Installation Guide: Ubuntu 25.04

[FiendKing04]

SECTION 11 — Federation Checklist

Overview

With Friendica installed and post‑installation tasks completed, the final step is verifying that your node is properly federating with the wider Fediverse. This section provides a structured, step‑by‑step checklist to confirm that:

• Your node can discover remote profiles.
• Your node can send and receive posts.
• Your worker/cron system is functioning.
• Your NodeInfo and WebFinger endpoints are correct.
• Your HTTPS configuration is valid.
• Your DNS records are correct.
• Your queues are processing normally.

This checklist ensures your Friendica instance is fully operational and visible to the rest of the network.


Verify HTTPS and Base URL

• Friendica federation requires:
• Valid HTTPS
• Correct Base URL
• No redirects that break signature validation

Check Base URL

Admin Panel → Site → General

Ensure:

• Base URL: https://friendica.domain.tld
• No trailing slash
• Matches your certificate’s CN/SAN exactly

Check HTTPS

Run:

Code: Select all

curl -I https://friendica.domain.tld

You should see:

• HTTP/2 200
• Valid certificate chain
• No mixed‑content warnings

If HTTPS is broken, federation will fail.


Verify WebFinger

WebFinger is required for remote discovery.

Test it:

Code: Select all

curl https://friendica.domain.tld/.well-known/webfinger?resource=acct:username@friendica.domain.tld

You should see JSON containing:

Code: Select all

"subject": "acct:username@friendica.domain.tld"

• "links" including "self" and "profile-page"

If this fails:

• Check Apache rewrite rules
• Ensure .htaccess is enabled
• Ensure AllowOverride All is set

Verify NodeInfo

NodeInfo tells other servers what your node supports.

Visit:

https://friendica.domain.tld/nodeinfo/2.0

You should see JSON with:

Code: Select all

"software": { "name": "friendica" }

• "protocols" including "activitypub"
• "usage" statistics

If this endpoint is missing or blank:

• Check PHP errors
• Check file permissions
• Ensure the worker is running

Verify the Worker / Cron System

Friendica federation depends on background workers.


Check worker status

Admin Panel → Summary → Background Tasks

You should see:

• Tasks running every few minutes
• No long‑stalled tasks
• No growing backlog

Check cron

If you used the recommended cron entry:

Code: Select all

*/10 * * * * php /var/www/communication/social/friendica/bin/console.php cron

Verify it’s installed:

Code: Select all

sudo -u www-data crontab -l

If the worker is not running, federation will not function.


Test Remote Profile Discovery

Search for a known remote account:

• Mastodon: @Gargron@mastodon.social
• Friendica: @admin@libranet.de
• Pleroma/Akkoma: @lain@lain.com

If discovery works:

• The profile loads
• Avatar and metadata appear
• You can follow the account

If discovery fails:

• Check WebFinger
• Check NodeInfo
• Check DNS
• Check HTTPS

6. Test Outbound Federation
Create a test post on your Friendica account.

Then check:

• Does it appear on a remote Mastodon account?
• Does it appear on a remote Friendica account?
• Does it appear on a Pleroma/Akkoma account?

If outbound federation fails:

• Check worker logs
• Check queue status
• Check your domain’s DNS
• Ensure no firewall blocks outbound traffic

Test Inbound Federation

From a remote account:

• Follow your Friendica account
• Send it a reply
• Boost/reshare one of its posts

If inbound federation fails:

• Check Apache logs
• Check PHP‑FPM logs
• Check worker queue
• Ensure your server is reachable from the internet

Check the Queue

Admin Panel → Summary → Queue

You should see:

• Items being processed regularly.
• No massive backlog.
• No stuck items

A constantly growing queue indicates:

• Worker failure.
• DNS issues.
• Remote server timeouts.
• Misconfigured Base URL

Check Logs (Optional but Recommended)

Friendica log

Code: Select all

tail -f /var/www/communication/social/friendica/friendica.log

Apache error log

Code: Select all

sudo tail -f /var/log/apache2/error.log

PHP‑FPM log

Code: Select all

sudo journalctl -u php8.4-fpm

Look for:

• Signature validation errors
• HTTPS issues
• Worker failures
• Database errors

Confirm Your Node Appears in the Fediverse

Use a remote instance to search for your account:

• Mastodon search
• Friendica search
• Pleroma/Akkoma search

If your profile appears and loads correctly, federation is working.


