Skip to main content


friendica VPS setup on ubuntu 22.04 LTS


@Friendica Support

Hi,
I'm working on my first #friendica #VPS installation, here you'll find my initial post about general thoughts like what distro to use, size and costs.
I'm using the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️.

As of now I'm doing well in the process and want to start this post to document differences and questions while installing the server.

This server is going to host an already existing friendica node I have to move from another hosting provider. That means that for example the DB doesn't have to be created from scratch but moved and other smaller details.

I will try to address the different steps of installation in answers to this post and appreciate help, ideas and observations.

I'm doing this from a #linux desktop environment from the console but there shouldn't be differences if you want to do this from a #windows machine.

#fediVerse #tutorial #fediHelp #activityPub

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

setting up puTTy to use RSA keys for communication via SSH:

debian linux:
sudo apt install putty-tools -y

If you want to use the puTTy window (same as in windows) you'll have to install also
sudo apt install putty

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Statement in the tutorial I'm not quite sure about what it means, if that is set or has happend on my VPS or if it's relevant:
"It also assumes that the root username/password has been disabled for the server, which will be a relevant part when you get to the securing of the database section."
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

debian linux
general commands to execute before installation:

sudo apt update
sudo apt upgrade -y
reboot

when ever you do a mayor pause in you installation procedure you might want to recheck:
sudo apt update

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Install unattended upgrades:
sudo apt install unattended-upgrades update-notifier-common -y

sudo systemctl status unattended-upgrades

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Edit unattended upgrade configuration:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

modify:
//Unattended-Upgrade::Automatic-Reboot "false";

You want to uncomment the line and set the value to true so it reads:
Unattended-Upgrade::Automatic-Reboot "true";

restart unattended upgrade service:
sudo systemctl restart unattended-upgrades

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Install Certbot and Setting up HTTPS:

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --apache

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Partical re-installation/redo of the following steps
It looks like somehow because of this unfinished step the installation went wrong and when browsing to the friendica installation a blank page was displayed.
After redoing the steps of installation from the github pull of friendica the web page displayed Service unavailable.
Their for I'm going to redo the steps from the certbot installation to the gitpull

Second installation intent

Resuming installation from previous point.

Browsing to the web site
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.

Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???


in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Configuring a firewall:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

sudo ufw status

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Install and configure fail2ban:

sudo apt install fail2ban -y 
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

systemctl status fail2ban

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

friendica installation:

sudo apt update

sudo apt install mariadb-server php libapache2-mod-php \
     php-common php-gmp php-curl php-intl php-mbstring \
	 php-xmlrpc php-mysql php-gd php-imagick php-xml \
	 php-cli php-zip php-sqlite3 curl git -y

sudo mysql_secure_installation

Values for the prompts you get:

  • Enter current password for root (enter for none):
    Just hit enter since you are configured to only allow logins with SSH keys for the root user.
  • Switch to unix_socket authentication: n
  • Change the root password?: n
  • Remove anonymous users? Y
  • Disallow root login remotely? Y
  • Remove test database and access to it? Y
  • Reload privilege tables now? Y
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Creating the DB:
CREATE DATABASE friendicadb;
CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
FLUSH PRIVILEGES;
EXIT;
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

As of now I skipped this step as I do have already a DB with password and name on the original installation I will have to migrate to this new VPS.
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

resuming the step of creating a new DB:

sign in via ssh

rootname@ubuntu:~# mysql

MariaDB [(none)]> CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> EXIT;

Bye
rootname@ubuntu:~#


To log into your DB:
mysql friendicadb

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Download and upload storage file system via SSH:

https://unix.stackexchange.com/questions/527870/gzip-compress-a-local-folder-and-extract-it-to-remote-server
download
scp username@remote.host:/path/to/file localfile
upload
scp localfile username@host:/path/remotefile

https://www.namecheap.com/support/knowledgebase/article.aspx/9571/89/how-to-download-a-file-via-ssh/
Uploading a file from a local computer to a remote one:
scp /path/to/local/file username@hostname:/path/to/remote/file
Downloading a file from a remote system to your computer:
scp username@hostname:/path/to/remote/file /path/to/local/file

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Migrating the the mysql/mariaDB export into the newly created DB.

