Skip to main content


Ver. 05 | install and/or move friendica to ubuntu 22.04 LTS VPS server


EDIT - informationThis tutorial is supposed to be published by the tutorial profile of this server.
It is designed to have several chapters, each being distinctively seperated by an own titel. In total as of now there are like besides this introduction like 6 chapters.
posting and edition time of and by this EDIT profileof ver05 as of now 1hs
mastodon review contact: @mʕ•ﻌ•ʔm bitPickup
--
Categories:

@helpers@forum.friendi.ca

SPOILER - click to open/close || IntroductionThis tutorial is an adaption of the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️ based on the experience of the installation report by @…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup:
squeet.me/display/962c3e10-576…
and specific help by @Raroun.

Server specs and friendica version used:
VPS server | Ubuntu 22.04 LTS
PHP Version 8.1.2-1ubuntu2.14
4 Core CPU, 8 GB Ram with 300GB NVME Disk
Friendica [STABLE] | 'Giant Rhubarb' 2023.05 - 1518

SPOILER - click to open/close || Installation environment and HowToThe only reasonable way to work with a VPSserver on the web is using the console.
If you are not familiar with that don't worry, it is easy and the only thing you have to do is being able to copy/paste the commands displayed:
¡Copy/paste only the codeBoxes like this one, located outside of the spoilers of this tutorial one after another without altering the sequence!
Of course it is necessary to change the specific file names and passwords for you indiviual site, but that's all. promise!
On the console you wont be able to copy/paste with the keyboard ctrl-C/ctrl-V technique, you'll have to use the mouse "right click, chose option" technique.
This tutorial was created on a #debian #linux desktop environment.
There shouldn't be differences if you want to do this from a #windows machine.
The method used for communication between your local computer and the VPS server is called #SSH:
Wikipedia - Secure Shell:
"Cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers."

#linux #debian #ubuntu #friendica #fediVerse #fediTutorial #tutorial #fediHelp #fediTips #activityPub #HowTo #DIY #VPS #server #selfHosting
@admin@tupambae.org @tutorial@tupambae.org

friendica VPS setup on ubuntu 22.04 LTS


@Friendica Support

Hi,
I'm working on my first #friendica #VPS installation, here you'll find my initial post about general thoughts like what distro to use, size and costs.
I'm using the tutorial "creating a friendica server - ubuntu" by @Hank G ☑️.

As of now I'm doing well in the process and want to start this post to document differences and questions while installing the server.

This server is going to host an already existing friendica node I have to move from another hosting provider. That means that for example the DB doesn't have to be created from scratch but moved and other smaller details.

I will try to address the different steps of installation in answers to this post and appreciate help, ideas and observations.

I'm doing this from a #linux desktop environment from the console but there shouldn't be differences if you want to do this from a #windows machine.

#fediVerse #tutorial #fediHelp #activityPub


in reply to EDIT | don't follow!

friendica installation


Categories: friendica,VPS,github


friendica installation on the VPS hosting
--
Up to this point we basically performed a standard LAMP installation on a ubuntu 22.04 LTS VPS hosting.

The following steps concern the actual friendica server installation.



creating the directory for friendica and the user www-data

creat directories and permission for user www-databack ground information what-is-var-www-html?
stackoverflow.com/questions/16…

rootname@VPShosting:~# sudo chown -R www-data:www-data /var/www
rootname@VPShosting:~# cd /var/www

creating user www-data and changing from user rootname to www-data

rootname@VPShosting:~/var/www# sudo -u www-data bash
www-data@VPShosting:~$
(confirmation check if this is where console changes to www-data@VPShosting:~#)

moving (deactivating) the old /html folder

www-data@VPShosting:~$ mv html html.bak
The new /html folder will be created when we clone the gitHub stable branch of friendica in the next step.


cloning friendica from the gitHub repository

www-data@VPShosting:~$ git clone https://github.com/friendica/friendica.git -b stable html

configure PHP dependencies

www-data@VPShosting:~$ cd html
www-data@VPShosting:~/html$ bin/composer.phar install --no-dev
(is this the point the SSL install went wrong?)
squeet.me/display/962c3e10-126…

creating folder for page view renderings

www-data@VPShosting:~/html$ mkdir -p view/smarty3
www-data@VPShosting:~/html$ chmod 775 view/smarty3

cloning the addons github repository

www-data@VPShosting:~/html$ git clone https://github.com/friendica/friendica-addons.git -b stable addon

activating .htaccess

www-data@VPShosting:~/html$ cp .htaccess-dist .htaccess

exiting user www-data

www-data@VPShosting:~/html$ exit
rootname@VPShosting:~/var/www/html#


#debian #linux #friendica #fediVerse #fediTutorial


As of now I skipped this step as I do have already a DB with password and name on the original installation I will have to migrate to this new VPS.

Tato položka byla upravena (1 year ago)
in reply to EDIT | don't follow!

@EDIT | don't follow! @Hank G ☑️ @…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

rootname@VPShosting:~# sudo chown -R www-data:www-data /var/www

This would damage a lot of (server) installations out there. Do not do this in /var/www, if you are not really sure, what you're doing.

