Ver. 05 | install and/or move friendica to ubuntu 22.04 LTS VPS server
EDIT - information
This tutorial is supposed to be published by the tutorial profile of this server.It is designed to have several chapters, each being distinctively seperated by an own titel. In total as of now there are like besides this introduction like 6 chapters.
posting and edition time of and by this EDIT profileof ver05 as of now 1hs
mastodon review contact: @mʕ•ﻌ•ʔm bitPickup
Categories:
@helpers@forum.friendi.ca
SPOILER - click to open/close || Introduction
This tutorial is an adaption of the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️ based on the experience of the installation report by @…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup:https://squeet.me/display/962c3e10-5765-2e86-4a15-589579746174
and specific help by @Raroun.
Server specs and friendica version used:
VPS server | Ubuntu 22.04 LTS
PHP Version 8.1.2-1ubuntu2.14
4 Core CPU, 8 GB Ram with 300GB NVME Disk
Friendica [STABLE] | 'Giant Rhubarb' 2023.05 - 1518
SPOILER - click to open/close || Installation environment and HowTo
The only reasonable way to work with a VPSserver on the web is using the console.If you are not familiar with that don't worry, it is easy and the only thing you have to do is being able to copy/paste the commands displayed:
¡
Copy/paste only the codeBoxes like this one, located outside of the spoilers of this tutorial one after another without altering the sequence!Of course it is necessary to change the specific file names and passwords for you indiviual site, but that's all. promise!
On the console you wont be able to copy/paste with the keyboard ctrl-C/ctrl-V technique, you'll have to use the mouse "right click, chose option" technique.
This tutorial was created on a #debian #linux desktop environment.
There shouldn't be differences if you want to do this from a #windows machine.
The method used for communication between your local computer and the VPS server is called #SSH:
Wikipedia - Secure Shell:
"Cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers."
#linux #debian #ubuntu #friendica #fediVerse #fediTutorial #tutorial #fediHelp #fediTips #activityPub #HowTo #DIY #VPS #server #selfHosting
@admin@tupambae.org @tutorial@tupambae.org
friendica VPS setup on ubuntu 22.04 LTS
Hi,
I'm working on my first #friendica #VPS installation, here you'll find my initial post about general thoughts like what distro to use, size and costs.
I'm using the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️.As of now I'm doing well in the process and want to start this post to document differences and questions while installing the server.
This server is going to host an already existing friendica node I have to move from another hosting provider. That means that for example the DB doesn't have to be created from scratch but moved and other smaller details.
I will try to address the different steps of installation in answers to this post and appreciate help, ideas and observations.
I'm doing this from a #linux desktop environment from the console but there shouldn't be differences if you want to do this from a #windows machine.
#fediVerse #tutorial #fediHelp #activityPub
EDIT | don't follow!
•friendica installation
Categories: friendica,VPS,github
friendica installation on the VPS hosting
--
Up to this point we basically performed a standard LAMP installation on a ubuntu 22.04 LTS VPS hosting.
The following steps concern the actual friendica server installation.
creating the directory for friendica and the user www-data
creat directories and permission for user www-data
back ground information what-is-var-www-html?https://stackoverflow.com/questions/16197663/what-is-var-www-htm
rootname@VPShosting:~#
sudo chown -R www-data:www-data /var/wwwrootname@VPShosting:~#
cd /var/wwwcreating user www-data and changing from user rootname to www-data
rootname@VPShosting:~/var/www#
... show moresudo -u www-data bashwww-data
Categories: friendica,VPS,github
friendica installation on the VPS hosting
--
Up to this point we basically performed a standard LAMP installation on a ubuntu 22.04 LTS VPS hosting.
The following steps concern the actual friendica server installation.
creating the directory for friendica and the user www-data
creat directories and permission for user www-data
back ground information what-is-var-www-html?https://stackoverflow.com/questions/16197663/what-is-var-www-htm
rootname@VPShosting:~#
sudo chown -R www-data:www-data /var/wwwrootname@VPShosting:~#
cd /var/wwwcreating user www-data and changing from user rootname to www-data
rootname@VPShosting:~/var/www#
sudo -u www-data bashwww-data@VPShosting:~$
(confirmation check if this is where console changes to www-data@VPShosting:~#)
moving (deactivating) the old /html folder
www-data@VPShosting:~$
mv html html.bakThe new /html folder will be created when we clone the gitHub stable branch of friendica in the next step.
cloning friendica from the gitHub repository
www-data@VPShosting:~$
git clone https://github.com/friendica/friendica.git -b stable htmlconfigure PHP dependencies
www-data@VPShosting:~$
cd htmlwww-data@VPShosting:~/html$
bin/composer.phar install --no-dev(is this the point the SSL install went wrong?)
https://squeet.me/display/962c3e10-1265-2ea9-912d-3cc762780991
creating folder for page view renderings
www-data@VPShosting:~/html$
mkdir -p view/smarty3www-data@VPShosting:~/html$
chmod 775 view/smarty3cloning the addons github repository
www-data@VPShosting:~/html$
git clone https://github.com/friendica/friendica-addons.git -b stable addonactivating .htaccess
www-data@VPShosting:~/html$
cp .htaccess-dist .htaccessexiting user www-data
www-data@VPShosting:~/html$
exitrootname@VPShosting:~/var/www/html#
#debian #linux #friendica #fediVerse #fediTutorial
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-10-17 15:34:41
EDIT | don't follow!
