Hi,
I'm working on my first #friendica #VPS installation, here you'll find my initial post about general thoughts like what distro to use, size and costs.
I'm using the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️.
As of now I'm doing well in the process and want to start this post to document differences and questions while installing the server.
This server is going to host an already existing friendica node I have to move from another hosting provider. That means that for example the DB doesn't have to be created from scratch but moved and other smaller details.
I will try to address the different steps of installation in answers to this post and appreciate help, ideas and observations.
I'm doing this from a #linux desktop environment from the console but there shouldn't be differences if you want to do this from a #windows machine.
debian linux
general commands to execute before installation:
sudo apt update
sudo apt upgrade -y
reboot
when ever you do a mayor pause in you installation procedure you might want to recheck:sudo apt update
Install unattended upgrades:sudo apt install unattended-upgrades update-notifier-common -y
sudo systemctl status unattended-upgrades
Edit unattended upgrade configuration:sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
modify://Unattended-Upgrade::Automatic-Reboot "false";
You want to uncomment the line and set the value to true so it reads:Unattended-Upgrade::Automatic-Reboot "true";
restart unattended upgrade service:sudo systemctl restart unattended-upgrades
Install Certbot and Setting up HTTPS:
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
This step derailed completely my intent to migrate the server.
It took me a lot of work and effort too find the problems I created by not following the instructions by the tutorial. The reason I couldn't follow the tutorial "as is" was because the old server was still up and running and I wanted to first make a "test install", check than if everything worked out as expected to finally migrate the node onto the new VPS hosting.
In the end I managed to do the migration and am working right now on re-editing this "tutorial / experience report" so it can serve as tutorial without losing the "live report" in the process of summing up this report.
At the same time I'm working on a final tutorial for server migration that will be published accordingly.
As it looks right now there are two options:
A)
You simply follow hankG's tutorial and set the old server into maintenance mode once you reach the certbot step as you will need a working "redirect" for the new IP of your domain to be able to register the SSL certificate. You will have to leave your domain meanwhile off line, using the hints in this report on downloading, uploading and so. If something goes wrong you will have the option to change the IP redirect of your domain to the old hosting and reactivate that server while you check out what went wrong on the new server.
B)
You find some work around by registering some subdomain or another domain with the certbot routine and certify that domain for your new server. Once everything else is working fine and you feel secure with what you are doing you redirect the IP of the domain you want to migrate, run the certbot routine for your new certificate for the new server and work on from there.
certbot wrote wrote:
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): mydomain.com
Requesting a certificate for mydomain.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: unauthorized
Detail: XX.XXX.XX.XXX(IP of the running instance on the old server): Invalid response from mydomain.com/.well-known/acme-… 503
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Link to the completion of this step:
squeet.me/display/962c3e10-136…
Configuring a firewall:
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
sudo ufw status
Install and configure fail2ban:
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
systemctl status fail2ban
friendica installation:
sudo apt update
sudo apt install mariadb-server php libapache2-mod-php \
php-common php-gmp php-curl php-intl php-mbstring \
php-xmlrpc php-mysql php-gd php-imagick php-xml \
php-cli php-zip php-sqlite3 curl git -y
sudo mysql_secure_installation
Values for the prompts you get:
Somehow I managed to mistype something here and got stuck.
The console gave me the following message:
Disallow root login remotely? [Y/n] ^C <- (some bad keystroke)
Aborting!
Cleaning up...
root@ubuntu:~#
So I just started again:
sudo mysql_secure_installation
The following lines came up and after just redoing the same steps apparently everything went fine.
CREATE DATABASE friendicadb;
CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
FLUSH PRIVILEGES;
EXIT;
resuming the step of creating a new DB:
sign in via ssh
rootname@ubuntu:~# mysql
MariaDB [(none)]> CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> EXIT;
Bye
rootname@ubuntu:~#
To log into your DB:mysql friendicadb
The creation of th DB apparently worked as expected.
The problem I now ran into is that I can't upload the backup sql DB I donwloaded from the old hosting.
I did this using the hints of the following stackoverflow description: importing-a-database-using-ssh but somehow this doesn't work.
I created a folder in my home directory for to log into the VPS via ssh where I placed the privkey.pem and the backupname.sql
This is the command sequence I execute:cd hostingfolder
/hostingfolder ssh -i privkey.pem root@00.000.00.000
Enter passphrase for key 'privkey.pem':
Welcome to Ubuntu ..
