friendica - Link to source

@Friendica Support

Hi there,
the moment has come to do the first instance upgrade cycle in the life of this instalation to bring this server to the actual stable version 2024.12-1 in the comming days.

In part the idea is to document every step in a post similiar to the howTo instructions:
install and/or move friendica to ubuntu 22.04 LTS VPS server
in the @EDIT | don't follow! profile.

Right now we are on 2023.05, so we will have to update step by step to:
2023.12 | release notes
2024.03 | release notes
2024.08 | release notes
2024.12-1 | release notes

Are there any specific recomandations or details to have in mind besides the information expected to be found in every update release instruction?

This is basically a single user instance with round about 14 forum pages with few followers each and a total of 18 profiles with contacts in the activityPub and diaspora community and some RSS subscriptions. No other specific conectors are enabled.

Installed addons/apps:
blockbot, calc, impressum, js_upload, notifyall, nsfw, pageheader, phpmailer, qcomment, rendertime, showmore_dyn, startpage

DB backups amount to ~180MiB and the image file storage folder on ftp around ~400MiB.

Friendica stable | 'Giant Rhubarb' 2023.05 - 1518
PHP Version 8.1.2-1ubuntu2.14
VPS server | Ubuntu 22.04 LTS
4 Core CPU, 8 GB Ram with 300GB NVME Disk - unlimited traffic
hosted by @ raroun 👍

Notes:
This instances right now seems to work well.
Sometimes this profile here has some strange hickups like when following up the link of a post from this server in a stream view a message "Not Found |The requested item doesn't exist or has been deleted." Also right now profiles from contacts, for example @ hoergen or @ feb don't show up in the contact list but they are displayed as followed in the profile contact page.

#friendica #fediAdmin

#friendica #fediadmin @Friendica Support @EDITion | EN
in reply to TupambAdminOrg [2024.03]

friendica - Link to source

…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Starting this announced updating cycle now.

Question:
Release notes and news forum announcement do not mention setting the site into maintenance mode by "going offline" stopping cron job:

1. If you had set up a worker cron job like this */10 * * * * cd /var/www/friendica; /usr/bin/php bin/worker.php run crontab -e and comment out this line.


and the following command:

2. Put your server into maintenance mode:
bin/console maintenance 1 "We are currently upgrading our system and will be back soon."


This is described for moving from one server to another in the helpers page:
forum.friendi.ca/help/Migrate

Shouldn't this be somehow be a more safe procedure?

Planning to do that right now ..

in reply to TupambAdminOrg [2024.03]

friendica - Link to source

…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Problems using github update.

Trying to pull the update from 2023.05 to 2023.12 I get the message that the branch I'm trying to pull doesn't exist:
www-data@myservername:~/html$ git pull https://github.com/friendica/friendica/tree/2023.12
fatal: repository 'https://github.com/friendica/friendica/tree/2023.12/' not found

What am I doing wrong?

in reply to TupambAdminOrg [2024.03]

friendica - Link to source

TupambAdminOrg [2024.03]

error notice: DefinitionCache/Serializer not writable
Serializer.php php line 2982025-02-20T22:15:46Z WARNING app E_USER_WARNING: Directory /var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable.
Directory /var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable.
file
/var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php
php line 298
error 512
in reply to Hypolite Petovan

friendica - Link to source

utopiArte

hypolite wrote:

Please verify the ownership of these folders.

vendor ownershipdrwxr-xr-x 40 www-data www-data 4096 Feb 20 21:22 vendor
drwxr-xr-x 3 www-data www-data 4096 Feb 20 21:20 ezyang
drwxr-xr-x 3 root root 4096 Feb 20 21:20 htmlpurifier
-rw-r--r-- 1 root root   341 Nov 17  2023 CREDITS
-rw-r--r-- 1 root root 26456 Nov 17  2023 LICENSE
-rw-r--r-- 1 root root  1271 Nov 17  2023 README.md
-rw-r--r-- 1 root root     6 Nov 17  2023 VERSION
-rw-r--r-- 1 root root  1415 Nov 17  2023 composer.json
drwxr-xr-x 3 root root  4096 Feb 20 21:20 library

drwxr-xr-x 21 root root  4096 Feb 20 21:20 HTMLPurifier
-rw-r--r--  1 root root   274 Nov 17  2023 HTMLPurifier.auto.php
-rw-r--r--  1 root root   213 Nov 17  2023 HTMLPurifier.autoload-legacy.php
-rw-r--r--  1 root root   910 Nov 17  2023 HTMLPurifier.autoload.php
-rw-r--r--  1 root root   101 Nov 17  2023 HTMLPurifier.composer.php
-rw-r--r--  1 root root   576 Nov 17  2023 HTMLPurifier.func.php
-rw-r--r--  1 root root 10573 Nov 17  2023 HTMLPurifier.includes.php
-rw-r--r--  1 root root   923 Nov 17  2023 HTMLPurifier.kses.php
-rw-r--r--  1 root root   235 Nov 17  2023 HTMLPurifier.path.php
-rw-r--r--  1 root root 10187 Nov 17  2023 HTMLPurifier.php
-rw-r--r--  1 root root 13579 Nov 17  2023 HTMLPurifier.safe-includes.php

There has been problems before with nearly all folders becoming owned by root.
In this upgrade I made the mistake to initialize bin/composer.phar install --no-dev as root but aborted that intent, changed to www-data and applied bin/composer.phar install --no-dev again.

