Install snac2 on FreeBSD – An ActivityPub Instance for the Fediverse (2024-01-05):

This HowTo guides you through the setup process of snac2 on a minimalistic FreeBSD (FreeBSD 14) system to run and serve your own ActivityPub instance within the Fediverse. snac2 is also compatible with Mastodon instances for further interactions. snac2 is a simple, minimalistic ActivityPub instance written in portable C and can run on all Linux and BSD systems.

Within this HowTo snac2 will be installed behind a nginx reverse proxy for SSL/TLS offloading.

First, we start installing the required package dependencies:

pkg install git curl py39-certbot-nginx-2.6.0 py39-certbot-2.6.0,1 nginx
Afterwards, the snac2 project repository can be cloned and snac2 compiled from the C code source:
git clone
cd snac2
make install
Thanks to Stefano (from the BSD Cafe project) for the FreeBSD rc service file to start the snac2 instance. Within the next steps we just copy the rc service file to the right location and prepare everything to serve the instance:
cp examples/snac_freebsd /usr/local/etc/rc.d/snac
chmod +x /usr/local/etc/rc.d/snac
echo "snac_enable=YES" >> /etc/rc.conf
pw useradd snac -s /bin/sh
touch /var/log/snac.log
chown snac /var/log/snac.log
Afterwards, we can finally initialize our new instance in an interactive way where we need to answer some questions to generate our server config file:
su - snac
/usr/local/bin/snac init

Base directory: /home/snac/data
Network address []: 
Network port [8001]: 
Host name:
URL prefix: 
Admin email address (optional):

/usr/local/etc/rc.d/snac start
The snac2 instance is now up and running on tcp/8001 but we do not want to expose this instance directly. Therefore, we configure nginx as a reverse proxy and let nginx handle the SSL/TLS offloading. Certificates will be obtained from Let's encrypt and renewed by certbot.
echo 'weekly_certbot_enable="YES"' >> /etc/periodic.conf
echo "nginx_enable=YES" >> /etc/rc.conf
mkdir /usr/local/etc/nginx/vhosts.d
cp examples/nginx-alpine-ssl/default.conf /usr/local/etc/nginx/vhosts.d/
certbot certonly --standalone -d -d
Now, we adjust the config file in /usr/local/etc/nginx/vhosts.d/ to our needs. This implies replacing the default_server part with our real fqdn ( and the certificates. The certificates have already been issued by Let's Encrypt, as a result, we just need to adjust the path to our generated certificates within the nginx configuration file. By default, they are located in /usr/local/etc/letsencrypt/live/. An example by the above given fqdn would look like:
ssl_certificate /usr/local/etc/letsencrypt/live/
ssl_certificate_key /usr/local/etc/letsencrypt/live/
After defining the certificates, the nginx service can be started by simply running:
/usr/local/etc/rc.d/nginx start
nginx and snac2 are now up & running and serving the ActivityPub instance on your system. If you are running a firewall make sure to open port tcp/443 (and tcp/80 for redirecting the traffic to the encrypted port).

Edit: After my PR #98 for snac2 got merged, no additional SSL/TLS related options must be changed anymore. The updated and hardened SSL/TLS protocols and ciphers are now directly shipped by default.