Make sure that you are inside the folder that contains the DB dump you uploaded to the new VPS
mysql -u friendica -p<password> friendicadb < oldfriendicadbDUMP.sql

Problem I encounteredError message:
ERROR 1227 (42000) at line 278321: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation.
Apparently there are several ways to prevent this error.
You can prevent this by modifying while dumping the DB on the old server.
I only had browser to phpMyAdmin and couldn't figure out how to export without the privileges so I just executed the following command:
rootname@ubuntu:/var/www/html# sed 's/\sDEFINER=`[^`]*`@`[^`]*`//g' -i oldfriendicadbDUMP.sql
With this modification apparently everything worked fine.
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

How to change change the DB password:

log onto your server via SSH

rootname@ubuntu:~# mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]> USE friendicadb
Database changed
MariaDB [friendicadb]> ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)

MariaDB [friendicadb]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [friendicadb]> exit
Bye


test changes:
rootname@ubuntu:~# mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)

MariaDB [(none)]>

If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

/help/Migrate#Cleaning+up wrote:

To review the size of your database, log into MySQL with mysql -p run the following query:

SELECT table_schema AS "Database", SUM(data_length + index_length) / 1024 / 1024 / 1024 AS "Size (GB)" FROM information_schema.TABLES GROUP BY table_schema;

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

DB size was about 0.5 gig, now it is 3/5th of the previous size:
DB size: 0.294 GIG
information_schema 0.000198364258
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Trying to optimize D as recomended in the helpers page:
mysqloptimize -p friendica-db

Some how this doesn't work, phpMyAdmin doesn't accept mysqloptimize.

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Creating directory for the friendica installation:
sudo chown -R www-data:www-data /var/www

cd /var/www

sudo -u www-data bash

mv html html.bak
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

testing a clean reinstall from hereAs I ran into trouble and am getting a blank page I just decided to try a clean pull from github of the stable branch and go on with the rest of the installation process to see what happens.

rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

tweaking basic apache settings:

sudo nano /etc/php/8.1/apache2/php.ini

search for the following lines [ctrl+w] and modify the values:

[ctrl] W -> find line

set to:
memory_limit = 256M

upload_max_filesize = 100M

max_execution_time = 300

max_input_vars = 1500
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

@Hank G ☑️

solved the "Apache could not reliably determine the server's fully qualified domain name, using 127.0.1.1" problem by editing:

sudo nano /etc/hosts
and
sudo nano /etc/hostname

replacing
ubuntu
with
yourfriendicadomain.com

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

To check eventual php errors:

rootname@ubuntu:~# sudo nano /etc/php/8.1/apache2/php.ini

ctrl+W -> log_errors
log_errors = On
; Default Value: Off
; Development Value: On
; Production Value: On


ctrl+W -> error_log
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; https://php.net/error-log
; Example:
error_log = /var/www/html/php.error.log
; Log errors to syslog (Event Log on Windows).
; error_log = syslog

rootname@ubuntu:~# touch php.error.log
rootname@ubuntu:~# reboot

refreshing domain page several times

rootname@ubuntu:~# nano /var/www/html/php.error.log

No results printed at all in php.error.log
🤨

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

At this point of the installation process you would browse to your domain and follow the friendica setup from within your browser.

Also, there are still missing the email setup and the worker setup, details that will be addressed later in this post.

Even if you don't have a proper email setting setup, friendica will provide you the logging credentials with a pop up box.

As in this case the idea is to migrate an existing friendica instance to a new VPS hosting provider, first of all let's have a look at the information in the friendica help for migrating. You'll find it in every friendica instance at /help/Migrate:

https://squeet.me/help/Migrate

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Resuming instalation and migration process after migrating the old DB and the storage folder of the file system to the new instalation.
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Second installation intent

Resuming installation from previous point.

Browsing to the web site
Service Unavailable
Friendica no puede mostrar la página actualmente, contacte al administrador.

