To distract myself from the fact that the last commit in the repo for my k8s Backup Operator was about one month ago, I decided to tackle a random assortment of tasks. One of them was to finally set up link verification for my Blog on Mastodon. It looks like this when it’s working:

A screenshot of my Mastodon profile page. In the link section, it has the URL of this blog, with a green background and a green check mark in front of it.

My Mastodon profile with the link to this blog properly verified, as indicated by the green check mark.

I went through some issues in Hugo, the blogging software I’m using, and PaperMod, my blog’s theme and finally came across this discussion on the theme’s GitHub page. It proposes to add the required link back to my Mastodon profile in the footer.

The advice to copy+paste the entire content of the theme’s footer.html and then putting it into Hugo’s override folder seemed a bit too complex after I saw this line in the footer.html:

{{- partial "extend_footer.html" . }}

Looking further at extend_footer.html, I found this:

{{- /* Footer custom content area start */ -}}
{{- /*     Insert any custom code web-analytics, resources, etc. here */ -}}
{{- /* Footer custom content area end */ -}}

Feeling adventurous, I added the following content at layouts/partials/extend_footer.html:

<footer class="footer">
    <span>
        <a rel="me" href="https://social.mei-home.net/@mmeier">Mastodon Verification Link</a>
    </span>
</footer>

This is the file in my blog’s top-level directory, not the similar directory in the theme. You can see the results of this addition at the very bottom of this post.

The correct HTML to be added is provided right inside Mastodon. Have a look at “Preferences” -> “Public profile” -> “Verification”:

A screenshot of Mastodon's preferences page. The 'Public profile' menu option is chosen in the main menu, and the tab 'Verification' is chosen in the top menu. The page reads like this: Website Verification Verifying your identity on Mastodon is for everyone. Based on open web standards, now and forever free. All you need is a personal website that people recognize you by. When you link to this website from your profile, we will check that the website links back to your profile and show a visual indicator on it. Here is how: Copy and past the code below into the HTML of your website. Then add the address of your website into one of the extra fields on your profile from the 'Edit profile' tab and save changes. The HTML code shown reads <a rel='me' href='https://social.mei-home.net/@mmeier'>Mastodon</a>

Mastodon’s link verification page.

In the end I’m not sure I really need this extra link. The PaperMod theme already includes ‘me’ in the ‘rel’ attribute of the link to my Mastodon profile anyway. But I haven’t gotten around to testing whether that’s enough yet.

But even after adding this link to my blog successfully, I still wasn’t seeing link verification. Which was when I asked for help from the Fediverse. The first useful reply was this one, which told me that my blog was indeed showing up as verified on other instances. This was rather helpful, as it indicated that the problem was with my Mastodon instance instead of with the blog’s config.

I then proceeded to have a look at my blog’s access logs. Luckily, Mastodon always sends along the name of the instance in the User Agent header. And I couldn’t find my own instance anywhere in there. At the same time, I also tried to curl the blog from inside the Mastodon sidekiq container. I did not have any issues, and received my blog’s homepage as expected.

The solution finally came in this post. It noted that by default, Mastodon does not send HTTP requests (like the one necessary to fetch the blog’s homepage) to the private IP range.

Internally, I’m hosting both my blog and Mastodon in my Homelab. I’ve also got all of my domains pointing to an internal reverse proxy in my DNS. So the Mastodon request fetching my blog for link verification would get back an IP in the private range when resolving blog.mei-home.net, and would then not access the page at all.

Luckily, Mastodon has an environment variable to configure that behavior and allowlisting an IP in the private range, see here. So the only thing I needed to do was to add the following to my Mastodon config:

ALLOWED_PRIVATE_ADDRESSES = "10.0.0.12"

Where 10.0.0.12 is the IP of the internal host which runs the internal reverse proxy to which blog.mei-home.net resolves.

And with that, the link to my blog is finally verified.

Finally, a big thanks to Fediverse user @HeNeArXn, who helped me solve this particular mystery.