* Use ActivityPub outbox for Mastodon (et al.) feed closes #2754 * Better description for Mastodon bridge I mean I could rename it to ActivityPub bridge if the maintainer so pleases * [Mastodon] Please the lint * [Mastodon] address feedback * [Mastodon] fix link, address spelling case bug * refactor * [Mastodon] add username cache, fix try-catch, rename * [Mastodon] shorten description to satisfy the lint * [Mastodon] address feedback * [Mastodon] support Secure Mode instances * [Mastodon] add config documentation * [Mastodon] update docs Co-authored-by: Dag <me@dvikan.no>
2.9 KiB
MastodonBridge (aka. ActivityPub Bridge)
Certain ActivityPub implementations, such as Mastodon and Pleroma, allow instances to require requests to ActivityPub endpoints to be signed. RSS-Bridge can handle the HTTP signature header if a private key is provided, while the ActivityPub instance must be able to know the corresponding public key.
You do not need to configure this if the usage on your RSS-Bridge instance is limited to accessing ActivityPub instances that do not have such requirements. While the majority of ActivityPub instances don't have them at the time of writing, the situation may change in the future.
Configuration
This article is referenced.
- Select a domain. It may, but does not need to, be the one RSS-Bridge is on. For all subsequent steps, replace
DOMAIN
with this domain. - Run the following commands on your machine:
$ openssl genrsa -out private.pem 2048
$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
- Place
private.pem
in an appropriate location and note down its absolute path. - Serve the following page at
https://DOMAIN/.well-known/webfinger
:
{
"subject": "acct:DOMAIN@DOMAIN",
"aliases": ["https://DOMAIN/actor"],
"links": [{
"rel": "self",
"type": "application/activity+json",
"href": "https://DOMAIN/actor"
}]
}
- Serve the following page at
https://DOMAIN/actor
, replacing the value ofpublicKeyPem
with the contents of thepublic.pem
file in step 2, with all line breaks substituted with\n
:
{
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://w3id.org/security/v1"
],
"id": "https://DOMAIN/actor",
"type": "Application",
"inbox": "https://DOMAIN/actor/inbox",
"preferredUsername": "DOMAIN",
"publicKey": {
"id": "https://DOMAIN/actor#main-key",
"owner": "https://DOMAIN/actor",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n"
}
}
- Add the following configuration in
config.ini.php
in your RSS-Bridge folder, replacing the path with the one from step 3:
[MastodonBridge]
private_key = "/absolute/path/to/your/private.pem"
key_id = "https://DOMAIN/actor#main-key"
Considerations
Any ActivityPub instance your users requested content from will be able to identify requests from your RSS-Bridge instance by the domain you specified in the configuration. This also means that an ActivityPub instance may choose to block this domain should they judge your instance's usage excessive. Therefore, public instance operators should monitor for abuse and prepare to communicate with ActivityPub instance admins when necessary. You may also leave contact information as the summary
value in the actor JSON (step 5).