..
rootname@ubuntu:~# mysql -u friendica@localhost -ppassword friendicadb < backupname.sql
The response by the server is:
-bash: backupname.sql: No such file or directory
I also tried:
rootname@ubuntu:~# mysql -u friendica -ppassword friendicadb < backupname.sql
with the same result
Of course the file backupname.sql does exist and is located in /hostingfolder
I also copied it to the folder /home/username/ just to make sure.
I searched the error message to and found:
stackoverflow.com/questions/42…
so I tried:mysql -u 'friendica'@'localhost' -ppassword friendicadb < '/home/username/hostingfolder/backupname.sql'
andmysql -u tupambaeorg'@'localhost -pSnMAVMY4McXAKq tupambaeorgdb < "/home/bitpickup/hosting172_16_9_5.sql"
but that didn't do the trick either.
Any ideas?
Preparing to move the DB
Changing the #storage backend to reduce DB size.
Admin panel:
Storage base path
:storageHelpers-page information
Moving storage via SSH
bin/console help storage
¿correct?:
mkdir /var/www/html/storage
./bin/console config storage.name = Filesystem
./bin/console config storage.filesystem_path = storage
./bin/console storage move
Somehow this didn't work out.
I followed the instructions of the BETA testing hosting to move files and storage via SSH.
Console commands via SSH:
The friendica installation is located at /apps/friendica/.
There also exists /apps/storage/ in the directory tree.
Even tho the moving of the files was apparently completed, in the end an error message came up:
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
If I try now to execute the commands again I don't get the "moved files confirmation" but the same error message.
I'm not sure if I tried first to change the settings in the admin panel and than the SSH commands or not. I tried to "fidel" around with the settings in the admin panel changing storage to the database and to filesystem but the already uploaded images still don't show up as expected.
The database size of 0.5gig hasn't changed or decreased at all.
I changed the settings in all profiles with respect to post expiring so except own posts and stared posts everything else expires after one or two days. The only active profile is a sports forum profile that has about 450 images sized 0.2-0.3MB each (around 0.15gig).
All the images of the server show up as blured undefined images.
Preparing the storage file system for migration by compressing the storage folder.
tar -zcf archive-name.tar.gz foldername/
tar -zxvf archive.tar.gz
zip -r /path/to/directory
zip -r /path/to/directory -x fileToExclude # Excludes just a single file
zip -r /path/to/directory -x *.fileFormat # Exclude all files of the given file format
unzip zippedArchive.zip
In case of problems because of the length of the process check out the commands:
zip -r backissue.zip Backissues/
nohup zip -r backissue.zip Backissues/ &
Download and upload storage file system via SSH:
unix.stackexchange.com/questio…
downloadscp username@remote.host:/path/to/file localfile
uploadscp localfile username@host:/path/remotefile
namecheap.com/support/knowledg…
Uploading a file from a local computer to a remote one:scp /path/to/local/file username@hostname:/path/to/remote/file
Downloading a file from a remote system to your computer:scp username@hostname:/path/to/remote/file /path/to/local/file
Migrating the the mysql/mariaDB export into the newly created DB.
Make sure that you are inside the folder that contains the DB dump you uploaded to the new VPSmysql -u friendica -p<password> friendicadb < oldfriendicadbDUMP.sql
sed 's/\sDEFINER=`[^`]*`@`[^`]*`//g' -i oldfriendicadbDUMP.sql
cp -r /apps/storage /apps/friendica/storage
mv -r /apps/storage /apps/friendica/storage
How to change change the DB password:
log onto your server via SSH
rootname@ubuntu:~# mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]> USE friendicadb
Database changed
MariaDB [friendicadb]> ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)
MariaDB [friendicadb]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [friendicadb]> exit
Bye
test changes:
rootname@ubuntu:~# mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)
/help/Migrate#Cleaning+up wrote:
To review the size of your database, log into MySQL with mysql -p run the following query:
SELECT table_schema AS "Database", SUM(data_length + index_length) / 1024 / 1024 / 1024 AS "Size (GB)" FROM information_schema.TABLES GROUP BY table_schema;
Trying to optimize D as recomended in the helpers page:mysqloptimize -p friendica-db
Some how this doesn't work, phpMyAdmin doesn't accept mysqloptimize
.
sudo chown -R www-data:www-data /var/www
cd /var/www
sudo -u www-data bash
mv html html.bak
git clone https://github.com/friendica/friendica.git -b stable html
mkdir -p view/smarty3
chmod 775 view/smarty3
git clone https://github.com/friendica/friendica-addons.git -b stable addon
rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html
rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html
¡Update - solved!