Next Steps

With federation verified, continue to:

SECTION 12 — Maintenance & Updates

This section covers:

• Updating Friendica
• Updating addons
• Backups
• Log rotation
• Cron maintenance
• Certificate renewal
• Long‑term instance health

[FiendKing04]

SECTION 12 — Maintenance & Updates

Overview

With your Friendica instance installed, configured, and federating, the final step is establishing a reliable maintenance routine. This section covers:

• Updating Friendica and addons
• Backing up your data
• Managing logs
• Renewing TLS certificates
• Maintaining cron and worker health
• Monitoring system performance
• Long‑term instance care

These tasks ensure your node remains stable, secure, and fully functional over time.

Updating Friendica

Friendica updates are released regularly, including:

• Security patches
• Federation improvements
• Performance enhancements
• Bug fixes

Updating is straightforward.

Put the site into maintenance mode (optional)

Admin Panel → Site → General → Maintenance Mode

This prevents user activity during updates.

Update Friendica

Navigate to your Friendica directory:

Code: Select all

cd /var/www/communication/social/friendica

Pull the latest stable release:

Code: Select all

sudo -u www-data git pull

Update dependencies:

Code: Select all

sudo -u www-data bin/composer.phar install --no-dev

Run database migrations:

Code: Select all

sudo -u www-data bin/console.php dbstructure update

Update Addons

Code: Select all

cd /var/www/communication/social/friendica/addon
sudo -u www-data git pull

Some addons may require additional configuration after updates.


Clear Cache (Recommended)

Code: Select all

sudo -u www-data bin/console.php cache clear

Backups

A proper backup strategy includes:

• Database
• Friendica directory
• Configuration files
• TLS certificates (optional but recommended)

Database Backup

Code: Select all

mysqldump -u root -p friendica > /root/backups/friendica-$(date +%F).sql

Friendica Directory Backup

Code: Select all

tar -czf /root/backups/friendica-files-$(date +%F).tar.gz /var/www/communication/social/friendica

TLS Certificate Backup (Optional)

Code: Select all

cp -r /etc/letsencrypt /root/backups/letsencrypt-$(date +%F)

Automate backups with cron or systemd timers if desired.


Log Rotation

Friendica logs can grow over time.

Friendica Log

Code: Select all

/var/www/communication/social/friendica/friendica.log

Apache Logs

Code: Select all

/var/log/apache2/error.log
/var/log/apache2/access.log

PHP‑FPM Logs

Code: Select all

journalctl -u php8.4-fpm

Use logrotate to manage long‑term log size.


TLS Certificate Renewal

Let’s Encrypt certificates renew automatically via Certbot.

Verify renewal:

Code: Select all

sudo certbot renew --dry-run

If this fails:

• Check Apache vHost paths
• Ensure HTTP port 80 is reachable
• Ensure .well-known/acme-challenge is not blocked

Cron & Worker Health
Your worker is the heart of federation.

Check cron

Code: Select all

sudo -u www-data crontab -l

Ensure the entry exists:

Code: Select all

*/10 * * * * php /var/www/communication/social/friendica/bin/console.php cron

Check worker status

Admin Panel → Summary → Background Tasks

Look for:

• Regular task execution.
• No long‑stalled tasks.
• No growing queue.

Monitoring System Performance

Friendica benefits from periodic system checks.

Check disk space

Code: Select all

df -h

Check memory usage

Code: Select all

free -h

Check MariaDB health

Code: Select all

sudo systemctl status mariadb

Check PHP‑FPM

Code: Select all

sudo journalctl -u php8.4-fpm

Friendica Version Check

Admin Panel → Summary → System Overview

This page shows:

• Installed version
• Available updates
• Database schema status
• Worker status

Check it periodically.


Long‑Term Instance Health

To keep your node healthy:

• Update Friendica monthly.
• Check federation status occasionally.
• Monitor logs for errors.
• Ensure cron is running.
• Keep your OS updated.
• Renew certificates automatically.
• Back up regularly.

Friendica is low‑maintenance once configured — most issues arise only when updates or cron jobs are neglected.


Next Steps

Your Friendica instance is now:

• Installed
• Configured
• Federating
• Maintained

You’ve completed the full lifecycle guide.

[FiendKing04]

SECTION 13 — Troubleshooting Appendix
Overview
This appendix provides solutions to the most common issues encountered during installation, configuration, and federation. It is organized by symptom, making it easy to quickly identify and resolve problems.

Friendica Shows a Blank Page
Common Causes
Missing PHP modules

PHP‑FPM fatal error

Incorrect PHP‑FPM socket path

File permissions incorrect

Check Logs
Code
sudo journalctl -u php8.4-fpm
sudo tail -f /var/log/apache2/error.log
Fixes
Install missing modules (especially php8.4-intl, php8.4-mbstring, php8.4-xml)

Correct the PHP‑FPM socket path in Apache

Ensure Friendica directory is owned by www-data

Installer Cannot Write local.config.php
Fix Permissions
Code
sudo chown -R www-data:www-data /var/www/communication/social/friendica/config
sudo chmod 755 /var/www/communication/social/friendica/config
If still failing, create the file manually and paste the installer output.

