friendica VPS setup on ubuntu 22.04 LTS
Hi,
I'm working on my first #friendica #VPS installation, here you'll find my initial post about general thoughts like what distro to use, size and costs.
I'm using the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️.
As of now I'm doing well in the process and want to start this post to document differences and questions while installing the server.
This server is going to host an already existing friendica node I have to move from another hosting provider. That means that for example the DB doesn't have to be created from scratch but moved and other smaller details.
I will try to address the different steps of installation in answers to this post and appreciate help, ideas and observations.
I'm doing this from a #linux desktop environment from the console but there shouldn't be differences if you want to do this from a #windows machine.
#fediVerse #tutorial #fediHelp #activityPub
what VPS offer fits best for a small friendica instance?
@Friendica Support
@Friendica Admins
@Friendica DevelopersHi there,
in the end I want to try to setup my first own hosted friendica VPS on a small setup:
1gig RAM/1 Core/25gigThe idea is kinda single user instance with a few forum pages.
The hosting provider has the following options:
- debian bullsey - vpn server
- debian bookworm - wireguard server
- debian bookworm - bookworm 2023-07-03
- debian bookworm - bookworm 2023-07-03 LEMP (nginx+php8.2+mariaDB10.5)
- debian bookworm - nextcloud
- ubuntu 22.04.01LTS
- CENTOS8.1 - 2020-05-03
- cleanVPS to upload own ISO
I'm used to debian/devuan on PC, so am obviously inclined to go for debian but have no idea what version would be the best choice.In the first place the debian LEMP option looks like the way to go.
Latest experience with a new friendica installation seemed to be in need of PHP8.1 instead of PHP8.2.
Is it difficult to downgrade that?Also, I'm kinda worried about security in general, even tho the data exposed will only be my own, so there is no responsibility with others.
Are there more security risks than on a shared hosting with let's say a standard phpBB forum page?The idea would be to point the IP from my existing hosting provider to the VPS.
- Do we have some general "how to setup" for a VPS setting from scratch?
- Anyone interested in creating such a "how to" in a conversation with me here to have a refence or base to sum that up for the frindica wiki?
- Could it even be of interest to create a "friendica VPS-ISO installation" with the help of git.friendi.ca for example?
@TupambAdmin
@bitPickup mʕ•ﻌ•ʔm
Hank G ☑️
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•setting up puTTy to use RSA keys for communication via SSH:
debian linux:
sudo apt install putty-tools -y
If you want to use the puTTy window (same as in windows) you'll have to install also
sudo apt install putty
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Creating SSH log in keys:
debian linux
puttygen -t rsa -b 4096 -C "username@hostname" -o keyfile.ppk
Apparently the
""
signs in the user name part have to be used.You should use/create a password in the procedur of creating the keyfile.ppk, you'll be asked if you want to in the creation process.
It is unclear to me to what extent
username
andhostname
have to be specific somehow. Like to say, you normally would log in as the userroot
and hostname would normally most likely beyourDomainName
oryourServerIP
but I don't know if there for you should most likely need to useroot@00.000.00.000
/root@yourdomain
or could even usewtfWhyNot@anyNameOrNumber
Get the public key:
puttygen -L keyfile.ppk
The result will be something like:
ssh-rsa AAA..->..ztc username@hostname
Copy/paste the public key into some .txt file to have this at ha
... show moreCreating SSH log in keys:
debian linux
puttygen -t rsa -b 4096 -C "username@hostname" -o keyfile.ppk
Apparently the
""
signs in the user name part have to be used.You should use/create a password in the procedur of creating the keyfile.ppk, you'll be asked if you want to in the creation process.
It is unclear to me to what extent
username
andhostname
have to be specific somehow. Like to say, you normally would log in as the userroot
and hostname would normally most likely beyourDomainName
oryourServerIP
but I don't know if there for you should most likely need to useroot@00.000.00.000
/root@yourdomain
or could even usewtfWhyNot@anyNameOrNumber
Get the public key:
puttygen -L keyfile.ppk
The result will be something like:
ssh-rsa AAA..->..ztc username@hostname
Copy/paste the public key into some .txt file to have this at hand. Your hosting povider will have to locate this in your VPS setup or tell you how to upload it yourself.
Extract and separate the private key you'll need to log onto your server:
puttygen keyfile.ppk -O private-openssh -o privkey.pem
puTTy will create all those keys in the directory the console is in while executing the commands.
Log into your server:
ssh -i privkey.pem username@hostname
When ever you want to log into your server from console, you'll have to be in the folder where the privkey.pem is located.
For example, you might create a folder /hostingVPS in your /home folder and locate the privkey.pem there.
In that case to log onto your server the procedure would be:
open your console:
keyfile.ppk, privkey.pem and your public key are quite important so you should back them up savely.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•"It also assumes that the root username/password has been disabled for the server, which will be a relevant part when you get to the securing of the database section."
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•debian linux
general commands to execute before installation:
when ever you do a mayor pause in you installation procedure you might want to recheck:
sudo apt update
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Install unattended upgrades:
sudo apt install unattended-upgrades update-notifier-common -y
sudo systemctl status unattended-upgrades
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Edit unattended upgrade configuration:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
modify:
//Unattended-Upgrade::Automatic-Reboot "false";
You want to uncomment the line and set the value to true so it reads:
Unattended-Upgrade::Automatic-Reboot "true";
restart unattended upgrade service:
sudo systemctl restart unattended-upgrades
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•debian linux
sudo apt install apache2 -y
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Install Certbot and Setting up HTTPS:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•As of now I didn't provide a domain name on the new VPS installation.
certbot wrote
Account registered.Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): mydomain.com
Requesting a certificate for mydomain.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: unauthorized
Detail: 45.13.66.100: Invalid response from https://mydomain.com/.well-known/acme-challenge/_yk6hbK_Nt3rlhuRGNeIacRSQ6rxvO9fr9KLvjzlTR4: 503
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the li
As of now I didn't provide a domain name on the new VPS installation.
certbot wrote
Account registered.Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): mydomain.com
Requesting a certificate for mydomain.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: unauthorized
Detail: 45.13.66.100: Invalid response from https://mydomain.com/.well-known/acme-challenge/_yk6hbK_Nt3rlhuRGNeIacRSQ6rxvO9fr9KLvjzlTR4: 503
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Partical re-installation/redo of the following steps
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed Service unavailable.
