Microblog: ActivityPub Server

A lightweight, Go-based ActivityPub micro-blogging server compatible with Mastodon clients and Fediverse applications.

Features

• ActivityPub Federation: Full WebFinger and Activity Streams support for federation with other Fediverse instances
• Mastodon API Compatibility: Core endpoints for home/public timelines, posting, following, and notifications
• HTTP Signatures: All outgoing activities are signed; incoming signatures are verified
• Timelines: Home (followed accounts), local, and public feeds
• Follow / Unfollow: Outgoing follows from Mastodon clients work seamlessly
• Notifications: Mentions, follows, reblogs, and favourites
• Automatic Key Generation: RSA keys generated on first run
• Single-Binary Deployment: Compiled Go binary, minimal dependencies
• MariaDB Storage: Efficient relational database with proper schemas
• Content Negotiation: Serves ActivityPub JSON or HTML based on Accept headers

Architecture

Client Apps (Mastodon, etc)
        ↓
    Your Reverse Proxy (Nginx, YunoHost, etc.)
        ↓
    Go Binary (ActivityPub + Mastodon API endpoints, exposed on local port)
        ↓
    MariaDB (Users, statuses, remote actors, follows, notifications)

Quick Start

Prerequisites

• Docker & Docker Compose
• A domain name (for federation)
• An existing reverse proxy configured on your host

1. Clone and Setup

git clone <repo>
cd microblog
cp .env.example .env

2. Edit .env

DOMAIN=your-domain.com
HOST_PORT=8080
DB_USER=microblog
DB_PASSWORD=your_secure_password
DB_ROOT_PASSWORD=your_secure_root_password
ADMIN_TOKEN=your_secure_random_token
ADMIN_USERNAME=yourusername
MAX_MEDIA_SIZE_MB=7.5

3. Start Services

docker-compose up -d

This will:

• Build the Go app
• Start MariaDB and run migrations
• Expose the Go app to 127.0.0.1:8080 (or your configured HOST_PORT)

4. Configure Reverse Proxy

Point your host's reverse proxy (e.g., Nginx, Caddy) to forward traffic for your-domain.com to 127.0.0.1:8080.

API Endpoints

ActivityPub (Federation)

• GET /.well-known/webfinger?resource=acct:username@domain - WebFinger discovery
• GET /users/{username} - Actor profile (JSON-LD)
• GET /users/{username}/outbox - Activity feed
• POST /users/{username}/inbox - Receive federated activities

Mastodon API

• GET /api/v1/instance - Instance metadata
• GET /api/v1/accounts/verify_credentials - Verify user session
• GET /api/v1/timelines/home - Home timeline (accounts you follow)
• GET /api/v1/timelines/public - Public timeline (all known posts)
• GET /api/v1/notifications - Notifications (mentions, follows, etc.)
• POST /api/v1/statuses - Create a status
• POST /api/v1/media - Upload media
• POST /api/v1/accounts/:id/follow - Follow a remote account
• POST /api/v1/accounts/:id/unfollow - Unfollow a remote account

Web

• GET / - Home page (HTML)
• GET /@{username} - User profile page (HTML)
• GET /admin - Admin dashboard for posting

Deployment

1. SSH into your VPS
2. Create app directory

mkdir -p /opt/microblog
cd /opt/microblog

3. Clone this repo

git clone <repo> .

4. Set environment

cp .env.example .env
nano .env

5. Deploy with Docker Compose

docker-compose up -d

6. Update your Nginx config

server {
    server_name your-domain.com;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Security Notes

• All outgoing activities are signed using RSA-SHA256.
• Incoming signatures are verified before processing.
• Content sanitisation via bluemonday prevents XSS.
• Use strong passwords and keep Docker images updated.
• Enforce HTTPS on your reverse proxy.

Roadmap / Future Improvements

• OAuth2 for multi-user support
• Hashtag search and trending
• Direct messages
• Polls and rich embeds
• Async delivery with retries (currently goroutine fire-and-forget)

License

CC0 1.0 Universal (Public Domain)