Differences

This shows you the differences between two versions of the page.

--- servers:nginx:friendica [2019/06/29 00:51] – Sean Rhone
+++ servers:nginx:friendica [2023/09/12 20:09] – Sean Rhone
@@ Line 8: / Line 8: @@
   * [[distros:fedora_server|Fedora Server]]
-  * [[servers:mariadb | MariaDB]]
+  * [[servers:mariadb|MariaDB]]
-  * [[servers:nginx_php_php-fpm | nginx + PHP + PHP-FPM]]
+  * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
-  * [[servers:nginx:lets_encrypt | Let's Encrypt]]
+  * [[servers:nginx:lets_encrypt|Let's Encrypt]]
-====== Download Source ======
+====== Dependencies ======
-  * :!: ''develop'' branch was broken on 2019/06/28
+  * https://friendi.ca/resources/requirements/
-  sudo rm -Rf '/var/www/social' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/friendica/friendica.git' '/var/www/social' && sudo rm -Rf '/var/www/social/addon' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/friendica/friendica-addons.git' '/var/www/social/addon' && sudo chown -R 'nginx':'nginx' '/var/www/social' && sync
+  sudo dnf install php-gd php-pdo php-mbstring php-mysqlnd php-xml php-pecl-zip php-process php-gmp php-pecl-xdebug3
-===== SELinux =====
+====== Download Source ======
-  sudo semanage fcontext --deleteall "/var/www/social(/.*)?"
+****
-  sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' "/var/www/social(/.*)?"
+  sudo git clone --branch 'develop' --depth '1' --recurse-submodules 'https://github.com/friendica/friendica.git' '/var/www/social' && sudo git clone --branch 'develop' --depth '1' --recurse-submodules 'https://github.com/friendica/friendica-addons.git' '/var/www/social/addon' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/social(/.*)?' && sudo restorecon -F -I -R '/var/www/social' && sudo chown -R 'nginx':'nginx' '/var/www/social' && sync
-  sudo restorecon -R -v '/var/www/social' && sync
 ====== PHP Dependencies ======
-****
+  * [[https://github.com/friendica/friendica/blob/develop/doc/Install.md|Install.md]] when mentioning the ''develop'' branch doesn't include ''--no-dev'', so presumably those packages are needed?
-  cd '/var/www/social' && sudo -u 'nginx' COMPOSER_CACHE_DIR='/dev/null' '/var/www/social/bin/composer.phar' install --no-dev && sync
+  sudo su 'nginx' -s '/bin/bash'
+  cd '/var/www/social' && COMPOSER_CACHE_DIR='/dev/null' php '/var/www/social/bin/composer.phar' install && sync
 ====== Database ======
-  mysql --user='root' --password
+  sudo mariadb
   CREATE DATABASE friendica;
@@ Line 41: / Line 41: @@
   FLUSH PRIVILEGES;
+  EXIT
 ====== nginx + PHP-FPM Configuration ======
@@ Line 50: / Line 52: @@
 <code>
 [social]
+; User/Group
 user = nginx
 group = nginx
+; Socket
 listen = /run/php-fpm/social.sock
-listen.owner = nginx
+listen.acl_users = nginx
-listen.group = nginx
 listen.allowed_clients = 127.0.0.1
-pm = dynamic
+; Process Management
-pm.max_children = 8
+pm = ondemand
-pm.start_servers = 3
+pm.max_children = 4
-pm.min_spare_servers = 2
+pm.process_idle_timeout = 30
-pm.max_spare_servers = 4
-php_value[date.timezone] = "America/New_York"
+; Fedora php.ini Defaults
-php_value[upload_tmp_dir] = "/tmp"
+php_value[session.save_handler] = "files"
+php_value[session.save_path] = "/var/lib/php/session"
+; General
+php_value[date.timezone] = "America/New_York"
 php_value[max_execution_time] = "200"
 php_value[memory_limit] = "512M"
@@ Line 72: / Line 78: @@
 php_value[upload_max_filesize] = "10M"
 php_value[max_file_uploads] = "100"
+php_value[register_argc_argv] = "On"
+php_value[upload_tmp_dir] = "/tmp"
-php_value[session.save_handler] = files
+; End</code>
-php_value[session.save_path] = /var/lib/php/session
-php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
-php_value[opcache.file_cache] = /var/lib/php/opcache</code>
 ===== FastCGI =====
@@ Line 86: / Line 91: @@
 location ~ \.(php|phar)(/.*)?$ {
     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
     fastcgi_intercept_errors on;
     fastcgi_index index.php;
@@ Line 93: / Line 97: @@