Their for I'm going to redo the steps from the certbot installation to the gitpull
Partical re-installation/redo of the following steps
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed Service unavailable.
Their for I'm going to redo the steps from the certbot installation to the gitpull
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-11-08 04:05:20
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•This step derailed completely my intent to migrate the server.
It took me a lot of work and effort too find the problems I created by not following the instructions by the tutorial. The reason I couldn't follow the tutorial "as is" was because the old server was still up and running and I wanted to first make a "test install", check than if everything worked out as expected to finally migrate the node onto the new VPS hosting.
In the end I managed to do the migration and am working right now on re-editing this "tutorial / experience report" so it can serve as tutorial without losing the "live report" in the process of summing up this report.
At the same time I'm working on a final tutorial for server migration that will be published accordingly.
As it looks right now there are two options:
A)
... show moreYou simply follow hankG's tutorial and set the old server into maintenance mode once you reach the certbot step as you will need a working "redirect" for the new IP of your domain to be able to register the SSL certificate. You will have to leave your domain meanwh
This step derailed completely my intent to migrate the server.
It took me a lot of work and effort too find the problems I created by not following the instructions by the tutorial. The reason I couldn't follow the tutorial "as is" was because the old server was still up and running and I wanted to first make a "test install", check than if everything worked out as expected to finally migrate the node onto the new VPS hosting.
In the end I managed to do the migration and am working right now on re-editing this "tutorial / experience report" so it can serve as tutorial without losing the "live report" in the process of summing up this report.
At the same time I'm working on a final tutorial for server migration that will be published accordingly.
As it looks right now there are two options:
A)
You simply follow hankG's tutorial and set the old server into maintenance mode once you reach the certbot step as you will need a working "redirect" for the new IP of your domain to be able to register the SSL certificate. You will have to leave your domain meanwhile off line, using the hints in this report on downloading, uploading and so. If something goes wrong you will have the option to change the IP redirect of your domain to the old hosting and reactivate that server while you check out what went wrong on the new server.
B)
You find some work around by registering some subdomain or another domain with the certbot routine and certify that domain for your new server. Once everything else is working fine and you feel secure with what you are doing you redirect the IP of the domain you want to migrate, run the certbot routine for your new certificate for the new server and work on from there.
partially completed
The complete registry of the domain in this case wasn't possible in this step as the domain and friendica instance is still in use with another hosting provider.As of now I didn't provide a domain name on the new VPS installation because it was stillin use on the old server.
It is not recommendable to do this step at this point of the installation if you are not going to merge your friendica instance immediately. I ran into trouble and extra work because of this and will have to check out how to prevent them.
certbot wrote wrote:
Link to the completion of this step:
https://squeet.me/display/962c3e10-1365-49b7-2192-245155611485
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-11-07 04:03:45
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Partial re-installation/redo of the installation steps following from here
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed:
Service unavailable
https://squeet.me/display/962c3e10-2065-4b09-006e-df5321079646
There for I'm going to redo the steps from the certbot installation to the gitpull.
Update:
This attempt didn't solve the problem so I will perform another new git pull.
Partial re-installation/redo of the installation steps following from here
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed:
Service unavailable
https://squeet.me/display/962c3e10-2065-4b09-006e-df5321079646
There for I'm going to redo the steps from the certbot installation to the gitpull.
Update:
This attempt didn't solve the problem so I will perform another new git pull.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-11-08 04:05:20
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Configuring a firewall:
sudo ufw status
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Install and configure fail2ban:
systemctl status fail2ban
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•friendica installation:
sudo apt update
sudo mysql_secure_installation
Values for the prompts you get:
Just hit enter since you are configured to only allow logins with SSH keys for the root user.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Somehow I managed to mistype something here and got stuck.
The console gave me the following message:
Disallow root login remotely? [Y/n] ^C <- (some bad keystroke)
Aborting!
Cleaning up...
root@ubuntu:~#
So I just started again:
The following lines came up and after just redoing the same steps apparently everything went fine.
Click to open/close
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user wit
Somehow I managed to mistype something here and got stuck.
The console gave me the following message:
Disallow root login remotely? [Y/n] ^C <- (some bad keystroke)
Aborting!
Cleaning up...
root@ubuntu:~#
So I just started again:
The following lines came up and after just redoing the same steps apparently everything went fine.
Click to open/close
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
..
.. and so on..
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•resuming the step of creating a new DB:
sign in via ssh
rootname@ubuntu:~#
mysql
MariaDB [(none)]>
CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]>
CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]>
GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
MariaDB [(none)]>
FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]>
EXIT;
Bye
rootname@ubuntu:~#
To log into your DB:
mysql friendicadb
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•The creation of th DB apparently worked as expected.
The problem I now ran into is that I can't upload the backup sql DB I donwloaded from the old hosting.
I did this using the hints of the following stackoverflow description: importing-a-database-using-ssh but somehow this doesn't work.
I created a folder in my home directory for to log into the VPS via ssh where I placed the privkey.pem and the backupname.sql
This is the command sequence I execute:
cd hostingfolder
/hostingfolder
ssh -i privkey.pem root@00.000.00.000
Enter passphrase for key 'privkey.pem':
Welcome to Ubuntu ..
..
rootname@ubuntu:~#
mysql -u friendica@localhost -ppassword friendicadb < backupname.sql
The response by the server is:
-bash: backupname.sql: No such file or directory
I also tried:
... show morerootname@ubuntu:~#
mysql -u friendica -ppassword friendicadb < backupname.sql
The creation of th DB apparently worked as expected.
The problem I now ran into is that I can't upload the backup sql DB I donwloaded from the old hosting.
I did this using the hints of the following stackoverflow description: importing-a-database-using-ssh but somehow this doesn't work.
I created a folder in my home directory for to log into the VPS via ssh where I placed the privkey.pem and the backupname.sql
This is the command sequence I execute:
cd hostingfolder
/hostingfolder
ssh -i privkey.pem root@00.000.00.000
Enter passphrase for key 'privkey.pem':
Welcome to Ubuntu ..