The tutorial by @Hank G ☑️ states that:
Tutorial wrote:
With the default Apache installation the /var/www/ directory is owned by root. We will want to instead make this whole directory and sub-directory to be owned by the Apache process’s user www-data.sudo chown -R www-data:www-data /var/www
We will now want to execute the rest of the commands as that user so we execute the sudo command on the bash shell to make all subsequent command execute as the www-data user in the root of the /var/www directory.
Next we are going to use the fact that the default Apache site that is already configured is looking for the /var/www/html directory. We will move the original default site to a backup location.
I missed that important detail and didn't changed to the user www-data
so the new git pulls didn't work as expected.
Switching to user www-data
and than performing the steps of git pull and adjustments to the friendica installation apparently everything worked out:
rootname@VPShosting:/var/www# cd /var/www
rootname@VPShosting:/var/www# -u www-data bash
www-data@VPShosting:~$ ls -l
mv html html.bak
git clone https://github.com/friendica/friendica.git -b stable html/code]
www-data@VPShosting:~$ [code]cd html
bin/composer.phar install --no-dev
mkdir -p view/smarty3
chmod 775 view/smarty3
git clone https://github.com/friendica/friendica-addons.git -b stable addon
cp .htaccess-dist .htaccess
exit
rootname@VPShosting:/var/www#
Browsing now to the web page the friendica installation verification screen is visible.
😀
Tweaking Apache configuration to allow overrides so dynamic pages can built correctly:
This step comes after "Activating" .htaccess in the tutorial.
This step didn't work out as described as the let's encrypt certbot step wasn't completed fully as it should.
Editing 000-default-le-ssl.conf:sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
The file 000-default-le-ssl.conf didn't exist so nano created it as a blank file.
I copy/pasted the text from the tutorial as it should be displayed "at the time of it's writing".
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
## I wonder if the following line is correct ##
[b]ServerAdmin webmaster@localhost[/b]
##??##
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName mydoman.com
SSLCertificateFile /etc/letsencrypt/live/mydoman.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydoman.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
As the certbot step will have to be executed later on again, we'll have to see if the fact that this file will exist creates some "trouble" in the installation process.
A recheck of this file after executing the certbot again will be necessary.
@Hank G ☑️
When the idea is to prepare a VPS-migration of an existing friendica node, should the certbot step and the edit of this file be executed in a different moment (later on) in the installation process?
This part of the installation process took me like another hour.
tweaking basic apache settings:
sudo nano /etc/php/8.1/apache2/php.ini
search for the following lines [ctrl+w] and modify the values:
[ctrl] W -> find line
set to:
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 300
max_input_vars = 1500
¡Houston!
@Hank G ☑️ @Friendica Support
I completed all the steps of the tutorial and added what I supposed was necessary to move an existing friendica server to a new VPS but when I browse to the domain I get a blank page. The file /VERSION is displayed correctly.
To check if the basic installation as described in the the tutorial would be working I renamed and moved all specific details of the merging intend like local.config.php and the storage folder but I still get a blank page instead of the friendica communications server setup page.
The only error I can find is the following, any ideas or hints how to solve this?
Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1
solved the "Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1" problem by editing:
sudo nano /etc/hosts
andsudo nano /etc/hostname
replacingubuntu
withyourfriendicadomain.com
To check eventual php errors:
rootname@ubuntu:~# sudo nano /etc/php/8.1/apache2/php.ini
rootname@ubuntu:~# touch php.error.log
rootname@ubuntu:~# reboot
refreshing domain page several times
rootname@ubuntu:~# nano /var/www/html/php.error.log
No results printed at all in php.error.log
🤨
Checking 000-default-le-ssl.conf after successful completion of the certbot HTTPS routine:
Certbot entered more lines in the already existing file that was created by scratch when executingsudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
creating a complete mess.
It created kinda a double entry and also added <VirtualHost *:80>
I started testing and comparing and ended up with the following file:
With <VirtualHost *:80>
firefox gives a:
SSL_ERROR_RX_RECORD_TOO_LONG error,
so I used port 443 as in the example and apparently that works.
