friendica.eskimo.com

…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

friendica VPS setup on ubuntu 22.04 LTS

@Friendica Support

Hi,
I'm working on my first #friendica #VPS installation, here you'll find my initial post about general thoughts like what distro to use, size and costs.
I'm using the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️.

As of now I'm doing well in the process and want to start this post to document differences and questions while installing the server.

This server is going to host an already existing friendica node I have to move from another hosting provider. That means that for example the DB doesn't have to be created from scratch but moved and other smaller details.

I will try to address the different steps of installation in answers to this post and appreciate help, ideas and observations.

I'm doing this from a #linux desktop environment from the console but there shouldn't be differences if you want to do this from a #windows machine.

#fediVerse #tutorial #fediHelp #activityPub


what VPS offer fits best for a small friendica instance?


@Friendica Support
@Friendica Admins
@Friendica Developers

Hi there,
in the end I want to try to setup my first own hosted friendica VPS on a small setup:
1gig RAM/1 Core/25gig

The idea is kinda single user instance with a few forum pages.

The hosting provider has the following options:

  • debian bullsey - vpn server
  • debian bookworm - wireguard server
  • debian bookworm - bookworm 2023-07-03
  • debian bookworm - bookworm 2023-07-03 LEMP (nginx+php8.2+mariaDB10.5)
  • debian bookworm - nextcloud
  • ubuntu 22.04.01LTS
  • CENTOS8.1 - 2020-05-03
  • cleanVPS to upload own ISO


I'm used to debian/devuan on PC, so am obviously inclined to go for debian but have no idea what version would be the best choice.

In the first place the debian LEMP option looks like the way to go.
Latest experience with a new friendica installation seemed to be in need of PHP8.1 instead of PHP8.2.
Is it difficult to downgrade that?

Also, I'm kinda worried about security in general, even tho the data exposed will only be my own, so there is no responsibility with others.
Are there more security risks than on a shared hosting with let's say a standard phpBB forum page?

The idea would be to point the IP from my existing hosting provider to the VPS.


  • Do we have some general "how to setup" for a VPS setting from scratch?
  • Anyone interested in creating such a "how to" in a conversation with me here to have a refence or base to sum that up for the frindica wiki?
  • Could it even be of interest to create a "friendica VPS-ISO installation" with the help of git.friendi.ca for example?

@TupambAdmin
@bitPickup mʕ•ﻌ•ʔm


2
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

setting up puTTy to use RSA keys for communication via SSH:

debian linux:
sudo apt install putty-tools -y

If you want to use the puTTy window (same as in windows) you'll have to install also
sudo apt install putty

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Creating SSH log in keys:

debian linux
puttygen -t rsa -b 4096 -C "username@hostname" -o keyfile.ppk

Apparently the "" signs in the user name part have to be used.

You should use/create a password in the procedur of creating the keyfile.ppk, you'll be asked if you want to in the creation process.

It is unclear to me to what extent username and hostname have to be specific somehow. Like to say, you normally would log in as the user root and hostname would normally most likely be yourDomainName or yourServerIP but I don't know if there for you should most likely need to use root@00.000.00.000/root@yourdomain or could even use wtfWhyNot@anyNameOrNumber


Get the public key:
puttygen -L keyfile.ppk

The result will be something like:
ssh-rsa AAA..->..ztc username@hostname

Copy/paste the public key into some .txt file to have this at hand. Your hosting povider will have to locate this in your VPS setup or tell you how to upload it yourself.


Extract and separate the private key you'll need to log onto your server:
puttygen keyfile.ppk -O private-openssh -o privkey.pem

puTTy will create all those keys in the directory the console is in while executing the commands.

Log into your server:
ssh -i privkey.pem username@hostname

When ever you want to log into your server from console, you'll have to be in the folder where the privkey.pem is located.

For example, you might create a folder /hostingVPS in your /home folder and locate the privkey.pem there.

In that case to log onto your server the procedure would be:

open your console:

cd hostingVPS
ssh -i privkey.pem username@hostname

keyfile.ppk, privkey.pem and your public key are quite important so you should back them up savely.

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Statement in the tutorial I'm not quite sure about what it means, if that is set or has happend on my VPS or if it's relevant:
"It also assumes that the root username/password has been disabled for the server, which will be a relevant part when you get to the securing of the database section."
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

debian linux
general commands to execute before installation:

sudo apt update
sudo apt upgrade -y
reboot

when ever you do a mayor pause in you installation procedure you might want to recheck:
sudo apt update

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
By rebooting you'll get logged out.
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Install unattended upgrades:
sudo apt install unattended-upgrades update-notifier-common -y

sudo systemctl status unattended-upgrades

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Edit unattended upgrade configuration:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

modify:
//Unattended-Upgrade::Automatic-Reboot "false";

You want to uncomment the line and set the value to true so it reads:
Unattended-Upgrade::Automatic-Reboot "true";

restart unattended upgrade service:
sudo systemctl restart unattended-upgrades

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Install apache server:
debian linux
sudo apt install apache2 -y
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Install Certbot and Setting up HTTPS:

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --apache

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
The complete registry of the domain in this case wasn't possible in this step as the domain and friendica instance is still in use with another hosting provider.
As of now I didn't provide a domain name on the new VPS installation.
certbot wroteAccount registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): mydomain.com
Requesting a certificate for mydomain.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: unauthorized
Detail: 45.13.66.100: Invalid response from mydomain.com/.well-known/acme-… 503
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Partical re-installation/redo of the following steps
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed Service unavailable.
Their for I'm going to redo the steps from the certbot installation to the gitpull

Second installation intent

Resuming installation from previous point.

Browsing to the web site
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.

Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???


1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

This step derailed completely my intent to migrate the server.

It took me a lot of work and effort too find the problems I created by not following the instructions by the tutorial. The reason I couldn't follow the tutorial "as is" was because the old server was still up and running and I wanted to first make a "test install", check than if everything worked out as expected to finally migrate the node onto the new VPS hosting.
In the end I managed to do the migration and am working right now on re-editing this "tutorial / experience report" so it can serve as tutorial without losing the "live report" in the process of summing up this report.
At the same time I'm working on a final tutorial for server migration that will be published accordingly.

