Wildebeest
Wildebeest is an ActivityPub and Mastodon-compatible server whose goal is to allow anyone to operate their Fediverse server and identity on their domain without needing to keep infrastructure, with minimal setup and maintenance, and running in minutes.
Wildebeest runs on top Cloudflare's Supercloud, uses Workers and Pages, the D1 database to store metadata and configurations, Zero Trust Access to handle authentication and Images for media handling.
Currently, Wildebeest supports the following features:
- Authentication and automatic profile creation.
- Message signing & notification.
- Inbox and Outbox notes (text, mentions and images), follow, announce (reblog), accept (friend), like.
- Server to server federation.
- Web client for content exploration (read-only).
- Compatibility with other Mastodon clients (Mobile iOS/Android and Web).
Cloudflare will continue to evolve this open-source project with additional features over time and listen to the community feedback to steer our priorities. Pull requests and issues are welcome too.
Requirements
Wildebeest is a full-stack app running on top of Cloudflare Pages using Pages Functions. We are of course assuming that you have a Cloudflare account (click here if you don't) and have at least one zone using Cloudflare. If you don't have a zone, you can use Cloudflare Registrar to register new a new domain or transfer an existing one.
Some features, like data persistence, access controls, media storage, are handled by other Cloudflare products:
- D1 for the database.
- Workers KV for object caching.
- Zero Trust Access to handle user authentication and SSO on any identity provider.
- Images for media handling.
Most of our products offer a generous free plan that allows our users to try them for personal or hobby projects that aren’t business-critical. However the Images one doesn't have a free tier, so for setting up your instance you need to activate one of the paid Images plans.
Images plan
To activate Images, please login into your account, select Images on the left menu, and then select the plan that best fits your needs.
API token
Before we begin, you also need to create an API token in your Cloudflare account. To do that, login into your account, and press the Create Token button under My Profile (top right corner) / API Tokens.
Now press Create Custom Token and add the following permissions:
- D1, account level, edit permission.
- Cloudflare Pages, account level, edit permission.
- Access: Apps and policies, account level, edit permission.
- Access: Organizations, Identity Providers and Groups, account level, read permission.
- Workers KV Storage, account level, edit permission.
- DNS, zone level, edit permission.
- Cloudflare Images, account level, edit permission.
You can limit the token to the specific zone where you will using Wildebeest if you want. Don't set a TTL.
Now Continue to Summary, review your settings, and Create Token. Take note of your token and store it in your password manager, you're going to need it later.
Zone and Account IDs
You also need to take note of your Zone and Account IDs. To find them, login into your account and select the zone (domain) where you plan to use Wildebeest. Then, on the Overview page you will the following information:
We're all set now, let's start the installation process.
Getting started
Wildebeest uses Deploy to Workers to automate the installation process.
Click here to start the installation.
Please pay attention to all the steps involved in the installation process.
- Authorize Workers to use your GitHub account.
- Enter your Account ID (from the previous section) and the API token that you created previously.
- Configure your instance/project with the Zone ID, Domain, Title, Admin Email and Description.
- Fork the repository into your personal GitHub account.
- Enable GitHub Actions.
- Deploy.
Authorizations and API Token
The first two steps are authorizing Workers to use your GitHub account and entering your Account ID and the API token you created in the requirements section.
Instance configuration
Configure your instance/project with the Zone ID (see the requirements above), Domain (the full FQDN domain of your zone, where you want to deploy your Wildebeest server), Title, Admin Email and Description.
Now click Fork the repository.
Then enable GitHub Actions and confirm by clicking Workflows enabled.
And finally click Deploy.
The installation script will now build and deploy your project to Cloudflare Pages and will run a Terraform script to configure the D1, KV, DNS, Images and Access settings automatically for you.
Finish installation
If you followed all the steps, you should see a successful GitHub Actions build.
You can also confirm in the Cloudflare dashboard that the Pages project, DNS entry, KV namespace, D1 database and Access rule were all created and configured.
Almost there, only one last step missing:
Configure the access rule
The installation process automatically created a Zero Trust Access application called wildebeest-your-github-user
for you. Now you need to create a policy that defines who can have access to your Wildebeest instance.