At this point of the installation process you would browse to your domain and follow the friendica setup from within your browser.
Also, there are still missing the email setup and the worker setup, details that will be addressed later in this post.
Even if you don't have a proper email setting setup, friendica will provide you the logging credentials with a pop up box.
As in this case the idea is to migrate an existing friendica instance to a new VPS hosting provider, first of all let's have a look at the information in the friendica help for migrating. You'll find it in every friendica instance at /help/Migrate:
Eventually the old local.config.php file has to be adapted to the new server.
scp -i ~/.ssh/id_rsa.pub local.config.php USER@SERVER:/var/www/html/config/local.config.php
scp -i privkey.pem local.config.php USER@SERVER:/var/www/html/config/local.config.php
At this point all changes to be able to switch from the old to the new server should be done.
To set old server into maintenance mode enter via SSH and browse to your friendica installation:
rootname@oldserver:/friendicarootdir/~# bin/console maintenance 1
Check that the server is set to maintenance by browsing to your domain on the web:
Go to your name server provider and change the IP to the new server.
sudo certbot --apache
certbot wrote:
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
yourdomainname.com
If you want to check the installed certs on your server you can do this by typing:
rootname@ubuntu:~#certbot
If everything went well now your new server should be up and running.
spoilerAlert: I get a blank page.
😮
Last step:
Updating the local.config.php file and uploading it to the new server.
This will activate the new VPS server of your friendica node!
Allocate local.config.php
in the PuTTy privkey.pem folder: /home/user/.VPShosting
user@localPC:~/.VPShosting$ nano local.config.php
Adapt local.config.php for the new VPS server setting:
<?php
// Local configuration
// If you're unsure about what any of the config keys below do, please check the static/defaults.config.php for detailed
// documentation of their data type and behavior.
return [
'database' => [
[s]'hostname' => 'subdomain.oldhosting.com:3306',[/s]
'hostname' => 'yourfriendicadomain.com', <-- THIS WAS WRONG!!
'hostname' => 'localhost',
'username' => 'friendicadb',
'password' => '[b]changedPassword[/b]',
'database' => 'friendicadb',
'charset' => 'utf8mb4',
],
// ****************************************************************
// The configuration below will be overruled by the admin panel.
// Changes made below will only have an effect if the database does
// not contain any configuration for the friendica system.
// ****************************************************************
'config' => [
'php_path' => '/usr/bin/php',
'admin_email' => 'youradmin@email.com',
'sitename' => 'Friendica Social Network',
'register_policy' => \Friendica\Module\Register::CLOSED,(or OPEN)
'max_import_size' => 200000,
],
'system' => [
'url' => 'https://yourfriendicadomain.com',
[s]'basepath' => '/apps/friendica',[/s]
'basepath' => '/var/www/html',
'default_timezone' => 'AnyTime/AnyWhere',
'language' => 'en',
],
];
scp -i ~/.ssh/id_rsa.pub local.config.php USER@SERVER:/var/www/html/config/local.config.php
Uploading with PuTTy private .pem key:
user@localPC:~/.VPShosting$ scp -i privkey.pem local.config.php USER@SERVER:/var/www/html/config/local.config.php
first move the phpmailer.config.php file to the friendica config folder:
rootname@VPShosting:~# mv /var/www/html/addon/phpmailer/config/phpmailer.config.php /var/www/html/config/phpmailer.config.php
edit the phpmailer configuration file already located in the friendica config folder:
rootname@VPShosting:~# nano /var/www/html/config/phpmailer/config/phpmailer.config.php
<?php
// Warning: Don't change this file! It only holds the default config values for this addon.
// Instead overwrite these config values in config/addon.config.php in your Friendica directory
return [
'phpmailer' => [
// smtp (Boolean)
// Enables SMTP relaying for outbound emails
'smtp' => false,
// smtp_server (String)
// SMTP server host name
'smtp_server' => 'smtp.example.com',
// smtp_port (Integer)
// SMTP server port number
'smtp_port' => 25,
// smtp_secure (String)
// What kind of encryption to use on the SMTP connection.
// Options: '', 'ssl' or 'tls'.