•LAMP installation
Categories:LAMP, Linux, VPS
LAMP (Linux, Apache, MySQL, PHP)
L -> linuxA -> apache
M -> mysql - phpMyAdmin
P -> PHP, Perl, or Python programming language
https://en.wikipedia.org/wiki/LAMP_(software_bundle)
LAMP is an acronym denoting one of the most common software stacks for many of the web's most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.
Install the apache server
https://www.bitcatcha.com/blog/what-is-apache/"The Apache Server is an open-source, cross-platform web server application. In its essence, it allows users to deploy their websites on the internet for others to be able to access them."
--
The
-yin the following command is used to confirm automatically all options/questions that come up in the installationCategories:LAMP, Linux, VPS
LAMP (Linux, Apache, MySQL, PHP)
L -> linuxA -> apache
M -> mysql - phpMyAdmin
P -> PHP, Perl, or Python programming language
https://en.wikipedia.org/wiki/LAMP_(software_bundle)
LAMP is an acronym denoting one of the most common software stacks for many of the web's most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.
Install the apache server
https://www.bitcatcha.com/blog/what-is-apache/"The Apache Server is an open-source, cross-platform web server application. In its essence, it allows users to deploy their websites on the internet for others to be able to access them."
--
The
-yin the following command is used to confirm automatically all options/questions that come up in the installation process of the apache server.rootname@VPShosting:~$
sudo apt updaterootname@VPShosting:~$
sudo apt install apache2 -yInstall Certbot and Setting up HTTPS
The S in HTTPS stands for "secure transmission" meaning that the information that is transmitted between the web site and the user is encrypted. There for the data isn't readable for others while it is transmitted. You can observe that security detail in the web URL of any web site as it starts withhttps://.Certbot installs a standard SSL certificate provided by the Let's encrypt foundation with no charge. Nowadays this is a basic need on the internet and for the privacy of everyone. Even tho it is possible to run any web site as HTTP
http://and there for also a friendica node, nobody should do that and you should set all options of your friendica server to "HTTPS mandatory".rootname@VPShosting:~$
rootname@VPShosting:~$
sudo ln -s /snap/bin/certbot /usr/bin/certbotInstalling your SSL certificate
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#install-certbot-and-setting-up-https"You will be prompted for several options. The defaults should be fine for most but there are some things that will be specific to your instance. For the sake of explicitness:
* Enter the email address you want notifications from the Certbot team and that you are comfortable sharing with them and others.
* Select Yes once you’ve read the terms of service
* Select Yes if you want to get more general EFF emails (optional)
* Enter the domain name
yourFriendicaDomainName.comfor your friendica node. It is important to put the full accurate domain name in. This is what will be used for name matching when the certificate is issued and used.After you do those options you will get a series of prompts with statuses. When it is completed you should be able to navigate to the HTTPS version of your website. In fact if you intentionally try to go to the HTTP version of your website it should redirect to the HTTPS version instead. Try this out to be sure this step has been completed successfully."
rootname@VPShosting:~$
sudo certbot --apacheImportant information in the case of server migration -> installing your SSL certificate
rootname@VPShosting:~$sudo certbot --apacheFor this step in the installation process you do need to have your domain name URL already directed to the IP of your server. Other wise this installation step not only wont be able to finish the setup of the SSL certificate, you will run into problems when you try to setup your friendica instance. This is a particular complication when you want to migrate a live system. Your intention might be for the the old IP to remain as long as possible related to the domain name, even maybe try everything out before a definite migration.
The sugestion as of now would be to try execute this step just after the first gitHub pull and before:
There is still some testing needed to confirm the best moment of the SSL certificate installation step in the installation process or eventual work arounds for this tutorial.