Command applied now to asure that all folders will be owned by www-data.
chown -R www-data:www-data /var/www/

in reply to utopiArte

friendica - Link to source

utopiArte

Ownership, www-data and root related conversation from last year when the instalation was migrated to this VPS:
tupambae.org/display/0ac89072-…

utopiArte

2023-11-27 16:44:52

friendica - Link to source

Implications of access by the user www-data to all friendica folders


@Friendica Support

Hi there,
the friendica helpers page describes the installation process of friendica as follows:

/help/Install: wrote:

The Linux commands to clone the repository into a directory "mywebsite" would be
git clone https://github.com/friendica/friendica.git -b stable mywebsite
cd mywebsite

bin/composer.phar install --no-dev

Make sure the folder view/smarty3 exists and is writable by the webserver user, in this case www-data

mkdir -p view/smarty3
chown www-data:www-data view/smarty3
chmod 775 view/smarty3

Get the addons by going into your website folder.

cd mywebsite

Clone the addon repository (separately):

git clone https://github.com/friendica/friendica-addons.git -b stable addon


askubuntu.com: wrote:

What is the www-data user?
askubuntu.com/questions/873839…
The web server has to be run under a specific user. That user must exist.

If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised web server would have access to your entire system. By specifying a specific ID a compromised web server would only have full access to its files and not the entire server.

I guess this observation goes both ways, a compromised friendica instalation get's access to all the friendica folders if I choose to first create/activate the www-data user, than create the friendica installation folder structure, than git clone friendica, than create the smarty3 folder and ultimately do the git clone of the addon folder as described here:
tupambae.org/display/0ac89072-…
The order in which the creation of www-data related folders in the above case is described makes all folders and files in the friendica directory belong to www-data.
In the friendica help description first comes the git-clone, than the the smarty3 folder part than the addon git-clone. Actually I guess that last part would make the addon folder belong to www-data too if I run one command after another. Is that intended?

I wonder if this could have some kind of security implications.
I guess www-data is somehow the friendica site and has permissions to do "what ever it wants" (-> "writable by the webserver user") with all the folders in the friendica directories if it's the owner of them.


@TupambAdmin [stable]


in reply to TupambAdminOrg [2024.03]

friendica - Link to source

utopiArte

@TupambAdminOrg [2024.03] @…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup

Somehow this looks all good.
We should consider updating to 2024.08.

[spoiler] Friendica Core
Updates to the translations AR, CS, DE, ES, FR, GD, HU, IS, IT, JA, NL, PL, RU, SV
Updates to the documentation
Updates to the themes (frio)
General code cleanup
Improved the redirection for contact actions
Improved the performance while fetching of replies
Improved the performance when visiting remote profiles
Improved OWA
Improved the procession of worker tasks
Improved performance in the probing process
Improved INBOX performance
Improved perfomance when expireing postings
Improved mirroring settings for RSS contacts
Improved supported image formats
Improved handling of CC for comments
Improved handling of "sensitive" flags for postings
Improved display of log levels
Improved handling of permissions for attachments
Improved addon handling
Improved API for channels and circles
Improved performance while displaying local postings
Improved federation with pixelfed, threads
Improved integration with Bluesky
Improved automatic cleanup of the database
Fixed access to restricted timeline via API
Fixed problem fetching from INBOXes
Fixed display of contacts from unavailable networks
Fixed profile display
Fixed a problem with local un-/follows
Fixed the uimport POST endpoint
Fixed problem with 0Auth logins
Fixed problem with @mentions in comments
Fixed XSS in profile fields
Fixed bug in deleting unused cached avatar pictures
Fixed paging bug on the media tab of remote profiles
Fixed display of attached links
Fixed a bug in circle only contacts
Fixed display of moderation reports
Fixed delivery problems to group postings
Added monitoring service endpoint
Added admin option display_link_length to set the length of displayed links
Added the possibility to upload media files via API
Added console command to clear avatar cache
Added platform data to the API
Added parsing support for Nodeinfo 2.1 and 2.2
Added node description to Nodeinfo
Added owner information of relay accounts
Added option for users about how to transmit postings with titles
Added for non HTML content of feeds
Added reshares for postings from Bluesky and tumbl
Added public forums with manual request approval
Added "next try" information for deferred worker jobs listing
Added support of FEP-e232
Added automatic closure of registration if admin becomes inactive
Added channel only option for contacts

Friendica Addons
Updates to the translations AR, CS, DE, FR, IT, PL, SV
Blockbot
Added Relatica to good client list
Improved agent identifier list
Bluesky
Added monitoring statistics
Added support of sensitive postings
Improved API handling
Improved fetching of user DID
Fixed conversion BS/Friendica handles
jsuploader
Improved detection of supported file types
mailstream
Improved image handling
tumblr
Added monitoring statistics
Improved quoted postings [/quote]

github.com/friendica/friendica…

@…ᘛ⁐̤ᕐᐷ jesuisatire bitPickup