As it looks right now there are two options:

A)
You simply follow hankG's tutorial and set the old server into maintenance mode once you reach the certbot step as you will need a working "redirect" for the new IP of your domain to be able to register the SSL certificate. You will have to leave your domain meanwhile off line, using the hints in this report on downloading, uploading and so. If something goes wrong you will have the option to change the IP redirect of your domain to the old hosting and reactivate that server while you check out what went wrong on the new server.

B)
You find some work around by registering some subdomain or another domain with the certbot routine and certify that domain for your new server. Once everything else is working fine and you feel secure with what you are doing you redirect the IP of the domain you want to migrate, run the certbot routine for your new certificate for the new server and work on from there.

partially completedThe complete registry of the domain in this case wasn't possible in this step as the domain and friendica instance is still in use with another hosting provider.
As of now I didn't provide a domain name on the new VPS installation because it was stillin use on the old server.
It is not recommendable to do this step at this point of the installation if you are not going to merge your friendica instance immediately. I ran into trouble and extra work because of this and will have to check out how to prevent them.

certbot wrote wrote:

Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): mydomain.com
Requesting a certificate for mydomain.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: unauthorized
Detail: XX.XXX.XX.XXX(IP of the running instance on the old server): Invalid response from mydomain.com/.well-known/acme-… 503
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Link to the completion of this step:
squeet.me/display/962c3e10-136…


At this point all changes to be able to switch from the old to the new server should be done.


  • DB merged
  • file storage merged
  • local.config.php merged


To set old server into maintenance mode enter via SSH and browse to your friendica installation:
rootname@oldserver:/friendicarootdir/~# bin/console maintenance 1

Check that the server is set to maintenance by browsing to your domain on the web:
Image of maintenance mode

Go to your name server provider and change the IP to the new server.

Complete certbot HTTPS instalationNow it's time to go back to the certbot installation and complete those steps. Be aware that you have to wait for the IP setting change for your domain to come into effect. This might take some time, depending on your service provider and the settings you might be able to influence, apparently eventually up to a day. In my case it was about half an hour.
In this case, as the certbot installation was completed but abandoned as the old server was still running, the only thing I had to do was the following:

Run the following command over SSH:
root@ubuntu:~# sudo certbot --apache

certbot wrote:

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):

yourdomainname.com

certbot outputRequesting a certificate for yourdomainname.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomainname.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomainname.com/privkey.pem
This certificate expires on XXXX-XX-XX.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for yourdomainname.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on yourdomainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: letsencrypt.org/donate
* Donating to EFF: eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rootname@ubuntu:~

If you want to check the installed certs on your server you can do this by typing:
rootname@ubuntu:~#certbot

certbot outputSaving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yourdomainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): C!!!
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.
Ask for help or search for solutions at community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
rootname@ubuntu:~#

If everything went well now your new server should be up and running.

spoilerAlert: I get a blank page.
😮


1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Partial re-installation/redo of the installation steps following from here
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed:
Service unavailable
squeet.me/display/962c3e10-206…
There for I'm going to redo the steps from the certbot installation to the gitpull.
Update:
This attempt didn't solve the problem so I will perform another new git pull.

Second installation intent

Resuming installation from previous point.

Browsing to the web site
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.

Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???


1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Configuring a firewall:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

sudo ufw status

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Install and configure fail2ban:

sudo apt install fail2ban -y 
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

systemctl status fail2ban

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

friendica installation:

sudo apt update

sudo apt install mariadb-server php libapache2-mod-php \
     php-common php-gmp php-curl php-intl php-mbstring \
	 php-xmlrpc php-mysql php-gd php-imagick php-xml \
	 php-cli php-zip php-sqlite3 curl git -y

sudo mysql_secure_installation

Values for the prompts you get:

  • Enter current password for root (enter for none):
    Just hit enter since you are configured to only allow logins with SSH keys for the root user.
  • Switch to unix_socket authentication: n
  • Change the root password?: n
  • Remove anonymous users? Y
  • Disallow root login remotely? Y
  • Remove test database and access to it? Y
  • Reload privilege tables now? Y
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Somehow I managed to mistype something here and got stuck.
The console gave me the following message:

Disallow root login remotely? [Y/n] ^C <- (some bad keystroke)
Aborting!

Cleaning up...
root@ubuntu:~#


So I just started again:

sudo mysql_secure_installation

The following lines came up and after just redoing the same steps apparently everything went fine.

Click to open/closeNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
..
.. and so on..
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Creating the DB:
CREATE DATABASE friendicadb;
CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
FLUSH PRIVILEGES;
EXIT;
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
As of now I skipped this step as I do have already a DB with password and name on the original installation I will have to migrate to this new VPS.
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

resuming the step of creating a new DB:

sign in via ssh

rootname@ubuntu:~# mysql

MariaDB [(none)]> CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> EXIT;

Bye
rootname@ubuntu:~#


To log into your DB:
mysql friendicadb

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

The creation of th DB apparently worked as expected.

The problem I now ran into is that I can't upload the backup sql DB I donwloaded from the old hosting.

I did this using the hints of the following stackoverflow description: importing-a-database-using-ssh but somehow this doesn't work.

I created a folder in my home directory for to log into the VPS via ssh where I placed the privkey.pem and the backupname.sql

This is the command sequence I execute:
cd hostingfolder
/hostingfolder ssh -i privkey.pem root@00.000.00.000
Enter passphrase for key 'privkey.pem':
Welcome to Ubuntu ..
..
rootname@ubuntu:~# mysql -u friendica@localhost -ppassword friendicadb < backupname.sql

The response by the server is:
-bash: backupname.sql: No such file or directory

I also tried:
rootname@ubuntu:~# mysql -u friendica -ppassword friendicadb < backupname.sql
with the same result

Of course the file backupname.sql does exist and is located in /hostingfolder
I also copied it to the folder /home/username/ just to make sure.

