Ghost recently released ActivityPub support, enabling Ghost blogs to participate in the Fediverse alongside Mastodon, Threads, and other federated platforms. Through extensive testing and production deployment, we discovered that the official ActivityPub container has a bug that prevents self-hosted ActivityPub deployments from working. Combined with AWS-specific networking challenges, we had to modify the container source code to achieve working federation.
Common Errors
Through the process of testing and building this solution, we encountered several errors that pointed us toward the underlying issues.
When we saw "The signer and the actor do not match," it indicated a URL mismatch between the HTTP signature and actor object. This led us to use Context methods exclusively for URL generation to ensure consistency.
The error "No webhook secret found - cannot initialise" was particularly misleading. It actually indicated a JWT authentication failure where ActivityPub was trying to fetch the JWKS endpoint via HTTP instead of HTTPS. Setting NODE_ENV=production forced the service to use HTTPS for all internal communications.
When actor endpoints contained HTTP URLs instead of HTTPS, we traced this to missing or incorrect X-Forwarded-Proto headers. The solution required ensuring nginx properly set X-Forwarded-Proto: https for all proxied requests.
The "No key pair found for actor 'index'" error revealed the need for dual-key support, requiring implementation of both Ed25519 and RSA key generation to support the full range of Fediverse servers.
Finally, 503 Service Unavailable errors typically indicated that the ActivityPub container wasn't healthy or had port misconfiguration issues. Checking the ALB target group health and ensuring port 8080 was accessible resolved these issues.
Resolution
Fortunately, we've been able to solve these problems and get Federation working with Ghost while deployed on AWS.