..
rootname@ubuntu:~#
mysql -u friendica@localhost -ppassword friendicadb < backupname.sql
The response by the server is:
-bash: backupname.sql: No such file or directory
I also tried:
rootname@ubuntu:~#
mysql -u friendica -ppassword friendicadb < backupname.sql
with the same result
Of course the file backupname.sql does exist and is located in /hostingfolder
I also copied it to the folder /home/username/ just to make sure.
I searched the error message to and found:
https://stackoverflow.com/questions/42258074/remote-mysql-import-no-such-file-or-directory
so I tried:
mysql -u 'friendica'@'localhost' -ppassword friendicadb < '/home/username/hostingfolder/backupname.sql'
and
mysql -u tupambaeorg'@'localhost -pSnMAVMY4McXAKq tupambaeorgdb < "/home/bitpickup/hosting172_16_9_5.sql"
but that didn't do the trick either.
Any ideas?
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Preparing to move the DB
Changing the #storage backend to reduce DB size.
Admin panel:
/admin/storage
Administration - StorageCurrent Storage Backend: Database
Storage Configuration
Filesystem
Storage base path
:storageFolder where uploaded files are saved. For maximum security, This should be a path outside web server folder tree
Database
This backend doesn't have custom settings
Helpers-page information
/help/Settings#File+storage+backend
File uploadFile storage backend
Set the backend used by #Friendica to store uploaded file data. Two storage backends are available with Friendica:
Database : Data is stored in a dedicated table in
Preparing to move the DB
Changing the #storage backend to reduce DB size.
Admin panel:
/admin/storage
Administration - StorageCurrent Storage Backend: Database
Storage Configuration
Filesystem
Storage base path
:storageFolder where uploaded files are saved. For maximum security, This should be a path outside web server folder tree
Database
This backend doesn't have custom settings
Helpers-page information
/help/Settings#File+storage+backend
File uploadFile storage backend
Set the backend used by #Friendica to store uploaded file data. Two storage backends are available with Friendica:
Database : Data is stored in a dedicated table in database (storage)
Filesystem : Data is stored as file on the filesystem.
Default value is 'Database (legacy)': it's the legacy way used to store data directly in database.
Existing data can be moved to the current active backend using the 'storage move' console command
If selected backend has configurable options, new fields are shown here.
Filesystem: Storage base path
The base path where Filesystem storage backend saves data.
For maximum security, this path should be outside the folder tree served by the web server: this way files can't be downloaded bypassing the privacy checks.
Default value is storage, that is the storage folder in Friendica code root folder.
Maximum Image Size
Maximum size in bytes of uploaded images. The default is set to 0, which means no limits.
#fediVerse #fediHelp
Moving storage via SSH
bin/console help storage information
bin/console help storage
console storage - manage storage backend and stored data
Synopsis
bin/console storage [-h|--help|-?] [-v]
Show this help
bin/console storage list
List available storage backends
bin/console storage set <name>
Set current storage backend
name storage backend to use. see "list".
bin/console storage move[table][-n 5000]
Move stored data to current storage backend.
table one of "photo" or "attach". default to both
-n limit of processed entry batch size
¿correct?:
SSH -> commands to move storage
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Somehow this didn't work out.
I followed the instructions of the BETA testing hosting to move files and storage via SSH.
Console commands via SSH:
Click to open/close
[ssh01 apps]$ cd storage[ssh01 storage]$ cd ..
[ssh01 apps]$ bin/consolbin/console storage set Filesystem
-bash: bin/console: No such file or directory
[ssh01 apps]$ friendica/bin/console storage set Filesystem
[ssh01 apps]$ friendica/bin/console storage move
[2023-10-29 21:38:15] Moved 5000 files
[2023-10-29 21:38:48] Moved 3170 files
[2023-10-29 21:38:48] Moved 8170 files total
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
The friendica installation is located at /apps/friendica/.
There also exists /apps/storage/ in the directory tree.
Even tho the moving of the files was apparently completed, in the end an error message came up:
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
If
... show moreSomehow this didn't work out.
I followed the instructions of the BETA testing hosting to move files and storage via SSH.
Console commands via SSH:
Click to open/close
[ssh01 apps]$ cd storage[ssh01 storage]$ cd ..
[ssh01 apps]$ bin/consolbin/console storage set Filesystem
-bash: bin/console: No such file or directory
[ssh01 apps]$ friendica/bin/console storage set Filesystem
[ssh01 apps]$ friendica/bin/console storage move
[2023-10-29 21:38:15] Moved 5000 files
[2023-10-29 21:38:48] Moved 3170 files
[2023-10-29 21:38:48] Moved 8170 files total
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
The friendica installation is located at /apps/friendica/.
There also exists /apps/storage/ in the directory tree.
Even tho the moving of the files was apparently completed, in the end an error message came up:
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
If I try now to execute the commands again I don't get the "moved files confirmation" but the same error message.
I'm not sure if I tried first to change the settings in the admin panel and than the SSH commands or not. I tried to "fidel" around with the settings in the admin panel changing storage to the database and to filesystem but the already uploaded images still don't show up as expected.
The database size of 0.5gig hasn't changed or decreased at all.
I changed the settings in all profiles with respect to post expiring so except own posts and stared posts everything else expires after one or two days. The only active profile is a sports forum profile that has about 450 images sized 0.2-0.3MB each (around 0.15gig).
All the images of the server show up as blured undefined images.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Preparing the storage file system for migration by compressing the storage folder.
tar.gz via SSH commands
https://www.siteground.com/tutorials/ssh/archives/To archive the entire folder foldername in an archive named archive-name.tar.gz in the current working directory:
tar -zcf archive-name.tar.gz foldername/
To extract a Tar.Gz file
tar -zxvf archive.tar.gz
zip via SSH
https://www.webhostface.com/kb/knowledgebase/ssh-zip-command/Archive entire directory using SSH zip command
zip -r /path/to/directory
Excluding files when archiving with Linux zip command
zip -r /path/to/directory -x fileToExclude # Excludes just a single file
zip -r /path/to/directory -x *.fileFormat # Exclude all files of the given file format
Unzipping with SSH
unzip zippedArchive.zip
... show moreIn case of problems because of the length of the process check out the commands:
Preparing the storage file system for migration by compressing the storage folder.
tar.gz via SSH commands
https://www.siteground.com/tutorials/ssh/archives/To archive the entire folder foldername in an archive named archive-name.tar.gz in the current working directory:
tar -zcf archive-name.tar.gz foldername/
To extract a Tar.Gz file
tar -zxvf archive.tar.gz
zip via SSH
https://www.webhostface.com/kb/knowledgebase/ssh-zip-command/Archive entire directory using SSH zip command
zip -r /path/to/directory
Excluding files when archiving with Linux zip command
zip -r /path/to/directory -x fileToExclude # Excludes just a single file
zip -r /path/to/directory -x *.fileFormat # Exclude all files of the given file format
Unzipping with SSH
unzip zippedArchive.zip
In case of problems because of the length of the process check out the commands:
nohub" and "&
https://serverfault.com/questions/1021292/simple-way-to-zip-large-files-through-ssh-commandsYour main problem, the timeouts, is fixed by using background and nohup.