I searched the error message to and found:
stackoverflow.com/questions/42…

so I tried:
mysql -u 'friendica'@'localhost' -ppassword friendicadb < '/home/username/hostingfolder/backupname.sql'
and
mysql -u tupambaeorg'@'localhost -pSnMAVMY4McXAKq tupambaeorgdb < "/home/bitpickup/hosting172_16_9_5.sql"
but that didn't do the trick either.

Any ideas?

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Preparing to move the DB

Changing the #storage backend to reduce DB size.

Admin panel:

/admin/storageAdministration - Storage
Current Storage Backend: Database
Storage Configuration
Filesystem
Storage base path:storage
Folder where uploaded files are saved. For maximum security, This should be a path outside web server folder tree
Database
This backend doesn't have custom settings

Helpers-page information

/help/Settings#File+storage+backendFile upload
File storage backend
Set the backend used by #Friendica to store uploaded file data. Two storage backends are available with Friendica:
Database : Data is stored in a dedicated table in database (storage)
Filesystem : Data is stored as file on the filesystem.
Default value is 'Database (legacy)': it's the legacy way used to store data directly in database.
Existing data can be moved to the current active backend using the 'storage move' console command
If selected backend has configurable options, new fields are shown here.
Filesystem: Storage base path
The base path where Filesystem storage backend saves data.
For maximum security, this path should be outside the folder tree served by the web server: this way files can't be downloaded bypassing the privacy checks.
Default value is storage, that is the storage folder in Friendica code root folder.
Maximum Image Size
Maximum size in bytes of uploaded images. The default is set to 0, which means no limits.
#fediVerse #fediHelp

Moving storage via SSH

bin/console help storage informationbin/console help storage
console storage - manage storage backend and stored data
Synopsis
bin/console storage [-h|--help|-?] [-v]
Show this help
bin/console storage list
List available storage backends
bin/console storage set <name>
Set current storage backend
name storage backend to use. see "list".
bin/console storage move[table][-n 5000]
Move stored data to current storage backend.
table one of "photo" or "attach". default to both
-n limit of processed entry batch size

¿correct?:

SSH -> commands to move storage
mkdir /var/www/html/storage
./bin/console config storage.name = Filesystem
./bin/console config storage.filesystem_path = storage
./bin/console storage move
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Somehow this didn't work out.

I followed the instructions of the BETA testing hosting to move files and storage via SSH.
Console commands via SSH:

Click to open/close[ssh01 apps]$ cd storage
[ssh01 storage]$ cd ..
[ssh01 apps]$ bin/consolbin/console storage set Filesystem
-bash: bin/console: No such file or directory
[ssh01 apps]$ friendica/bin/console storage set Filesystem
[ssh01 apps]$ friendica/bin/console storage move
[2023-10-29 21:38:15] Moved 5000 files
[2023-10-29 21:38:48] Moved 3170 files
[2023-10-29 21:38:48] Moved 8170 files total
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned

The friendica installation is located at /apps/friendica/.
There also exists /apps/storage/ in the directory tree.
Even tho the moving of the files was apparently completed, in the end an error message came up:
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned

If I try now to execute the commands again I don't get the "moved files confirmation" but the same error message.
I'm not sure if I tried first to change the settings in the admin panel and than the SSH commands or not. I tried to "fidel" around with the settings in the admin panel changing storage to the database and to filesystem but the already uploaded images still don't show up as expected.

The database size of 0.5gig hasn't changed or decreased at all.
I changed the settings in all profiles with respect to post expiring so except own posts and stared posts everything else expires after one or two days. The only active profile is a sports forum profile that has about 450 images sized 0.2-0.3MB each (around 0.15gig).

All the images of the server show up as blured undefined images.

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Preparing the storage file system for migration by compressing the storage folder.

tar.gz via SSH commandssiteground.com/tutorials/ssh/a…
To archive the entire folder foldername in an archive named archive-name.tar.gz in the current working directory:
tar -zcf archive-name.tar.gz foldername/
To extract a Tar.Gz file
tar -zxvf archive.tar.gz


zip via SSHwebhostface.com/kb/knowledgeba…
Archive entire directory using SSH zip command
zip -r /path/to/directory
Excluding files when archiving with Linux zip command
zip -r /path/to/directory -x fileToExclude # Excludes just a single file
zip -r /path/to/directory -x *.fileFormat # Exclude all files of the given file format
Unzipping with SSH
unzip zippedArchive.zip


In case of problems because of the length of the process check out the commands:

nohub" and "&serverfault.com/questions/1021…
Your main problem, the timeouts, is fixed by using background and nohup.
Instead of executing:
zip -r backissue.zip Backissues/
you execute
nohup zip -r backissue.zip Backissues/ &
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Download and upload storage file system via SSH:

unix.stackexchange.com/questio…
download
scp username@remote.host:/path/to/file localfile
upload
scp localfile username@host:/path/remotefile

namecheap.com/support/knowledg…
Uploading a file from a local computer to a remote one:
scp /path/to/local/file username@hostname:/path/to/remote/file
Downloading a file from a remote system to your computer:
scp username@hostname:/path/to/remote/file /path/to/local/file

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Migrating the the mysql/mariaDB export into the newly created DB.

Make sure that you are inside the folder that contains the DB dump you uploaded to the new VPS
mysql -u friendica -p<password> friendicadb < oldfriendicadbDUMP.sql

Problem I encounteredError message:
ERROR 1227 (42000) at line 278321: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation.
Apparently there are several ways to prevent this error.
You can prevent this by modifying while dumping the DB on the old server.
I only had browser to phpMyAdmin and couldn't figure out how to export without the privileges so I just executed the following command:
rootname@ubuntu:/var/www/html# sed 's/\sDEFINER=`[^`]*`@`[^`]*`//g' -i oldfriendicadbDUMP.sql
With this modification apparently everything worked fine.
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Lot's of trouble, uncertainty and doubt
Update:
.. while changing file storage from DB to filesystem and subsequent download. Testing and work arounds in part via SSH in part via FileZilla and ultimately downloading everything and merging storage folders together in on the PC solved the problems (I guess).
Somehow this didn't work outI followed the instructions of the BETA testing hosting to move files and storage via SSH.
change storage via SSH[ssh01 apps]$ cd storage
[ssh01 storage]$ cd ..
[ssh01 apps]$ bin/consolbin/console storage set Filesystem
-bash: bin/console: No such file or directory
[ssh01 apps]$ friendica/bin/console storage set Filesystem
[ssh01 apps]$ friendica/bin/console storage move
[2023-10-29 21:38:15] Moved 5000 files
[2023-10-29 21:38:48] Moved 3170 files
[2023-10-29 21:38:48] Moved 8170 files total
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned

