Federation activated but not working

I have setup a selfhosted WriteFreely instance (v012.0) but I’m having some problem with Federation.

Some settings:

$ grep -E '(federation|single_user|private)' config.ini                                                                  
single_user        = true
federation         = true
private            = false

API works:

$ # curl -s https://theo-andreou.org/api/nodeinfo | python -m json.tool
    "metadata": {
        "invites": false,
        "maxBlogs": 1,
        "nodeDescription": "A Weblog about Cyprus, Free Software and the space between (by Theodotos Andreou)",
        "nodeName": "Mouflons and Penguins",
        "publicReader": false,
        "software": {
            "follow": "https://writing.exchange/@write_as",
            "github": "https://github.com/writeas/writefreely",
            "homepage": "https://writefreely.org"
    "openRegistrations": false,
    "protocols": [
    "services": {
        "inbound": [],
        "outbound": [
    "software": {
        "name": "writefreely",
        "version": "0.12.0"
    "usage": {
        "localPosts": 3,
        "users": {
            "activeHalfyear": 1,
            "total": 1
    "version": "2.0"

But I get this in the logs when trying to follow the site from Mastodon: - - [08/Aug/2020:16:03:49 +0300] "GET /.well-known/webfinger?resource=acct:theo@theo-andreou.org HTTP/1.1" 404 0 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +http
s://social.librem.one/)" - - [08/Aug/2020:16:03:50 +0300] "GET /.well-known/host-meta HTTP/1.1" 200 222 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +https://social.librem.one/)" - - [08/Aug/2020:16:03:50 +0300] "GET /.well-known/webfinger?resource=acct:theo@theo-andreou.org HTTP/1.1" 404 0 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +http

Any idea?


  1. Federation Troubleshooting

Username and everything seems correct based on the data returned when running this:

curl -H 'Accept: application/activity+json' https://theo-andreou.org/ | python -m json.tool

Could you run writefreely with the --debug flag and see if anything else appears in the logs?

Otherwise, are you running the compiled application, or building from source? If from source, it’d be great to add some additional logging in the FindUser() func.

It’s getting more clear now. I got this in the Nginx logs: - - [12/Aug/2020:08:10:54 +0300] "GET /.well-known/webfinger?resource=acct:theo@theo-andreou.org HTTP/1.1" 502 173 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +https://social.librem.one/)"                                                                                                                                         - - [12/Aug/2020:08:10:55 +0300] "GET /.well-known/host-meta HTTP/1.1" 502 173 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +https://social.librem.one/)"

… but nothing on the writefreely debug output. So I guess this may have something to do with the Nginx config:

server {
    server_name theo-andreou.org www.theo-andreou.org;

    add_header Referrer-Policy origin always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header 'Referrer-Policy' 'same-origin';

    gzip on;
    gzip_min_length 256;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_vary on;

    location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_redirect off;

    location ~ ^/(css|img|js|fonts)/ {
        root /srv/writefreely/freely.theo-andreou.org/static;
        # Optionally cache these files in the browser:
        # expires 12M;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_redirect off;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/theo-andreou.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/theo-andreou.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = www.theo-andreou.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = theo-andreou.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name theo-andreou.org www.theo-andreou.org;
    listen 80;
    return 404; # managed by Certbot

It turns out I was using the wrong port on the (webfinger|nodeinfo|host-meta) location block.

Thanks @matt. And sorry for the noise.

No problem at all, @theodotos. Glad you got it fixed, and thanks for sharing the solution with us!