Unknown parent

utopiArte

As this is a chapter, contrary to @Hank G ☑️'s single-blog description, in particular having in mind how mastodon displays replies without context, @tom s's remark is quite important.

This detail should also be mentioned in @…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup experience report!

thx


I just added the digitalocean link for the howto of setups for multiple websites as I'll have to try and @DIY that to.

learning question to understand this better:
the user www-data is just a username option that is taken over by the friendica installation in continuation and could also be any name, for example mainFriendicaDomain-wwwdata?

in reply to EDIT | don't follow!

LAMP installation


Categories:LAMP, Linux, VPS


LAMP (Linux, Apache, MySQL, PHP)L -> linux
A -> apache
M -> mysql - phpMyAdmin
P -> PHP, Perl, or Python programming language
en.wikipedia.org/wiki/LAMP_(so…
LAMP is an acronym denoting one of the most common software stacks for many of the web's most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.


Install the apache serverbitcatcha.com/blog/what-is-apa…
"The Apache Server is an open-source, cross-platform web server application. In its essence, it allows users to deploy their websites on the internet for others to be able to access them."
--
The -y in the following command is used to confirm automatically all options/questions that come up in the installation process of the apache server.

rootname@VPShosting:~$ sudo apt update
rootname@VPShosting:~$ sudo apt install apache2 -y


Install Certbot and Setting up HTTPSThe S in HTTPS stands for "secure transmission" meaning that the information that is transmitted between the web site and the user is encrypted. There for the data isn't readable for others while it is transmitted. You can observe that security detail in the web URL of any web site as it starts with https://.
Certbot installs a standard SSL certificate provided by the Let's encrypt foundation with no charge. Nowadays this is a basic need on the internet and for the privacy of everyone. Even tho it is possible to run any web site as HTTP http:// and there for also a friendica node, nobody should do that and you should set all options of your friendica server to "HTTPS mandatory".

rootname@VPShosting:~$

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

rootname@VPShosting:~$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Installing your SSL certificatenequalsonelifestyle.com/2022/0…
"You will be prompted for several options. The defaults should be fine for most but there are some things that will be specific to your instance. For the sake of explicitness:
* Enter the email address you want notifications from the Certbot team and that you are comfortable sharing with them and others.
* Select Yes once you’ve read the terms of service
* Select Yes if you want to get more general EFF emails (optional)
* Enter the domain name yourFriendicaDomainName.com for your friendica node. It is important to put the full accurate domain name in. This is what will be used for name matching when the certificate is issued and used.
After you do those options you will get a series of prompts with statuses. When it is completed you should be able to navigate to the HTTPS version of your website. In fact if you intentionally try to go to the HTTP version of your website it should redirect to the HTTPS version instead. Try this out to be sure this step has been completed successfully."

rootname@VPShosting:~$ sudo certbot --apache

Important information in the case of server migration -> installing your SSL certificaterootname@VPShosting:~$ sudo certbot --apache
For this step in the installation process you do need to have your domain name URL already directed to the IP of your server. Other wise this installation step not only wont be able to finish the setup of the SSL certificate, you will run into problems when you try to setup your friendica instance. This is a particular complication when you want to migrate a live system. Your intention might be for the the old IP to remain as long as possible related to the domain name, even maybe try everything out before a definite migration.
The sugestion as of now would be to try execute this step just after the first gitHub pull and before:
Configure PHP dependencies:
www-data@VPShosting:~$ cd html
www-data@VPShosting:~/html$ bin/composer.phar install --no-dev

There is still some testing needed to confirm the best moment of the SSL certificate installation step in the installation process or eventual work arounds for this tutorial.

Configuring the firewallnequalsonelifestyle.com/2022/0…
"A firewall is an important security measure for your server to limit available surfaces that hackers can use. Firewalls can be configured either in your cloud provider or on the local server. Ubuntu Server by default ships with the UFW firewall software. For this tutorial we will configure the firewall locally. The main gist is that you should be only opening up the necessary ports for SSH, HTTP, and HTTPS."

rootname@VPShosting:~$ sudo ufw allow ssh
rootname@VPShosting:~$ sudo ufw allow http
rootname@VPShosting:~$ sudo ufw allow https
rootname@VPShosting:~$ sudo ufw enable
rootname@VPShosting:~$ sudo ufw status


install and configure fail2bannequalsonelifestyle.com/2022/0…
"Fail2Ban is another important tool for thwarting hackers. It basically detects if some computer is brute force attacking or excessively hitting your server and applies escalating blocks on that IP address."

rootname@VPShosting:~$

sudo apt install fail2ban -y 
rootname@VPShosting:~$ [code]sudo systemctl enable fail2ban

rootname@VPShosting:~$ sudo systemctl start fail2ban

rootname@VPShosting:~$ systemctl status fail2ban

rootname@VPShosting:~$ sudo reboot

Because of the reboot you will be logged out of your VPS server and will have to log on again to proceed with the installation.



