GotoSocial Setup on Synology with Custom Domain

Overview

GotoSocial is a lightweight ActivityPub server that provides Fediverse functionality (like Mastodon) with minimal resource requirements. This guide covers setting it up on a Synology NAS with a custom domain.

Prerequisites

Synology NAS with Docker/Container Manager
Portainer installed (optional but helpful)
Custom domain with DNS control (e.g., via Cloudflare)
Existing reverse proxy setup on Synology

Step 1: DNS Configuration

In your DNS provider (e.g., Cloudflare):
- Add CNAME record: social → social.yoursynology.synology.me
- IMPORTANT: Set to DNS-only (gray cloud), NOT proxied
- ActivityPub requires direct server connections

Step 2: Docker Setup

Create docker-compose.yml in Portainer:

version: '3'

services:
  gotosocial:
    image: superseriousbusiness/gotosocial:latest
    container_name: gotosocial
    user: "1026:1026"  # Replace with your Synology user ID
    environment:
      GTS_HOST: social.yourdomain.org
      GTS_DB_TYPE: sqlite
      GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
      GTS_LETSENCRYPT_ENABLED: "false"  # We'll use Synology's certs
    volumes:
      - /volume1/docker/gotosocial:/gotosocial/storage
    ports:
      - "8321:8080"  # Choose any free port
    restart: unless-stopped

Step 3: Directory Permissions

# Create directory
mkdir -p /volume1/docker/gotosocial

# Set permissions (use your Synology user ID)
sudo chown -R 1026:1026 /volume1/docker/gotosocial

Step 4: SSL Certificate Setup

Temporarily open port 80 on your router (for Let's Encrypt validation)
In DSM: Control Panel → Security → Certificate → Add
Choose "Get a certificate from Let's Encrypt"
Enter domain: social.yourdomain.org
Complete the setup
Close port 80 after certificate is obtained

Step 5: Configure Reverse Proxy

Control Panel → Application Portal → Reverse Proxy
Create new rule:
- Source:
  - Protocol: HTTPS
  - Hostname: social.yourdomain.org
  - Port: 443
- Destination:
  - Protocol: HTTP
  - Hostname: localhost
  - Port: 8321 (or your chosen port)

Step 6: Assign Certificate to Reverse Proxy

Control Panel → Security → Certificate → Settings
Find social.yourdomain.org in the services list
Select the Let's Encrypt certificate you created
Click OK

Step 7: Create Admin Account

# Create account
sudo docker exec -it gotosocial ./gotosocial admin account create \
  --username yourusername \
  --email [email protected] \
  --password 'yourpassword'

# Promote to admin
sudo docker exec -it gotosocial ./gotosocial admin account promote --username yourusername

# Confirm account
sudo docker exec -it gotosocial ./gotosocial admin account confirm --username yourusername

Step 8: Connect with Mastodon Apps

Use any Mastodon-compatible app (Ivory, Tusky, Ice Cubes, etc.):

Add new account
Server: https://social.yourdomain.org
Login with username and password (NOT email)

Verification Commands

# Test API endpoint
curl https://social.yourdomain.org/api/v1/instance

# Check container logs
docker logs gotosocial --tail 50

# Verify environment variables
docker exec gotosocial env | grep GTS_HOST

Troubleshooting

SSL Certificate Issues

Ensure port 80 is open during Let's Encrypt setup
Verify certificate is assigned to the reverse proxy service
Check with: curl -k https://social.yourdomain.org/api/v1/instance

DNS Issues

Ensure DNS is set to "DNS only" (not proxied through Cloudflare)
Clear local DNS cache: sudo dscacheutil -flushcache
Test resolution: dig social.yourdomain.org

OAuth/Login Errors

Don't use the web UI directly for login
Always use a Mastodon app for authentication
Username for login is just the username, not full email

Complete Reset

If needed, to start fresh:

sudo docker stop gotosocial
sudo rm -rf /volume1/docker/gotosocial/*
sudo docker start gotosocial
# Then recreate admin account

pdxmph/setup.md