Instead of executing:
zip -r backissue.zip Backissues/
you execute
nohup zip -r backissue.zip Backissues/ &
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Download and upload storage file system via SSH:
https://unix.stackexchange.com/questions/527870/gzip-compress-a-local-folder-and-extract-it-to-remote-server
download
scp username@remote.host:/path/to/file localfile
upload
scp localfile username@host:/path/remotefile
https://www.namecheap.com/support/knowledgebase/article.aspx/9571/89/how-to-download-a-file-via-ssh/
Uploading a file from a local computer to a remote one:
scp /path/to/local/file username@hostname:/path/to/remote/file
Downloading a file from a remote system to your computer:
scp username@hostname:/path/to/remote/file /path/to/local/file
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Migrating the the mysql/mariaDB export into the newly created DB.
Make sure that you are inside the folder that contains the DB dump you uploaded to the new VPS
mysql -u friendica -p<password> friendicadb < oldfriendicadbDUMP.sql
Problem I encountered
Error message:ERROR 1227 (42000) at line 278321: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation.
Apparently there are several ways to prevent this error.
You can prevent this by modifying while dumping the DB on the old server.
I only had browser to phpMyAdmin and couldn't figure out how to export without the privileges so I just executed the following command:
rootname@ubuntu:/var/www/html#
sed 's/\sDEFINER=`[^`]*`@`[^`]*`//g' -i oldfriendicadbDUMP.sql
With this modification apparently everything worked fine.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Lot's of trouble, uncertainty and doubt
Update:
.. while changing file storage from DB to filesystem and subsequent download. Testing and work arounds in part via SSH in part via FileZilla and ultimately downloading everything and merging storage folders together in on the PC solved the problems (I guess).
Somehow this didn't work out
I followed the instructions of the BETA testing hosting to move files and storage via SSH.change storage via SSH
[ssh01 apps]$ cd storage[ssh01 storage]$ cd ..
[ssh01 apps]$ bin/consolbin/console storage set Filesystem
-bash: bin/console: No such file or directory
[ssh01 apps]$ friendica/bin/console storage set Filesystem
[ssh01 apps]$ friendica/bin/console storage move
[2023-10-29 21:38:15] Moved 5000 files
[2023-10-29 21:38:48] Moved 3170 files
[2023-10-29 21:38:48] Moved 8170 files total
[Error] Friendica\Console\Storage::doExecute(): Return value must be of ty
Lot's of trouble, uncertainty and doubt
Update:
.. while changing file storage from DB to filesystem and subsequent download. Testing and work arounds in part via SSH in part via FileZilla and ultimately downloading everything and merging storage folders together in on the PC solved the problems (I guess).
Somehow this didn't work out
I followed the instructions of the BETA testing hosting to move files and storage via SSH.change storage via SSH
[ssh01 apps]$ cd storage[ssh01 storage]$ cd ..
[ssh01 apps]$ bin/consolbin/console storage set Filesystem
-bash: bin/console: No such file or directory
[ssh01 apps]$ friendica/bin/console storage set Filesystem
[ssh01 apps]$ friendica/bin/console storage move
[2023-10-29 21:38:15] Moved 5000 files
[2023-10-29 21:38:48] Moved 3170 files
[2023-10-29 21:38:48] Moved 8170 files total
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
Error description
The friendica installation is located at /apps/friendica/.There also exists /apps/storage/ in the directory tree.
Even tho the moving of the files was apparently completed, in the end an error message came up:
[Error] Friendica\Console\Storage::doExecute(): Return value must be of type int, null returned
If I try now to execute the commands again I don't get the "moved files confirmation" but the same error message.
I'm not sure if I tried first to change the settings in the admin panel and than the SSH commands or not. I tried to "fidel" around with the settings in the admin panel changing storage to the database and to filesystem but the already uploaded images still don't show up as expected.
The database size of 0.5gig hasn't changed or decreased at all.
I changed the settings in all profiles with respect to post expiring so except own posts and stared posts everything else expires after one or two days. The only active profile is a sports forum profile that has about 450 images sized 0.2-0.3MB each (around 0.15gig).
All the images of the server show up as blurred undefined images.
update on the situation
Checking the file system via ftp it turns out that there are two storage folders now:
878 files | 4.9 MB
/apps/friendica/storage
and
/apps/storage
Both folders contain files, the one inside the friendica folder structure apparently only images of avatars from other servers, the folder in the root structure /apps/storage contains the missing uploaded images:
avatar of some profile:
/apps/friendica/storage/02/1b
images that still show up blurred as it is a -1jpg.thumbnail:
/apps/storage/ff/00
Intent to solve:
Moving folders with fileZilla from /apps/storage to /apps/friendica/storage.
Some move, others don't.
status messages filezilla
Status: Renaming '/apps/storage/e0' to '/apps/friendica/storage/e0'Status: /apps/storage/e0 -> /apps/friendica/storage/e0
Status: Renaming '/apps/storage/e1' to '/apps/friendica/storage/e1'
Command: mv "e1" "/apps/friendica/storage/e1"
Error: mv /apps/storage/e1 /apps/friendica/storage/e1: received failure with description 'Failure'
Status: Renaming '/apps/storage/e2' to '/apps/friendica/storage/e2'
..
Using fileZilla the moving process gets stuck.
