Friendica: Benutzerrechte festlegen?
Auf meiner kleinen Miniinstanz habe ich die Benutzerregistration deaktiviert und erstelle neue Accounts bei Bedarf via Moderation. Nun ist mir aufgefallen das zwei so erstellte Benutzer Adminrechte haben, was so natürlich nicht gewollt ist. Wie kann ich ihnen diese Rechte wieder entziehen?
Danke für Eure Tipps und Hilfe im Voraus! 😀
#Frage #Friendica #Benutzer #Benutzerrechte #Verwaltung #german #2025-03-27 !Friendica Admins
Postbox Add-Ons for Friendica
Bookface 1.6 introduces a new feature called "Postboxes" that allows you to create a post with a colorful background like a similar feature on Facebook. It's built into the Bookface scheme, but I also created TWO add-ons for Friendica if a server administrator wants to roll it out for all of their users regardless of what theme they prefer.
Postbox: simply adds a minified stylesheet to the head with the Postbox styling. It doesn’t add any interface for creating a Postbox, but users can still create them manually with BBcode.
Zen Postbox: adds the minified stylesheet to the head, but also adds a tool to the post composer to insert a Postbox or wrap selected text in one.
To manually create a Postbox just wrap your text in the Postbox class BBcode like this:
[class=postbox-redblue]Text that will be wrapped[/class]
Make sure to PREVIEW it before you post it! While Friendica's Postboxes do allow more content than just plain text, certain formatting blocks can't be placed inside them.
If everything looks good, go ahead an POST it. Anyone using Bookface or any server using either the "Postbox" or "Zen Postbox" add-ons will see it like this:
If the "Zen Postbox" add-on is enabled it adds a button for wrapping/inserting a Postbox to the post editor:
Full Documentation of the "Zen Postbox" add-on is available as a GitLab Wiki.
Keep in mind that other servers that don't implement Postbox styling, other platforms (like Mastodon), and third-party apps will not show these colored backgrounds. This feature only works in the Friendica webapp/website.
#bookface #friendica @Friendica Admins @Friendica Developers
like this
reshared this
[class] wrapper since other platforms can't use it anyway. There isn't anything similar in Markdown so far as I know, which might be why the raw BBcode is getting through to Disapora? I'm guessing it's missing the conversion from BBcode [class] to Markdown syntax. Which should be conversion to nothing. I'd check for it myself but I have no clue where the processing for other platforms even is in the Friendica code.reshared this
Ok, I’ve been trying to follow the Friendica code and I may be reading it wrongly, but it looks to me like the BBcode gets converted to HTML for most platforms, but then that HTML gets converted to Markdown for Diaspora (and I think Hubzilla?). But if that’s the case I don’t understand how the BBcode is getting all the way through to those other platforms as shown in the screenshots @Matthias posted?
It looks to me like it should be sending the <span> to them as well not the raw BBcode, because it seems the HTML to Markdown converter by default "preserves HTML tags without Markdown equivalents like <span> and <div>." At least according to the README in /friendica/vendor/league/html-to-markdown/ - which also says [i]"To strip HTML tags that don’t have a Markdown equivalent while preserving the content inside them, set strip_tags…"
So in:
/friendica/src/Content/Text/HTML.php
If I change line 684 from :
$converter = new HtmlConverter([‘hard_break’ => true]);to
$converter = newHtmlConverter([‘hard_break’ => true, ‘strip_tags’ => true]);The Postbox
<span> is removed but whatever’s inside it is not. Is there any particular reason to preserve HTML that has no Markdown equivalents for platforms that want Markdown format?Or am I completely barking up the wrong tree here?
like this
reshared this
Daniel de Kay likes this.
reshared this
I have a few general optimization suggestions:
- Convert CSS to SASS (.scss)
- Compile .css and min.css (minified) files
- Use min.css files by default, with an option in the theme settings to switch to the non-minified CSS file
This would significantly reduce the CSS file size and simplify writing CSS.
Daniel de Kay likes this.
reshared this
I'm not convinced adding a CSS pre-processor will really help. A bunch of the stylesheets are already modularized and PHP processes variables and concatenates those files on the server side already. That might be why none of the stylesheets I've looked at in Friendica are minified, like maybe it messes up parsing them or something? I'll have to test it on my dev server.
I'm not a fan of CSS pre-processors though. After nearly 30 years of doing web design+dev I don't like to introduce dependencies if I don't need to because I've seen a lot of these things come and go. Next week someone will tell me to rewrite it in PostCSS. 🤷 The only reason I can think to use them now is to support advanced CSS features for old browsers nobody should probably be using anymore. Because modularization, nesting rules, pseudo-selectors, variables, computation, reassigning values at runtime, and color transforms are now all built into vanilla CSS for modern browsers. Bookface is already making use of most of those features, and the PHP pre-processing is taking care of the rest.
So minifying and/or compressing is probably the best bet for optimizing it, but the real solution is probably a major rewrite or replacement of the underlying "Frio" theme itself, which is very, very code-heavy (thanks to legacy code reflecting its age). But that...will be a major undertaking because that theme has a lot of "moving parts."