Error descriptionThe friendica installation is located at /apps/friendica/.
There also exists /apps/storage/ in the directory tree.
Even tho the moving of the files was apparently completed, in the end an error message came up:
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
If I try now to execute the commands again I don't get the "moved files confirmation" but the same error message.
I'm not sure if I tried first to change the settings in the admin panel and than the SSH commands or not. I tried to "fidel" around with the settings in the admin panel changing storage to the database and to filesystem but the already uploaded images still don't show up as expected.
The database size of 0.5gig hasn't changed or decreased at all.
I changed the settings in all profiles with respect to post expiring so except own posts and stared posts everything else expires after one or two days. The only active profile is a sports forum profile that has about 450 images sized 0.2-0.3MB each (around 0.15gig).
All the images of the server show up as blurred undefined images.

update on the situation
Checking the file system via ftp it turns out that there are two storage folders now:
878 files | 4.9 MB
/apps/friendica/storage
and
/apps/storage
Both folders contain files, the one inside the friendica folder structure apparently only images of avatars from other servers, the folder in the root structure /apps/storage contains the missing uploaded images:
avatar of some profile:
/apps/friendica/storage/02/1b
images that still show up blurred as it is a -1jpg.thumbnail:
/apps/storage/ff/00
Intent to solve:
Moving folders with fileZilla from /apps/storage to /apps/friendica/storage.
Some move, others don't.

status messages filezillaStatus: Renaming '/apps/storage/e0' to '/apps/friendica/storage/e0'
Status: /apps/storage/e0 -> /apps/friendica/storage/e0
Status: Renaming '/apps/storage/e1' to '/apps/friendica/storage/e1'
Command: mv "e1" "/apps/friendica/storage/e1"
Error: mv /apps/storage/e1 /apps/friendica/storage/e1: received failure with description 'Failure'

Status: Renaming '/apps/storage/e2' to '/apps/friendica/storage/e2'
..

Using fileZilla the moving process gets stuck.
Using SSH to move or copy the files:
help.vernalweb.com/kb/move-cop…
copy:
cp -r /apps/storage /apps/friendica/storage
move:
mv -r /apps/storage /apps/friendica/storage

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

How to change change the DB password:

log onto your server via SSH

rootname@ubuntu:~# mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]> USE friendicadb
Database changed
MariaDB [friendicadb]> ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)

MariaDB [friendicadb]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [friendicadb]> exit
Bye


test changes:
rootname@ubuntu:~# mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)

MariaDB [(none)]>

If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

/help/Migrate#Cleaning+up wrote:

To review the size of your database, log into MySQL with mysql -p run the following query:

SELECT table_schema AS "Database", SUM(data_length + index_length) / 1024 / 1024 / 1024 AS "Size (GB)" FROM information_schema.TABLES GROUP BY table_schema;

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
DB size was about 0.5 gig, now it is 3/5th of the previous size:
DB size: 0.294 GIG
information_schema 0.000198364258
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Trying to optimize D as recomended in the helpers page:
mysqloptimize -p friendica-db

Some how this doesn't work, phpMyAdmin doesn't accept mysqloptimize.

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Creating directory for the friendica installation:
sudo chown -R www-data:www-data /var/www

cd /var/www

sudo -u www-data bash

mv html html.bak
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Cloning friendica from the gitHub repository:
git clone https://github.com/friendica/friendica.git -b stable html
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Configure PHP dependencies:
cd html
bin/composer.phar install --no-dev
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Creating folder for page view renderings:
mkdir -p view/smarty3
chmod 775 view/smarty3
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
cloning Addons github repository:
git clone https://github.com/friendica/friendica-addons.git -b stable addon
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
"Activating" .htaccess:
cp .htaccess-dist .htaccess
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

testing a clean reinstall from hereAs I ran into trouble and am getting a blank page I just decided to try a clean pull from github of the stable branch and go on with the rest of the installation process to see what happens.

rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Second test of a clean friendica install from here
New intent, this time after executing all steps since the certbot step.
This is the second intent to fix the installation.
The first ended with the web page stating:
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.

from here a new git pull will be performed.
The apache tweaking steps are not necessary as they are located at /etc/.. and there for the moving html folder doesn't affect those files.

rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html


Partical re-installation/redo of the following steps
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed Service unavailable.
Their for I'm going to redo the steps from the certbot installation to the gitpull

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

¡Update - solved!

The tutorial by @Hank G ☑️ states that:

Tutorial wrote:

With the default Apache installation the /var/www/ directory is owned by root. We will want to instead make this whole directory and sub-directory to be owned by the Apache process’s user www-data.
sudo chown -R www-data:www-data /var/www

We will now want to execute the rest of the commands as that user so we execute the sudo command on the bash shell to make all subsequent command execute as the www-data user in the root of the /var/www directory.
Next we are going to use the fact that the default Apache site that is already configured is looking for the /var/www/html directory. We will move the original default site to a backup location.

I missed that important detail and didn't changed to the user www-data so the new git pulls didn't work as expected.

