Download Install Repo Donate

Matrix room: #epicyon:matrix.libreserver.org
gemini://libreserver.org/epicyon

Epicyon is a fediverse server suitable for self-hosting a small number of accounts on low power systems.

Key features:

Epicyon is for people who are tired of big anything and just want to DIY their online social experience without much fuss or expense. Think water cooler discussions rather than shouting into the void, in which you're mainly just reading and responding to the posts of people that you're following.

Ever feel like corporate social media is deliberately pressing your buttons or grinding your gears, leaving you stressed and angry? On the open web there is no pressure to perform the way a timeline algorithm wants you to. Experience the astonishingly novel concept of just hanging out with friends, without any artificial agendas.

Epicyon is written in Python with a HTML+CSS web interface and uses no javascript which makes display in a web browser very lightweight. It can run as a Progressive Web App on mobile.

Purple theme timeline screenshot Starlight theme profile page
various screenshots mobile screenshot
login screen emoji search

Emojis, hashtags, photos, video and audio attachments, instance and account level blocking controls, moderation functions and reports are all supported. Build the community you want and avoid the stuff you don't. No ads. No blockchains or other Silicon Valley garbage.

Corporate social media gives you an audience, with reach, celebrity, spectacle, lack of control, professional influencers, anxiety, alienation and competition. It's designed for fast growth regardless of social consequences, often where the contents of your feed or timeline is rigged rather than having anything to do with what you are interested in. Epicyon is designed for community, in which you have more control over who you're associating with. The community approach is the better way to build a habitable internet for the long term.

Define the scope of your messages to reach the right people.

Schedule posts to be published at some time in the future. This can be useful for reminding yourself to do things (send your future self a direct message) or for creating a series of posts promoting some event, such as a festival or wedding.

Want to be reminded about what you said about a topic a month ago? The search screen allows you to do full text search on your own posts. Search on other posts can be done via the use of hashtags.

RSS 2.0

You don't need a separate blog system. Blog posts can be added and edited, and are federated as ActivityPub articles. They also have RSS version 2.0 feeds. People can comment on blog posts, but unlike other systems the moderation settings apply just the same as they do for any other fediverse post arriving at your server. This makes blog spam much easier to keep control over. You can subscribe to other people's blogs and they will appear in the right hand newswire column.

Epicyon supports many languages. Translations and emoji can easily be added. Alter the logo, backgrounds, terms of service and style to create a unique personality for your instance. Choose from a few different themes, or make a new one.

light theme timeline screenshot

When creating a new post you can optionally also add a date, time and place. This will show up on the calendars of your followers, and makes organizing meetups or other community events simple. You can use message scopes to set up public events or private ones. To create reminders you can send yourself a DM with an event and it will appear on only your calendar.

calendar screenshot

Epicyon's absence of javascript makes it much more usable in shell based web browsers such as Lynx. As new web systems are deployed we should not be leaving anyone with minority use cases behind.

lynx screenshot C2S desktop client screenshot

Some posts contain images and some don't. The media timeline enables you to view all your pet photos in one place.

media timeline screenshot media timeline screenshot

If you want your instance to be primarily about posting and interacting with media then you can also enable the media instance option.

Barter and gift physical items or services with other people on your instance. Search for shared items which you might want or post items you no longer have a use for. Promote ride shares or available accomodation without any unnecessary companies in the middle. Pool resources between trusted friends to build solidarity and have fun.

Define a set of skills in your profile and search for other people who have the skills you need. Organize teams who can get things done!

Want to remember a particular link or reply to something later? Bookmark your favorite posts and view them on the Saves timeline.

Stay informed about the topics which people that you follow are highlighting. On the search screen there is a hashtag swarm.

Want to read the news from an RSS feed, or run your own Independent Media Center producing news and federating it through the network? Both of those are possible. The newswire gives you the capability of collectively moderating news as it arrives, and publishing your own articles. The administrator can assign moderator and editor roles to other users on an instance. Organize your community to overcome the limitations of corporate media.

You will need python version 3.7 or later.

