This doesn’t answer your exact question and I haven’t done this with webfingers, but I’ve done this with a reverse proxy like nginx (or traefik) and no special DNS tricks. Your example.com will point to 1.2.3.4 IP and then the subdomain routing is handled by the reverse proxy. I’ve had upwards of 8 different domains and subdomains all running on a single box taking advantage of docker containers.
PixelFed: A free and ethical photo sharing platform.
Photo sharing. For everyone.
Federated image sharing platform, will it go over Instagram?
Yes, the subdomains are routed via a reverse proxy. My primary issue is that pixelfed and mastodon ask for the same resource. My identity, email@domain.tld is requested by ActivityPub services and if they all ask for the same resource, they get my Mastodon account. I'm wondering if people have a fix for this that allows Pixelfed services to get my pixelfed account, mastodon my mastodon account, Funkwhale, etc. Problem is, I dont think there is short of having some logic that looks at the incoming user agent and then routes it to the proper resource.
Edit: something like this might work: https://serverfault.com/questions/775463/nginx-redirect-based-on-user-agent#825725
Edit 2: when I say resource, I really mean "link relation".
Hmm. Ok, but mastodon and pixelfed are unrelated services at the authentication level. When you hit the home page of each it’ll ask you to authenticate. Even if you use the precise same info (e.g. name, email, password even), each one will be authenticating separately. Or am I missing something still?
Aaaannnnnddddd here's the issue. I guess others have noticed this too.
Glad you found similar issues. At least you know “it isn’t me”.
Here's a link to a better description of what someone is trying to do with webfinger. It's critical to federation, and services piggybacking on mastodons configuration sort of break that - eg a pixelfed instance querying for user@domain.tld (trying to follow the pixelfed user for that user) would end up returning the mastodon profile. And while that works, and the third party pixelfed instance will follow the mastodon user, the pixelfed user won't get that follow. Federation will end up being broken on pixelfed, IIRC.
Yes, that's correct. Both mastodon and pixelfed support OAurh, though, so if you ran an oauth provider, you should theoretically be able to authenticate with a single set of credentials.
I’m seeing posts about OIDC support in mastodon but not yet for pixelfed.
Sorry I thought this was a different thread. I'm speaking about account discovery, not authentication.
For auth, this is all I see for pixelfed: https://docs.pixelfed.org/technical-documentation/api/#authorization.