all ask for the same resource, they get my Mastodon account. I'm wondering if people have a fix for this that allows Pixelfed services to get my pixelfed account, mastodon my mastodon account, Funkwhale, etc. Problem is, I dont think there is short of having some logic that looks at the incoming user agent and then routes it to the proper resource.

Edit: something like this might work: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725

Edit 2: when I say resource, I really mean "link relation".

[–] [email protected] 1 points 11 months ago (3 children)

Hmm. Ok, but mastodon and pixelfed are unrelated services at the authentication level. When you hit the home page of each it’ll ask you to authenticate. Even if you use the precise same info (e.g. name, email, password even), each one will be authenticating separately. Or am I missing something still?

[–] [email protected] 2 points 11 months ago

Here's a link to a better description of what someone is trying to do with webfinger. It's critical to federation, and services piggybacking on mastodons configuration sort of break that - eg a pixelfed instance querying for [email protected] (trying to follow the pixelfed user for that user) would end up returning the mastodon profile. And while that works, and the third party pixelfed instance will follow the mastodon user, the pixelfed user won't get that follow. Federation will end up being broken on pixelfed, IIRC.

https://www.hanselman.com/blog/use-your-own-user-domain-for-mastodon-discoverability-with-the-webfinger-protocol-without-hosting-a-server

[–] [email protected] 2 points 11 months ago (1 children)

Aaaannnnnddddd here's the issue. I guess others have noticed this too.

https://github.com/pixelfed/pixelfed/issues/3563

[–] [email protected] 2 points 11 months ago

Glad you found similar issues. At least you know “it isn’t me”.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

Yes, that's correct. Both mastodon and pixelfed support OAurh, though, so if you ran an oauth provider, you should theoretically be able to authenticate with a single set of credentials.

[–] [email protected] 1 points 11 months ago (1 children)

I’m seeing posts about OIDC support in mastodon but not yet for pixelfed.

[–] [email protected] 1 points 11 months ago

Sorry I thought this was a different thread. I'm speaking about account discovery, not authentication.

For auth, this is all I see for pixelfed: https://docs.pixelfed.org/technical-documentation/api/#authorization.