I can install and run pixelfed on a subdomain, for example, pixelfed.example.com. However, I also run mastodon.example.com. My webfinger points at mastodon. How do I configure a webfinger for both pixelfed and mastodon? How do you all have your webfingers setup when you run multiple activitypub-based services?
Edit: I should also add that I’m trying to tie my mastodon account to user@domain.tld, not specific to the mastodon subdomain, but specific to my user email identity. My mastodon domain would be sometime like mastodon.domain.com, which would normally make my user user@mastodon.domain.com.
I do see this as a potential solution - I could route the specific service based on user agent to the correct webfinger: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725
So here is the issue on github:
https://github.com/pixelfed/pixelfed/issues/3563
If folks have GitHub accounts, could you please bump this/thumbs up?
This doesn’t answer your exact question and I haven’t done this with webfingers, but I’ve done this with a reverse proxy like nginx (or traefik) and no special DNS tricks. Your example.com will point to 1.2.3.4 IP and then the subdomain routing is handled by the reverse proxy. I’ve had upwards of 8 different domains and subdomains all running on a single box taking advantage of docker containers.
Yes, the subdomains are routed via a reverse proxy. My primary issue is that pixelfed and mastodon ask for the same resource. My identity, email@domain.tld is requested by ActivityPub services and if they all ask for the same resource, they get my Mastodon account. I’m wondering if people have a fix for this that allows Pixelfed services to get my pixelfed account, mastodon my mastodon account, Funkwhale, etc. Problem is, I dont think there is short of having some logic that looks at the incoming user agent and then routes it to the proper resource.
Edit: something like this might work: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725
Edit 2: when I say resource, I really mean “link relation”.
Hmm. Ok, but mastodon and pixelfed are unrelated services at the authentication level. When you hit the home page of each it’ll ask you to authenticate. Even if you use the precise same info (e.g. name, email, password even), each one will be authenticating separately. Or am I missing something still?
Aaaannnnnddddd here’s the issue. I guess others have noticed this too.
Glad you found similar issues. At least you know “it isn’t me”.
Here’s a link to a better description of what someone is trying to do with webfinger. It’s critical to federation, and services piggybacking on mastodons configuration sort of break that - eg a pixelfed instance querying for user@domain.tld (trying to follow the pixelfed user for that user) would end up returning the mastodon profile. And while that works, and the third party pixelfed instance will follow the mastodon user, the pixelfed user won’t get that follow. Federation will end up being broken on pixelfed, IIRC.
Yes, that’s correct. Both mastodon and pixelfed support OAurh, though, so if you ran an oauth provider, you should theoretically be able to authenticate with a single set of credentials.
I’m seeing posts about OIDC support in mastodon but not yet for pixelfed.
Sorry I thought this was a different thread. I’m speaking about account discovery, not authentication.
For auth, this is all I see for pixelfed: https://docs.pixelfed.org/technical-documentation/api/#authorization.