Andy H3 likes this.
reshared this
EDIT: 17.03.2025 Richtige Lizenz der Vorlagen / Muster: CC-BY-SA 4.0 statt ursprünglich CC BY-ND 4.0, danke @Nik | Klampfradler 🎸🚲 und @OldKid ⁂
Ich habe gerade den "Leitfaden für den Instanz-Betrieb im dezentralen Netzwerk - Datenschutz bei Mastodon" von Stiftung Datenschutz gefunden.
Dieser gibt neben grundsätzlichen Informationen auf was Instanzbetreiber achten müssen, vor allem auch eine sehr praktische Sammlung an Musterdokumenten unter CC-BY-SA 4.0-Lizenz. Ihr könnt es also für euere Instanzen anpassen und nutzen.
Auch relevant für @Friendica Admins / @Friendica Support
Auf einem abstrakten Niveau sind die Anforderungen, die wir beschreiben, auch auf andere Plattformen des Fediverse übertragbar. Dennoch gibt es einige Aspekte, die von der konkreten Plattform und Software-Implementierung abhängen. So sind zum Beispiel die Möglichkeiten, rechtliche Texte einzubinden und anzuzeigen, unterschiedlich.
Danke @Stiftung Datenschutz
stiftungdatenschutz.org/praxis…
#impressum #dsgvo #fediverse #friendica #mastodon #tos #deutschland #datenschutz
Praktische Umsetzung und Musterdokumente
Die Stiftung Datenschutz wurde im Januar 2013 von der Bundesrepublik Deutschland als Stiftung privaten Rechts gegründet. Sie ist gemeinnützig und verfolgt keine gewerblichen Interessen.stiftungdatenschutz.org
like this
reshared this
reshared this
Danke für den Hinweis. Ich habe es anders interpretiert, aber bin da auch wahrlich kein Experte:
Namensnennung — Sie müssen angemessene Urheber- und Rechteangaben machen , einen Link zur Lizenz beifügen und angeben, ob Änderungen vorgenommen wurden. Diese Angaben dürfen in jeder angemessenen Art und Weise gemacht werden, allerdings nicht so, dass der Eindruck entsteht, der Lizenzgeber unterstütze gerade Sie oder Ihre Nutzung besonders.
-> Angeben das die Bedingungen
auf dem Leitfaden basieren:
"Sofern nicht anders angegeben, basieren alle Angaben auf dem Leitfaden für den Instanz-Betrieb im dezentralen Netzwerk der Stiftung Datenschutz unter der CC BY-ND 4.0-Lizenz veröffentlicht. Die Lizenzbedingungen sind auf der Website von Creative Commons einsehbar."
Keine Bearbeitungen — Wenn Sie das Material remixen, verändern oder darauf anderweitig direkt aufbauen , dürfen Sie die bearbeitete Fassung des Materials nicht verbreiten.
Das Anpassen der Erklärung in der zum Beispiel die Adresse der Instanz konkret gegenüber der Vorlage angepasst wird habe ich als "nutzen" interpretiert und nicht als "verbreiten"
Wenn das so tatsächlich nicht erlaubt ist, wäre der Zweck der Muster ja hinfällig?
reshared this
Der Marek likes this.
reshared this
reshared this
Die Adresse darf man dann sicher anpssen. Sonst aber nichts, wenn einem zum Beispiel Dinge am Inhalt nicht gefallen oder nicht passen.
Aber wie @oldkid anmerkte, stimmt deine Lizenzangabe auch nicht. Die Dokumente sind CC-BY-SA. Daher darf man sie tatsächlich anpassen.
reshared this
Hi everyone, how useful is it to exclude the various AI bots via .htaccess?
# Block specific bots based on User-Agent
RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|Baiduspider|SemrushBot|DotBot|MJ12bot|PetalBot|SeznamBot|Mediapartners-Google|Bytespider|Claude-Web|GPTBot|PerplexityBot|Applebot|Amazonbot|Meta-ExternalAgent|Meta-ExternalFetcher|FacebookBot|DuckAssistBot|Anthropic-ai) [NC]
RewriteRule ^.* - [F,L]Or does the addon "blockbot" already do this job? If not, would it make sense to include an option there?
like this
Hello !Friendica Admins
for a few days now, my database is growing by 10-15 GB per day. If this continues at this rate, I'll run out of storage space in a week.
Has anyone else observed this recently? I am on develop.
OMG. Your DB is huge! How many active users do you have? I have 183 active monthly users. My DB, the size of which was concerning to me, is tiny compared to yours.
I had a big jump between March 12th and 13th, but not much change after that.
Do you use relays?
+-----------------------------+-----------+
| Table | Size (MB) |
+-----------------------------+-----------+
| post-user | 29878.48 |
| post-content | 19003.97 |
| item-uri | 12799.42 |
| contact | 7692.91 |
| post-media | 6125.52 |
| apcontact | 5773.69 |
| post-searchindex | 5591.05 |
| post | 5423.69 |
| post-thread-user | 5178.36 |
| contact-relation | 2944.30 |
| photo | 2893.56 |
| post-tag | 2528.31 |
| parsed_url | 992.78 |
worker [ERROR]: DB Error {"code":1205,"error":"Lock wait timeout exceeded; try restarting transaction","params":"DELETE FROM `post-user` WHERE (`uid` = XXXX)","worker_id":"dc8312b","worker_cmd":"ExpireAndRemoveUsers"}...I will try to mitigate this by setting the
transaction-isolation to READ-COMMITTED and the innodb_lock_wait_timeout to 120 seconds.
