Mastodon server

By Erwin

- 2 minutes read - 397 words

Status

Active since December 2022.

Moved from AWS to Hetzner in November 2025.

What

My personal Mastodon server. The accounts on there are all me, at this time.

Where

https://strangeweb.page/

I wanted to keep this relatively separate from other projects, so I registered a .page domain.

How

When I migrated to Hetzner, I simplified the setup a bit:

A single VM

More than enough CPU, RAM, storage, and of course an IPv4 and an IPv6 address.

Access via ssh locked down

Only my home IP address can get in. Easily updated when that changes (which is rare).

The other ports available

Port 80 (http, in practice really only for LetsEncrypt, but also the classic http to https redirect), and of course 443 (https) for the main attraction.

Still using the S3 bucket

I plan to migrate that to different object storage in the near future.

Terraform code

It creates the VM, updates the DNS (A and AAAA records which now live at deSEC.io), as well as reverse DNS managed by Hetzner, then throws cloud-init at it.

The cloud-init setup

This takes care of basic conveniences (things like emacs, jq, rsync, and others) but also installs dependencies for Mastodon and prepare it most of the way (skipping the interactive configuration of Mastodon itself).

Code and related things

Mastodon instructions for setting up your own server

The Infrastructure as Code at https://codeberg.org/.

Previously

The setup in AWS (from 2022-2025) was as follows:

Basic Virtual Private Cloud (VPC)

Pretty standard setup. A subnet for public facing things (which is the only things in here right now), and one for resources that don't connect out to the internet. Right now there aren't any of the latter, but it is good to be prepared

A bastion server

A locked down instance that is intended to be the only way to get into the VPC with ssh, with an IP address that is separate from the actual service.

The actual Mastodon server

An S3 bucket

This is where Mastodon stores media associated with posts (in the timeline of my accounts, or my own), with a CloudFront shield in front of it

Terraform code

This managed all of the above.

For Mastodon upgrades

I created a script to temporarily bump up the instance size, because it was unhappy for some of those steps but perfectly content running in a smaller instance during normal operations.