~chasinglightning/pds

47a0fa32 — chasinglightning a month ago
edit readme
a3f7b0e7 — chasinglightning a month ago
add dual license from bsky github repo
e2edc2d5 — chasinglightning a month ago
first

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~chasinglightning/pds
read/write
git@git.sr.ht:~chasinglightning/pds

You can also use your local clone with git send-email.

#PDS nonsense

this is how i deployed a bluesky PDS without using the caddy/watchtower containers included in the default PDS compose file.

pdsadmin.sh needs to be regularly updated from the bluesky-social/PDS repo on github. please be sure to do this. you can probably set up a cron job to pull the new one regularly or something.

i wrote up a blog post on how i did all this, basically launching the PDS in docker, then using a bare metal caddy web server on a different server on the same network to reverse proxy the PDS. click here for the blog post.

basic caddyfile configuration for a PDS is below:

https://bsky.example.com, https://your-handle.bsky.example.com {
        reverse_proxy 192.168.1.123:6010

        handle /xrpc/* {
                        reverse_proxy 192.168.1.123:6010
        }

        handle /.well-known/atproto-did {
                respond "did:yourthinghere" 200
        }
}

#ENV variables

generate JWT secret:

openssl rand --hex 16

generate PLC rotation key:

openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32

SMTP URL scheme:

smtp://API_KEY_AKA_USERNAME:SECRET_AKA_PASSWORD@smtp-relay-address-here.com:587

explanation of above line and its placeholders below, taken from blog post:

smtp:// and 587 - so the guide says use smtps, and also port 465. yeah these did not work for me. unless your relay uses both of those, just substitute in smtp and 587.

API_KEY_AKA_USERNAME - mailjet calls the username an API key but others call it a username so yeah. plop that in there.

SECRET_AKA_PASSWORD - same thing, secret or password whatever they call it put it there. also MAKE SURE that the username/API and secret/password are separated by a colon!

smtp-relay-address-here.com - yeah just fill in your relay's address thing. they usually provide this when you log in, or at least mailjet does.

Do not follow this link