SPAM ?
Was ist streamers.social/ für ein Server?
Ich bekomme von daher sehr merkwürdige direkt platzierte Werbeposts "Ich bin XYZ du kannst mich so und so nennen, Ich bin XXY altm, zur Zeit mache ich Dingsbums ... Folge mir, du kannst mich und hier und hier finden"
Der Server selbst zeigt nicht, wer auf diesem Server aktiv ist, oder irgendwelche Posts.
@Friendica Admins
#Spam #Fediverse
streamers.social
Mastodon server for streamers and content creatorsMastodon hosted on streamers.social
Friendica Admins reshared this.
Friendica Admins reshared this.
!Friendica Support !Friendica Admins
This help request is somehow solved. There were serious errores in different /etc/apache2/sites-available/defaultANDdomain.conf files introduced by hand and unchecked copy/paste practices.
Still having some troubles to get this work but at least there is some progress for now.
original halp request
Hi there.Trying right now to install a new friendica instance on another domain [tupambae.com] alongside this installation [tupambae.org] here.
This ubuntu 2022.04lts was installed initially as a single instance VPS with the following tutorial (in progress):
tupambae.org /display/0ac89072-9365-5d9d-8485-599077309156
The following changes were made to transform this VPS into a domain name-based single IP virtual hosting:
tupambae.org/display/0ac89072-…
This installation process right now is documented in this post:
tupambae.org/display/0ac89072-…
This intent got stuck after executing the git pull and
bin/composer.phar install --no-dev step.A in a first visit of the domain, instead of the system requirement check list a simple list of the files and folder of the "html" directory showed up. Than the server "broke down" and both domains, the new one and this one here gave just black pages, stating that the sites weren't reachable at all.
The console printed about the apache server the following:
apache error messages
root@VPShosting:/var/www# systemctl restart apache2Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details.
--
root@VPShosting:/var/www# systemctl status apache2
× apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2025-02-26 14:20:25 UTC; 1min 18s ago
Docs: httpd.apache.org/docs/2.4/
Process: 38181 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
CPU: 20ms
Feb 26 14:20:25 tupambae.org systemd[1]: Starting The Apache HTTP Server...
Feb 26 14:20:25 tupambae.org apachectl[38184]: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 20 of /etc/apache2/sites-e>
Feb 26 14:20:25 tupambae.org apachectl[38181]: Action 'start' failed.
Feb 26 14:20:25 tupambae.org apachectl[38181]: The Apache error log may have more information.
Feb 26 14:20:25 tupambae.org systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Feb 26 14:20:25 tupambae.org systemd[1]: apache2.service: Failed with result 'exit-code'.
Feb 26 14:20:25 tupambae.org systemd[1]: Failed to start The Apache HTTP Server.
To get this instance here running again the new domain was deactivated by:
sudo a2dissite newdomain.comand restarting apache by:
systemctl restart apache2Any idea what could be the problem or where to search for resolving this?
Creating several friendica instances and other websites as sub/domains on one VPS with one IP
v.02
@Tutorial
@Friendica Developers and @Friendica Admins.#howTo change a single #friendica domain #debian #ubuntu 2022.04lts VPS #hosting setup into a single IP multi domain VPS server.
This tutorial builds on the install and/or move friendica to ubuntu 22.04 LTS VPS server howTo with the intention to change the main setup into a domain name-based virtual hosting.
The folder name in the VPS folder structure in
/var/www/for the domains can be choosen as you like, for example:
/var/www/domaincom/
All apache tutorials found in a quick search do choose the domain or subdomain name including the respective dot's like this:/var/www/domain.com/
Both options are possible for a correct working environment.
@Ⓜ3️⃣3️⃣ 🌌 pointed out that for automatization scripts it's usefull to keep that consistent and there for to use FQDN (Fully Qualified Domain Name) as part of the path.
Never the less, to keep the concepts of domain URL's and folder names seperate and to prevent the notion that the domain name syntax is mandatory we will stick with simple folder names in this #tutorial.The naming of the
.conffiles in/etc/apache2/sites-available/refer to the actual domain names and their settings. [Even tho these .conf file names also could be chosen probably at will?], as the definitions about the actual domains refereed are given inside those files, we'll stick to the real sub/domain names in this case as it's quite reasonable and logical to do so.We will address the details for a step by step change from a single VPS single IP domain hosting to a multiple name-based single IP virtual hosting in answers to this topic:
- Inicial VPS domain hosting served at:
/var/www/html/- Name-based virtual hosting domain VPS where several domains are served by one IP, leaving /html in place if a client request doesn’t match any other sites, like proposed in this digitalOcean tutorial:
/var/www/html/as fall back option/var/www/domaincom/index.html/var/www/subdomaincom/index.html/var/www/domainorg/original friendica installation/var/www/subdomainorg/index.html
Any comments hints and observations are really appreciated!
