Differences

This shows you the differences between two versions of the page.

--- servers:nginx:friendica [2019/06/29 00:51] – Sean Rhone
+++ servers:nginx:friendica [2024/08/13 22:20] (current) – removed Sean Rhone
@@ Line 1: / Line 1: @@
-====== Information ======
-  * Friendica ((https://friendi.ca/)) ((https://github.com/friendica/friendica))
-  * [[Information:Realm of Espionage]]
-  * https://social.realmofespionage.xyz
-===== Prerequisites =====
-  * [[distros:fedora_server|Fedora Server]]
-  * [[servers:mariadb | MariaDB]]
-  * [[servers:nginx_php_php-fpm | nginx + PHP + PHP-FPM]]
-  * [[servers:nginx:lets_encrypt | Let's Encrypt]]
-====== Download Source ======
-  * :!: ''develop'' branch was broken on 2019/06/28
-  sudo rm -Rf '/var/www/social' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/friendica/friendica.git' '/var/www/social' && sudo rm -Rf '/var/www/social/addon' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/friendica/friendica-addons.git' '/var/www/social/addon' && sudo chown -R 'nginx':'nginx' '/var/www/social' && sync
-===== SELinux =====
-  sudo semanage fcontext --deleteall "/var/www/social(/.*)?"
-  sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' "/var/www/social(/.*)?"
-  sudo restorecon -R -v '/var/www/social' && sync
-====== PHP Dependencies ======
-****
-  cd '/var/www/social' && sudo -u 'nginx' COMPOSER_CACHE_DIR='/dev/null' '/var/www/social/bin/composer.phar' install --no-dev && sync
-====== Database ======
-  mysql --user='root' --password
-  CREATE DATABASE friendica;
-  GRANT ALL PRIVILEGES ON friendica.* to 'friendica'@'localhost' IDENTIFIED BY 'x';
-  FLUSH PRIVILEGES;
-====== nginx + PHP-FPM Configuration ======
-===== PHP-FPM Socket =====
-  sudo -e '/etc/php-fpm.d/social.conf' && sudo systemctl restart 'php-fpm'
-<code>
-[social]
-user = nginx
-group = nginx
-listen = /run/php-fpm/social.sock
-listen.owner = nginx
-listen.group = nginx
-listen.allowed_clients = 127.0.0.1
-pm = dynamic
-pm.max_children = 8
-pm.start_servers = 3
-pm.min_spare_servers = 2
-pm.max_spare_servers = 4
-php_value[date.timezone] = "America/New_York"
-php_value[upload_tmp_dir] = "/tmp"
-php_value[max_execution_time] = "200"
-php_value[memory_limit] = "512M"
-php_value[post_max_size] = "10M"
-php_value[upload_max_filesize] = "10M"
-php_value[max_file_uploads] = "100"
-php_value[session.save_handler] = files
-php_value[session.save_path] = /var/lib/php/session
-php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
-php_value[opcache.file_cache] = /var/lib/php/opcache</code>
-===== FastCGI =====
-  sudo -e '/etc/nginx/default.d/social.conf'
-<code>
-# PHP-FPM
-location ~ \.(php|phar)(/.*)?$ {
-    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
-    fastcgi_intercept_errors on;
-    fastcgi_index index.php;
-    include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_pass unix:/run/php-fpm/social.sock;
-}</code>
-===== Server Block =====
-  sudo -e '/etc/nginx/conf.d/social.conf' && sudo systemctl reload 'nginx'
-<code>
-server {
-    listen '443' 'ssl' 'http2';
-    server_name 'social.realmofespionage.xyz';
-    root '/var/www/social';
-    index 'index.php';
-    include '/etc/nginx/default.d/social.conf';
-    include '/etc/nginx/default.d/headers.conf';
-    client_max_body_size '10M';
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob:" always;
-#    access_log  /var/log/nginx/social-access.log;
-#    error_log  /var/log/nginx/social-error.log;
-    location / {
-        try_files $uri /index.php?pagename=$uri&$args;
-    }
-    location ^~ /.well-known/ {
-        allow all;
-        rewrite ^ /index.php?pagename=$uri;
-    }
-    location ~* \.(tpl|md|tgz|log|out)$ {
-        deny all;