Using SSH to move or copy the files:
https://help.vernalweb.com/kb/move-copy-files-using-ssh/
copy:
cp -r /apps/storage /apps/friendica/storage
move:
mv -r /apps/storage /apps/friendica/storage
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•How to change change the DB password:
log onto your server via SSH
rootname@ubuntu:~#
mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
USE friendicadb
Database changed
MariaDB [friendicadb]>
ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)
MariaDB [friendicadb]>
FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [friendicadb]>
exit
Bye
test changes:
rootname@ubuntu:~#
mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•/help/Migrate#Cleaning+up wrote:
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•DB size: 0.294 GIG
information_schema 0.000198364258
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Trying to optimize D as recomended in the helpers page:
mysqloptimize -p friendica-db
Some how this doesn't work, phpMyAdmin doesn't accept
mysqloptimize
.…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•git clone https://github.com/friendica/friendica.git -b stable html
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•git clone https://github.com/friendica/friendica-addons.git -b stable addon
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•cp .htaccess-dist .htaccess
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•testing a clean reinstall from here
As I ran into trouble and am getting a blank page I just decided to try a clean pull from github of the stable branch and go on with the rest of the installation process to see what happens.rootname@VPShosting:/var/www#
mv html html_01.bak
rootname@VPShosting:/var/www#
git clone https://github.com/friendica/friendica.git -b stable html
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Second test of a clean friendica install from here
New intent, this time after executing all steps since the certbot step.
This is the second intent to fix the installation.
The first ended with the web page stating:
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.
from here a new git pull will be performed.
The apache tweaking steps are not necessary as they are located at /etc/.. and there for the moving html folder doesn't affect those files.
rootname@VPShosting:/var/www#
mv html html_01.bak
rootname@VPShosting:/var/www#
git clone https://github.com/friendica/friendica.git -b stable html
Second test of a clean friendica install from here
New intent, this time after executing all steps since the certbot step.
This is the second intent to fix the installation.
The first ended with the web page stating:
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.
from here a new git pull will be performed.
The apache tweaking steps are not necessary as they are located at /etc/.. and there for the moving html folder doesn't affect those files.
rootname@VPShosting:/var/www#
mv html html_01.bak
rootname@VPShosting:/var/www#
git clone https://github.com/friendica/friendica.git -b stable html
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-11-08 17:16:40
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•¡Update - solved!
The tutorial by @Hank G ☑️ states that:
Tutorial wrote:
I missed that importa
... show more¡Update - solved!
The tutorial by @Hank G ☑️ states that:
Tutorial wrote:
I missed that important detail and didn't changed to the user
www-data
so the new git pulls didn't work as expected.Switching to user
www-data
and than performing the steps of git pull and adjustments to the friendica installation apparently everything worked out:rootname@VPShosting:/var/www#
cd /var/www
rootname@VPShosting:/var/www#
-u www-data bash
www-data@VPShosting:~$
ls -l
ls -l information
drwxr-xr-x 2 www-data www-data 4096 Oct 16 21:05 html.bakdrwxrwxr-x 21 www-data www-data 4096 Nov 8 03:13 html_01.bak
drwxr-xr-x 20 root root 4096 Nov 8 05:05 html_02.bak
drwxr-xr-x 20 root root 4096 Nov 8 20:08 html_03.bak
www-data@VPShosting:~$
mv html html.bak
www-data@VPShosting:~$
www-data@VPShosting:~/html$
bin/composer.phar install --no-dev
www-data@VPShosting:~/html$
mkdir -p view/smarty3
www-data@VPShosting:~/html$
chmod 775 view/smarty3
www-data@VPShosting:~/html$
git clone https://github.com/friendica/friendica-addons.git -b stable addon
www-data@VPShosting:~/html$
cp .htaccess-dist .htaccess
www-data@VPShosting:~/html$
exit
rootname@VPShosting:/var/www#
Browsing now to the web page the friendica installation verification screen is visible.
😀
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Tweaking Apache configuration to allow overrides so dynamic pages can built correctly:
This step comes after "Activating" .htaccess in the tutorial.
This step didn't work out as described as the let's encrypt certbot step wasn't completed fully as it should.
Editing 000-default-le-ssl.conf:
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
The file 000-default-le-ssl.conf didn't exist so nano created it as a blank file.
... show moreI copy/pasted the text from the tutorial as it should be displayed "at the time of it's writing".
Tweaking Apache configuration to allow overrides so dynamic pages can built correctly:
This step comes after "Activating" .htaccess in the tutorial.
This step didn't work out as described as the let's encrypt certbot step wasn't completed fully as it should.
Editing 000-default-le-ssl.conf:
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
The file 000-default-le-ssl.conf didn't exist so nano created it as a blank file.
I copy/pasted the text from the tutorial as it should be displayed "at the time of it's writing".
As the certbot step will have to be executed later on again, we'll have to see if the fact that this file will exist creates some "trouble" in the installation process.
A recheck of this file after executing the certbot again will be necessary.
@Hank G ☑️
When the idea is to prepare a VPS-migration of an existing friendica node, should the certbot step and the edit of this file be executed in a different moment (later on) in the installation process?
This part of the installation process took me like another hour.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-10-17 15:46:49
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•tweaking basic apache settings:
sudo nano /etc/php/8.1/apache2/php.ini
search for the following lines [ctrl+w] and modify the values:
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•¡Houston!
@Hank G ☑️ @Friendica Support
I completed all the steps of the tutorial and added what I supposed was necessary to move an existing friendica server to a new VPS but when I browse to the domain I get a blank page. The file /VERSION is displayed correctly.
To check if the basic installation as described in the the tutorial would be working I renamed and moved all specific details of the merging intend like local.config.php and the storage folder but I still get a blank page instead of the friendica communications server setup page.
The only error I can find is the following, any ideas or hints how to solve this?
... show more
¡Houston!
@Hank G ☑️ @Friendica Support
I completed all the steps of the tutorial and added what I supposed was necessary to move an existing friendica server to a new VPS but when I browse to the domain I get a blank page. The file /VERSION is displayed correctly.
To check if the basic installation as described in the the tutorial would be working I renamed and moved all specific details of the merging intend like local.config.php and the storage folder but I still get a blank page instead of the friendica communications server setup page.
The only error I can find is the following, any ideas or hints how to solve this?
Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1
systemctl status apache2
● apache2.service - The Apache HTTP ServerLoaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-11-07 07:02:00 UTC; 14s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 48187 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 48191 (apache2)
Tasks: 6 (limit: 9436)
Memory: 23.3M
CPU: 111ms
CGroup: /system.slice/apache2.service
├─48191 /usr/sbin/apache2 -k start
├─48192 /usr/sbin/apache2 -k start
├─48193 /usr/sbin/apache2 -k start
├─48194 /usr/sbin/apache2 -k start
├─48195 /usr/sbin/apache2 -k start
└─48196 /usr/sbin/apache2 -k start
Nov 07 07:02:00 ubuntu systemd[1]: Starting The Apache HTTP Server...
Nov 07 07:02:00 ubuntu apachectl[48190]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message>
Nov 07 07:02:00 ubuntu systemd[1]: Started The Apache HTTP Server.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•@Hank G ☑️
solved the "Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1" problem by editing:
sudo nano /etc/hosts
and
sudo nano /etc/hostname
replacing
ubuntu
with
yourfriendicadomain.com
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•To check eventual php errors:
rootname@ubuntu:~#
sudo nano /etc/php/8.1/apache2/php.ini
ctrl+W -> log_errors
log_errors = On
; Default Value: Off
; Development Value: On
; Production Value: On
ctrl+W -> error_log
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; https://php.net/error-log
; Example:
error_log = /var/www/html/php.error.log
; Log errors to syslog (Event Log on Windows).
; error_log = syslog
rootname@ubuntu:~#
touch php.error.log
rootname@ubuntu:~#
reboot
refreshing domain page several times
rootname@ubuntu:~#
nano /var/www/html/php.error.log
No results printed at all in php.error.log
🤨
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•000-default.conf
<VirtualHost *:80># The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
000-default.conf
<VirtualHost *:80># The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =yourfriendicadomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Checking 000-default-le-ssl.conf after successful completion of the certbot HTTPS routine:
Certbot entered more lines in the already existing file that was created by scratch when executing
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
creating a complete mess.
It created kinda a double entry and also added
<VirtualHost *:80>
I started testing and comparing and ended up with the following file:
000-default-le-ssl.conf
<IfModule mod_ssl.c><VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort
Checking 000-default-le-ssl.conf after successful completion of the certbot HTTPS routine:
Certbot entered more lines in the already existing file that was created by scratch when executing
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
creating a complete mess.
It created kinda a double entry and also added
<VirtualHost *:80>
I started testing and comparing and ended up with the following file:
000-default-le-ssl.conf
<IfModule mod_ssl.c><VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName yourdomainname.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/yourdomainname.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomainname.com/privkey.pem
</VirtualHost>
</IfModule>
With
<VirtualHost *:80>
firefox gives a:SSL_ERROR_RX_RECORD_TOO_LONG error,
so I used port 443 as in the example and apparently that works.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•At this point of the installation process you would browse to your domain and follow the friendica setup from within your browser.
Also, there are still missing the email setup and the worker setup, details that will be addressed later in this post.
Even if you don't have a proper email setting setup, friendica will provide you the logging credentials with a pop up box.
As in this case the idea is to migrate an existing friendica instance to a new VPS hosting provider, first of all let's have a look at the information in the friendica help for migrating. You'll find it in every friendica instance at /help/Migrate:
https://squeet.me/help/Migrate
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Eventually the old local.config.php file has to be adapted to the new server.
local.config.php
<?php// Local configuration
// If you're unsure about what any of the config keys below do, please check the static/defaults.config.php for detailed
// documentation of their data type and behavior.
return [
'database' => [
'hostname' => 'subdomain.oldhosting.com:3306','hostname' => 'yourfriendicadomain.com',
'username' => 'friendicadb',
'password' => 'changedPassword',
'database' => 'friendicadb',
'charset' => 'utf8mb4',
],
// ****************************************************************
// The configuration below will be overruled by the admin panel.
// Changes made below will only have an effect if the database does
// not contain any configuration for the friendica system.
// ****************************************************************
'config' => [
'php_path' => '/usr/bin/php',
'admin_emai
Eventually the old local.config.php file has to be adapted to the new server.
local.config.php
<?php// Local configuration
// If you're unsure about what any of the config keys below do, please check the static/defaults.config.php for detailed
// documentation of their data type and behavior.
return [
'database' => [
'hostname' => 'subdomain.oldhosting.com:3306','hostname' => 'yourfriendicadomain.com',
'username' => 'friendicadb',
'password' => 'changedPassword',
'database' => 'friendicadb',
'charset' => 'utf8mb4',
],
// ****************************************************************
// The configuration below will be overruled by the admin panel.
// Changes made below will only have an effect if the database does
// not contain any configuration for the friendica system.
// ****************************************************************
'config' => [
'php_path' => '/usr/bin/php',
'admin_email' => 'youradmin@email.com',
'sitename' => 'Friendica Social Network',
'register_policy' => \Friendica\Module\Register::CLOSED,(or OPEN)
'max_import_size' => 200000,
],
'system' => [
'url' => 'https://yourfriendicadomain.com',
'basepath' => '/apps/friendica','basepath' => '/var/www/html',
'default_timezone' => 'AnyTime/AnyWhere',
'language' => 'en',
],
];
Upload the modified local.config.php
This is done not being logged into the remote VPS.The example supposes that the file to upload is located in the folder you are currently in.
scp -i ~/.ssh/id_rsa.pub local.config.php USER@SERVER:/var/www/html/config/local.config.php
Uploading with PuTTy private .pem key which also is located in the folder you are currently in:
scp -i privkey.pem local.config.php USER@SERVER:/var/www/html/config/local.config.php
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•At this point all changes to be able to switch from the old to the new server should be done.
To set old server into maintenance mode enter via SSH and browse to your friendica installation:
rootname@oldserver:/friendicarootdir/~#
bin/console maintenance 1
Check that the server is set to maintenance by browsing to your domain on the web:
Go to your name server provider and change the IP to the new server.
Complete certbot HTTPS instalation
Now it's time to go back to the certbot installation and complete those steps. Be aware that you have to wait for the IP setting change for your domain to come into effect. This might takeAt this point all changes to be able to switch from the old to the new server should be done.