#admin #fediAdmin
reshared this
!Friendica Support !Friendica Admins
Hi there.
When upgrading friendica and executing the bin/composer.phar install --no-dev step a warning comes up that composer is out dated and that a upgrade to version 2.0 should be done:
You are using Composer 1 which is deprecated. You should upgrade to Composer 2, see blog.packagist.com/deprecating…Following the information on the given link and trying to upgrade composer on the ubuntu VPS server it looks like this is an issue of the github package of friendica as
composer self-update --2results in:Command 'composer' not found, but can be installed with:
apt install composerCan this be solved by installing composer in debian/ubuntu or does is this something that wil be solved sooner or later in the github packaging?
reshared this
like this
reshared this
Ich nutze fail2ban, um Bots und Crawler vom Server fernzuhalten. Da es aktuell ein Problem mit den Profilbildern von anderen Servern gibt, habe ich den Apache-Badbot Filter gestern testweise deaktiviert.
Das war keine gute Idee! Innerhalb von 15 Minuten wurde der Server von Bots förmlich überrannt. Der Webserver war am Limit, PHP und Datenbank erreichten die max. mögliche Anzahl von Verbindungen, die Last ging auf 130 - normal ist 7-12. Das endete mit einem Crash des Datenbankservers.
Zum Glück lief das Recovery der DB problemlos durch. Aber diese Bots und Crawler sind heutzutage echt eine Pest.
CC @Friendica Admins
like this
Friendica Admins reshared this.
Der Versuch hier mit zu lesen und etwas zu verstehen hat nicht viel gebracht ..
🙁
In wiefern hilft fail2ban bei erfolglosen login versuchen?
Was machen die bots wenn nicht die oeffentlichen Inhalte durchsuchen?
Versuchen sie Passwoerter zu erraten?
Die oeffentlichen Inhalte werden doch hier durch fail2Ban nicht geschuetzt oder wie?
Friendica Admins reshared this.
Gegen die ersteren hilft fail2ban, weil er sie im Extremfall schon nach dem ersten Versuch blocken kann, ansonsten eben nach dem zweiten, dritten - ganz wie man mag. Man will die natürlich blocken, weil das brute-force-Angriffe sind, vielleicht wäre ja der zehntausendste Versuch erfolgreich. Außerdem belastet es den Server und müllt die Logfiles zu.
die anderen, die "Abgraser" (Crawler) sind manchmal brutal in dem Sinne, daß sie versuchen, in kürzester Zeit den Server abzugrasen. Da kann ein Webserver schnell in die Knie gehen.
Und dann noch die KI-Crawler, die Futter für ihre Sprachmodelle benötigen, um damit Geld zu verdienen. Manche Betreiber von Webseiten sehen nicht ein, daß sie dies KI-Maschinen für lau befüttern sollen.
utopiArte likes this.
Friendica Admins reshared this.
Error 500 with one Lemmy group, then gone
!Friendica Admins Just a note about an odd behavior on my instance (2024.12), I used to browse the Lemmy group programming.dev/c/programmer_h…. Then out of nowhere it provoke error 500, even after a full instance restart.
app [ALERT]: Fatal Error (E_ERROR): Allowed memory size of 536870912 bytes exhausted (tried to allocate 8192 bytes) {"code":1,"message":"Allowed memory size
of 536870912 bytes exhausted (tried to allocate 8192 bytes)","file":"/var/www/html/src/Content/Conversation.php","line":976,"trace":null} - {"file":null,"line":null,"function":
null,"request-id":"67b9a0b78b4fb","stack":"ErrorHandler::handleFatalError","uid":"b72782","process_id":45}
I unsubscribed and subscribed to the group: error is gone 🤷♂️
Tek aEvl likes this.
Tek aEvl likes this.
Creating several friendica instances and other websites as sub/domains on one VPS with one IP
v.02
@Tutorial
@Friendica Developers and @Friendica Admins.
#howTo change a single #friendica domain #debian #ubuntu 2022.04lts VPS #hosting setup into a single IP multi domain VPS server.
This tutorial builds on the install and/or move friendica to ubuntu 22.04 LTS VPS server howTo with the intention to change the main setup into a domain name-based virtual hosting.
The folder name in the VPS folder structure in /var/www/for the domains can be choosen as you like, for example:
/var/www/domaincom/
All apache tutorials found in a quick search do choose the domain or subdomain name including the respective dot's like this:/var/www/domain.com/
Both options are possible for a correct working environment.
@Ⓜ3️⃣3️⃣ 🌌 pointed out that for automatization scripts it's usefull to keep that consistent and there for to use FQDN (Fully Qualified Domain Name) as part of the path.
Never the less, to keep the concepts of domain URL's and folder names seperate and to prevent the notion that the domain name syntax is mandatory we will stick with simple folder names in this #tutorial.
The naming of the .conf files in /etc/apache2/sites-available/ refer to the actual domain names and their settings. [Even tho these .conf file names also could be chosen probably at will?], as the definitions about the actual domains refereed are given inside those files, we'll stick to the real sub/domain names in this case as it's quite reasonable and logical to do so.