'smtp_secure' => '',
// smtp_port_s (Integer)
// Secure SMTP server port number
'smtp_port_s' => 465,
// smtp_username (String)
// SMTP server authentication user name
// Empty string disables authentication
'smtp_username' => '',
// smtp_password (String)
// SMTP server authentication password
// Empty string disables authentication
'smtp_password' => '',
// smtp_from (String)
// From address used when using the SMTP server
// Example: no-reply@example.com
'smtp_from' => '',
],
];
<?php
// Warning: Don't change this file! It only holds the default config values for this addon.
// Instead, copy this file to config/phpmailer.config.php in your Friendica directory and set the correct values there
return [
'phpmailer' => [
// smtp (Boolean)
// Enables SMTP relaying for outbound emails
'smtp' => true,
// smtp_server (String)
// SMTP server host name
'smtp_server' => 'mail.ProviderDomain.com',
// smtp_port (Integer)
// SMTP server port number
'smtp_port' => 587,
// smtp_secure (String)
// What kind of encryption to use on the SMTP connection.
// Options: '', 'ssl' or 'tls'.
'smtp_secure' => 'tls',
// smtp_port_s (Integer)
// Secure SMTP server port number
'smtp_port_s' => 465,
// smtp_username (String)
// SMTP server authentication user name
// Empty string disables authentication
'smtp_username' => 'admin@yourFriendicaDomain.com',
// smtp_password (String)
// SMTP server authentication password
// Empty string disables authentication
'smtp_password' => 'CHANGED-EmailPassword',
// smtp_from (String)
// From address used when using the SMTP server
// Example: no-reply@example.com
'smtp_from' => 'admin@yourFriendicaDomain.com',
],
];
creat a copy of the MySQL DB
rootname@VPShosting:~# mysqldump -u username -p database_to_backup > backup_name.sql
install automysqlbackup
rootname@VPShosting:~# sudo apt-get install automysqlbackup
rootname@VPShosting:~# sudo automysqlbackup
listing automysqlbackup folders
rootname@VPShosting:~# cd /var/lib/automysqlbackup
rootname@VPShosting:~# /var/lib/automysqlbackup# ls
daily monthly weekly
listing daily backed up files:
rootname@VPShosting:~# ls -R /var/lib/automysqlbackup/daily
to have a look at automysqlbackup, as is there is no tweaking neccesary:
rootname@VPShosting:~# nano /etc/default/automysqlbackup
Second installation intent
Resuming installation from previous point.
Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???
Result of checking changes applied after getting blank page in the first installation attempt:
There was an error message in the apache status message, there for the following files were edited to change the server name from ubuntu
to yourdomain.com
.
nano /etc/hosts
127.0.1.1 yourdomain.com yourdomain
127.0.0.1 localhost
nano /etc/hostname
yourdomain.com
nano /etc/apache2/sites-available/000-default-le-ssl.conf
#ServerName www.example.com
ServerName yourdomain.com
ServerName yourdomain.com
already at the bottom of the page.nano /etc/apache2/sites-available/000-default.conf
#ServerName www.example.com
ServerName yourdomain.com
ufw status
systemctl status fail2ban
nano php.error.log
systemctl restart apache2
systemctl status apache2
reboot
Access over sFTP:
me in a previous post wrote:
https://squeet.me/display/962c3e10-2165-2dbe-eb37-5f6322325636
"My access is over SSH with puTTy[/url] created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?"
Raroun wrote:
sFTP should work out of the box with any Application that supports private key authorization - like scp or FileZilla.
I never managed to make fileZilla work with the puTTy keys.
🙁
Access over sFTP:
My access is over SSH with puTTy created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?
Raroun wrote:
sFTP should work out of the box with any Application that supports private key authorization - like scp or FileZilla.
There are two ways to add your keys to #FileZilla.
You can add your keys inside the "Site Manager":
Protocol:
In the settings panel for a given site select sFTP:
Add the user name to log onto the server:
Browse for the .ppk you want to add and select it:
FileZilla offers you also to add .pem (privkey.pem) files, that's the #puTTy option for a file containing only the extracted private key of keyfile.ppk. At the same time FileZilla doesn't read/accept .pem files so it will prompt you to transform it into a .ppk file. If your .ppk is protected by a password (it should be), you get prompted to insert the password.
It is not clear if the newly created .ppk file from the .pem file by FileZilla is protected with the same password. It doesn't feel like that.
Save the changes and connect to your server.
The other option to add your key to FileZilla is by adding it directly to the main settings.
Choose SFTP and select the "Add key file" tab:
Add the key file and save.