WebFinger Fails
Symptoms
Remote servers cannot find your profile

Following fails

Discovery fails

Check
Code
curl https://friendica.domain.tld/.well-know ... domain.tld
Fixes
Ensure .htaccess is enabled

Ensure AllowOverride All is set

Ensure HTTPS is valid

Ensure Base URL is correct

NodeInfo Fails
Symptoms
Remote servers cannot detect your capabilities

Federation partially works

Fixes
Check PHP errors

Ensure worker is running

Ensure no missing dependencies

Worker Not Running
Symptoms
Queue grows endlessly

No inbound or outbound federation

Posts stuck in delivery

Fix
Verify cron:

Code
sudo -u www-data crontab -l
Ensure:

Code
*/10 * * * * php /var/www/communication/social/friendica/bin/console.php cron
HTTPS Redirect Loops
Causes
Incorrect Apache vHost ordering

Duplicate redirects

Misconfigured Base URL

Fix
Ensure:

HTTP vHost (port 80) exists

HTTPS vHost (port 443) exists

Only one redirect is active (Certbot’s)

Database Errors
Fix
Drop and recreate the database:

Code
DROP DATABASE friendica;
CREATE DATABASE friendica CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
Then rerun the installer.

SMTP Not Sending
Fixes
Re‑test with swaks

Check provider credentials

Check DNS (SPF, DKIM, DMARC)

Check mail logs

Slow Performance
Fixes
Enable Redis caching

Enable worker daemon mode

Increase PHP memory limit

Ensure MariaDB has enough RAM

Friendica Log Too Large
Rotate or clear:

Code
sudo truncate -s 0 /var/www/communication/social/friendica/friendica.log

[FiendKing04]

SECTION 14 — Hardening & Security
Overview
This section provides recommended security practices to protect your Friendica instance, server, and user data.

1. Enforce HTTPS Everywhere
Ensure HSTS is enabled in the HTTPS vHost:

Code
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
2. Disable Unused Apache Modules
Code
sudo a2dismod autoindex status negotiation
sudo systemctl reload apache2
3. Restrict File Permissions
Code
sudo chown -R www-data:www-data /var/www/communication/social/friendica
sudo find /var/www/communication/social/friendica -type d -exec chmod 755 {} \;
sudo find /var/www/communication/social/friendica -type f -exec chmod 644 {} \;
4. Protect the Admin Panel
Enable admin-only access:

Admin Panel → Site → Access Control

Restrict admin panel to your IP (optional)

Enable rate limiting

5. Harden PHP
Edit /etc/php/8.4/fpm/php.ini:

Code
expose_php = Off
display_errors = Off
log_errors = On
Restart:

Code
sudo systemctl restart php8.4-fpm
6. Harden MariaDB
Code
sudo mysql_secure_installation
Enable:

Strong root password

Remove test DB

Remove anonymous users

Disable remote root login

7. Firewall Configuration
Allow only required ports:

Code
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
8. Fail2Ban (Optional)
Protect against brute‑force attacks:

Code
sudo apt install fail2ban
9. Keep System Updated
Code
sudo apt update && sudo apt upgrade -y

[FiendKing04]

SECTION 15 — Optional Addons & Integrations
Overview
Friendica supports a wide range of addons and integrations that extend functionality, improve usability, and enhance federation.

This section highlights the most useful optional components.

1. Themes
Frio (default)
Modern, responsive theme with mobile support.

Vier
Classic Friendica look.

Quattro
Lightweight, minimal theme.

Enable themes:

Admin Panel → Addons → Themes

2. Addons
Markdown
Enables Markdown formatting.

NotifyAll
Allows admin to broadcast messages to all users.

OpenStreetMap
Adds map support to posts and profiles.

Diaspora
Enables Diaspora federation (optional).

Twitter / Tumblr / Pump.io
Legacy integrations — use only if needed.

3. External Integrations
RSS/Atom Feeds
Friendica can import external feeds into your timeline.

Admin Panel → Addons → RSS

LDAP Authentication
Integrate with an LDAP directory for user login.

S3 / Object Storage
Store media on:

MinIO

Wasabi

Backblaze B2

AWS S3

4. Mobile Apps
While Friendica does not have an official mobile app, users can access it via:

Mobile web UI (Frio)

Fedilab (partial support)

Tusky (limited ActivityPub support)

5. Backup Integrations
Use external tools like:

BorgBackup

Restic

Duplicati

To automate Friendica backups.

6. Monitoring Integrations
Optional tools:

Netdata

Prometheus + Node Exporter

Grafana

These help track performance and federation health.