Switching to user www-data and than performing the steps of git pull and adjustments to the friendica installation apparently everything worked out:

rootname@VPShosting:/var/www# cd /var/www
rootname@VPShosting:/var/www# -u www-data bash

www-data@VPShosting:~$ ls -l

ls -l informationdrwxr-xr-x 2 www-data www-data 4096 Oct 16 21:05 html.bak
drwxrwxr-x 21 www-data www-data 4096 Nov 8 03:13 html_01.bak
drwxr-xr-x 20 root root 4096 Nov 8 05:05 html_02.bak
drwxr-xr-x 20 root root 4096 Nov 8 20:08 html_03.bak

www-data@VPShosting:~$ mv html html.bak
www-data@VPShosting:~$
git clone https://github.com/friendica/friendica.git -b stable html/code]
www-data@VPShosting:~$ [code]cd html

www-data@VPShosting:~/html$ bin/composer.phar install --no-dev
www-data@VPShosting:~/html$ mkdir -p view/smarty3
www-data@VPShosting:~/html$ chmod 775 view/smarty3
www-data@VPShosting:~/html$ git clone https://github.com/friendica/friendica-addons.git -b stable addon
www-data@VPShosting:~/html$ cp .htaccess-dist .htaccess
www-data@VPShosting:~/html$ exit

rootname@VPShosting:/var/www#

Browsing now to the web page the friendica installation verification screen is visible.
😀

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Tweaking Apache configuration to allow overrides so dynamic pages can built correctly:

This step comes after "Activating" .htaccess in the tutorial.

This step didn't work out as described as the let's encrypt certbot step wasn't completed fully as it should.

Editing 000-default-le-ssl.conf:
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf

The file 000-default-le-ssl.conf didn't exist so nano created it as a blank file.
I copy/pasted the text from the tutorial as it should be displayed "at the time of it's writing".

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com
## I wonder if the following line is correct ##
	[b]ServerAdmin webmaster@localhost[/b]
##??##
	DocumentRoot /var/www/html
    <Directory /var/www/html>
        AllowOverride All
    </Directory>
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf


ServerName mydoman.com
SSLCertificateFile /etc/letsencrypt/live/mydoman.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydoman.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

As the certbot step will have to be executed later on again, we'll have to see if the fact that this file will exist creates some "trouble" in the installation process.

A recheck of this file after executing the certbot again will be necessary.

@Hank G ☑️
When the idea is to prepare a VPS-migration of an existing friendica node, should the certbot step and the edit of this file be executed in a different moment (later on) in the installation process?


This part of the installation process took me like another hour.


"Activating" .htaccess:
cp .htaccess-dist .htaccess

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

tweaking basic apache settings:

sudo nano /etc/php/8.1/apache2/php.ini

search for the following lines [ctrl+w] and modify the values:

[ctrl] W -> find line

set to:
memory_limit = 256M

upload_max_filesize = 100M

max_execution_time = 300

max_input_vars = 1500
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

¡Houston!
@Hank G ☑️ @Friendica Support

I completed all the steps of the tutorial and added what I supposed was necessary to move an existing friendica server to a new VPS but when I browse to the domain I get a blank page. The file /VERSION is displayed correctly.
To check if the basic installation as described in the the tutorial would be working I renamed and moved all specific details of the merging intend like local.config.php and the storage folder but I still get a blank page instead of the friendica communications server setup page.

The only error I can find is the following, any ideas or hints how to solve this?


Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1

systemctl status apache2● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-11-07 07:02:00 UTC; 14s ago
Docs: httpd.apache.org/docs/2.4/
Process: 48187 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 48191 (apache2)
Tasks: 6 (limit: 9436)
Memory: 23.3M
CPU: 111ms
CGroup: /system.slice/apache2.service
├─48191 /usr/sbin/apache2 -k start
├─48192 /usr/sbin/apache2 -k start
├─48193 /usr/sbin/apache2 -k start
├─48194 /usr/sbin/apache2 -k start
├─48195 /usr/sbin/apache2 -k start
└─48196 /usr/sbin/apache2 -k start
Nov 07 07:02:00 ubuntu systemd[1]: Starting The Apache HTTP Server...
Nov 07 07:02:00 ubuntu apachectl[48190]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message>
Nov 07 07:02:00 ubuntu systemd[1]: Started The Apache HTTP Server.
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

@Hank G ☑️

solved the "Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1" problem by editing:

sudo nano /etc/hosts
and
sudo nano /etc/hostname

replacing
ubuntu
with
yourfriendicadomain.com

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

To check eventual php errors:

rootname@ubuntu:~# sudo nano /etc/php/8.1/apache2/php.ini

ctrl+W -> log_errors
log_errors = On
; Default Value: Off
; Development Value: On
; Production Value: On


ctrl+W -> error_log
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; php.net/error-log
; Example:
error_log = /var/www/html/php.error.log
; Log errors to syslog (Event Log on Windows).
; error_log = syslog

rootname@ubuntu:~# touch php.error.log
rootname@ubuntu:~# reboot

refreshing domain page several times

rootname@ubuntu:~# nano /var/www/html/php.error.log

No results printed at all in php.error.log
🤨

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
000-default.conf<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =yourfriendicadomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Checking 000-default-le-ssl.conf after successful completion of the certbot HTTPS routine:

Certbot entered more lines in the already existing file that was created by scratch when executing
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
creating a complete mess.

It created kinda a double entry and also added <VirtualHost *:80>
I started testing and comparing and ended up with the following file:

000-default-le-ssl.conf<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
</Directory>

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName yourdomainname.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/yourdomainname.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomainname.com/privkey.pem
</VirtualHost>
</IfModule>

With <VirtualHost *:80> firefox gives a:
SSL_ERROR_RX_RECORD_TOO_LONG error,
so I used port 443 as in the example and apparently that works.

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

At this point of the installation process you would browse to your domain and follow the friendica setup from within your browser.

Also, there are still missing the email setup and the worker setup, details that will be addressed later in this post.

Even if you don't have a proper email setting setup, friendica will provide you the logging credentials with a pop up box.