We will address the details for a step by step change from a single VPS single IP domain hosting to a multiple name-based single IP virtual hosting in answers to this topic:
- Inicial VPS domain hosting served at:
/var/www/html/ - Name-based virtual hosting domain VPS where several domains are served by one IP, leaving /html in place if a client request doesn’t match any other sites, like proposed in this digitalOcean tutorial:
/var/www/html/as fall back option/var/www/domaincom/index.html/var/www/subdomaincom/index.html/var/www/domainorg/original friendica installation/var/www/subdomainorg/index.html
Any comments hints and observations are really appreciated!
#admin #fediAdmin
v.0x Creating several friendica instances as sub/domains on one VPS with one IP
backup thread for previous versions of this howTo
Tek aEvl likes this.
reshared this
<VirtualHost _default_:80>
<VirtualHost _default_:443>
However, please note this will only work with plain HTTP connections, not with HTTPS (HTTP over SSL): name-based virtual hosts rely on knowing what name is being requested, but this information can't be known by Apache until the encrypted SSL connection is established.
serverfault.com/questions/4353…Looks like the conflict as of now is around the SSL settings and port 443.
Apparently it's the one reserved and dedicated for SSL connections and the respective settings and configuration.root@VPShosting:/etc/apache2/sites-enabled# ls -l000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
cast.domain.org.conf -> ../sites-available/cast.tupambae.org.conf
domain.org.conf -> ../sites-available/tupambae.org.conf
The revision of:
nano /etc/apache2/apache2.conf
didn't result in mayor relevant settings or settings that had been modified.
It basically add's/etc/apache2/conf-enabledand/etc/apache2/sites-enabledas sources for the effective active configuration in place.Looks like averything boils down to
000-default-le-ssl.confwhich was (probably) created when installing certbot let's encrypt SSL in the inicial LAMP instalation.Also in the orginal installation of this server 000-default-le-ssl.conf was mentioned and modified.
It all looks like the content of
000-default-le-ssl.confshould be basically ported entirely to the filedomain.org.confchanging the port of that file to 443 and to than decativate000-default-le-ssl.confby executing:
a2dissite 000-default-le-ssl.confA last question that comes up now is with respect to SSL connections for subdomains of domain.org. If those are already included in the issued let's encrypt SSL certificate or if there have to be made changes to that inicial cert instalation.
Also there will have to be a new SSL cert for eventuell new domain.com sites installed on this VPShosting server.
reshared this
Solved as follows:
The SSL let's encrypt cert is created out of the http file of the given domain or subdomain:/etc/apache2/sites-available/domain.org.conf
standard domain.org.conf
<VirtualHost *:80>
ServerAdmin admin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
# AllowOverride is specifically added for the friendica server
<Directory /var/www/domainorg>
AllowOverride All
</Directory>
# AllowOverride is specifically added for the friendica server
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
</VirtualHost>
The SSL domain reference file created from the http filename get's added by default -le-ssl to the existing domain.org.conf name. The port for SSL connections is 443 while the standard http connection is over port 80.
domain.org-le-ssl.conf
This is the content of the file created for a multi domain VPS server. This contenet matches the content that was in the original 000-default-le-ssl.conf file of the single domain VPS setup, created by the certbot routine. The SSL certificate is supposed to be updated automatically every year. For now it is not clear if the changes made will be affected negatively by that automatic SSL cert update.<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
# AllowOverride is specifically added for the friendica server
<Directory /var/www/domainorg>
AllowOverride All
</Directory>
# AllowOverride is specifically added for the friendica server
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>
</IfModule>activating and deactivating .conf fles
To make the changes come into effect the new conf file has to be activated, the old one that shouldn't apply anymore should be deactivated and the apache server itself has to be reloaded or to be restarted:rootname@VPShosting:~# a2ensite domain.org
rootname@VPShosting:~# a2ensite domain.org-le-ssl.conf
rootname@VPShosting:~# a2dissite 000-default.conf
rootname@VPShosting:~# a2dissite 000-default-le-ssl.conf
rootname@VPShosting:~# systemctl restart apache2
Reloading the site took a while longer than nomal, indicating that new background tasks where happening.
testing the new folder structure
and if site configuration was actually in place.Renaming the index file of the old /html folder.
Reloading the site did still work so the old /html folder structure wasn't active anymore.
Renaming the entire old /html folder structure taking it out of access completely.
Creating a new /html folder.
Creating a new html. index file in /var/www/html.
rootname@VPShosting:~# mv /var/www/html/index.php /var/www/html/index_old.php
rootname@VPShosting:~# mv /var/www/html/ /var/www/html_old/
rootname@VPShosting:~# mkdir /var/www/html/
rootname@VPShosting:~# nano /var/www/html/index.html
<html>
<title>name-based virtual hosting setup</title>
<h1>Welcome to the /html/ index.html fall back file.</h1>
<p>This is a test file for a name-based virtual hosting setup</p>
</html>Next steps:
Installing a SSL cert for subdomain.org.
Installing a subdomain test site.