Configuring the firewall
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#configuring-a-firewall"A firewall is an important security measure for your server to limit available surfaces that hackers can use. Firewalls can be configured either in your cloud provider or on the local server. Ubuntu Server by default ships with the UFW firewall software. For this tutorial we will configure the firewall locally. The main gist is that you should be only opening up the necessary ports for SSH, HTTP, and HTTPS."
rootname@VPShosting:~$
sudo ufw allow sshrootname@VPShosting:~$
sudo ufw allow httprootname@VPShosting:~$
sudo ufw allow httpsrootname@VPShosting:~$
sudo ufw enablerootname@VPShosting:~$
sudo ufw statusinstall and configure fail2ban
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#configure-fail2ban"Fail2Ban is another important tool for thwarting hackers. It basically detects if some computer is brute force attacking or excessively hitting your server and applies escalating blocks on that IP address."
rootname@VPShosting:~$
rootname@VPShosting:~$
sudo systemctl start fail2banrootname@VPShosting:~$
systemctl status fail2banrootname@VPShosting:~$
sudo rebootBecause of the
rebootyou will be logged out of your VPS server and will have to log on again to proceed with the installation."M" like MySQL/mariaDB and "P" like PHP of "LAMP" installation
DataBase and PHP-HypertextPreprocessor installation || See values inside this spoiler
Values for the prompts you get:Enter current password for root (enter for none): Just hit enter since you are configured to only allow logins with SSH keys for the root user.
Switch to unix_socket authentication: n
Change the root password?: n
Remove anonymous users? Y
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y[/list]
rootname@VPShosting:~$
sudo apt updaterootname@VPShosting:~$
rootname@VPShosting:~$
sudo mysql_secure_installationCreating the DB - data base
If you come to this point straight from the previous mariaDB setup you are already logged into mySQL. You will note this because instead of the print:rootname@VPShosting:~#in the console you will see:
MariaDB [(none)]>Other wise you will have to log into mariaDB first with the following command:
rootname@VPShosting:~#
mysql[spoiler=mariaDB welcome message:]Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 160000
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
CREATE DATABASE friendicadb;Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]>
CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]>
GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';MariaDB [(none)]>
FLUSH PRIVILEGES;Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]>
EXIT;Bye
rootname@VPShosting:~#
To log from the console into your DB use the following command:
rootname@VPShosting:~#
mysql friendicadbTo exit mariaDB:
MariaDB [friendicadb]>
Ctrl-C-- exit!Aborted
rootname@VPShosting:~#
How to change the DB password
rootname@VPShosting:~#mysql(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
USE friendicadbDatabase changed
MariaDB [friendicadb]>
ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';Query OK, 0 rows affected (0.001 sec)
MariaDB [friendicadb]>
FLUSH PRIVILEGES;Query OK, 0 rows affected (0.000 sec)
MariaDB [friendicadb]>
exitBye
rootname@VPShosting:~#
test changes:
rootname@VPShosting:~#
mysql -u friendica -pEnter password:
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)
creating a single backup of the MySQL Database with mysqldump
https://www.digitalocean.com/community/tutorials/how-to-backup-mysql-databases-on-an-ubuntu-vpsThe MySQL file will be created in the folder you are in when performing the command.
creat a single copy of a MySQL DB
rootname@VPShosting:~#
mysqldump -u username -p database_to_backup > backup_name.sqlinstall auto backup process of the MySQL/mariaDB database | automysqlbackup
https://dev.to/xarala221/how-to-backup-mysql-databases-on-ubuntu-vps-server-automatically-497cThe program installs a cron script with automysqlbackup that runs every day. The daily backup files will be named monday/tuesday/wednesday..and replaced when ever a new bachup is duefor the specific backup. The same goes for weekly and monthly backups. You should tweak these settings in a way that you will be comfortable if something happens. Have in mind that this can mount to an enormous amount of backup data so you might check out tweaks and work arounds to adjust to your server capabilities and monetary possibilities.
install automysqlbackup
rootname@VPShosting:~#
sudo apt-get install automysqlbackuprootname@VPShosting:~#
sudo automysqlbackupinformation into deep about automysqlbackup
listing automysqlbackup folders
rootname@VPShosting:~#
cd /var/lib/automysqlbackuprootname@VPShosting:~#
/var/lib/automysqlbackup# lsdaily monthly weekly
listing daily backed up files:
rootname@VPShosting:/var/lib/automysqlbackup#
ls -R /var/lib/automysqlbackup/dailyconsole print automysqlbackup - daily
/var/lib/automysqlbackup/daily:friendicaDB sys
/var/lib/automysqlbackup/daily/friendicaDB:
friendicaDB_2023-11-14_21h39m.Tuesday.sql.gz
friendicaDB_2023-11-15_06h25m.Wednesday.sql.gz
/var/lib/automysqlbackup/daily/sys:
sys_2023-11-14_21h39m.Tuesday.sql.gz
sys_2023-11-15_06h25m.Wednesday.sql.gz
rootname@VPShosting:/var/lib/automysqlbackup#
rootname@VPShosting:~#
nano /etc/default/automysqlbackupautomysqlbackup configuracion file
# By default, the Debian version of automysqlbackup will use:# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""
#debian #linux #friendica #fediVerse #fediTutorial