As in this case the idea is to migrate an existing friendica instance to a new VPS hosting provider, first of all let's have a look at the information in the friendica help for migrating. You'll find it in every friendica instance at /help/Migrate:

squeet.me/help/Migrate

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
Resuming instalation and migration process after migrating the old DB and the storage folder of the file system to the new instalation.
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Eventually the old local.config.php file has to be adapted to the new server.

local.config.php<?php
// Local configuration
// If you're unsure about what any of the config keys below do, please check the static/defaults.config.php for detailed
// documentation of their data type and behavior.
return [
'database' => [
'hostname' => 'subdomain.oldhosting.com:3306',
'hostname' => 'yourfriendicadomain.com',
'username' => 'friendicadb',
'password' => 'changedPassword',
'database' => 'friendicadb',
'charset' => 'utf8mb4',
],
// ****************************************************************
// The configuration below will be overruled by the admin panel.
// Changes made below will only have an effect if the database does
// not contain any configuration for the friendica system.
// ****************************************************************
'config' => [
'php_path' => '/usr/bin/php',
'admin_email' => 'youradmin@email.com',
'sitename' => 'Friendica Social Network',
'register_policy' => \Friendica\Module\Register::CLOSED,(or OPEN)
'max_import_size' => 200000,
],
'system' => [
'url' => 'https://yourfriendicadomain.com',
'basepath' => '/apps/friendica',
'basepath' => '/var/www/html',
'default_timezone' => 'AnyTime/AnyWhere',
'language' => 'en',
],
];

Upload the modified local.config.phpThis is done not being logged into the remote VPS.
The example supposes that the file to upload is located in the folder you are currently in.
scp -i ~/.ssh/id_rsa.pub local.config.php USER@SERVER:/var/www/html/config/local.config.php
Uploading with PuTTy private .pem key which also is located in the folder you are currently in:
scp -i privkey.pem local.config.php USER@SERVER:/var/www/html/config/local.config.php
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

At this point all changes to be able to switch from the old to the new server should be done.


  • DB merged
  • file storage merged
  • local.config.php merged


To set old server into maintenance mode enter via SSH and browse to your friendica installation:
rootname@oldserver:/friendicarootdir/~# bin/console maintenance 1

Check that the server is set to maintenance by browsing to your domain on the web:
Image of maintenance mode

Go to your name server provider and change the IP to the new server.

Complete certbot HTTPS instalationNow it's time to go back to the certbot installation and complete those steps. Be aware that you have to wait for the IP setting change for your domain to come into effect. This might take some time, depending on your service provider and the settings you might be able to influence, apparently eventually up to a day. In my case it was about half an hour.
In this case, as the certbot installation was completed but abandoned as the old server was still running, the only thing I had to do was the following:

Run the following command over SSH:
root@ubuntu:~# sudo certbot --apache

certbot wrote:

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):

yourdomainname.com

certbot outputRequesting a certificate for yourdomainname.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomainname.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomainname.com/privkey.pem
This certificate expires on XXXX-XX-XX.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for yourdomainname.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on yourdomainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: letsencrypt.org/donate
* Donating to EFF: eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rootname@ubuntu:~

If you want to check the installed certs on your server you can do this by typing:
rootname@ubuntu:~#certbot

certbot outputSaving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yourdomainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): C!!!
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.
Ask for help or search for solutions at community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
rootname@ubuntu:~#

If everything went well now your new server should be up and running.

spoilerAlert: I get a blank page.
😮


Install Certbot and Setting up HTTPS:
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --apache


1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Last step:
Updating the local.config.php file and uploading it to the new server.
This will activate the new VPS server of your friendica node!

Allocate local.config.php in the PuTTy privkey.pem folder: /home/user/.VPShosting

user@localPC:~/.VPShosting$ nano local.config.php

Adapt local.config.php for the new VPS server setting:

local.config.php
<?php
// Local configuration
// If you're unsure about what any of the config keys below do, please check the static/defaults.config.php for detailed
// documentation of their data type and behavior.
return [
	'database' => [
		[s]'hostname' => 'subdomain.oldhosting.com:3306',[/s]
		'hostname' => 'yourfriendicadomain.com', <-- THIS WAS WRONG!!
		'hostname' => 'localhost',
		'username' => 'friendicadb',
		'password' => '[b]changedPassword[/b]',
		'database' => 'friendicadb',
		'charset' => 'utf8mb4',
	],
	// ****************************************************************
	// The configuration below will be overruled by the admin panel.
	// Changes made below will only have an effect if the database does
	// not contain any configuration for the friendica system.
	// ****************************************************************
	'config' => [
		'php_path' => '/usr/bin/php',
		'admin_email' => 'youradmin@email.com',
		'sitename' => 'Friendica Social Network',
		'register_policy' => \Friendica\Module\Register::CLOSED,(or OPEN)
		'max_import_size' => 200000,
	],
	'system' => [
		'url' => 'https://yourfriendicadomain.com',
		[s]'basepath' => '/apps/friendica',[/s]
		'basepath' => '/var/www/html',
		'default_timezone' => 'AnyTime/AnyWhere',
		'language' => 'en',
	],
];

Upload the modified local.config.phpThis is done not being logged into the remote VPS.
The example supposes that the file to upload is located in the folder you are currently in.
user@localPC:~/.VPShosting$ scp -i ~/.ssh/id_rsa.pub local.config.php USER@SERVER:/var/www/html/config/local.config.php

Uploading with PuTTy private .pem key:
user@localPC:~/.VPShosting$ scp -i privkey.pem local.config.php USER@SERVER:/var/www/html/config/local.config.php

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Setting up php mailIn the case of a server migration we already attended/solved the phpmailer file in a previous step. The following is the standard procedure for a new friendica installation or if you change on the new server to phpmailer. Right now it is no use anymore to setup an own email program on the ubuntu server. The mayor email provider like gmail wont accept those emails send by your server so the best you can do is setup the phpmailer addon that comes in the friendica addon folder.
Check the settings for your email access with your email provider and add that information at /var/www/html/addons/phpmailer.config.php to the file.
Move that file to the config folder of the friendica installation.

first move the phpmailer.config.php file to the friendica config folder:
rootname@VPShosting:~# mv /var/www/html/addon/phpmailer/config/phpmailer.config.php /var/www/html/config/phpmailer.config.php

edit the phpmailer configuration file already located in the friendica config folder:
rootname@VPShosting:~# nano /var/www/html/config/phpmailer/config/phpmailer.config.php