Installing a new friendica domain.com site from scratch.
reshared this
Schießt man sich ein Loch ins Knie, wenn man den Zugriff auf https://$INSTANZ/api/v1/instance unterbindet?
Ich finde den Endpunkt etwas geschwätzig (ja, ich weiß, daß das in der Vergangenheit diskutiert wurde)
Speicherbedarf?
Im Log stolpere ich über:
2025-02-19T15:54:41Z app [ALERT]: Fatal Error (E_ERROR): Allowed memory size of 536870912 bytes exhausted (tried to allocate 57344 bytes) {"code":1,"message":"Allowed memory size of 536870912 bytes exhausted (tried to allocate 57344 bytes)","file":"/var/www/html/src/Object/Image.php","line":224,"trace":null} - {"file":null,"line":null,"function":null,"request-id":"67b5febd308a9","stack":"ErrorHandler::handleFatalError","uid":"a7c049","process_id":724585}Sollten 512 MB wirklich nicht reichen, um ein Bild zu erzeugen?
worker arbeitet nicht bei "hohem" Load?
Docker-Umgebung, aber das sollte egal sein.
Auf dem Host läuftein längere, rechenaufwendiger Prozeß (mehrere Tage) /admin/ erzählt mir, daß der letzte Worker vor mehr als einer Stunde lief. Ich kann php bin/worker.php mit der Hand aufrufen, es gibt keine Fehlermeldung, aber scheinbar auch keinen Erfolg. Durch suspenden des "bösen" Prozesses (der übrigens mit einer niceness von 19 läuft, also niedrigste Priorität), löst sich das Problem nach vielleicht 10, 15 Minuten.
Der Load ist so um die 40, bei 10 Prozessoren wären die also mit einem Load von 10 saturiert. Warum der Load so hoch ist, verstehe ich nicht, dafür gibts ja nice.
Was kann ich da tun, wenn überhaupt?
Dieter Fröhling likes this.
Ich hab' gar nichts mit .cf:
root@ba97c08c62f7:/var/www/html# find / -name \*.cf 2>/dev/null
root@ba97c08c62f7:/var/www/html#
@Rainer "friendica" Sokoll
Ich hatte gesehen, dass du diese Server nicht gesperrt hast:
*.activitypub-troll.cf
*.misskey-forkbomb.cf
*.activitypub-proxy.cfDaher meine Vermutung, dass es daran liegen könnte.
Ich hatte bislang nicht den Bedarf, irgendjemanden oder gar eine gesamte Instanz zu blockieren.
Der Load kommt nicht von Friendica, sondern von einem
ffmpegMatthias likes this.
@Rainer "friendica" Sokoll @Matthias
root@ba97c08c62f7:/var/www/html# find / -name \*.cf 2>/dev/null
Was soll das denn aussagen, ausser, das Du zumindest Postfix nicht installiert hast
Die können doch in Deiner Blockierliste sein, ohne dass es dazu Dateien auf der Platte gibt.
*.cf sich auf Konfig-Dateien bezöge, gemeint ist aber die TLD der Zentralafrikanischen Rpublik.
@Friendica Support @Friendica Admins
Moin Leute, kann mir mal einer sagen, was hier wieder los ist ? Was analysiert die Friendica Directory nur wieder ? Oder besser nicht ?
Gestern stand das noch auf "95" ganz vorne dran.
Malte Friendica likes this.
reshared this
reshared this
Leider wird der Grund der Änderung unbekannt bleiben, bis git.friendi.ca/friendica/frien… umgesetzt ist.
Die Zahlen werden nicht nach Zufall generiert. Aber wenn der Grund für die Änderung nicht dokumentiert wird, ist das klarerweise suboptimal.
reshared this
PHP-FPM Just In Time compiler benchmarks ON / OFF
!Friendica Admins Hello there,
(New publication attempt from another instance, sorry if you see double posts)
Is it an overlooked optimization setting because of its recent appearance in php-8 branch ? or is there a reason to have the global JIT compiler disable by default ?
I looked into closed github issues, without real clues 🤔
Anyway, adding a couple of lines enable the Just In Time compiler for better performance. Just saying 😉
diff -u /usr/local/etc/php/conf.d/opcache-recommended.ini.old /usr/local/etc/php/conf.d/opcache-recommended.ini
--- /usr/local/etc/php/conf.d/opcache-recommended.ini.old 2025-02-04 19:55:44.000000000 +0000
+++ /usr/local/etc/php/conf.d/opcache-recommended.ini 2025-02-06 06:49:21.263016902 +0000
@@ -4,3 +4,5 @@
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidte_freq=1
+opcache.jit_buffer_size=128M
+opcache.jit=tracing
like this
Yes, I remember, yet I wonder how many admins know about this setting.
And if Friendica's docker images should enable it by default.
It's not about adding a feature to Friendica's admin panel, more like having better (best?) default settings under the hood.
Anyway maybe nobody need more speed, provided servers hosting Friendica instances have enough computing power, or not enough active users to need optimization.
Hypolite Petovan likes this.
Queue, Delays and the Decoupled Receiver setting
Hello !Friendica Admins
I've had quite a high load on my server for a few weeks now. This has repeatedly led to the delivery queue becoming extremely long (up to 100k queued jobs) and remaining so. Above all, it was full of “ProcessQueue” jobs. This led to delivery delays of up to 24 hours.
