This HowTo guides you through the setup process of snac2 on a minimalistic FreeBSD (FreeBSD 14) system to run and serve your own ActivityPub instance within the Fediverse. snac2 is also compatible with Mastodon instances for further interactions. snac2 is a simple, minimalistic ActivityPub instance written in portable C and can run on all Linux and BSD systems.
Within this HowTo snac2 will be installed behind a nginx reverse proxy for SSL/TLS offloading.
First, we start installing the required package dependencies:
pkg install git curl py39-certbot-nginx-2.6.0 py39-certbot-2.6.0,1 nginxAfterwards, the snac2 project repository can be cloned and snac2 compiled from the C code source:
git clone https://codeberg.org/grunfink/snac2.git cd snac2 make make installThanks to Stefano (from the BSD Cafe project) for the FreeBSD rc service file to start the snac2 instance. Within the next steps we just copy the rc service file to the right location and prepare everything to serve the instance:
cp examples/snac_freebsd /usr/local/etc/rc.d/snac chmod +x /usr/local/etc/rc.d/snac echo "snac_enable=YES" >> /etc/rc.conf pw useradd snac -s /bin/sh touch /var/log/snac.log chown snac /var/log/snac.logAfterwards, we can finally initialize our new instance in an interactive way where we need to answer some questions to generate our server config file:
su - snac /usr/local/bin/snac init Interactive: Base directory: /home/snac/data Network address [127.0.0.1]: Network port [8001]: Host name: snac01.gyptazy.ch URL prefix: Admin email address (optional): noc@gyptazy.ch Done. /usr/local/etc/rc.d/snac startThe snac2 instance is now up and running on tcp/8001 but we do not want to expose this instance directly. Therefore, we configure nginx as a reverse proxy and let nginx handle the SSL/TLS offloading. Certificates will be obtained from Let's encrypt and renewed by certbot.
echo 'weekly_certbot_enable="YES"' >> /etc/periodic.conf echo "nginx_enable=YES" >> /etc/rc.conf mkdir /usr/local/etc/nginx/vhosts.d cp examples/nginx-alpine-ssl/default.conf /usr/local/etc/nginx/vhosts.d/snac.gyptazy.ch.conf certbot certonly --standalone -d snac.gyptazy.ch -d snac01.gyptazy.chNow, we adjust the config file in /usr/local/etc/nginx/vhosts.d/snac.gyptazy.ch.conf to our needs. This implies replacing the default_server part with our real fqdn (snac.gyptazy.ch) and the certificates. The certificates have already been issued by Let's Encrypt, as a result, we just need to adjust the path to our generated certificates within the nginx configuration file. By default, they are located in /usr/local/etc/letsencrypt/live/. An example by the above given fqdn would look like:
ssl_certificate /usr/local/etc/letsencrypt/live/snac.gyptazy.ch/fullchain.pem ssl_certificate_key /usr/local/etc/letsencrypt/live/snac.gyptazy.ch/privkey.pemAfter defining the certificates, the nginx service can be started by simply running:
/usr/local/etc/rc.d/nginx startnginx and snac2 are now up & running and serving the ActivityPub instance on your system. If you are running a firewall make sure to open port tcp/443 (and tcp/80 for redirecting the traffic to the encrypted port).
Edit: After my PR #98 for snac2 got merged, no additional SSL/TLS related options must be changed anymore. The updated and hardened SSL/TLS protocols and ciphers are now directly shipped by default.