Modern ActivityPub compliant server https://epicyon.net

Bob Mottram c6df852e34 Federation policy 1 month ago
emoji a99c1462b9 Extra emoji 3 months ago
img 2455741f37 Share image 3 months ago
translations c2c3b745f8 Change submit to vote 3 months ago
website 8aafc35c10 website 3 months ago
LICENSE e5a03e0fe9 Initial 5 months ago
Makefile d769c5b258 Run test in its own subdirectory 4 months ago
README.md 9bdb0c007a Quote first 3 months ago
README_commandline.md b77dcb11df Commandline readme 3 months ago
README_customizations.md a862dc74de Separate customizations information 3 months ago
README_goals.md 18c9f0faf2 Link to goals 3 months ago
acceptreject.py fc2732a5ed Tidying 1 month ago
announce.py fc2732a5ed Tidying 1 month ago
auth.py cd5af800c2 Allow profile in path 3 months ago
availability.py fc2732a5ed Tidying 1 month ago
blocking.py 28d30ed497 Check for blocked domains being announced 3 months ago
blurhash.py 83b172d046 Functions for image attachments 5 months ago
cache.py fc2732a5ed Tidying 1 month ago
capabilities.py fc2732a5ed Tidying 1 month ago
code-of-conduct.md 3add129c40 Lower case 3 months ago
config.py fc2732a5ed Tidying 1 month ago
content.py fc2732a5ed Tidying 1 month ago
daemon.py fc2732a5ed Tidying 1 month ago
default_about.txt 91981c7953 About screen 3 months ago
default_tos.txt c6df852e34 Federation policy 1 month ago
delete.py cd5af800c2 Allow profile in path 3 months ago
epicyon-follow.css 039f8ade67 Scale search box for mobile 3 months ago
epicyon-login.css 60da723ce8 Login screen style for mobile 3 months ago
epicyon-profile.css cf0c30c240 vote button type 3 months ago
epicyon-suspended.css d453d1af87 Submit button spacing 4 months ago
epicyon.py 2dbd187031 Send reject activity on manual follow reject 3 months ago
filters.py 779fc287d1 Version 1.0.0 3 months ago
follow.py 2dbd187031 Send reject activity on manual follow reject 3 months ago
httpsig.py 779fc287d1 Version 1.0.0 3 months ago
inbox.py fc2732a5ed Tidying 1 month ago
like.py cd5af800c2 Allow profile in path 3 months ago
manualapprove.py 2dbd187031 Send reject activity on manual follow reject 3 months ago
media.py 5a7180e040 media type 3 months ago
ocaps.md 12072b57e1 Separate ocaps document 5 months ago
person.py 779fc287d1 Version 1.0.0 3 months ago
posts.py fc2732a5ed Tidying 1 month ago
roles.py 8f346fffef Better handling of actor parsing 3 months ago
session.py 753eb34bde Parsing post collections from pleroma 3 months ago
shares.py 779fc287d1 Version 1.0.0 3 months ago
skills.py 779fc287d1 Version 1.0.0 3 months ago
tests.py e93071af5d Tidying 3 months ago
threads.py 832c1cd39b Fix cloning of inbox thread 3 months ago
utils.py aa56da14b6 Extra site 3 months ago
webfinger.py 536731f256 Check that webfinger returns a valid actor url 3 months ago
webinterface.py 8d78bb6f6b Comments 1 month ago

README.md

Epicyon, meaning "more than a dog". Largest of the Borophaginae which lived in North America 20-5 million years ago.

Epicyon is a modern ActivityPub compliant server implementing both S2S and C2S protocols and sutable for installation on single board computers. It includes features such as moderation tools, post expiry, content warnings, image descriptions and perimeter defense against adversaries.

Project Goals - Commandline interface - Customizations - Object Capabilities - Code of Conduct

Includes emojis designed by OpenMoji – the open-source emoji and icon project. License: CC BY-SA 4.0

Package Dependencies

On Arch/Parabola:

sudo pacman -S tor python-pip python-pysocks python-pycryptodome \
               python-beautifulsoup4 imagemagick python-pillow \
	       python-numpy python-dateutil certbot
sudo pip install commentjson

Or on Debian:

sudo apt-get -y install tor python3-pip python3-socks imagemagick \
                python3-numpy python3-setuptools python3-crypto \
		python3-dateutil python3-pil.imagetk certbot
sudo pip3 install commentjson beautifulsoup4 pycryptodome

Installation

In the most common case you'll be using systemd to set up a daemon to run the server.

Add a dedicated user so that we don't have to run as root.

adduser --system --home=/etc/epicyon --group epicyon

Edit /etc/systemd/system/epicyon.service and add the following:

[Unit]
Description=epicyon
After=syslog.target
After=network.target

[Service]
Type=simple
User=epicyon
Group=epicyon
WorkingDirectory=/etc/epicyon
ExecStart=/usr/bin/python3 /etc/epicyon/epicyon.py --port 443 --proxy 7156 --domain YOUR_DOMAIN --registration open --debug
Environment=USER=epicyon
Restart=always
StandardError=syslog

[Install]
WantedBy=multi-user.target

Here the server was installed to /etc/epicyon, but you can change that to wherever you installed it.

Then run the daemon:

systemctl enable epicyon
chown -R epicyon:epicyon /etc/epicyon
systemctl start epicyon

Check the status of the daemon with:

systemctl status epicyon

If it's not running then you can also look at the log:

journalctl -u epicyon

You'll also need to set up a web server configuration. For Nginx edit /etc/nginx/sites-available/YOUR_DOMAIN as follows:

server {
    listen 80;
    listen [::]:80;
    server_name YOUR_DOMAIN;
    root /var/www/YOUR_DOMAIN/htdocs;
    access_log /dev/null;
    error_log /dev/null;
    client_max_body_size 31m;
    client_body_buffer_size 128k;

    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=10 nodelay;

    index index.html;
    rewrite ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443 ssl;
    server_name YOUR_DOMAIN;

    ssl_stapling off;
    ssl_stapling_verify off;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
    #ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_session_timeout 60m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    add_header Strict-Transport-Security max-age=15768000;

    access_log /dev/null;
    error_log /dev/null;

    root /var/www/YOUR_DOMAIN/htdocs;
    index index.html;
 
    location / {
        proxy_http_version 1.1;
        client_max_body_size 31M;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_temp_file_write_size 64k;
        proxy_connect_timeout 10080s;
        proxy_send_timeout 10080;
        proxy_read_timeout 10080;
        proxy_buffer_size 64k;
        proxy_buffers 16 32k;
        proxy_busy_buffers_size 64k;
        proxy_redirect off;
        proxy_request_buffering off;
        proxy_buffering off;
        proxy_pass http://localhost:7156;
    }
}

Changing your domain name as appropriate. Activate the configuration with:

ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/

Generate a LetsEncrypt certificate.

certbot certonly -n --server https://acme-v01.api.letsencrypt.org/directory --standalone -d YOUR_DOMAIN --renew-by-default --agree-tos --email YOUR_EMAIL

And restart the web server:

systemctl restart nginx

Running Unit Tests

To run the unit tests:

python3 epicyon.py --tests

To run the network tests. These simulate instances exchanging messages.

python3 epicyon.py --testsnetwork