friendica - Link to source

@Friendica Support

Hi there,
the moment has come to do the first instance upgrade cycle in the life of this instalation to bring this server to the actual stable version 2024.12-1 in the comming days.

In part the idea is to document every step in a post similiar to the howTo instructions:
install and/or move friendica to ubuntu 22.04 LTS VPS server
in the @EDIT | don't follow! profile.

Right now we are on 2023.05, so we will have to update step by step to:
2023.12 | release notes
2024.03 | release notes
2024.08 | release notes
2024.12-1 | release notes

Are there any specific recomandations or details to have in mind besides the information expected to be found in every update release instruction?

This is basically a single user instance with round about 14 forum pages with few followers each and a total of 18 profiles with contacts in the activityPub and diaspora community and some RSS subscriptions. No other specific conectors are enabled.

Installed addons/apps:
blockbot, calc, impressum, js_upload, notifyall, nsfw, pageheader, phpmailer, qcomment, rendertime, showmore_dyn, startpage

DB backups amount to ~180MiB and the image file storage folder on ftp around ~400MiB.

Friendica stable | 'Giant Rhubarb' 2023.05 - 1518
PHP Version 8.1.2-1ubuntu2.14
VPS server | Ubuntu 22.04 LTS
4 Core CPU, 8 GB Ram with 300GB NVME Disk - unlimited traffic
hosted by @ raroun 👍

Notes:
This instances right now seems to work well.
Sometimes this profile here has some strange hickups like when following up the link of a post from this server in a stream view a message "Not Found |The requested item doesn't exist or has been deleted." Also right now profiles from contacts, for example @ hoergen or @ feb don't show up in the contact list but they are displayed as followed in the profile contact page.

#friendica #fediAdmin

#friendica #fediadmin @Friendica Support @EDITion | EN
in reply to TupambAdminOrg [2024.03]

friendica - Link to source

…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Starting this announced updating cycle now.

Question:
Release notes and news forum announcement do not mention setting the site into maintenance mode by "going offline" stopping cron job:

1. If you had set up a worker cron job like this */10 * * * * cd /var/www/friendica; /usr/bin/php bin/worker.php run crontab -e and comment out this line.


and the following command:

2. Put your server into maintenance mode:
bin/console maintenance 1 "We are currently upgrading our system and will be back soon."


This is described for moving from one server to another in the helpers page:
forum.friendi.ca/help/Migrate

Shouldn't this be somehow be a more safe procedure?

Planning to do that right now ..

in reply to TupambAdminOrg [2024.03]

friendica - Link to source

…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Problems using github update.

Trying to pull the update from 2023.05 to 2023.12 I get the message that the branch I'm trying to pull doesn't exist:
www-data@myservername:~/html$ git pull https://github.com/friendica/friendica/tree/2023.12
fatal: repository 'https://github.com/friendica/friendica/tree/2023.12/' not found

What am I doing wrong?

in reply to TupambAdminOrg [2024.03]

friendica - Link to source

TupambAdminOrg [2024.03]

error notice: DefinitionCache/Serializer not writable
Serializer.php php line 2982025-02-20T22:15:46Z WARNING app E_USER_WARNING: Directory /var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable.
Directory /var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable.
file
/var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php
php line 298
error 512
in reply to Hypolite Petovan

friendica - Link to source

utopiArte

hypolite wrote:

Please verify the ownership of these folders.

vendor ownershipdrwxr-xr-x 40 www-data www-data 4096 Feb 20 21:22 vendor
drwxr-xr-x 3 www-data www-data 4096 Feb 20 21:20 ezyang
drwxr-xr-x 3 root root 4096 Feb 20 21:20 htmlpurifier
-rw-r--r-- 1 root root   341 Nov 17  2023 CREDITS
-rw-r--r-- 1 root root 26456 Nov 17  2023 LICENSE
-rw-r--r-- 1 root root  1271 Nov 17  2023 README.md
-rw-r--r-- 1 root root     6 Nov 17  2023 VERSION
-rw-r--r-- 1 root root  1415 Nov 17  2023 composer.json
drwxr-xr-x 3 root root  4096 Feb 20 21:20 library

drwxr-xr-x 21 root root  4096 Feb 20 21:20 HTMLPurifier
-rw-r--r--  1 root root   274 Nov 17  2023 HTMLPurifier.auto.php
-rw-r--r--  1 root root   213 Nov 17  2023 HTMLPurifier.autoload-legacy.php
-rw-r--r--  1 root root   910 Nov 17  2023 HTMLPurifier.autoload.php
-rw-r--r--  1 root root   101 Nov 17  2023 HTMLPurifier.composer.php
-rw-r--r--  1 root root   576 Nov 17  2023 HTMLPurifier.func.php
-rw-r--r--  1 root root 10573 Nov 17  2023 HTMLPurifier.includes.php
-rw-r--r--  1 root root   923 Nov 17  2023 HTMLPurifier.kses.php
-rw-r--r--  1 root root   235 Nov 17  2023 HTMLPurifier.path.php
-rw-r--r--  1 root root 10187 Nov 17  2023 HTMLPurifier.php
-rw-r--r--  1 root root 13579 Nov 17  2023 HTMLPurifier.safe-includes.php

There has been problems before with nearly all folders becoming owned by root.
In this upgrade I made the mistake to initialize bin/composer.phar install --no-dev as root but aborted that intent, changed to www-data and applied bin/composer.phar install --no-dev again.

Command applied now to asure that all folders will be owned by www-data.
chown -R www-data:www-data /var/www/

in reply to utopiArte

friendica - Link to source

utopiArte

Ownership, www-data and root related conversation from last year when the instalation was migrated to this VPS:
tupambae.org/display/0ac89072-…

utopiArte

2023-11-27 16:44:52

friendica - Link to source

Implications of access by the user www-data to all friendica folders


@Friendica Support

Hi there,
the friendica helpers page describes the installation process of friendica as follows:

/help/Install: wrote:

The Linux commands to clone the repository into a directory "mywebsite" would be
git clone https://github.com/friendica/friendica.git -b stable mywebsite
cd mywebsite

bin/composer.phar install --no-dev

Make sure the folder view/smarty3 exists and is writable by the webserver user, in this case www-data

mkdir -p view/smarty3
chown www-data:www-data view/smarty3
chmod 775 view/smarty3

Get the addons by going into your website folder.

cd mywebsite

Clone the addon repository (separately):

git clone https://github.com/friendica/friendica-addons.git -b stable addon


askubuntu.com: wrote:

What is the www-data user?
askubuntu.com/questions/873839…
The web server has to be run under a specific user. That user must exist.

If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised web server would have access to your entire system. By specifying a specific ID a compromised web server would only have full access to its files and not the entire server.

I guess this observation goes both ways, a compromised friendica instalation get's access to all the friendica folders if I choose to first create/activate the www-data user, than create the friendica installation folder structure, than git clone friendica, than create the smarty3 folder and ultimately do the git clone of the addon folder as described here:
tupambae.org/display/0ac89072-…
The order in which the creation of www-data related folders in the above case is described makes all folders and files in the friendica directory belong to www-data.
In the friendica help description first comes the git-clone, than the the smarty3 folder part than the addon git-clone. Actually I guess that last part would make the addon folder belong to www-data too if I run one command after another. Is that intended?

I wonder if this could have some kind of security implications.
I guess www-data is somehow the friendica site and has permissions to do "what ever it wants" (-> "writable by the webserver user") with all the folders in the friendica directories if it's the owner of them.


@TupambAdmin [stable]