Original phpmail file
<?php
// Warning: Don't change this file! It only holds the default config values for this addon.
// Instead overwrite these config values in config/addon.config.php in your Friendica directory
return [
	'phpmailer' => [
		// smtp (Boolean)
		// Enables SMTP relaying for outbound emails
		'smtp' => false,
		// smtp_server (String)
		// SMTP server host name
		'smtp_server' => 'smtp.example.com',
		// smtp_port (Integer)
		// SMTP server port number
		'smtp_port' => 25,
		// smtp_secure (String)
		// What kind of encryption to use on the SMTP connection.
		// Options: '', 'ssl' or 'tls'.
		'smtp_secure' => '',
		// smtp_port_s (Integer)
		// Secure SMTP server port number
		'smtp_port_s' => 465,
		// smtp_username (String)
		// SMTP server authentication user name
		// Empty string disables authentication
		'smtp_username' => '',
		// smtp_password (String)
		// SMTP server authentication password
		// Empty string disables authentication
		'smtp_password' => '',
		// smtp_from (String)
		// From address used when using the SMTP server
		// Example: no-reply@example.com
		'smtp_from' => '',
	],
];

Example phpmail file
You should change the password for the email you use!
<?php
// Warning: Don't change this file! It only holds the default config values for this addon.
// Instead, copy this file to config/phpmailer.config.php in your Friendica directory and set the correct values there
return [
	'phpmailer' => [
		// smtp (Boolean)
		// Enables SMTP relaying for outbound emails
		'smtp' => true,
		// smtp_server (String)
		// SMTP server host name
		'smtp_server' => 'mail.ProviderDomain.com',
		// smtp_port (Integer)
		// SMTP server port number
		'smtp_port' => 587,
		// smtp_secure (String)
		// What kind of encryption to use on the SMTP connection.
		// Options: '', 'ssl' or 'tls'.
		'smtp_secure' => 'tls',
		// smtp_port_s (Integer)
		// Secure SMTP server port number
		'smtp_port_s' => 465,
		// smtp_username (String)
		// SMTP server authentication user name
		// Empty string disables authentication
		'smtp_username' => 'admin@yourFriendicaDomain.com',
		// smtp_password (String)
		// SMTP server authentication password
		// Empty string disables authentication
		'smtp_password' => 'CHANGED-EmailPassword',
		// smtp_from (String)
		// From address used when using the SMTP server
		// Example: no-reply@example.com
		'smtp_from' => 'admin@yourFriendicaDomain.com',
	],
];
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

creating a single backup of the MySQL Database with mysqldumpdigitalocean.com/community/tut…
The MySQLfile will be created in the folder you are in when performing the command.

creat a copy of the MySQL DB
rootname@VPShosting:~# mysqldump -u username -p database_to_backup > backup_name.sql

installing an auto backup process of the MySQL database that runs once a day | automysqlbackupdev.to/xarala221/how-to-backup…
The program installs a cron script with automysqlbackup that runs every day. The backup file will be replaced every day. You should tweak these settings in a way that you will be comfortable if something happens.Have in mind that if something gets screwed up you will only have "one day" to realize that a problem exists and at least make a copy of the DB. There for consider to perform also weekly and monthly backups, depending on your routines and needs.

install automysqlbackup
rootname@VPShosting:~# sudo apt-get install automysqlbackup
rootname@VPShosting:~# sudo automysqlbackup


listing automysqlbackup folders
rootname@VPShosting:~# cd /var/lib/automysqlbackup
rootname@VPShosting:~# /var/lib/automysqlbackup# ls
daily monthly weekly

listing daily backed up files:
rootname@VPShosting:~# ls -R /var/lib/automysqlbackup/daily

to have a look at automysqlbackup, as is there is no tweaking neccesary:
rootname@VPShosting:~# nano /etc/default/automysqlbackup

automysqlbackup configuracion file# By default, the Debian version of automysqlbackup will use:
# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Second installation intent

Resuming installation from previous point.

Browsing to the web site
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.

Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???


testing a clean reinstall from hereAs I ran into trouble and am getting a blank page I just decided to try a clean pull from github of the stable branch and go on with the rest of the installation process to see what happens.

rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html


1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Result of checking changes applied after getting blank page in the first installation attempt:

There was an error message in the apache status message, there for the following files were edited to change the server name from ubuntu to yourdomain.com.

changes verified as correct /etc/hosts and hostnamerootname@VPShosting:/var/www/html# nano /etc/hosts
127.0.1.1 yourdomain.com yourdomain
127.0.0.1 localhost

rootname@VPShosting:/var/www/html# nano /etc/hostname
yourdomain.com

changes verified as unnecessaryrootname@VPShosting:/var/www/html# nano /etc/apache2/sites-available/000-default-le-ssl.conf
#ServerName www.example.com
ServerName yourdomain.com

The change from port 80 to port 443 was important, other wise the web page displays an error message not being able to verify the SSL cert.
Código de error: SSL_ERROR_RX_RECORD_TOO_LONG
000-default-le-ssl.conf actually contains ServerName yourdomain.com already at the bottom of the page.
-
rootname@VPShosting:/var/www/html# nano /etc/apache2/sites-available/000-default.conf
#ServerName www.example.com
ServerName yourdomain.com


status checks and verification to test web page displayrootname@VPShosting:/var/www/html# ufw status
rootname@VPShosting:/var/www/html# systemctl status fail2ban
rootname@VPShosting:/var/www/html# nano php.error.log
rootname@VPShosting:/var/www/html# systemctl restart apache2
rootname@VPShosting:/var/www/html# systemctl status apache2
rootname@VPShosting:/var/www/html# reboot
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Access over sFTP:

me in a previous post wrote:

https://squeet.me/display/962c3e10-2165-2dbe-eb37-5f6322325636
"My access is over SSH with puTTy[/url] created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?"

Raroun wrote:

sFTP should work out of the box with any Application that supports private key authorization - like scp or FileZilla.

I never managed to make fileZilla work with the puTTy keys.
🙁

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Access over sFTP:

My access is over SSH with puTTy created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?

Raroun wrote:

sFTP should work out of the box with any Application that supports private key authorization - like scp or FileZilla.


update on this specific request of mine:

In the end I managed to get my hands on a ubuntu 22.04.02LTS.

