If you want your own Bluesky PDS and enjoy mild feelings of control and responsibility then this guide will get you from fresh EC2 instance to a running personal server without existential dread. We use atproto compatible PDS software with Docker and Postgres and a reverse proxy for TLS so your data stays where you want it to be.
What you will need
- An AWS account and an EC2 instance running Ubuntu or Debian
- Docker and Docker Compose on the instance
- Postgres for durable storage
- A domain name and a reverse proxy like Nginx or Caddy for TLS
- Basic comfort with SSH and editing environment files
Provision the EC2 instance
Pick an image size that matches your expected user base. Tiny instances are fine for a personal server but add swap if you skimp on RAM. Create a key pair for SSH and set security group rules to allow ports 22, 80 and 443. If you want stability give the instance an elastic IP so DNS does not become a pain.
Firewall and networking tips
Open only the ports you need. SSH for admin, HTTP and HTTPS for the reverse proxy. You can restrict SSH to your office IP and still enjoy pretending your server is secure.
Install Docker and dependencies
Update packages then install Docker and Docker Compose and any other utilities you like. Run containers as a non root user and enable the Docker service. On smaller instances enable a small swap file to avoid surprise OOM crashes.
sudo apt update && sudo apt install -y docker.io docker-compose
sudo usermod -aG docker $USER
# log out and back in or use newgrp docker to apply group change
Clone the PDS repository and configure
Grab the official PDS repo or a maintained fork. Copy the example environment file and edit it with your fully qualified domain name, Postgres credentials and storage settings. You can use S3 compatible storage or local volumes depending on how clingy you are about running everything yourself.
Environment checklist
- FQDN in the environment for signing and links
- Postgres user password and database name
- Storage backend credentials for media and blobs
- Feature flags and limits for atproto if the repo exposes them
Initialize Postgres and run migrations
Create the Postgres user and the database. The PDS project will include migration scripts so run those using the container or CLI method the project recommends. Some deployments include optional seed data. Choose wisely if you want sample content that makes your server look lived in.
Bring up services with Docker Compose
Start the stack and tail logs to check health endpoints. Common services are the PDS app, the web proxy, and Postgres. If something fails the logs will tell you which container is sulking.
docker compose up -d
docker compose logs -fpds # follow the PDS logs for health messages
Configure the reverse proxy and TLS
Use Nginx or Caddy as your reverse proxy. Caddy has built in ACME support so certificates can be almost zero config. If you prefer Certbot you can obtain certificates that way as well. Point the proxy at the PDS container and set the usual headers for real IP and forwarded proto.
TLS notes
Make sure your domain resolves to the instance IP before requesting certificates. Test HTTPS and redirect HTTP to HTTPS for better user experience and safety.
Health checks and maintenance
Watch logs and set up simple health checks so you get paged if the service stops answering. Automate backups of the Postgres database and your storage blobs. A small cron job or an S3 lifecycle policy will do wonders for future you.
Troubleshooting tips
- If the PDS fails at startup check environment variables and DB migrations
- If media fails to save check storage credentials and volume mounts
- If TLS fails check DNS and make sure port 80 is reachable for ACME challenges
Final thoughts
Running a personal Bluesky PDS on AWS EC2 with Docker and Postgres is a satisfying project that keeps your social data where you want it. Expect some fiddly moments but no dark magic. Once it is up you will have full control over signing keys, feature flags and the occasional software update that breaks everything in interesting ways.
If you want a minimal checklist to copy and paste here it is
- Provision EC2 with Ubuntu or Debian and open ports 22 80 443
- Install Docker and Docker Compose and create a non root user for containers
- Clone the PDS repo and edit environment files with domain and Postgres creds
- Initialize Postgres and run migrations from the project
- Bring up the stack and configure Nginx or Caddy for TLS
- Set up backups health checks and monitor logs
Now go be your own Bluesky operator and savor the tiny bit of sovereignty you just carved out of the cloud.