If you use the input fields and quick connect options of the main FileZilla window, the keys saved in settings will be retrieved.
Actually as of now I couldn't make it work because of problems with the user name login. When you add a .ppk that has password protection it doesn't ask for the password while adding the key(-location) so I guess it will ask you for the password every time you log onto your server.
I guess it lacks an encryption of the .ppk with a password when you read the privkey out of a .pem file but at the same time assumes that you password protect your fileZilla setup with the password options it ships.
Re-reading your question it looks to me that I didn't answer (get) your question @Simon John.
If you refer to user name, and hosting data I guess the answer is yes, it looks like plain text from the front end.
The password apparently at least can be protected by a general password manager.
Has there been general questioning of #FileZilla's safety?
Is there some recommendation for linux desktops?
security.stackexchange.com wrote:
Regarding the issue mentioned by Adi about passwords being stored in plain text, it's good to know that since version 3.26.0-rc1 (2017-05-25), FileZilla has support for encrypted passwords protected by a master password. Hence, there is no reason to say that FileZilla is less secure than other FTP clients.
security.stackexchange.com/que…
DB migration from the old hosting to the newly created friendica instalation:
How do I upload the DB I will have to grab from the old provider and upload to the new setup?
How do I change the password for the DB?
Is there a way to also change the name of the existing DB?
Raroun wrote:
You can export your DB - depending on the old provider you do a full export (with mysql tables) or only a "friendica db backup".
If you only have a friendica DB backup you have to create a new mysql user and a new password.
if you have a full backup, you can change the password of your db user - which is your db-password 😀
Some standard reference for mysql:
4.2.4 Connecting to the MySQL Server Using Command Options
dev.mysql.com/doc/refman/8.0/e…
4.2.5 Connecting to the Server Using URI-Like Strings or Key-Value Pairs
dev.mysql.com/doc/refman/8.0/e…
How do I upload the DB I will have to grab from the old provider and upload to the new setup?
Importing a MySQL database
To import a MySQL database, use the mysql command. Here is the full command:mysql -uUSERNAME -p DATABASE < backup.sql
Again, you will be prompted for the password of your MySQL user.
Raroun wrote:
You can export your DB - depending on the old provider you do a full export (with mysql tables) or only a "friendica db backup".
@Raroun
What do you mean by "only a friendica DB backup"?
First I thought of some option given inside the friendica admin panel but couldn't find anything related.
How would I get that normally?
The hosting provider gives me access to a "mysql DB site".
I went there and choose the standard rapid "export" option:
DBsite.com/index.php?route=/server/export
@Hank G ☑️
Is there a way (or https URL) to get the phpMyAdmin page on these standard Ubuntu server setups instead of the simple ssh access?
Do I need to install something more?
setting up puTTy to use RSA keys for communication via SSH:
debian linux:
sudo apt install putty-tools -y
If you want to use the puTTy window (same as in windows) you'll have to install also
sudo apt install putty
Creating SSH log in keys:
debian linux
puttygen -t rsa -b 4096 -C "username@hostname" -o keyfile.ppk
Apparently the
""
signs in the user name part have to be used.You should use/create a password in the procedur of creating the keyfile.ppk, you'll be asked if you want to in the creation process.
It is unclear to me to what extent
username
andhostname
have to be specific somehow. Like to say, you normally would log in as the userroot
and hostname would normally most likely beyourDomainName
oryourServerIP
but I don't know if there for you should most likely need to useroot@00.000.00.000
/root@yourdomain
or could even usewtfWhyNot@anyNameOrNumber
Get the public key:
puttygen -L keyfile.ppk
The result will be something like:
ssh-rsa AAA..->..ztc username@hostname
Copy/paste the public key into some .txt file to have this at hand. Your hosting povider will have to locate this in your VPS setup or tell you how to upload it yourself.
Extract and separate the private key you'll need to log onto your server:
puttygen keyfile.ppk -O private-openssh -o privkey.pem
puTTy will create all those keys in the directory the console is in while executing the commands.
Log into your server:
ssh -i privkey.pem username@hostname
When ever you want to log into your server from console, you'll have to be in the folder where the privkey.pem is located.
For example, you might create a folder /hostingVPS in your /home folder and locate the privkey.pem there.
In that case to log onto your server the procedure would be:
open your console:
keyfile.ppk, privkey.pem and your public key are quite important so you should back them up savely.