Initial configuration

.env.sample

@@ -0,0 +1,23 @@
+# Host
+PDS_HOSTNAME=
+
+# Bluesky
+PDS_DID_PLC_URL="https://plc.directory"
+PDS_BSKY_APP_VIEW_URL="https://api.bsky.app"
+PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app"
+PDS_REPORT_SERVICE_URL="https://mod.bsky.app"
+PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac"
+PDS_CRAWLERS="https://bsky.network"
+
+# Secrets
+# Generate this value by using: `openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32`
+PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=
+# Generate this value by using: `openssl rand --hex 16`
+PDS_JWT_SECRET=
+
+# Admin
+PDS_ADMIN_EMAIL=
+PDS_ADMIN_PASSWORD=
+
+# General configuration
+LOG_ENABLED=true

.gitignore

@@ -0,0 +1,7 @@
+# IDEA
+.idea/
+*.iml
+
+# App
+/.env
+/pds/

README.md

@@ -0,0 +1,80 @@
+# Bluesky PDS
+
+Easy bluesky PDS configuration with docker and nginx as reverse proxy.
+
+## PDS configuration
+
+Create `pds` directory.
+
+```shell
+$ mkdir pds
+```
+
+Copy `.env.sample` to `.env` and fill in the configuration.
+
+```shell
+$ cp .env.sample .env
+$ nano .env
+```
+
+## Nginx
+
+`/etc/nginx/sites-enabled/pds.conf`
+```nginx configuration
+server
+{
+	listen      80;
+	listen [::]:80;
+	server_name {{SERVER_NAME}};
+
+	# Let's Encrypt
+	location /.well-known/acme-challenge/ { root /usr/share/nginx/html; allow all; }
+
+	# HTTPS redirection.
+	location / { return 301 https://$host$request_uri; }
+}
+
+server
+{
+	listen      443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name {{SERVER_NAME}};
+
+	ssl_certificate /etc/letsencrypt/live/{{SERVER_NAME}}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{SERVER_NAME}}/privkey.pem;
+	ssl_trusted_certificate /etc/letsencrypt/live/{{SERVER_NAME}}/chain.pem;
+
+	# Generic SSL configuration.
+	include ssl.conf;
+
+	location /
+	{
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header Host $http_host;
+		proxy_pass http://localhost:8051;
+
+		client_max_body_size 30m;
+	}
+
+	access_log none;
+	error_log /var/log/nginx/{{SERVER_NAME}}.error.log;
+}
+```
+
+`/etc/nginx/ssl.conf`
+```nginx configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ecdh_curve sect571r1:secp521r1:brainpoolP512r1:secp384r1:prime256v1;
+ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256;
+ssl_dhparam dhparam.pem;
+ssl_prefer_server_ciphers on;
+
+ssl_stapling on;
+ssl_stapling_verify on;
+
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 5m;
+ssl_session_tickets on;
+```

docker-compose.yml

@@ -0,0 +1,18 @@
+version: '3'
+
+services:
+  pds:
+    container_name: bluesky-pds
+    image: ghcr.io/bluesky-social/pds:0.4
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:8051:3000"
+    volumes:
+      - type: bind
+        source: ./pds
+        target: /pds
+    environment:
+      PDS_DATA_DIRECTORY: "/pds"
+      PDS_BLOBSTORE_DISK_LOCATION: "/pds/blocks"
+    env_file:
+      - .env