I’m interested in setting up my own instances for Lemmy, Mastodon, and Matrix.
Can I use the same https://domain.tld for all of them without any subdomains?
For example:
lemmyuser@mydomain.tld
mastodonuser@mydomain.tld
matrixuser@mydomain.tld
Will this work across all of my self-hosted instances, or do I need to append a subdomain for each, e.g., lemmyuser@lemmy.mydomain.tld?
All those services use a protocol named WebFinger that allows for having the servers in different domains but showing the users as being in a main domain. For example, my self-hosted Synapse server is at matrix.domain.tld, but my users are all like user@domain.tld.
Unfortunately I don’t really know how to set it all up manually, I just let Yunohost take care of managing it.
You are able to host all these services and more on the same domain. I do a similar thing with different services at different subdomains. I don’t believe the
username@
portion can help point to different services, that syntax is usually associated with email addresses.I think the best way to go about it would be having different subdomains such as
lemmy.domain.tld
,matrix.domain.tld
, etc.
To accomplish that, I have a wildcard subdomain point to my server, my reverse proxy (Caddy) handles figuring out which subdomain maps to which service on top of handling TLS certificates for me.Good to know and I was hoping that’s the case. As soon as my new domain resolves I’m going to install lemmy, matrix, and funkwhale.
Are you running all of yours in containers?
All of my services are in containers, I use Docker usually via Docker Compose. That gives me one file to establish all of my services, update/start/stop/check logs with consistent command formats for all services, and keeps the data separate from the application. If I need to rebuild, put a backup of my data in the right spot and change names in filepaths as needed, run a backup of the Docker Compose file and I’m up and running again.
The only things I don’t have in a container is Fail2Ban on my rented, public facing server to minimize noise of bots trying to login.
Regardless of configuration, you still need to access the instance from mastodon.mydomain.tld or lemmy.mydomain.tld, but you can configure the Mastodon to use @mastodonuser@mydomain.tld as its identifier by setting
WEB_DOMAIN
tomydomain.tld
.Mastodon documentation on the topic: https://docs.joinmastodon.org/admin/config/#web_domain
Ultimately, you need some way of routing the traffic to the correct place. Having all 3 services on the same domain, listening on the same ports is going to be a nightmare to manage because something needs to be clever enough to route the traffic to the right service without any information to go off of, other than maybe headers. Expensive firewalls can technically do this but it’s not fun to configure and is really brittle.
As inferred, you could use the same domain but you’d have to configure your services to listen on a different port so you’ll end up with something like https://domain.tld:8443 for Mastodon and https://domain.tld:8444 for lemmy.
You can technically use subfolders, i.e.
domain.tld/mastodon
anddomain.tld/lemmy
but you’re not going to get the results you want and I can’t say for sure that the software will deal with it nicely.This is why we tend to use reverse proxies and configure them to route all traffic from subdomaina.domain.tld to one service and subdomainb.domain.tld to another service. It’s just easier.
Please do add a tag to your post as stated on the sublemmy sidebar! Thank you. :)
Done. Thank you for the reminder, and for modding this new home for selfhosted conversations.
You’re very welcome. :)
Should partly be possible to do. Matrix: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md
Lemmy is not working. But might be at some point: https://github.com/LemmyNet/lemmy/issues/2608 But that issue also mentions on how it works with mastodon.
I wonder if you’d be able to use paths to achieve this? IDK how AP would handle it on its end, so I suppose it’s a case of https://tryitands.ee/
No you can’t. One way or another your request from your browser that have to reach (let’s say) mastodon will have to go through the web server then to the mastodon backend. Your request reaches domain.tld and your reverseproxy will send the traffic to the corresponding service… But you have 3 services answering to domain.tld. You won’t be able to get anywhere, or maybe to the first service where your reverse proxy matches but nowhere else. I don’t even know if a reverse proxy will allow to start with that kind of configuration. You’ll have to use subdomains, you’re not even (always) allowed to use subdirs (like domain.tld/lemmy) sometimes.
Matrix (or even easier XMPP) can coexist on the same domain with Lemmy or Mastodon, but with two ActivityPub services that is AFAIK not possible.
It will work for Matrix, because that’s what I got. Required some .wellknown-host magic if I remember correctly.
I don’t know if it’s possible for the other two. For Mastodon, in my case Akkoma, I went with social.mytld.com and lemmy.mytld.com for the Lemmy server I set up today.