Service Unavailable, a step forward from the previous blankpage.
First I guess is to undo changes applied yesterday in the attempt to fix the installation. Those include changes about the server/host name and ???


testing a clean reinstall from hereAs I ran into trouble and am getting a blank page I just decided to try a clean pull from github of the stable branch and go on with the rest of the installation process to see what happens.

rootname@VPShosting:/var/www# mv html html_01.bak
rootname@VPShosting:/var/www# git clone https://github.com/friendica/friendica.git -b stable html


in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Access over sFTP:

me in a previous post wrote:

https://squeet.me/display/962c3e10-2165-2dbe-eb37-5f6322325636
"My access is over SSH with puTTy[/url] created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?"

Raroun wrote:

sFTP should work out of the box with any Application that supports private key authorization - like scp or FileZilla.

I never managed to make fileZilla work with the puTTy keys.
🙁

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Access over sFTP:

My access is over SSH with puTTy created public/private keys, no password.
Can I create sFTP access with for example filezilla and if so how?

Raroun wrote:

sFTP should work out of the box with any Application that supports private key authorization - like scp or FileZilla.
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

in reply to Simon John

@Simon John

Actually as of now I couldn't make it work because of problems with the user name login. When you add a .ppk that has password protection it doesn't ask for the password while adding the key(-location) so I guess it will ask you for the password every time you log onto your server.

I guess it lacks an encryption of the .ppk with a password when you read the privkey out of a .pem file but at the same time assumes that you password protect your fileZilla setup with the password options it ships.

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Re-reading your question it looks to me that I didn't answer (get) your question @Simon John.

If you refer to user name, and hosting data I guess the answer is yes, it looks like plain text from the front end.
The password apparently at least can be protected by a general password manager.

Has there been general questioning of #FileZilla's safety?
Is there some recommendation for linux desktops?

#linux #fedihelp #safety

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

I'm pretty surprised to see anyone using FileZilla on Linux (same goes for putty). Although I'm not sure what graphical alternatives there are other than gftp, I tend to just use ssh+scp
in reply to Simon John

@Simon John

security.stackexchange.com wrote:

Regarding the issue mentioned by Adi about passwords being stored in plain text, it's good to know that since version 3.26.0-rc1 (2017-05-25), FileZilla has support for encrypted passwords protected by a master password. Hence, there is no reason to say that FileZilla is less secure than other FTP clients.
https://security.stackexchange.com/questions/39321/should-i-use-filezilla
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

DB migration from the old hosting to the newly created friendica instalation:

How do I upload the DB I will have to grab from the old provider and upload to the new setup?
How do I change the password for the DB?
Is there a way to also change the name of the existing DB?

Raroun wrote:

You can export your DB - depending on the old provider you do a full export (with mysql tables) or only a "friendica db backup".
If you only have a friendica DB backup you have to create a new mysql user and a new password.
if you have a full backup, you can change the password of your db user - which is your db-password 😀
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

How do I upload the DB I will have to grab from the old provider and upload to the new setup?


Importing a MySQL database
To import a MySQL database, use the mysql command. Here is the full command:
mysql -uUSERNAME -p DATABASE < backup.sql
Again, you will be prompted for the password of your MySQL user.

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Raroun wrote:

You can export your DB - depending on the old provider you do a full export (with mysql tables) or only a "friendica db backup".

@Raroun
What do you mean by "only a friendica DB backup"?
First I thought of some option given inside the friendica admin panel but couldn't find anything related.
How would I get that normally?

The hosting provider gives me access to a "mysql DB site".
I went there and choose the standard rapid "export" option:
DBsite.com/index.php?route=/server/export

@Hank G ☑️
Is there a way (or https URL) to get the phpMyAdmin page on these standard Ubuntu server setups instead of the simple ssh access?
Do I need to install something more?

in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

I don't know since I've never tried that before. This Digital Ocean tutorial lends me to believe that it is possible but I just don't have experience with trying it out. I will say that Digital Ocean tutorials for other components were what I started with when coming up with the step by step tutorial I wrote. https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-20-04
in reply to …ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

I would HIGHLY recommend AGAINST an OS that is already 2-years past end of life, go with something modern, Ubuntu 22.04, Debian Bookworm, etc.

Lo, thar be cookies on this site to keep track of your login. By clicking 'okay', you are CONSENTING to this.