Discuss this post

With Mastodon being all the rage right now and people massively moving over, new opportunities arise. One of these is that Mastodon allows you to take ownership of your identity using the WebFinger protocol. This way you can have an identitiy like me@example.org without actually having to host your own Mastodon server (or instance in Mastodon lingo).

Maarten Balliauw has already posted on how to achieve this but with a little caveat:

“this approach works much like a catch-all e-mail address. @anything@yourdomain.com will match, unless you add a bit more scripting to only show a result for resources you want to be discoverable.”

I went ahead and solved this by tweaking the nginx configuration of one of my servers slightly (caveat here is you need access to the web server’s configuration):

server {
    listen 80;

    location = /.well-known/webfinger {
        try_files $uri/$arg_resource =404;
    }

A WebFinger requests URL looks similar to this: https://home.e13.dev/.well-known/webfinger?resource=acct:makkes@home.e13.dev. Now whenever a request comes in at that URL nginx tries to find the file .well-known/webfinger/acct:makkes@home.e13.dev and if it exists, returns its contents in the response. So the only thing to do is to create that file with the WebFinger details in it and store it at that location in nginx’s web root.

This mitigates the “catch-all” limitation and only serves the identity or identities you want it to.