-    }
-    location ~ /\. {
-        deny all;
-    }
-}</code>
-====== Initial Setup ======
-  * https://social.realmofespionage.xyz
-====== Services ======
-===== Worker =====
-==== Service ====
-  sudo -e '/etc/systemd/system/social-d.service'
-<code>
-[Service]
-User=nginx
-Group=nginx
-Type=oneshot
-WorkingDirectory=/var/www/social
-ExecStart='/usr/bin/php' '/var/www/social/bin/worker.php'
-ExecStartPost='/usr/bin/sync'</code>
-==== Timer ====
-  * Every 5 minutes
-  * :!: Refer to [[distros:fedora_server#selinux|SELinux notes]] to generate a profile for this
-  sudo -e '/etc/systemd/system/social-d.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-d.timer' --now
-<code>
-[Unit]
-Description=friendica Worker Daemon
-After=network-online.target
-Wants=network-online.target
-[Timer]
-OnBootSec=5m
-OnUnitActiveSec=5m
-[Install]
-WantedBy=timers.target</code>
-===== Updater =====
-==== Service ====
-  * :!: Refer to [[distros:fedora_server#selinux|SELinux notes]] to generate a profile for this ((the composer step will likely be denied))
-  sudo -e '/etc/systemd/system/social-up.service'
-<code>
-[Service]
-User=nginx
-Group=nginx
-Type=oneshot
-WorkingDirectory=/var/www/social
-Environment="COMPOSER_CACHE_DIR=/dev/null"
-ExecStart='/usr/bin/git' -C '/var/www/social' pull origin 'master'
-ExecStart='/usr/bin/git' -C '/var/www/social/addon' pull origin 'master'
-ExecStart='/var/www/social/bin/composer.phar' install --no-dev
-ExecStartPost='/usr/bin/sync'</code>
-==== Timer ====
-  * Every day at ''02:00:00''
-  sudo -e '/etc/systemd/system/social-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-up.timer' --now && sudo systemctl start 'social-up' && sudo systemctl status 'social-up' -l
-<code>
-[Unit]
-Description=friendica Updater
-After=network-online.target
-Wants=network-online.target
-[Timer]
-OnCalendar=*-*-* 02:00:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-===== Maintenance =====
-==== Service ====
-  sudo -e '/etc/systemd/system/social-m.service'
-<code>
-[Service]
-User=nginx
-Group=nginx
-Type=oneshot
-ExecStart='/usr/bin/git' -C '/var/www/social' gc --aggressive --prune='all'
-ExecStart='/usr/bin/git' -C '/var/www/social' fsck --full --strict
-ExecStart='/usr/bin/git' -C '/var/www/social/addon' gc --aggressive --prune='all'
-ExecStart='/usr/bin/git' -C '/var/www/social/addon' fsck --full --strict
-ExecStartPost='/usr/bin/sync'</code>
-==== Timer ====
-  * ''01'' day of every month at ''02:20:00''
-  sudo -e '/etc/systemd/system/social-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-m.timer' --now
-<code>
-[Unit]
-Description=friendica Maintenance
-After=network-online.target
-Wants=network-online.target
-[Timer]
-OnCalendar=*-*-01 02:20:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-===== Backup =====
-==== Files ====
-=== Service ===
-  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/social-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/social-fb.service'
-<code>
-[Service]
-Type=oneshot
-WorkingDirectory=/var/www
-ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/friendica-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "social"'
-ExecStartPost='/usr/bin/sync'</code>
-=== Timer ===
-  * ''01'' day of every month at ''02:50:00''
-  sudo -e '/etc/systemd/system/social-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-fb.timer' --now && sudo systemctl start 'social-fb' && sudo systemctl status 'social-fb' -l
-<code>
-[Unit]
-Description=friendica Files Backup
-[Timer]
-OnCalendar=*-*-01 02:50:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-==== Database ====
-=== Database Auth ===
-  sudo -u 'mysql' -e '/var/lib/mysql/auth/friendica' && sudo chmod '600' '/var/lib/mysql/auth/friendica'