To set old server into maintenance mode enter via SSH and browse to your friendica installation:
rootname@oldserver:/friendicarootdir/~#
bin/console maintenance 1
Check that the server is set to maintenance by browsing to your domain on the web:
Go to your name server provider and change the IP to the new server.
Complete certbot HTTPS instalation
Now it's time to go back to the certbot installation and complete those steps. Be aware that you have to wait for the IP setting change for your domain to come into effect. This might take some time, depending on your service provider and the settings you might be able to influence, apparently eventually up to a day. In my case it was about half an hour.In this case, as the certbot installation was completed but abandoned as the old server was still running, the only thing I had to do was the following:
Run the following command over SSH:
root@ubuntu:~#
sudo certbot --apache
certbot wrote:
yourdomainname.com
certbot output
Requesting a certificate for yourdomainname.comSuccessfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomainname.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomainname.com/privkey.pem
This certificate expires on XXXX-XX-XX.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for yourdomainname.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://yourdomainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rootname@ubuntu:~
If you want to check the installed certs on your server you can do this by typing:
rootname@ubuntu:~#
certbot
certbot output
Saving debug log to /var/log/letsencrypt/letsencrypt.logWhich names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yourdomainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): C!!!
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
rootname@ubuntu:~#
If everything went well now your new server should be up and running.
spoilerAlert: I get a blank page.
😮
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-10-17 15:00:13
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Last step:
Updating the local.config.php file and uploading it to the new server.
This will activate the new VPS server of your friendica node!
Allocate
local.config.php
in the PuTTy privkey.pem folder:/home/user/.VPShosting
user@localPC:~/.VPShosting$
nano local.config.php
Adapt local.config.php for the new VPS server setting:
local.config.php
Last step:
Updating the local.config.php file and uploading it to the new server.
This will activate the new VPS server of your friendica node!
Allocate
local.config.php
in the PuTTy privkey.pem folder:/home/user/.VPShosting
user@localPC:~/.VPShosting$
nano local.config.php
Adapt local.config.php for the new VPS server setting:
local.config.php
Upload the modified local.config.php
This is done not being logged into the remote VPS.The example supposes that the file to upload is located in the folder you are currently in.
user@localPC:~/.VPShosting$
scp -i ~/.ssh/id_rsa.pub local.config.php USER@SERVER:/var/www/html/config/local.config.php
Uploading with PuTTy private .pem key:
user@localPC:~/.VPShosting$
scp -i privkey.pem local.config.php USER@SERVER:/var/www/html/config/local.config.php
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Setting up php mail
In the case of a server migration we already attended/solved the phpmailer file in a previous step. The following is the standard procedure for a new friendica installation or if you change on the new server to phpmailer. Right now it is no use anymore to setup an own email program on the ubuntu server. The mayor email provider like gmail wont accept those emails send by your server so the best you can do is setup the phpmailer addon that comes in the friendica addon folder.Check the settings for your email access with your email provider and add that information at /var/www/html/addons/phpmailer.config.php to the file.
Move that file to the config folder of the friendica installation.
first move the phpmailer.config.php file to the friendica config folder:
rootname@VPShosting:~#
mv /var/www/html/addon/phpmailer/config/phpmailer.config.php /var/www/html/config/phpmailer.config.php
edit the phpmailer configuration file already located in the friendic
... show moreSetting up php mail
In the case of a server migration we already attended/solved the phpmailer file in a previous step. The following is the standard procedure for a new friendica installation or if you change on the new server to phpmailer. Right now it is no use anymore to setup an own email program on the ubuntu server. The mayor email provider like gmail wont accept those emails send by your server so the best you can do is setup the phpmailer addon that comes in the friendica addon folder.Check the settings for your email access with your email provider and add that information at /var/www/html/addons/phpmailer.config.php to the file.
Move that file to the config folder of the friendica installation.
first move the phpmailer.config.php file to the friendica config folder:
rootname@VPShosting:~#
mv /var/www/html/addon/phpmailer/config/phpmailer.config.php /var/www/html/config/phpmailer.config.php
edit the phpmailer configuration file already located in the friendica config folder:
rootname@VPShosting:~#
nano /var/www/html/config/phpmailer/config/phpmailer.config.php
Original phpmail file
Example phpmail file
You should change the password for the email you use!
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•creating a single backup of the MySQL Database with mysqldump
https://www.digitalocean.com/community/tutorials/how-to-backup-mysql-databases-on-an-ubuntu-vpsThe MySQLfile will be created in the folder you are in when performing the command.
creat a copy of the MySQL DB
rootname@VPShosting:~#
mysqldump -u username -p database_to_backup > backup_name.sql
installing an auto backup process of the MySQL database that runs once a day | automysqlbackup
https://dev.to/xarala221/how-to-backup-mysql-databases-on-ubuntu-vps-server-automatically-497cThe program installs a cron script with automysqlbackup that runs every day. The backup file will be replaced every day. You should tweak these settings in a way that you will be comfortable if something happens.Have in mind that if something gets screwed up you will only have "one day" to realize that a problem exists and at least make a copy of the DB. There for consider to perform also weekly and
creating a single backup of the MySQL Database with mysqldump
https://www.digitalocean.com/community/tutorials/how-to-backup-mysql-databases-on-an-ubuntu-vpsThe MySQLfile will be created in the folder you are in when performing the command.
creat a copy of the MySQL DB
rootname@VPShosting:~#
mysqldump -u username -p database_to_backup > backup_name.sql
installing an auto backup process of the MySQL database that runs once a day | automysqlbackup
https://dev.to/xarala221/how-to-backup-mysql-databases-on-ubuntu-vps-server-automatically-497cThe program installs a cron script with automysqlbackup that runs every day. The backup file will be replaced every day. You should tweak these settings in a way that you will be comfortable if something happens.Have in mind that if something gets screwed up you will only have "one day" to realize that a problem exists and at least make a copy of the DB. There for consider to perform also weekly and monthly backups, depending on your routines and needs.
install automysqlbackup
rootname@VPShosting:~#
sudo apt-get install automysqlbackup
rootname@VPShosting:~#
sudo automysqlbackup
listing automysqlbackup folders
rootname@VPShosting:~#
cd /var/lib/automysqlbackup
rootname@VPShosting:~#
/var/lib/automysqlbackup# ls
daily monthly weekly
listing daily backed up files:
rootname@VPShosting:~#
ls -R /var/lib/automysqlbackup/daily
to have a look at automysqlbackup, as is there is no tweaking neccesary:
rootname@VPShosting:~#
nano /etc/default/automysqlbackup
automysqlbackup configuracion file
# By default, the Debian version of automysqlbackup will use:# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Second installation intent
Resuming installation from previous point.
