Personal Data Server

A personal data server for the AT Protocol is a self-hosted server that securely stores and manages user data, enabling decentralized identity, content, and interactions within a federated social networking system.

Personal Data Server
Image of the profile for wildarcher.net

Blue Sky uses AT Protocol. If you use AT protocol, you can federate a server with the protocol so your data lives on your server. What you say and do is ingested by relay servers and made available in an app, like Blue Sky.

I set up a Personal Data Server purely for ownership of my handle and data. There is no GUI, it’s all command line, and you need a mail relay like SendGrid.

When you’re building a Virtual Private Server (VPS), you need to select Ubuntu 22.04 for the base operating system. All steps to secure your new VPS instance are below.

DNS

The part that is different with this is you set the domain and sub domains are users by default. For myself I set up wildarcher.net as the base domain and I am Jake of wildarcher.net so it comes out as jake.wildarcher.net.

If you don’t want to use your base domain because it belongs to something else, just choose a sub domain. You can change your handle after it's established with an DNS entry.

For myself I set up atproto.wildarcher.net as my AT Protocol server. My initial user name was jake.atproto.wildarcher.net. Afterwards, I went on bsky.app and changed my handle to wildarcher.net by doing another DNS entry.

When you create your DNS records, they will initially look like this.

Sub Domain            | Record Type | Value
atproto.example.com   | A and AAAA  | IPv4(6) address of PDS
*.atproto.example.com | A and AAAA  | IPv4(6) address of PDS

UFW

In addition to allowing you SSH access to administer your server, you will have to open ports 80/TCP and 443/TCP to anywhere so various relays can consume the content you create and LetsEncrypt can generate a new TLS certificate automatically.

ufw allow from any to any port 80 proto tcp
ufw allow from any to any port 443 proto tcp

PDS

Now that DNS and UFW are done, you can install the PDS software.

wget https://raw.githubusercontent.com/bluesky-social/pds/main/installer.sh

sudo bash installer.sh

When you’re installing it will ask you if you want to create a PDS user account. Please say ”Y” and set it up correctly. Your initial handle will be a sub domain of the sub domain you used earlier. Remember that you can change this.

Copy the temporary username and password it gave you. You'll need this to sign-in later.

Mail

Now that you have the software installed at /pds/ on the server, you need to edit /pds/pds.env in order to use a mail relay. I use SendGrid.com. For small volumes, it's a free service and easy to use. You will need to generate an API key which you can do on the menu under API Keys.

sudo nano /pds/pds.env

Add this to the end. Replace [YOUR EMAIL ADDRESS] with your email address. Replace [API KEY] with your API key that was generated.

PDS_EMAIL_FROM_ADDRESS="[YOUR EMAIL ADDRESS]"
PDS_EMAIL_SMTP_URL="smtp://apikey:[API KEY]@smtp.sendgrid.net:587"

BlueSky

Now go to bsky.app and login with your personal data server.

Login

At the login screen click on the edit button for the "Hosting provider."

Image of the sign-in screen for BlueSky
Image of the sign-in screen for BlueSky

On the modal window, click on "Custom," then enter your server address and click done.

Image of the sign-in screen for BlueSky using the custom PDS server.
Image of the sign-in screen for BlueSky using the custom PDS server.

Now you can login with the information that was provided to you during the install of the PDS server.

Password

After logging in, please change your password to something you know. Click on "Settings" then "Account" and "Password." BlueSky will ask your personal data server to initiate a password reset. You will get an eight character code emailed to you via SendGrid or whatever mail prover you used. After you receive it, you can reset your password.

Handle

You might not want your handle to be name.atproto.example.com. If you want something shorter and more unique, you can do this using BlueSky and making modifications to your DNS.

When you are in BlueSky, click on "Settings", "Account", "Handle."

Then click on "I have my own domain."

Image of the Change Handle modal window.
Image of the Change Handle modal window.

On this screen you will be given the DNS entry you need to make in order to claim a domain as your own handle. You will make a TXT record using the information it gives you. Wait about a minute after you've added the DNS record and click "Verify DNS Record."

You should now be all set to use BlueSky where you hold the content and you hold the authentication.