Then I accidentally deactivated the worker setting “Decoupled Receiver”. Since then, the queue went down very quickly and the delivery of posts and comments is very fast again.
Tek aEvl likes this.
What's a reasonable number for "Worker fetch limit"?
My queue is currently at 800+K, mostly updating contacts.
Tek aEvl likes this.
The worker settings are heavily dependent on the hardware and performance of the server. It is nearly impossible to give a general advise w/o knowing the hardware, server software and number of active users and so on.
The worker fetch limit influences how many jobs are fetched in a single query. A low setting means that the query on the database is very fast but there are a lot of them. A high setting means the queries are slower but there are fewer of them. What is better for the over-all delivery performance depends on how your database server can handle the different kind of requests.
For example: My server works best with a very low value for worker fetch limit. I have it on 2. Higher values are degrading the performance. But - as I said - this can be very different on your hardware.
The only way to get a good setting ist to watch the "jobs per minute" (jpm) over a longer period of time in Friendica's log on log level debug.
like this
My queues are always caught up now. I have 300 active users. I don't know if these are the best settings for me (used trial and error to get them), but I'm using 64 parallel workers with a fetch limit of 15 per worker.
I had a backlog a few weeks ago of about 78000 process queue items. I scaled up from regular Intel CPUs to premium AMD CPUs (8 vCPU) and was then processing about 125,000 jobs per hour and cleared the queue in a few hours.
I hope this gives you some useful metrics.
like this
Nice. How to leave #X / #Twitter and #Instagram? In the edition of tomorrow‘s newspaper Augsburger Allgemeine offers valuable tips and highlights alternatives in the #Fediverse, such as #Mastodon and #Pixelfed.
A must-read especially for @Gargron from @Mastodon and @dansup from @pixelfed
📖 Read more here in german language: augsburger-allgemeine.de/geld-…
#SocialMedia #Privacy #Alternatives #Mastodon #Pixelfed #Fediverse
Social-Media-Alternativen: Bluesky, Signal & Co: Neustart ohne X und Meta
Sie hadern mit Elon Musks Kurznachrichtendienst X und sind auch nicht mehr glücklich mit all dem, was Mark Zuckerbergs Meta-Konzern anbietet? Kein Problem. Es gibt Alternativen.Von Dirk Averesch, dpa (Augsburger Allgemeine)
TupambAdminOrg [2024.03] likes this.
reshared this
Yes. And we need to move to non US based fediverse platforms like Mastadon After all 95%+ of us don't live in the US
reshared this
@Horst Thieme this is a dedicated Friendica Admin forum for addressing practical issues of running a Friendica node!
PLEASE don't misuse this space as a news reply. Thanks
reshared this
Unable to add relay
can’t seem to add any relays, for example:
$ bin/console relay add relay.mycrowd.ca/actor
relay.mycrowd.ca/actor couldn't be added
This is happening for every relay I’ve tried. Has anyone seen this before?
Feel free to use the Frio Theme Template.
They are based on the style templates from @Kristi H.
Since the original is still WIP in various places, I have completed them further in this version.
like this
reshared this
Pending users has at least 100 entries
FYI #fediverse
I just spent 3 hours cleaning my #Friendica #databse, I got flooded by activitypub-trollcf and well lets just say that was not fun. !Friendica Admins !Friendica Developers !Friendica Support be safe #Fedi.Tips
sql
CREATE TABLE blocklist (
id INT AUTO_INCREMENT PRIMARY KEY,
domain VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
UPDATE `gserver` SET `blocked` = TRUE WHERE `url` LIKE '%activitypub-troll.cf%';
DELETE FROM `workerqueue` WHERE `parameter` LIKE '%activitypub-troll.cf%';
DELIMITER $$
CREATE TRIGGER before_insert_workerqueue
BEFORE INSERT ON `workerqueue`
FOR EACH ROW
BEGIN
IF NEW.parameter LIKE '%activitypub-troll.cf%' THEN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'Insert of activitypub-troll.cf is not allowed';
END IF;
END$$
DELIMITER ;
DELETE FROM `workerqueue` WHERE `done` = 1;
DELETE FROM `workerqueue` WHERE `done` = 0;
htasccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} activitypub-troll\.cf
[NC]RewriteCond %{REMOTE_HOST} activitypub-troll\.cf
[NC]RewriteCond %{HTTP_USER_AGENT} activitypub-troll\.cf
[NC]RewriteRule .* -
[F]</IfModule>
like this
reshared this
like this
reshared this
The real problem is that we might end up with positive connection lists instead of negative listing of servers.
I guess we all start to think about how tor create some kind of fediWeb of trust where we mutually confirm and integrate servers into our permitted server lists. Even maybe some kind of rules set for new servers restricting their access and bumping some allow request to the server admin for a domain and/or IP?
🤔
Where are the main problems for us as friendicans?
(Forum) profile pages that allow automatic following and any kind of automatic manually unapproved connections?