Go to https://one.dash.cloudflare.com/access and select your account, then select Access / Applications and Edit the wildebeest-your-github-user
application.
Now click Add a policy. Name the policy wildebeest-policy
, set the action to Allow, and add an include rule with the list of Emails that you want to allow and then click Save policy
You're ready
Open your browser and go to your newly deployed Wildebeest domain https://social.example/
(replace social.example with your domain). You should see something like this:
Go to https://social.example/api/v1/instance
(replace social.example with your domain) and double-check your configuration. It should show:
{
"description": "Private Mastodon Server",
"email": "admin@social.example",
"title": "My Wildebeest Server",
"registrations": false,
"version": "4.0.2",
"rules": [],
"uri": "social.example",
"short_description": "Private Mastodon Server"
}
That's it, you're ready to start using your Wildebeest Mastodon compatible instance.
Supported clients
Wildebeest is Mastodon API compatible, which means that you should be able to use most of the Web, Desktop, and Mobile clients with it. However, this project is a work in progress, and nuances might affect some of their functionality.
This is the list clients that we have been using successfully while developing and testing Wildebeest:
- Pinafore web client (source).
- Mastodon official mobile client for iOS (source) and Android (source).
Wildebeest also provides a read-only web client in your instance URL, where you can explore the timelines (local and federated), posts and profiles. Please use the existing Mastodon clients to post and manage your account.
Wildebeest has no user registration
Wildebeest uses Zero Trust Access to handle user authentication. It assumes that your users will register with another identity provider (Zero Trust supports many providers or your custom one that implements Generic SAML 2.0).
When you start using Wildebeest with a client, you don't need to register. Instead, you go straight to log in, which will redirect you to the Access page and handle the authentication step according to the policy that you defined earlier.
When authenticated, Access will redirect you back to Wildebeest. The first time this happens, we will detect that we don't have information about the user and ask for your Username and Display Name. This will be asked only once and is what will show in your public Mastodon profile.
Updating Wildebeest
Updating your Wildebeest to the latest version is as easy as going to your forked repo on GitHub and clicking the Sync fork button:
Once your fork is syncronized with the official repo, the GitHub Actions CI is triggered and a new build will be deployed.
Additional Cloudflare services
Since Wildebeest is a Cloudflare app running on Pages, you can seamlessly enable additional Cloudflare services to protect or improve your server.
Email Routing
If you want to receive Email at your @social.example domain, you can enable Email Routing for free and take advantage of sophisticated Email forwarding and protection features. Simply log in to your account, select the Wildebeest zone and then click on Email to enable.
Troubleshooting
Sometimes things go south. The GitHub Actions deployment can fail for some reason, or some configuration changed or was accidentally removed.
Starting over
If you attempted to deploy Wildebeest in your account and something failed, or you simply want to reinstall everything from scratch again, you need to do manual checkups and cleaning before you start over.
- Go to your zone DNS settings and delete the CNAME record that points to
wildebeest-username.pages.dev
- Go to your account Pages section and delete the
wildebeest-username
project (make sure you remove the custom domain first if it's been configured). - Go to your account Workers / KV section and delete the
wildebeest-username-cache
andwildebeest-terraform-username-state
namespaces. - Go to your account Workers / D1 and delete the
wildebeest-username
database. - Launch Zero Trust, select your account, go to Access / Applications and delete the
wildebeest-username
application. - Delete your GitHub wildebeest forked repo.
You can now start a clean install.
Error 1102
Wildebeest runs cryptographical functions and can process lots of data internally, depending on the size of the instance and social graph. It's possible that, in some cases, a request exceeds the Worker's resource limits in the free plan.
We will keep optimizing our code to run as fast as possible, but if you start seeing 1102 errors when using your Wildebeest pages and APIs, you might need to upgrade to Workers Unbound, which provides much higher limits.
To do that, go to your Account Page / Pages, select the wildebeest-username
project, go to Settings / Functions and change the usage model to Unbound.
After you change your Pages project to Unbound, you need to redeploy it. Go to GitHub Actions in your repo, select the latest successful deploy, and press Re-run all jobs.