Does Anubiz offer managed Mastodon?

No. We host the VPS, you run the instance. Our Premium tier can review your config but operation is self-serve.

Which plan size for 200 users?

Romania or Iceland VPS IV with 8 GB RAM and SSD. Sidekiq plus Postgres plus Redis eats RAM fast over 200 active users.

Can I use Cloudflare in front?

Yes for DDoS, but be aware Cloudflare sees IPs of your users. If anonymity matters use the bare VPS IP and put nginx in front.

What about ActivityPub abuse from other servers?

Mastodon has good federation moderation. Block abusive domains from /admin/instances and tighten registration to approval-required.

Mastodon on Anubiz Offshore VPS - Hardening Walkthrough

A self-hosted Mastodon server stores private messages, account email addresses, IP logs and uploaded media that may be sensitive depending on your federation. Running it on an Anubiz offshore VPS is half the privacy story; the rest is hardening the application stack so a Rails RCE or a misconfigured S3 bucket does not undo the jurisdiction choice. This guide assumes a Romania or Iceland VPS with 4 GB RAM minimum, fresh Ubuntu 24.04, and walks through the security-relevant changes only.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Threat Model First

Mastodon admins see plaintext DMs, account emails and the IP every user connected from. Treat the database as a high-value target. The realistic adversaries are: federated trolls trying to RCE the Rails app, a stolen admin session, and accidental log leakage. Jurisdiction handles the legal layer; this guide handles the app layer.

Step 1: Postgres on TLS Only

Even on a single host run Postgres with TLS so backups and replicas do not expose plaintext. Generate a self-signed cert, set ssl=on in postgresql.conf, force hostssl in pg_hba.conf. Mastodon connects with DB_SSLMODE=require in the env file.

Step 2: Redis ACL and No Persistence on Disk

Mastodon stores session tokens and feed caches in Redis. Set a strong password, enable ACL users for the Mastodon app and Sidekiq, disable RDB and AOF persistence so sessions do not survive disk forensics. Bind to 127.0.0.1.

Step 3: Object Storage Off-Box

Push media to Wasabi or a privacy-respecting S3 endpoint. Encrypt at rest, set bucket policy to private only, do not enable public ACLs. Mastodon reads S3_ENABLED=true in the env file. This also keeps your disk free.

Step 4: nginx Hardening and fail2ban

Use the official nginx config, add add_header Strict-Transport-Security, drop server_tokens. fail2ban with a custom filter for Mastodon login brute force on /auth/sign_in. Rate limit registration with limit_req_zone if you keep open signup.

Step 5: Backups and Email Egress

Encrypted nightly backups with restic to a second region. SMTP should go through a relay that does not log message content (set SMTP_FROM to a domain you own). Set RAILS_LOG_LEVEL=warn to drop request body from logs.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Anubiz Offshore VPS