bluesky-social / pds

Bluesky PDS (Personal Data Server) container image, compose file, and documentation
Other
1.38k stars 126 forks source link
atproto bluesky self-hosted

PDS

Welcome to the repository for the official Bluesky PDS (Personal Data Server). This repository includes container images and documentation designed to assist technical people with hosting a Bluesky PDS.

Head over to the AT Protocol PDS Admins Discord to chat with other folks hosting instances and get important updates about the PDS distribution!

Table of Contents

FAQ

What is Bluesky?

Bluesky is a social media application built on AT Protocol.

Please visit the Bluesky website for more information.

What is AT Protocol?

The Authenticated Transfer Protocol, aka atproto, is a protocol for large-scale distributed social applications.

Please visit the AT Protocol docs for additional information.

Where is the code?

What is the current status of federation?

As of Spring 2024, the AT Protocol network is open to federation!

✅ Federated domain handles (e.g. @nytimes.com)

✅ Federated feed generators (custom algorithms)

✅ Federated relays (event firehose)

✅ Federated app views (API service)

✅ Federated data (PDS hosting)

✅ Federated moderation (labeling)

Self-hosting PDS

Self-hosting a Bluesky PDS means running your own Personal Data Server that is capable of federating with the wider Bluesky social network.

Preparation for self-hosting PDS

Launch a server on any cloud provider, Digital Ocean and Vultr are two popular choices.

Ensure that you can ssh to your server and have root access.

Server Requirements

Server Recommendations
Operating System Ubuntu 22.04
Memory (RAM) 1 GB
CPU Cores 1
Storage 20 GB SSD
Architectures amd64, arm64
Number of users 1-20

Note: It is a good security practice to restrict inbound ssh access (port 22/tcp) to your own computer's public IP address. You can check your current public IP address using ifconfig.me.

Open your cloud firewall for HTTP and HTTPS

One of the most common sources of misconfiguration is not opening firewall ports correctly. Please be sure to double check this step.

In your cloud provider's console, the following ports should be open to inbound access from the public internet.

Note: there is no need to set up TLS or redirect requests from port 80 to 443 because the Caddy web server, included in the Docker compose file, will handle this for you.

Configure DNS for your domain

From your DNS provider's control panel, set up a domain with records pointing to your server.

Name Type Value TTL
example.com A 12.34.56.78 600
*.example.com A 12.34.56.78 600

Note:

Check that DNS is working as expected

Use a service like DNS Checker to verify that you can resolve domain names.

Examples to check (record type A):

These should all return your server's public IP.

Installer on Ubuntu 20.04/22.04 and Debian 11/12

On your server via ssh, download the installer script using wget:

wget https://raw.githubusercontent.com/bluesky-social/pds/main/installer.sh

or download it using curl:

curl https://raw.githubusercontent.com/bluesky-social/pds/main/installer.sh >installer.sh

And then run the installer using bash:

sudo bash installer.sh

Verifying that your PDS is online and accessible

[!TIP] The most common problems with getting PDS content consumed in the live network are when folks substitute the provided Caddy configuration for nginx, apache, or similar reverse proxies. Getting TLS certificates, WebSockets, and virtual server names all correct can be tricky. We are not currently providing tech support for other configurations.

You can check if your server is online and healthy by requesting the healthcheck endpoint.

You can visit https://example.com/xrpc/_health in your browser. You should see a JSON response with a version, like:

{"version":"0.2.2-beta.2"}

You'll also need to check that WebSockets are working, for the rest of the network to pick up content from your PDS. You can test by installing a tool like wsdump and running a command like:

wsdump "wss://example.com/xrpc/com.atproto.sync.subscribeRepos?cursor=0"

Note that there will be no events output on the WebSocket until they are created in the PDS, so the above command may continue to run with no output if things are configured successfully.

Creating an account using pdsadmin

Using ssh on your server, use pdsadmin to create an account if you haven't already.

sudo pdsadmin account create

Creating an account using an invite code

Using ssh on your server, use pdsadmin to create an invite code.

sudo pdsadmin create-invite-code

When creating an account using the app, enter this invite code.

Using the Bluesky app with your PDS

You can use the Bluesky app to connect to your PDS.

  1. Get the Bluesky app
  2. Enter the URL of your PDS (e.g. https://example.com/)

Note: because the subdomain TLS certificate is created on-demand, it may take 10-30s for your handle to be accessible. If you aren't seeing your first post/profile, wait 30s and try to make another post.

Setting up SMTP

To be able to verify users' email addresses and send other emails, you need to set up an SMTP server.

One way to do this is to use an email service. Resend and SendGrid are two popular choices.

Create an account and API key on an email service, ensure your server allows access on the required ports, and set these variables in /pds/pds.env (example with Resend):

PDS_EMAIL_SMTP_URL=smtps://resend:<your api key here>@smtp.resend.com:465/
PDS_EMAIL_FROM_ADDRESS=admin@your.domain

Note: Your PDS will need to be restarted with those variables. This varies depending on your setup. If you followed this installation guide, run systemctl restart pds. You might need to restart the server or recreate the container, depending on what you are using.

Updating your PDS

It is recommended that you keep your PDS up to date with new versions, otherwise things may break. You can use the pdsadmin tool to update your PDS.

sudo pdsadmin update

License

This project is dual-licensed under MIT and Apache 2.0 terms:

Downstream projects and end users may choose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.