Browsing to the web site
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.
Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-11-08 03:30:27
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Result of checking changes applied after getting blank page in the first installation attempt:
There was an error message in the apache status message, there for the following files were edited to change the server name from
ubuntu
toyourdomain.com
.changes verified as correct /etc/hosts and hostname
rootname@VPShosting:/var/www/html#nano /etc/hosts
rootname@VPShosting:/var/www/html#
nano /etc/hostname
yourdomain.com
changes verified as unnecessary
rootname@VPShosting:/var/www/html#nano /etc/apache2/sites-available/000-default-le-ssl.conf
The change from port 80 to port 443 was important, other wise the web page displays an error message not being able to verify the SSL cert.
Result of checking changes applied after getting blank page in the first installation attempt:
There was an error message in the apache status message, there for the following files were edited to change the server name from
ubuntu
toyourdomain.com
.changes verified as correct /etc/hosts and hostname
rootname@VPShosting:/var/www/html#nano /etc/hosts
rootname@VPShosting:/var/www/html#
nano /etc/hostname
yourdomain.com
changes verified as unnecessary
rootname@VPShosting:/var/www/html#nano /etc/apache2/sites-available/000-default-le-ssl.conf
The change from port 80 to port 443 was important, other wise the web page displays an error message not being able to verify the SSL cert.
Código de error: SSL_ERROR_RX_RECORD_TOO_LONG
000-default-le-ssl.conf actually contains
ServerName yourdomain.com
already at the bottom of the page.-
rootname@VPShosting:/var/www/html#
nano /etc/apache2/sites-available/000-default.conf
status checks and verification to test web page display
rootname@VPShosting:/var/www/html#ufw status
rootname@VPShosting:/var/www/html#
systemctl status fail2ban
rootname@VPShosting:/var/www/html#
nano php.error.log
rootname@VPShosting:/var/www/html#
systemctl restart apache2
rootname@VPShosting:/var/www/html#
systemctl status apache2
rootname@VPShosting:/var/www/html#
reboot
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Access over sFTP:
me in a previous post wrote:
Raroun wrote:
I never managed to make fileZilla work with the puTTy keys.
🙁
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Access over sFTP:
Raroun wrote:
…ᘛ⁐̤ᕐᐷ jes
Access over sFTP:
Raroun wrote:
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
2023-10-16 22:53:31
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•There are two ways to add your keys to #FileZilla.
You can add your keys inside the "Site Manager":
Go to:
File -> Site manager ..
Protocol:
In the settings panel for a given site select sFTP:
Add domain IP or domain name:
... show moreThere are two ways to add your keys to #FileZilla.
You can add your keys inside the "Site Manager":
Go to:
File -> Site manager ..
Protocol:
In the settings panel for a given site select sFTP:
Add domain IP or domain name:
Logon Type:
Select "Key File"
Add the user name to log onto the server:
Browse for the .ppk you want to add and select it:
FileZilla offers you also to add .pem (privkey.pem) files, that's the #puTTy option for a file containing only the extracted private key of keyfile.ppk. At the same time FileZilla doesn't read/accept .pem files so it will prompt you to transform it into a .ppk file. If your .ppk is protected by a password (it should be), you get prompted to insert the password.
It is not clear if the newly created .ppk file from the .pem file by FileZilla is protected with the same password. It doesn't feel like that.
Save the changes and connect to your server.
The other option to add your key to FileZilla is by adding it directly to the main settings.
Go to:
Edit-> Settings ..
Choose SFTP and select the "Add key file" tab:
Add the key file and save.
If you use the input fields and quick connect options of the main FileZilla window, the keys saved in settings will be retrieved.
#linux #windows #howTo #fediVerse
Simon John
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•@Simon John
Actually as of now I couldn't make it work because of problems with the user name login. When you add a .ppk that has password protection it doesn't ask for the password while adding the key(-location) so I guess it will ask you for the password every time you log onto your server.
I guess it lacks an encryption of the .ppk with a password when you read the privkey out of a .pem file but at the same time assumes that you password protect your fileZilla setup with the password options it ships.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Re-reading your question it looks to me that I didn't answer (get) your question @Simon John.
If you refer to user name, and hosting data I guess the answer is yes, it looks like plain text from the front end.
The password apparently at least can be protected by a general password manager.
Has there been general questioning of #FileZilla's safety?
Is there some recommendation for linux desktops?
#linux #fedihelp #safety
Simon John
•…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•@Simon John
security.stackexchange.com wrote:
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•DB migration from the old hosting to the newly created friendica instalation:
Raroun wrote:
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Some standard reference for mysql:
4.2.4 Connecting to the MySQL Server Using Command Options
https://dev.mysql.com/doc/refman/8.0/en/connecting.html
4.2.5 Connecting to the Server Using URI-Like Strings or Key-Value Pairs
https://dev.mysql.com/doc/refman/8.0/en/connecting-using-uri-or-key-value-pairs.html
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Importing a MySQL database
To import a MySQL database, use the mysql command. Here is the full command:
mysql -uUSERNAME -p DATABASE < backup.sql
Again, you will be prompted for the password of your MySQL user.
…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup
•Raroun wrote:
@Raroun
What do you mean by "only a friendica DB backup"?
First I thought of some option given inside the friendica admin panel but couldn't find anything related.
How would I get that normally?
The hosting provider gives me access to a "mysql DB site".
I went there and choose the standard rapid "export" option:
DBsite.com/index.php?route=/server/export
@Hank G ☑️
Is there a way (or https URL) to get the phpMyAdmin page on these standard Ubuntu server setups instead of the simple ssh access?
Do I need to install something more?
Hank G ☑️
•Nanook
•oldserver:
mysqldump friendica > friendica.sql
newserver:
mysql> source friendica.sql
Nanook
•TupambAdmin [stable]
•😀
@Hank G ☑️
@Raroun
@…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup