Search
Items tagged with: PASSWORD=`grep
LAMP installation
Categories:LAMP, Linux, VPS
LAMP (Linux, Apache, MySQL, PHP)
L -> linuxA -> apache
M -> mysql - phpMyAdmin
P -> PHP, Perl, or Python programming language
https://en.wikipedia.org/wiki/LAMP_(software_bundle)
LAMP is an acronym denoting one of the most common software stacks for many of the web's most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.
Install the apache server
https://www.bitcatcha.com/blog/what-is-apache/"The Apache Server is an open-source, cross-platform web server application. In its essence, it allows users to deploy their websites on the internet for others to be able to access them."
--
The
-y
in the following command is used to confirm automatically all options/questions that come up in the installation process of the apache server.rootname@VPShosting:~$ sudo apt update
rootname@VPShosting:~$ sudo apt install apache2 -y
Install Certbot and Setting up HTTPS
The S in HTTPS stands for "secure transmission" meaning that the information that is transmitted between the web site and the user is encrypted. There for the data isn't readable for others while it is transmitted. You can observe that security detail in the web URL of any web site as it starts withhttps://
.Certbot installs a standard SSL certificate provided by the Let's encrypt foundation with no charge. Nowadays this is a basic need on the internet and for the privacy of everyone. Even tho it is possible to run any web site as HTTP
http://
and there for also a friendica node, nobody should do that and you should set all options of your friendica server to "HTTPS mandatory".rootname@VPShosting:~$
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
rootname@VPShosting:~$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Installing your SSL certificate
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#install-certbot-and-setting-up-https"You will be prompted for several options. The defaults should be fine for most but there are some things that will be specific to your instance. For the sake of explicitness:
* Enter the email address you want notifications from the Certbot team and that you are comfortable sharing with them and others.
* Select Yes once you’ve read the terms of service
* Select Yes if you want to get more general EFF emails (optional)
* Enter the domain name
yourFriendicaDomainName.com
for your friendica node. It is important to put the full accurate domain name in. This is what will be used for name matching when the certificate is issued and used.After you do those options you will get a series of prompts with statuses. When it is completed you should be able to navigate to the HTTPS version of your website. In fact if you intentionally try to go to the HTTP version of your website it should redirect to the HTTPS version instead. Try this out to be sure this step has been completed successfully."
rootname@VPShosting:~$ sudo certbot --apache
Important information in the case of server migration -> installing your SSL certificate
rootname@VPShosting:~$sudo certbot --apache
For this step in the installation process you do need to have your domain name URL already directed to the IP of your server. Other wise this installation step not only wont be able to finish the setup of the SSL certificate, you will run into problems when you try to setup your friendica instance. This is a particular complication when you want to migrate a live system. Your intention might be for the the old IP to remain as long as possible related to the domain name, even maybe try everything out before a definite migration.
The sugestion as of now would be to try execute this step just after the first gitHub pull and before:
Configure PHP dependencies:
www-data@VPShosting:~$ cd html
www-data@VPShosting:~/html$ bin/composer.phar install --no-dev
There is still some testing needed to confirm the best moment of the SSL certificate installation step in the installation process or eventual work arounds for this tutorial.
Configuring the firewall
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#configuring-a-firewall"A firewall is an important security measure for your server to limit available surfaces that hackers can use. Firewalls can be configured either in your cloud provider or on the local server. Ubuntu Server by default ships with the UFW firewall software. For this tutorial we will configure the firewall locally. The main gist is that you should be only opening up the necessary ports for SSH, HTTP, and HTTPS."
rootname@VPShosting:~$ sudo ufw allow ssh
rootname@VPShosting:~$ sudo ufw allow http
rootname@VPShosting:~$ sudo ufw allow https
rootname@VPShosting:~$ sudo ufw enable
rootname@VPShosting:~$ sudo ufw status
install and configure fail2ban
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#configure-fail2ban"Fail2Ban is another important tool for thwarting hackers. It basically detects if some computer is brute force attacking or excessively hitting your server and applies escalating blocks on that IP address."
rootname@VPShosting:~$
sudo apt install fail2ban -y
rootname@VPShosting:~$ [code]sudo systemctl enable fail2ban
rootname@VPShosting:~$
sudo systemctl start fail2ban
rootname@VPShosting:~$ systemctl status fail2ban
rootname@VPShosting:~$ sudo reboot
Because of the reboot
you will be logged out of your VPS server and will have to log on again to proceed with the installation.
"M" like MySQL/mariaDB and "P" like PHP of "LAMP" installation
DataBase and PHP-HypertextPreprocessor installation || See values inside this spoiler
Values for the prompts you get:Enter current password for root (enter for none): Just hit enter since you are configured to only allow logins with SSH keys for the root user.
Switch to unix_socket authentication: n
Change the root password?: n
Remove anonymous users? Y
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y[/list]
rootname@VPShosting:~$ sudo apt update
rootname@VPShosting:~$
sudo apt install mariadb-server php libapache2-mod-php \
php-common php-gmp php-curl php-intl php-mbstring \
php-xmlrpc php-mysql php-gd php-imagick php-xml \
php-cli php-zip php-sqlite3 curl git -y
rootname@VPShosting:~$ sudo mysql_secure_installation
Creating the DB - data base
If you come to this point straight from the previous mariaDB setup you are already logged into mySQL. You will note this because instead of the print:rootname@VPShosting:~#
in the console you will see:
MariaDB [(none)]>
Other wise you will have to log into mariaDB first with the following command:
rootname@VPShosting:~#
mysql
[spoiler=mariaDB welcome message:]Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 160000
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> EXIT;
Bye
rootname@VPShosting:~#
To log from the console into your DB use the following command:
rootname@VPShosting:~# mysql friendicadb
To exit mariaDB:
MariaDB [friendicadb]> Ctrl-C
-- exit!
Aborted
rootname@VPShosting:~#
How to change the DB password
rootname@VPShosting:~#mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
USE friendicadb
Database changed
MariaDB [friendicadb]>
ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)
MariaDB [friendicadb]>
FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [friendicadb]>
exit
Bye
rootname@VPShosting:~#
test changes:
rootname@VPShosting:~#
mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)
creating a single backup of the MySQL Database with mysqldump
https://www.digitalocean.com/community/tutorials/how-to-backup-mysql-databases-on-an-ubuntu-vpsThe MySQL file will be created in the folder you are in when performing the command.
creat a single copy of a MySQL DB
rootname@VPShosting:~#
mysqldump -u username -p database_to_backup > backup_name.sql
install auto backup process of the MySQL/mariaDB database | automysqlbackup
https://dev.to/xarala221/how-to-backup-mysql-databases-on-ubuntu-vps-server-automatically-497cThe program installs a cron script with automysqlbackup that runs every day. The daily backup files will be named monday/tuesday/wednesday..and replaced when ever a new bachup is duefor the specific backup. The same goes for weekly and monthly backups. You should tweak these settings in a way that you will be comfortable if something happens. Have in mind that this can mount to an enormous amount of backup data so you might check out tweaks and work arounds to adjust to your server capabilities and monetary possibilities.
install automysqlbackup
rootname@VPShosting:~# sudo apt-get install automysqlbackup
rootname@VPShosting:~# sudo automysqlbackup
information into deep about automysqlbackup
listing automysqlbackup folders
rootname@VPShosting:~#
cd /var/lib/automysqlbackup
rootname@VPShosting:~#
/var/lib/automysqlbackup# ls
daily monthly weekly
listing daily backed up files:
rootname@VPShosting:/var/lib/automysqlbackup#
ls -R /var/lib/automysqlbackup/daily
console print automysqlbackup - daily
/var/lib/automysqlbackup/daily:friendicaDB sys
/var/lib/automysqlbackup/daily/friendicaDB:
friendicaDB_2023-11-14_21h39m.Tuesday.sql.gz
friendicaDB_2023-11-15_06h25m.Wednesday.sql.gz
/var/lib/automysqlbackup/daily/sys:
sys_2023-11-14_21h39m.Tuesday.sql.gz
sys_2023-11-15_06h25m.Wednesday.sql.gz
rootname@VPShosting:/var/lib/automysqlbackup#
rootname@VPShosting:~#
nano /etc/default/automysqlbackup
automysqlbackup configuracion file
# By default, the Debian version of automysqlbackup will use:# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""
creating a single backup of the MySQL Database with mysqldump
https://www.digitalocean.com/community/tutorials/how-to-backup-mysql-databases-on-an-ubuntu-vpsThe MySQLfile will be created in the folder you are in when performing the command.
creat a copy of the MySQL DB
rootname@VPShosting:~# mysqldump -u username -p database_to_backup > backup_name.sql
installing an auto backup process of the MySQL database that runs once a day | automysqlbackup
https://dev.to/xarala221/how-to-backup-mysql-databases-on-ubuntu-vps-server-automatically-497cThe program installs a cron script with automysqlbackup that runs every day. The backup file will be replaced every day. You should tweak these settings in a way that you will be comfortable if something happens.Have in mind that if something gets screwed up you will only have "one day" to realize that a problem exists and at least make a copy of the DB. There for consider to perform also weekly and monthly backups, depending on your routines and needs.
install automysqlbackup
rootname@VPShosting:~# sudo apt-get install automysqlbackup
rootname@VPShosting:~# sudo automysqlbackup
listing automysqlbackup folders
rootname@VPShosting:~# cd /var/lib/automysqlbackup
rootname@VPShosting:~# /var/lib/automysqlbackup# ls
daily monthly weekly
listing daily backed up files:
rootname@VPShosting:~# ls -R /var/lib/automysqlbackup/daily
to have a look at automysqlbackup, as is there is no tweaking neccesary:
rootname@VPShosting:~# nano /etc/default/automysqlbackup
automysqlbackup configuracion file
# By default, the Debian version of automysqlbackup will use:# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""