"M" like MySQL/mariaDB and "P" like PHP of "LAMP" installation

DataBase and PHP-HypertextPreprocessor installation || See values inside this spoilerValues for the prompts you get:
Enter current password for root (enter for none): Just hit enter since you are configured to only allow logins with SSH keys for the root user.
Switch to unix_socket authentication: n
Change the root password?: n
Remove anonymous users? Y
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y[/list]


rootname@VPShosting:~$ sudo apt update

rootname@VPShosting:~$

sudo apt install mariadb-server php libapache2-mod-php \
     php-common php-gmp php-curl php-intl php-mbstring \
	 php-xmlrpc php-mysql php-gd php-imagick php-xml \
	 php-cli php-zip php-sqlite3 curl git -y

rootname@VPShosting:~$ sudo mysql_secure_installation


Creating the DB - data baseIf you come to this point straight from the previous mariaDB setup you are already logged into mySQL. You will note this because instead of the print:
rootname@VPShosting:~#
in the console you will see:
MariaDB [(none)]>
Other wise you will have to log into mariaDB first with the following command:
rootname@VPShosting:~# mysql
[spoiler=mariaDB welcome message:]Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 160000
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> EXIT;
Bye

rootname@VPShosting:~#


To log from the console into your DB use the following command:
rootname@VPShosting:~# mysql friendicadb

To exit mariaDB:
MariaDB [friendicadb]> Ctrl-C -- exit!
Aborted
rootname@VPShosting:~#


How to change the DB passwordrootname@VPShosting:~# mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]> USE friendicadb
Database changed
MariaDB [friendicadb]> ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)
MariaDB [friendicadb]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [friendicadb]> exit
Bye
rootname@VPShosting:~#
test changes:
rootname@VPShosting:~# mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)

MariaDB [(none)]>
If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)

creating a single backup of the MySQL Database with mysqldumpdigitalocean.com/community/tut…
The MySQL file will be created in the folder you are in when performing the command.
creat a single copy of a MySQL DB
rootname@VPShosting:~# mysqldump -u username -p database_to_backup > backup_name.sql
install auto backup process of the MySQL/mariaDB database | automysqlbackupdev.to/xarala221/how-to-backup…
The program installs a cron script with automysqlbackup that runs every day. The daily backup files will be named monday/tuesday/wednesday..and replaced when ever a new bachup is duefor the specific backup. The same goes for weekly and monthly backups. You should tweak these settings in a way that you will be comfortable if something happens. Have in mind that this can mount to an enormous amount of backup data so you might check out tweaks and work arounds to adjust to your server capabilities and monetary possibilities.

install automysqlbackup
rootname@VPShosting:~# sudo apt-get install automysqlbackup
rootname@VPShosting:~# sudo automysqlbackup

information into deep about automysqlbackup
listing automysqlbackup folders
rootname@VPShosting:~# cd /var/lib/automysqlbackup
rootname@VPShosting:~# /var/lib/automysqlbackup# ls
daily monthly weekly
listing daily backed up files:
rootname@VPShosting:/var/lib/automysqlbackup# ls -R /var/lib/automysqlbackup/daily
console print automysqlbackup - daily/var/lib/automysqlbackup/daily:
friendicaDB sys
/var/lib/automysqlbackup/daily/friendicaDB:
friendicaDB_2023-11-14_21h39m.Tuesday.sql.gz
friendicaDB_2023-11-15_06h25m.Wednesday.sql.gz
/var/lib/automysqlbackup/daily/sys:
sys_2023-11-14_21h39m.Tuesday.sql.gz
sys_2023-11-15_06h25m.Wednesday.sql.gz
rootname@VPShosting:/var/lib/automysqlbackup#
to have a look at automysqlbackup as is:
rootname@VPShosting:~# nano /etc/default/automysqlbackup
automysqlbackup configuracion file# By default, the Debian version of automysqlbackup will use:
# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""

#debian #linux #friendica #fediVerse #fediTutorial

Unknown parent

utopiArte

> I don't appreciate you all trashing it in general.

trashing?

I'm sorry if you got any of my the comments here or in other post's regarding your blog post as "trashing" @Hank G ☑️ .
That was the least of all intentions.

Without your blog post this site wouldn't exist, nore the "tutorial in edition" here or the "experience installation report" by the jesuisatirbitpickup account.

Mentioning you and linking to your blog post was just basic respect of CCby customs, besides the fact that people that way have the chance to read your into deep comments, descriptions, see your follow up links and compare or cross check in any case if something went wrong in their intent to setup a server.

> Excise links to my stuff from this

I guess "excise" means delet, I'll do when ever I stumble over them.
👍

Unknown parent

utopiArte

> "don't follow Hank G" post/comment.

.. is just a mis-displayed combination of the user name of
@EDIT | don't follow!
and
@Hank G ☑️
in a row as it reads:

@EDIT | don't follow! @Hank G ☑️

See profile description of the *EDIT"-profil:

About napsal/a:

info EN
This is a dedicated profile to edit texts. Please don't try to follow it as it will refuse to accept your request. The reason is that the idea isn't yet to spread these publications to other servers. That doesn't mean that help, suggestions and corrections aren't welcomed, all the contrary, texts published here are published for that purpose! It's only that they are still not mend to go public. thx
Tato položka byla upravena (1 year ago)