--- description: Fediverse applications deployment patterns and configurations globs: ["manifests/applications/**/*", "build/**/*"] alwaysApply: false --- # Fediverse Applications ✅ OPERATIONAL ## Application Overview All applications use **Zero Trust architecture** via Cloudflare tunnels with dedicated S3 buckets for media storage: ### Currently Deployed Applications - **Mastodon**: `https://mastodon.keyboardvagabond.com` - Microblogging platform ✅ OPERATIONAL - **Pixelfed**: `https://pixelfed.keyboardvagabond.com` - Photo sharing platform ✅ OPERATIONAL - **PieFed**: `https://piefed.keyboardvagabond.com` - Forum/Reddit-like platform ✅ OPERATIONAL - **BookWyrm**: `https://bookwyrm.keyboardvagabond.com` - Social reading platform ✅ OPERATIONAL - **Picsur**: `https://picsur.keyboardvagabond.com` - Image storage ✅ OPERATIONAL ## Application Architecture Patterns ### Multi-Container Design Most fediverse applications use **multi-container architecture**: - **Web Container**: HTTP requests, API, web UI (Nginx + app server) - **Worker Container**: Background jobs, federation, media processing - **Beat Container**: (Django apps only) Celery Beat scheduler for periodic tasks ### Storage Strategy ✅ OPERATIONAL **Per-Application CDN Strategy**: Each application uses dedicated Backblaze B2 bucket with Cloudflare CDN: - **Pixelfed CDN**: `pm.keyboardvagabond.com` → `pixelfed-bucket` - **PieFed CDN**: `pfm.keyboardvagabond.com` → `piefed-bucket` - **Mastodon CDN**: `mm.keyboardvagabond.com` → `mastodon-bucket` - **BookWyrm CDN**: `bm.keyboardvagabond.com` → `bookwyrm-bucket` ### Database Integration All applications use the shared **PostgreSQL HA cluster**: - **Connection**: `postgresql-shared-rw.postgresql-system.svc.cluster.local:5432` - **Dedicated Databases**: Each app has its own database (e.g., `mastodon`, `pixelfed`, `piefed`, `bookwyrm`) - **High Availability**: 3-instance cluster with automatic failover ## Framework-Specific Patterns ### Laravel Applications (Pixelfed) ```yaml # Critical Laravel S3 Configuration FILESYSTEM_DRIVER=s3 PF_ENABLE_CLOUD=true FILESYSTEM_CLOUD=s3 AWS_BUCKET=pixelfed-bucket # Dedicated bucket approach AWS_URL=https://pm.keyboardvagabond.com/ # CDN URL ``` ### Flask Applications (PieFed) ```yaml # Flask Configuration with Redis and S3 FLASK_APP=pyfedi.py DATABASE_URL= CACHE_REDIS_URL= S3_BUCKET= S3_PUBLIC_URL=https://pfm.keyboardvagabond.com ``` ### Django Applications (BookWyrm) ```yaml # Django S3 Configuration USE_S3=true AWS_STORAGE_BUCKET_NAME=bookwyrm-bucket AWS_S3_CUSTOM_DOMAIN=bm.keyboardvagabond.com AWS_DEFAULT_ACL="" # Backblaze B2 doesn't support ACLs ``` ### Ruby Applications (Mastodon) ```yaml # Mastodon Dual Ingress Pattern # Web: mastodon.keyboardvagabond.com # Streaming: streamingmastodon.keyboardvagabond.com (WebSocket) STREAMING_API_BASE_URL: wss://streamingmastodon.keyboardvagabond.com ``` ## Container Build Patterns ### Multi-Stage Docker Strategy ✅ WORKING Optimized builds reduce image size by ~75%: - **Base Image**: Shared foundation with dependencies and source code - **Web Container**: Production web server configuration - **Worker Container**: Background processing optimizations - **Size Reduction**: From 1.3GB single-stage to ~350MB multi-stage ### Harbor Registry Integration - **Registry**: `` - **Image Pattern**: `/library/app-name:tag` - **Build Process**: `./build-all.sh` in project root ## ActivityPub Inbox Rate Limiting ✅ OPERATIONAL ### Nginx Burst Configuration Pattern Implemented across all fediverse applications to handle federation traffic spikes: ```nginx # Rate limiting zone - 100MB buffer, 10 requests/second limit_req_zone $binary_remote_addr zone=inbox:100m rate=10r/s; # ActivityPub inbox location block location /inbox { limit_req zone=inbox burst=300; # 300 request buffer # Extended timeouts for ActivityPub processing } ``` ### Rate Limiting Behavior - **Normal Operation**: 10 requests/second processed immediately - **Burst Handling**: Up to 300 additional requests queued - **Overflow Response**: HTTP 503 when buffer exceeds capacity - **Federation Impact**: Protects backend from overwhelming traffic spikes ## Application Deployment Standards - **Zero Trust Ingress**: All applications use Cloudflare tunnel pattern - **Container Registry**: Harbor for all custom images - **Multi-Stage Builds**: Required for Python/Node.js applications - **Storage**: Longhorn with 2-replica redundancy - **Monitoring**: ServiceMonitor integration with OpenObserve - **Rate Limiting**: ActivityPub inbox protection for all fediverse apps @fediverse-app-template.yaml @s3-storage-config-template.yaml @activitypub-rate-limiting-template.yaml