===== Setting up a local PDS Server =====
//Completed on Digital Ocean Ubuntu 22.04 droplet running nginx and letsencrypt.//

==== Install PDS ====
[[https://github.com/bluesky-social/pds|The installer]] assumes ports 80 and 443 are available and launches a Docker instance of ''Caddy'' to serve. This will conflict with NGINX but the installer still gets us started:
<code>
wget https://raw.githubusercontent.com/bluesky-social/pds/main/installer.sh
sudo bash installer.sh
</code>
You'll see from your list of Docker instances that ''Caddy'' didn't start OK. Kill all the instances related to PDS by listing them, stopping them, then removing them:
<code>
docker ps
docker stop <instance>
docker rm <instance>
</code>
To get things to work correctly we are going to need to replace ''compose.yaml'' with something that doesn't start ''Caddy''. Here's a modification of the one found [[https://cprimozic.net/notes/posts/notes-on-self-hosting-bluesky-pds-alongside-other-services/|here]]. For a standard install you'll put ''compose.yaml'' in ''/pds''
<code>
version: '3.9'
services:
  pds:
    container_name: pds
    image: ghcr.io/bluesky-social/pds:0.4
    restart: unless-stopped
    volumes:
      - type: bind
        source: /pds
        target: /pds
    ports:
      - '3000:3000'
    env_file:
      - /pds/pds.envroot@togettech-main:/pds
</code>
  * Now restart PDS with ''docker compose up -d''. (It appears a better way might be ''systemctl restart pds.service'')
  * Make sure all the docker instances are running OK. Use ''sudo docker logs -f pds'' to see the logs
  * Finally, check if the instance is accessible locally:
<code>wget http://localhost:3000/xrpc/_health
</code>
 should return something close to:''{"version":"0.4.74"}''
=== Get email working for pdsadmin ===
  * I didn't have an email server already set up on the server that was available to pdsadmin so I set up an SMTP server on AWS using their SES.
  * Then I added these lines to ''/pds/pds.env''
<code>
PDS_EMAIL_SMTP_URL=smtps://<SES USER>:<SES PW>@email-smtp.us-east-2.amazonaws.com:465/ # change AWS email server as needed
PDS_EMAIL_FROM_ADDRESS=<YOUR EMAIL ADDRESS>
</code>
  * Restart with ''docker compose up -d''
  * Check the logs: ''sudo docker logs -f pds''

==== Get NGINX reverse proxy working ====
In ''/etc/nginx/sites-available'' create a file (could be named pds):
<code>
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
    server_name <YOUR DOMAIN NAME HERE. COULD HAVE SUBDOMAIN. EXAMPLE: pds.johnharrison.cc>;

    location /xrpc {
        proxy_pass http://localhost:3000;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host            $host;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

    location /.well-known/atproto-did {
        proxy_pass http://localhost:3000/.well-known/atproto-did;
        proxy_set_header Host            $host;
    }
</code>
  * Make sure NGINX config is happy: ''nginx -t''
  * Whereever you keep your DNS settings for your domain, add one for the domain/subdomain you just set up.
  * Once the (sub)domain resolves correctly it's time for letsencrypt: ''certbot --nginx'' will expand your existing certificate to include all (sub)domains nginx serves
  * Check for external access:
<code>wget https://<YOUR DOMAIN>/xrpc/_health
</code>
 should return something close to:''{"version":"0.4.74"}''
  * Check if websockets are working:
<code>
wsdump "wss://example.com/xrpc/com.atproto.sync.subscribeRepos?cursor=0"
</code>
If you don't see an error such as ''unauthorized'' it's probably working. There won't be much output yet. If it's not working, it's a problem in your Nginx config

==== Migrating existing account from Bluesky's PDS to the local PDS ====
//This requires a Go app called ''Goat'' which is provided by Bluesky. This can be installed on any machine i.e. it doesn't have to be installed on the local PDS//
  * install a current version Go if you don't already have it. ''Snap'' is an option but Snaps often give me trouble so I went downloading and installing:
<code>
wget https://go.dev/dl/go-INSERT_CURRENT_VERSION_HERE.linux-amd64.tar.gz
sudo tar -C /usr/local -xvf goINSERT_CURRENT_VERSION_HERE.linux-amd64.tar.gz
echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.profile
source ~/.profile
go version # verify it's working
</code>
  * next this is suppose to work but gave me an error: ''go install github.com/bluesky-social/indigo/cmd/goat@latest''
  * So instead I downloaded from Git and installed that way:
<code>
git clone https://github.com/bluesky-social/indigo
go build ./cmd/goat
sudo cp goat /usr/local/bin
goat --version # confirm it's working
</code>
  * log into your old account with goat and request token to your email:
<code>
goat account login -u $OLDHANDLE -p $OLDPASSWORD''
goat account plc request-token
</code>
  * on the local PDS server get an invite code: ''pdsadmin create-invite-code''
  * Now comes the magical ''migrate'' command. Here's the format and an example unabashedly ripped from [[https://hyprlab.co/migrate-your-bluesky-account/|here]]:
<code>
# format
goat account migrate \
    --pds-host $NEWPDSHOST \
    --new-handle $NEWHANDLE \
    --new-password $NEWPASSWORD \
    --new-email $NEWEMAIL \
    --plc-token $NEWPLCTOKEN \
    --invite-code $INVITECODE

# example
goat account migrate \
    --pds-host https://blueskydemo.hyprlab.co \
    --new-handle jasondemo.blueskydemo.hyprlab.co \
    --new-password tPVQ9oRLwfAqq7gz \
    --new-email servers@hyprlab.co \
    --plc-token QUCDK-SHTBV \
    --invite-code blueskydemo-hyprlab-co-lz3di-wlsvy
</code>
  * It took a few tries to get everything in this command right. If it fails you need to delete the incomplete migration before trying again:
<code>
pdsadmin account list
pdsadmin account delete $YOURDID
</code>
==== Get bsky.app to recognize your local PDS ====
  * log out of Bluesky
  * log back in:
    * ''Sign in'' --> ''Other account''
    * under ''Hosting provider'' select ''Custom''
    *  Enter domain name for your PDS
At this point my profile showed "invalid handle." To fix:
  * In ''Settings'' go through the email verification process.
  * After verification is complete, you will have a new option: ''change handle'' in ''settings''
  * When choosing ''change handle'' you have the option ''I have my own domain.'' It's probably optional if you are already happy with the domain of your PDS but I didn't want the pds subdomain for my domain in my handle so I went through this process
  * Choose your new handle

==== References ====
  * [[https://www.hostinger.com/tutorials/how-to-host-a-bluesky-pds]]
  * [[https://cprimozic.net/notes/posts/notes-on-self-hosting-bluesky-pds-alongside-other-services/|Self-hosing Bluesky using NGINX as a proxy]]
  * [[https://hyprlab.co/migrate-your-bluesky-account/|Migrate Bluesky to another PDS]]
  * [[https://medium.com/@MszPro/self-host-federated-bluesky-instance-pds-with-cloudflare-tunnel-6c56cbca8852|(where I learned how to get the logs for pds)]]
  * [[https://bmannconsulting.com/notes/migrating-pds-account-with-goat/|Migrating a PDS account with GOAT]]
  * [[https://rafaeleyng.github.io/self-hosting-a-bluesky-pds-and-using-your-domain-as-your-handle]]