This will serve as a writeup of how I setup and run’s SSB instance.

2 “types” of machines:

There will be at least 1 SSB pub server, possibly more than one, initially I had 2, but the load wasn’t there, so there is only one at the time of this writing, but the system is setup to handle N amount of nodes. When I turn up another SSB instance, I will make the first SSB node(or maybe the gateway) become an NFS server, so all SSB nodes share the same ~/.ssb data dir.

The SSB VPS have internal IP’s on the same network as the openBSD gateway. my VPS host covers this for me at no charge, as long as they are in the same datacenter.

SSB pub server setup:

Setup swap:

dd if=/dev/zero of=/swapfile bs=1024 count=1204000
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

Install node, nvm and supervisor

apt install nodejs supervisor
adduser --system ssb
sudo -u ssb bash
curl -o- | bash
nvm install --lts
npm install --global scuttlebot

Setup supervisor to run SSB

$ cat /etc/supervisor/conf.d/ssb.conf
command=/home/ssb/.nvm/versions/node/v8.11.1/bin/node /home/ssb/.nvm/versions/node/v8.11.1/bin/sbot server --host
; Setup the environment

Firewall/relayd configuration

There are variables here that need to be replaced, they are shown here as $(). Also, should live on some other machine/IP, listen on port 8008 and return something useful, saying all SSB nodes seem to be down, and should also yell and scream at someone(like me) to go fix it. This has yet to be fully implemented.

$ cat /etc/relayd.conf
ssb1=$(SSB node 1 internal address)
ssb2=$(SSB node 2 internal address)

interval 5

table <ssbhosts> { $ssb1, $ssb2 }
table <sorryhost> disable { }

protocol "ssb" {
        tcp { socket buffer 65536 }

relay "ssbforward" {
        listen on $(PUBLICIPV4 ADDRESS) port 8008
        listen on $(PUBLICIPV6ADDRESS) port 8008
        protocol ssb

        forward to <ssbhosts> port 8008 timeout 300 check tcp
        forward to <sorryhost> port 8008 timeout 300 check icmp


Not covered here:

Thoughts and suggestions on making this better are VERY welcome.