-<code>
-[mysqldump]
-user=friendica
-password=x</code>
-=== Service ===
-  mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/social-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/social-db.service'
-<code>
-[Service]
-Type=oneshot
-WorkingDirectory=/var/lib/mysql/tmp
-ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/friendica' --single-transaction 'friendica' -r '/var/lib/mysql/tmp/friendica.sql'
-ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/friendica.sql'
-ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/friendica.sql.gz" "/home/CHANGEME/backups/friendica-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
-ExecStartPost='/usr/bin/sync'</code>
-=== Timer ===
-  * Every day at ''02:15:00''
-  sudo -e '/etc/systemd/system/social-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'social-db.timer' --now && sudo systemctl start 'social-db' && sudo systemctl status 'social-db' -l
-<code>
-[Unit]
-Description=friendica Database Backup
-After=mariadb.service
-[Timer]
-OnCalendar=*-*-* 02:15:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-====== Backup ======
-  * Create backup archive on server and transfer to client computer
-===== Server =====
-==== Stop Services ====
-****
-  sudo systemctl stop nginx php-fpm
-==== Backup Folder ====
-****
-  cd '/var/www' && sudo tar -cvzf ~/'friendica-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'social' && cd ~ && sync
-==== Backup Database ====
-****
-  sudo -u 'mysql' mysqldump --defaults-extra-file='/var/lib/mysql/auth/friendica' --single-transaction 'friendica' -r ~/'friendica-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
-==== Start Services ====
-****
-  sudo systemctl start nginx php-fpm
-===== Client =====
-==== Transfer Files To Client ====
-****
-  scp espionage724@192.168.1.153:~/'friendica-files-'*'.tar.gz' espionage724@192.168.1.153:~/'friendica-database-'*'.sql' ~/'Downloads' && sync
-====== Restore ======
-===== Client =====
-==== Uncompress Database ====
-  * This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
-  gunzip ~/'Downloads/friendica-database-'*'.sql.gz'
-==== Transfer Files To Server ====
-****
-  scp ~/'Downloads/friendica-files-'*'.tar.gz' ~/'Downloads/friendica-database-'*'.sql' espionage724@192.168.1.153:~
-==== Remove Files ====
-****
-  rm -f ~/'Downloads/friendica-files-'*'.tar.gz' ~/'Downloads/friendica-database-'*'.sql' && sync
-===== Server =====
-==== Stop Services ====
-****
-  sudo systemctl stop nginx php-fpm
-==== Remove Previous Folder ====
-****
-  sudo rm -Rf '/var/www/social'
-==== Restore friendica Folder ====
-****
-  cd '/var/www' && sudo tar -xvzf ~/'friendica-files-'*'.tar.gz' 'social' && sudo chown -R 'nginx':'nginx' '/var/www/social' && cd ~ && sync
-==== SELinux ====
-  sudo semanage fcontext --deleteall "/var/www/social(/.*)?"
-  sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' "/var/www/social(/.*)?"
-  sudo restorecon -R -v '/var/www/social' && sync
-==== Drop Previous Database ====
-  mysql --user='root' --password
-  DROP DATABASE friendica;
-  FLUSH TABLES;
-==== Re-create Databases ====
-  mysql --user='root' --password
-  CREATE DATABASE friendica;
-==== Restore Database ====
-****
-  mysql --user='root' --password 'friendica' < ~/'friendica-database-'*'.sql' && sync
-==== Reapply Permissions ====
-  mysql --user='root' --password
-  GRANT ALL PRIVILEGES ON friendica.* to 'friendica'@'localhost' IDENTIFIED BY 'x';
-  FLUSH PRIVILEGES;
-==== Start Services ====
-****
-  sudo systemctl start nginx php-fpm
-==== Remove Backups ====
-  * Verify that friendica works before running
-  rm ~/'friendica-files-'*'.tar.gz' ~/'friendica-database-'*'.sql' && sync