Well no, as interaction with public posts always is possible, some kinda emergency beak for spamming would be needed.
pasjrwoctx👽 likes this.
reshared this
Go to /moderation/blocklist/server and enter *.activitypub-troll.cf in ‘Add new blocklist entry’. Then click ‘Check pattern’.
In the new window that opens, click ‘Remove server’ and, if you wish, enter a reason. Finally, click ‘Add pattern to blocklist’.
Then *.activitypub-troll.cf and all its subdomains will be blocked.
Once that's done, you just have to delete the corresponding entries from the database.
mysql -u [user_name] -p[password] [database_name]
SELECT COUNT(*) FROM gserver where nurl LIKE ‘%.activitypub-troll.cf’;
DELETE from gserver where nurl LIKE ‘%.activitypub-troll.cf’ LIMIT 1000000;
OPTIMIZE TABLE gserver;
EXIT;like this
reshared this
@OldKid ⁂ @pasjrwoctx
My friendica database is 15 GB , I tried to follow your advice but i have error
sudo mysqluse myfriendicadb;SELECT COUNT(*) FROM gserver where nurl LIKE ‘%.activitypub-troll.cf’;
ErrorERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '-troll.cf’' at line 1
reshared this
I solved it, it was a problem when I did the copy and paste, it didn't copy the correct formatting my database has shrunk by 600MB 😅 , thanks
reshared this
FYI #fediverse
I just spent 3 hours cleaning my #Friendica #databse, I got flooded by activitypub-trollcf and well lets just say that was not fun. !Friendica Admins !Friendica Developers !Friendica Support be safe #Fedi.Tips
sql
CREATE TABLE blocklist (
id INT AUTO_INCREMENT PRIMARY KEY,
domain VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
UPDATE `gserver` SET `blocked` = TRUE WHERE `url` LIKE '%activitypub-troll.cf%';
DELETE FROM `workerqueue` WHERE `parameter` LIKE '%activitypub-troll.cf%';
DELIMITER $$
CREATE TRIGGER before_insert_workerqueue
BEFORE INSERT ON `workerqueue`
FOR EACH ROW
BEGIN
IF NEW.parameter LIKE '%activitypub-troll.cf%' THEN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'Insert of activitypub-troll.cf is not allowed';
END IF;
END$$
DELIMITER ;
DELETE FROM `workerqueue` WHERE `done` = 1;
DELETE FROM `workerqueue` WHERE `done` = 0;
htasccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} activitypub-troll\.cf
[NC]RewriteCond %{REMOTE_HOST} activitypub-troll\.cf
[NC]RewriteCond %{HTTP_USER_AGENT} activitypub-troll\.cf
[NC]RewriteRule .* -
[F]</IfModule>
reshared this
like this
reshared this
Not sure if they are still a thing, but you might wanna add:
- *.misskey-forkbomb.cf
- *.activitypub-proxy.cf
as well. They also were used to spam the Fediverse back than.
Hypolite Petovan likes this.
reshared this
FYI #fediverse
I just spent 3 hours cleaning my #Friendica #databse, I got flooded by activitypub-trollcf and well lets just say that was not fun. !Friendica Admins !Friendica Developers !Friendica Support be safe #Fedi.Tips
sql
CREATE TABLE blocklist (
id INT AUTO_INCREMENT PRIMARY KEY,
domain VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
UPDATE `gserver` SET `blocked` = TRUE WHERE `url` LIKE '%activitypub-troll.cf%';
DELETE FROM `workerqueue` WHERE `parameter` LIKE '%activitypub-troll.cf%';
DELIMITER $$
CREATE TRIGGER before_insert_workerqueue
BEFORE INSERT ON `workerqueue`
FOR EACH ROW
BEGIN
IF NEW.parameter LIKE '%activitypub-troll.cf%' THEN
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'Insert of activitypub-troll.cf is not allowed';
END IF;
END$$
DELIMITER ;
DELETE FROM `workerqueue` WHERE `done` = 1;
DELETE FROM `workerqueue` WHERE `done` = 0;
htasccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} activitypub-troll\.cf
[NC]RewriteCond %{REMOTE_HOST} activitypub-troll\.cf
[NC]RewriteCond %{HTTP_USER_AGENT} activitypub-troll\.cf
[NC]RewriteRule .* -
[F]</IfModule>
reshared this
Matthias
in reply to Sascha 😈 ⁂ (Fediverse) • • •Die Adminrechte werden über die e-Mail Adresse ausgelöst, die in der Config hinterlegt ist.
Verwende für weitere Konten eine andere e-Mail. Dann sind es normale User.
hoergen
in reply to Matthias • • •Michael 🇺🇦
in reply to hoergen • • •hoergen
in reply to Michael 🇺🇦 • • •Michael 🇺🇦
in reply to hoergen • • •hoergen
in reply to Michael 🇺🇦 • • •Matthias
in reply to hoergen • • •klar stimmt was ich schreibe. Du kannst es jederzeit selbst verifizieren, in dem du die e-Mail Adresse in der Config abänderst.
@Michael 🇺🇦
hoergen
in reply to Matthias • • •Sascha 😈 ⁂ (Fediverse)
in reply to Matthias • • •Matthias likes this.