On a Debian based system:

sudo apt install -y tor python3-socks imagemagick python3-setuptools python3-cryptography python3-dateutil python3-idna python3-requests python3-flake8 python3-django-timezone-field python3-pyqrcode python3-png python3-bandit libimage-exiftool-perl certbot nginx wget

The following instructions install Epicyon to the /opt directory. It's not essential that it be installed there, and it could be in any other preferred directory.

Clone the repo, or if you downloaded the tarball then extract it into the /opt directory.

cd /opt

git clone https://gitlab.com/bashrc2/epicyon

Create a user for the server to run as:

sudo su

adduser --system --home=/opt/epicyon --group epicyon

chown -R epicyon:epicyon /opt/epicyon

Link news mirrors:

mkdir /var/www/YOUR_DOMAIN

mkdir -p /opt/epicyon/accounts/newsmirror

ln -s /opt/epicyon/accounts/newsmirror /var/www/YOUR_DOMAIN/newsmirror

Create a daemon:

nano /etc/systemd/system/epicyon.service

Paste the following:

[Unit]
Description=epicyon
After=syslog.target
After=network.target

[Service]
Type=simple
User=epicyon
Group=epicyon
WorkingDirectory=/opt/epicyon
ExecStart=/usr/bin/python3 /opt/epicyon/epicyon.py --port 443 --proxy 7156 --domain YOUR_DOMAIN --registration open --log_login_failures
Environment=USER=epicyon
Environment=PYTHONUNBUFFERED=true
Restart=always
StandardError=syslog
CPUQuota=80%
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectHostname=true
ProtectClock=true
ProtectProc=invisible
ProcSubset=pid
PrivateTmp=true
PrivateUsers=true
PrivateDevices=true
PrivateIPC=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
LockPersonality=true
RestrictRealtime=true
RestrictSUIDSGID=true
RestrictNamespaces=true
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target

Activate the daemon:

systemctl enable epicyon
systemctl start epicyon

Create a web server configuration:

nano /etc/nginx/sites-available/YOUR_DOMAIN

And paste the following:

server {
listen 80;
listen [::]:80;
server_name YOUR_DOMAIN;
access_log /dev/null;
error_log /dev/null;
client_max_body_size 31m;
client_body_buffer_size 128k;

limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;

index index.html;
rewrite ^ https://$server_name$request_uri? permanent;
}

server {
listen 443 ssl http2;
server_name YOUR_DOMAIN;

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css text/vcard text/vcard+xml application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;

ssl_stapling off;
ssl_stapling_verify off;
ssl on;
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
#ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

add_header Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;

access_log /dev/null;
error_log /dev/null;

index index.html;

location /newsmirror {
root /var/www/YOUR_DOMAIN;
try_files $uri =404;
}

keepalive_timeout 70;
sendfile on;

location / {
proxy_http_version 1.1;
client_max_body_size 31M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 10080s;
proxy_send_timeout 10080;
proxy_read_timeout 10080;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_request_buffering off;
proxy_buffering off;
proxy_pass http://localhost:7156;
tcp_nodelay on;
}
}

Enable the site:

ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/

Forward port 443 from your internet router to your server. If you have dynamic DNS make sure its configured. Add a TLS certificate:

systemctl stop nginx
certbot certonly -n --server https://acme-v02.api.letsencrypt.org/directory --standalone -d YOUR_DOMAIN --renew-by-default --agree-tos --email YOUR_EMAIL
systemctl start nginx

Restart your web server:

systemctl restart nginx

If you need to use fail2ban then failed login attempts can be found in accounts/loginfailures.log.

If you are using the Caddy web server then see caddy.example.conf

Now you can navigate to your domain and register an account. The first account becomes the administrator.

If you don't have access to the clearnet, or prefer not to use it, then it's possible to run an Epicyon instance easily from your laptop. There are scripts within the deploy directory which can be used to install an instance on a Debian or Arch/Parabola operating system. With some modification of package names they could be also used with other distros.

Please be aware that such installations will not federate with ordinary fediverse instances on the clearnet, unless those instances have been specially modified to do so. But onion instances will federate with other onion instances and i2p instances with other i2p instances.

To subsequently upgrade:

cd /opt/epicyon
git pull
chown -R epicyon:epicyon *
systemctl restart epicyon