Using CloudFront to host your Mastodon handle on your own domain

Regrets, dear reader, we have to talk about webfingers.

November 19, 2022

The plan was to host my own private instance, maybe invite some Twitter mutuals who want out. Ran into enough issues with setting up the server that I just bailed and signed up elsewhere.

I still want to be able to tell someone to look me up using my own domain, not the instance's domain—another way to own my URL somewhat. Maarten Balliauw's blog post explains how to do just that:

In other words, if you want to be discovered on Mastodon using your own domain, you can do so by copying the contents of https://<your mastodon server>/.well-known/webfinger?resource=acct:<your account>@<your mastodon server> to https://<your domain>/.well-known/webfinger.
One caveat: this approach works much like a catch-all e-mail address. @[email protected] will match, unless you add a bit more scripting to only show a result for resources you want to be discoverable.

It's pretty easy to just copy-paste the webfinger file from your host to your website, but the note about it working the same as a catch-all email address bothered me. I didn't like the idea of any handle on this domain pointing to my Mastodon profile. Too easy troll material.

I host this site in S3 behind CloudFront, so I decided to add a CloudFront function that uses the same query string as Mastodon's webfinger endpoint. This lets me return the correct account for the handle, or return a 404 if no account is found. The key here is publish the function, and use it on the path /.well-known/webfinger in your CloudFront distribution's Behaviors tab.

Real nice how this works. This fediverse business is pretty neat.