Can I rent an 8 core 16gb vps and then put friendica, mbin, mastodon, and lemmy on it? Can I somehow use the same site to login to all of them or would it be like m.site, l.site, etc.
I use a hypervisor? enhance.com rnow to control my wordpress sites, can I still monitor/backup the servers with enhance while manually setting up fediverse instances? I could setup roles like nginx, mariadb, through it and when I do that it lets me easily setup, backup, and migrate websites to different servers I lose this functionality if I dont set up those roles through the panel. So I was wondering if I can set up those roles and then just setup the websites manually through ssh following the guides. Do they all use nginx other than friendica?
Interested in friendica, mbin, lemmy, mastodon, and peertube (going to rent another server and more storage eventually if I do that
You need different Subdomains as you suggested in your first paragraph. And add a reverse proxy like nginx or caddy to the machine which then proxies the different subdomains to the respective services (e.g. lemmy.your.site to localhost:2222, mbin.your.site to localhost:3333).
Theoretically, you could put a landing page behind some SSO/iam like authentik, and then link to the subdomains from the landing page, but eventually users will need be on the subdomain to use a specific site.
Caveat: this is not my area of expertise. However, I agree SSO is going to be the hardest part of this.
OP, you can use lldap to centralize authentication, so that each user had only one account and one password for all sites. Itβs trickier to get each of these platforms to work together with SSO. For that, youβll need something like Authentik (OSS SSO solution, like Okta) which you then back by lldap - Authentik handles the SSO and authorization part, and uses lldap for the authentication part. I suggest doing it in stages: install your servers, get them using lldap to log in, and then when itβs all working insert Authentik into the mix. Doing something like this and learning all the technology at once is boiling the ocean.
Iβm recommending lldap over OpenLDAP because Iβve used both extensively, and OpenLDAP is a nightmare whereas lldap isnβt. lldap is trivial to install, and comes with a nice, simple user/group admin web interface, a sane default schema configuration, and is stupid easy to back up. Just getting OpenLDAP configured with the right schemas can take forever. If youβd said you already had a lot of experience with LDAP in general, then sure: OpenLDAP is capable and powerful. But itβs harder.
My one caveat about lldap is that Iβm not sure that itβs possible to set up master/slave replication - or any sort of replication - which is probably not going to be an issue for your all-in-one set-up, but would limit scaling and failover if you ever get there.
I do rant a little about OpenLDAP because LDAP was in supposed to be lightweight OLAP, and yet is some of the most frustrating software Iβve ever had to deal with.
Again, Iβm not a devops, or any sort of ops, guy, so my perspective is colored by the an attitude that ops is a necessary evil, and not something I love, so easier==better.
Alternatively, you can add an LDAP outpost/provider to Authentik. Now you donβt need to manage any LDAP server at all, and use the Authentik directory to manage users and groups. wiki link
I havenβt used Authentik myself at all; Okta at one place I worked, but that was managed by the ops team so I didnβt have much to do with it.
Committing to LDAP is one thing; getting SSO is a whole other level of effort. Again, I have experience with LDAP so it seems manageable, and common enough to be worth setting up - does a large enough portion of OSS hosted software support SAML or OpenID or whatever to make setting up Authentik worth the effort?
Iβll re-iterate, I do not enjoy ops. I do it only because itβs slightly more important to me to have control over my data than it is to not have to admin stuff. I like lldap specifically because itβs a single executable, one or two really basic config files (requiring a bare minimum of understanding LDAP to configure), and one SQLite DB file - backing it up is, like, 3 files. This has huge value to someone like me, far exceeding the capability limitations of lldap vs OpenLDAP. If Authentik is just as easy, with minimum external dependencies, then Iβm interested. If I have to install, configure, and administer and maintain PostgreSQL, redis, and a half dozen other external dependenciesβ¦ then my family can live without SSO :-)