I used the refereed tutorial by @Hank G ☑️ to set it up:
nequalsonelifestyle.com/2022/0…

Now it's a ubuntu 22.04.03LTS

I just ran thru the instructions and executed them and apparently everything worked fine and friendica 2023.05 (stable) is awaiting installation.

The difference in my case is that the idea is to move a (new) friendica instance (2023.05) I created in a BETA testing by a hoster that abandoned his intent to offer hosting for friendica to this new hosting.

The difference in the installation process as described by HankG as of now was that I couldn't setup completely the certbot part as the actual domain (tupambae.org) is running right now with that other hosting provider.

letsencrypt wrote:

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.

I just did the whole installation process being simply connected with the IP over SSH.

I skipped the part:

CREATE DATABASE friendicadb;
CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
FLUSH PRIVILEGES;
EXIT;

The part:
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
created an empty file as the certbot instalation wasn't completed fully.
I created that file using the example given in the tutorial, adding the domain name that will be used.

What I wonder now:
How do I upload the DB I will have to grab from the old provider and upload to the new setup?
How do I change the password for the DB?
Is there a way to also change the name of the existing DB?

My access is over SSH with puTTy created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?


1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

There are two ways to add your keys to #FileZilla.

You can add your keys inside the "Site Manager":

Go to:
File -> Site manager ..

Screen of FileZilla showing where to find the option

Protocol:
In the settings panel for a given site select sFTP:
Screen of FileZilla showing where to find the option

Add domain IP or domain name:
Screen of FileZilla showing where to find the option

Logon Type:
Select "Key File"
Screen of FileZilla showing where to find the option

Add the user name to log onto the server:
Screen of FileZilla showing where to find the option

Browse for the .ppk you want to add and select it:
FileZilla offers you also to add .pem (privkey.pem) files, that's the #puTTy option for a file containing only the extracted private key of keyfile.ppk. At the same time FileZilla doesn't read/accept .pem files so it will prompt you to transform it into a .ppk file. If your .ppk is protected by a password (it should be), you get prompted to insert the password.
It is not clear if the newly created .ppk file from the .pem file by FileZilla is protected with the same password. It doesn't feel like that.
Screen of fileZilla showing where to find the option Screen of fileZilla showing where to find the option

Save the changes and connect to your server.


The other option to add your key to FileZilla is by adding it directly to the main settings.

Go to:
Edit-> Settings ..

Screen of FileZilla showing where to find the option

Choose SFTP and select the "Add key file" tab:
Screen of FileZilla showing where to find the option

Add the key file and save.
If you use the input fields and quick connect options of the main FileZilla window, the keys saved in settings will be retrieved.

#linux #windows #howTo #fediVerse

1
Simon John mastodon (AP)
does FileZilla still store all your credentials in plaintext?
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

@Simon John

Actually as of now I couldn't make it work because of problems with the user name login. When you add a .ppk that has password protection it doesn't ask for the password while adding the key(-location) so I guess it will ask you for the password every time you log onto your server.

I guess it lacks an encryption of the .ppk with a password when you read the privkey out of a .pem file but at the same time assumes that you password protect your fileZilla setup with the password options it ships.

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Re-reading your question it looks to me that I didn't answer (get) your question @Simon John.

If you refer to user name, and hosting data I guess the answer is yes, it looks like plain text from the front end.
The password apparently at least can be protected by a general password manager.

Has there been general questioning of #FileZilla's safety?
Is there some recommendation for linux desktops?

#linux #fedihelp #safety

1
Simon John mastodon (AP)
I'm pretty surprised to see anyone using FileZilla on Linux (same goes for putty). Although I'm not sure what graphical alternatives there are other than gftp, I tend to just use ssh+scp
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

@Simon John

security.stackexchange.com wrote:

Regarding the issue mentioned by Adi about passwords being stored in plain text, it's good to know that since version 3.26.0-rc1 (2017-05-25), FileZilla has support for encrypted passwords protected by a master password. Hence, there is no reason to say that FileZilla is less secure than other FTP clients.
security.stackexchange.com/que…
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

DB migration from the old hosting to the newly created friendica instalation:

How do I upload the DB I will have to grab from the old provider and upload to the new setup?
How do I change the password for the DB?
Is there a way to also change the name of the existing DB?

Raroun wrote:

You can export your DB - depending on the old provider you do a full export (with mysql tables) or only a "friendica db backup".
If you only have a friendica DB backup you have to create a new mysql user and a new password.
if you have a full backup, you can change the password of your db user - which is your db-password 😀
1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Some standard reference for mysql:

4.2.4 Connecting to the MySQL Server Using Command Options
dev.mysql.com/doc/refman/8.0/e…

4.2.5 Connecting to the Server Using URI-Like Strings or Key-Value Pairs
dev.mysql.com/doc/refman/8.0/e…

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)
How do I upload the DB I will have to grab from the old provider and upload to the new setup?


Importing a MySQL database
To import a MySQL database, use the mysql command. Here is the full command:
mysql -uUSERNAME -p DATABASE < backup.sql
Again, you will be prompted for the password of your MySQL user.

1
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup friendica (via ActivityPub)

Raroun wrote:

You can export your DB - depending on the old provider you do a full export (with mysql tables) or only a "friendica db backup".

@Raroun
What do you mean by "only a friendica DB backup"?
First I thought of some option given inside the friendica admin panel but couldn't find anything related.
How would I get that normally?

The hosting provider gives me access to a "mysql DB site".
I went there and choose the standard rapid "export" option:
DBsite.com/index.php?route=/server/export

@Hank G ☑️
Is there a way (or https URL) to get the phpMyAdmin page on these standard Ubuntu server setups instead of the simple ssh access?
Do I need to install something more?

1
Nanook friendica
@…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup The way I did it was:
oldserver:
mysqldump friendica > friendica.sql
newserver:
mysql> source friendica.sql
1
Nanook friendica
I would HIGHLY recommend AGAINST an OS that is already 2-years past end of life, go with something modern, Ubuntu 22.04, Debian Bookworm, etc.
1 1

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.