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_pass unix:/run/php-fpm/social.sock;
+}</code>
+==== Test ====
+<code>
+# PHP-FPM
+location ~* \.php$ {
+#    fastcgi_intercept_errors on;
+#    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_pass unix:/run/php-fpm/social.sock;
+    fastcgi_buffers 8 16k;
+    fastcgi_buffer_size 32k;
+    fastcgi_connect_timeout 60;
+    fastcgi_send_timeout 300;
+    fastcgi_read_timeout 300;
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    try_files $uri =404;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 }</code>
 ===== Server Block =====
-  sudo -e '/etc/nginx/conf.d/social.conf' && sudo systemctl reload 'nginx'
+  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
+  sudo -e '/etc/nginx/vhosts.d/social.conf' && sudo systemctl reload 'nginx' && sync
 <code>
@@ Line 111: / Line 137: @@
     client_max_body_size '10M';
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob:" always;
+#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob:" always;
 #    access_log  /var/log/nginx/social-access.log;
@@ Line 135: / Line 161: @@
 ====== Initial Setup ======
+===== Initialize =====
+  * :!: Change ''dbpass'', and ''admin'' to email
+  sudo su 'nginx' -s '/bin/bash'
+  cd '/var/www/social/' && '/var/www/social/bin/console' autoinstall --dbhost 'localhost' --dbport '3365' --dbuser 'friendica' --dbdata 'friendica' --url 'https://social.realmofespionage.xyz' --dbpass 'x' --admin 'x'
+===== Website =====
   * https://social.realmofespionage.xyz
+  * :!: Be sure the email matches what was used on the above command
+===== User =====
+  * :!: ''x'' is the **nickname** chosen at website registration, lower-case
+  sudo su 'nginx' -s '/bin/bash'
+  cd '/var/www/social/' && '/var/www/social/bin/console' user password x
+====== Settings ======
+===== frio Theme =====
+  * Navigation bar background color: ''3d8bff''
+  * Navigation bar icon color: ''ffffff''
+  * Link color: ''3d8bff''
+  * Set the background color: ''dedede''
+  * Login page background color: ''484848''
+  * Copy or paste schemestring:
+<code>{"nav_bg":"#3d8bff","nav_icon_color":"#ffffff","link_color":"#3d8bff","background_color":"#dedede","background_image":"","contentbg_transp":"100","login_bg_image":"","login_bg_color":"#484848"}</code>
 ====== Services ======
@@ Line 158: / Line 217: @@
   * Every 5 minutes
-  * :!: Refer to [[distros:fedora_server#selinux|SELinux notes]] to generate a profile for this
-  sudo -e '/etc/systemd/system/social-d.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-d.timer' --now
+  sudo -e '/etc/systemd/system/social-d.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-d.timer' --now && sudo systemctl start 'social-d' && sudo systemctl status 'social-d' -l
 <code>
@@ Line 178: / Line 236: @@
 ==== Service ====
-  * :!: Refer to [[distros:fedora_server#selinux|SELinux notes]] to generate a profile for this ((the composer step will likely be denied))
   sudo -e '/etc/systemd/system/social-up.service'
@@ Line 190: / Line 246: @@
 WorkingDirectory=/var/www/social
 Environment="COMPOSER_CACHE_DIR=/dev/null"
-ExecStart='/usr/bin/git' -C '/var/www/social' pull origin 'master'
+ExecStart='/usr/bin/git' -C '/var/www/social' pull origin 'develop'
-ExecStart='/usr/bin/git' -C '/var/www/social/addon' pull origin 'master'
+ExecStart='/usr/bin/git' -C '/var/www/social/addon' pull origin 'develop'
-ExecStart='/var/www/social/bin/composer.phar' install --no-dev
+ExecStart='/usr/bin/php' '/var/www/social/bin/composer.phar' install
 ExecStartPost='/usr/bin/sync'</code>
@@ Line 235: / Line 291: @@
   * ''01'' day of every month at ''02:20:00''
-  sudo -e '/etc/systemd/system/social-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-m.timer' --now
+  sudo -e '/etc/systemd/system/social-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-m.timer' --now && sudo systemctl start 'social-m' && sudo systemctl status 'social-up' -l
 <code>
@@ Line 262: / Line 318: @@
 Type=oneshot
 WorkingDirectory=/var/www
-ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/friendica-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "social"'
+ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/friendica-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "social"'
 ExecStartPost='/usr/bin/sync'</code>
@@ Line 286: / Line 342: @@
 === Database Auth ===
-  sudo -u 'mysql' -e '/var/lib/mysql/auth/friendica' && sudo chmod '600' '/var/lib/mysql/auth/friendica'
+  sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/friendica' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/friendica' && sudo chmod '600' '/var/lib/mysql/auth/friendica' && sync
 <code>
-[mysqldump]
+[mariadb-dump]
 user=friendica
 password=x</code>
@@ Line 301: / Line 357: @@
 Type=oneshot
 WorkingDirectory=/var/lib/mysql/tmp
-ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/friendica' --single-transaction 'friendica' -r '/var/lib/mysql/tmp/friendica.sql'
+ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/friendica' --single-transaction 'friendica' -r '/var/lib/mysql/tmp/friendica.sql'
 ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/friendica.sql'
 ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/friendica.sql.gz" "/home/CHANGEME/backups/friendica-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
@@ Line 346: / Line 402: @@
 ****
-  sudo -u 'mysql' mysqldump --defaults-extra-file='/var/lib/mysql/auth/friendica' --single-transaction 'friendica' -r ~/'friendica-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
+  sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/friendica' --single-transaction 'friendica' -r ~/'friendica-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
 ==== Start Services ====
@@ Line 360: / Line 416: @@
 ****
-  scp espionage724@192.168.1.153:~/'friendica-files-'*'.tar.gz' espionage724@192.168.1.153:~/'friendica-database-'*'.sql' ~/'Downloads' && sync
+  scp espionage724@192.168.1.152:~/'friendica-files-'*'.tar.gz' espionage724@192.168.1.152:~/'friendica-database-'*'.sql' ~/'Downloads' && sync
 ====== Restore ======
@@ Line 376: / Line 432: @@
 ****
-  scp ~/'Downloads/friendica-files-'*'.tar.gz' ~/'Downloads/friendica-database-'*'.sql' espionage724@192.168.1.153:~
+  scp ~/'Downloads/friendica-files-'*'.tar.gz' ~/'Downloads/friendica-database-'*'.sql' espionage724@192.168.1.152:~
 ==== Remove Files ====
@@ Line 398: / Line 454: @@
   sudo rm -Rf '/var/www/social'
-==== Restore friendica Folder ====
+==== Restore Friendica Folder ====
 ****
-  cd '/var/www' && sudo tar -xvzf ~/'friendica-files-'*'.tar.gz' 'social' && sudo chown -R 'nginx':'nginx' '/var/www/social' && cd ~ && sync
+  cd '/var/www' && sudo tar -xvzf ~/'friendica-files-'*'.tar.gz' 'social' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/social(/.*)?' && sudo restorecon -F -I -R '/var/www/social' && sudo chown -R 'nginx':'nginx' '/var/www/social' && cd ~ && sync
-==== SELinux ====
-  sudo semanage fcontext --deleteall "/var/www/social(/.*)?"
-  sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' "/var/www/social(/.*)?"
-  sudo restorecon -R -v '/var/www/social' && sync
 ==== Drop Previous Database ====
-  mysql --user='root' --password
+  sudo mariadb
   DROP DATABASE friendica;
   FLUSH TABLES;
+  EXIT
 ==== Re-create Databases ====
-  mysql --user='root' --password
+  sudo mariadb
   CREATE DATABASE friendica;
+  EXIT
 ==== Restore Database ====
@@ Line 430: / Line 482: @@
 ****
-  mysql --user='root' --password 'friendica' < ~/'friendica-database-'*'.sql' && sync
+  sudo mariadb 'friendica' < ~/'friendica-database-'*'.sql' && sync
 ==== Reapply Permissions ====
-  mysql --user='root' --password
+  sudo mariadb
   GRANT ALL PRIVILEGES ON friendica.* to 'friendica'@'localhost' IDENTIFIED BY 'x';
   FLUSH PRIVILEGES;
+  EXIT
 ==== Start Services ====
@@ Line 448: / Line 502: @@
 ==== Remove Backups ====
-  * Verify that friendica works before running
+  * Verify that Friendica works before running
   rm ~/'friendica-files-'*'.tar.gz' ~/'friendica-database-'*'.sql' && sync