Friendica is a distributed social network server that can be used to implement decentralized social media services. It can be considered a part of the ‘Fediverse’ (the ensemble of interconnected servers used for social networking, microblogging, etc., that can communicate with each other while being independently operated). Friendica is the best among all the free and open source applications of the ‘Fediverse’ because of its well-thought structure, features and programming language (PHP). It’s the only decentralized social network software capable to take on the fight with Facebook. You can’t fight an enemy like Facebook using a mediocre programming language, like other popular decentralized social network platforms do.
Friendica allows real control, autonomy and freedom in the social media sphere. If you want to remain in control of your data when using social media, you can install your own Friendica server and decide who will be able to register, what you will do with the stored data, etc.
Friendica was added to RED SCARF Suite not only because today social media is part of the digital life of so many people, but also because many businesses use social media as a tool to make their products and services known. By including Friendica in this software suite, we proved that even the seemingly inevitable Facebook, Instagram or Twitter social media marketing, can be in fact avoided and replaced with freedom and privacy respecting alternatives that allow data sovereignty.
In order to avoid overloading the server, we recommend to install Friendica only for local use, which means that only your employees, collaborators, etc., (around 50 people) will be able to register and use the Friendica server also called a ‘node’. The general public will be able to view the profiles and posts on the server but they won’t be allowed to register. Nevertheless, the registered users will be able to connect to users of other Friendica servers and even to users of different platforms from the ‘Fediverse’, like: Diaspora, Mastodon, GNU social, Red, Hubzilla, StatusNet, Pleroma, Socialhome, Pump.io, GangGo, etc. In principle, Friendica can communicate with any applications using the ActivityPub, OStatus or Diaspora protocols. Full interaction with Twitter is also possible.
First navigate to /var/www and create a directory called friendica.example.com, where example.com is a domain that you choose so as to host friendica on its subdomain, then switch to it:
cd /var/www
mkdir friendica.example.com
cd friendica.example.com
Then download the last version of the friendica-full and friendica-addons from https://github.com/friendica/friendica/releases. Here the last versions are: friendica-full-2019.09 and friendica-addons-2019.09. Download the first archive:
wget https://friendi.ca/wp-content/uploads/2019/09/friendica-full-2019.09.tar.gz
Extract the first archive:
tar xf friendica-full-2019.09.tar.gz
cd friendica-full-2019.09
mv * ../
mv .htaccess-dist ../
cd ../
rm -r friendica-full-2019.09 friendica-full-2019.09.tar.gz
Download the second archive:
wget https://github.com/friendica/friendica-addons/archive/2019.09.tar.gz
Extract the second archive:
tar xf 2019.09.tar.gz
rm 2019.09.tar.gz
Change the name of the extracted archive:
mv friendica-addons-2019.09 addon
Change ownership and permissions for the friendica.example.com directory and its subdirectories:
cd ../
chown -R www-data:www-data friendica.example.com
find /var/www/friendica.example.com -type d -exec chmod 750 {} +
find /var/www/friendica.example.com -type f -exec chmod 640 {} +Then create a MariaDB database for Friendica. Go to phpMyAdmin, log in, click on 'Databases', in the 'Create Database' box enter a name for your database (it can be simply friendica), click on 'Create'. Then click on 'Home', 'User accounts', click on 'Add user account', in the 'User name:' box enter a name for the new user (it can be friendicauser), in the 'Host name:' field enter localhost, then enter a password and re-type it. Make sure you save the database name, the database username and its password in a separate file, to use them later. Then leave everything unchecked at 'Global privileges' and click 'Go'.
Then give to the new user all the privileges (except for GRANT) on the new Friendlica database: click on 'User accounts', click on 'Edit privileges' next to the name of the new user, click on the 'Database' tab, select the name of the Friendlica database from the list of databases, then click on 'Go', then, next to 'Database-specific privileges' check 'Check all', then under 'Administration' uncheck 'GRANT', then click 'Go'.
29.1. Obtain a Let's Encrypt SSL certificate
Edit your DNS settings. Add an A entry and an AAAA entry for friendica.example.com. These entries are similar with the entries you already have for forum.example.com. It's just that instead of forum you enter friendica .
Edit the Nginx server blocks configuration file:
nano /etc/nginx/sites-enabled/0-conf
Create a new server block for friendica.example.com, by adding the following lines (replace example.com with your domain) at the bottom of the /etc/nginx/sites-enabled/0-conf file:
server {
listen 80;
listen [::]:80;
server_name friendica.example.com;
location /.well-known/acme-challenge {
root /var/www;
}
}
Restart Nginx:
systemctl restart nginx
Get a Let’s Encrypt SSL certificate for friendica.example.com by running:
certbot certonly –agree-tos –webroot -w /var/www/ -d friendica.example.com
29.2. Configure Nginx for Friendica
Then open the /etc/nginx/sites-enabled/0-conf file and replace the entire server block of friendica.example.com with the following server block, in order to allow Nginx to serve the site over SSL:
server {
listen 80;
listen [::]:80;
server_name friendica.example.com;
return 301 https://friendica.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name friendica.example.com;
root /var/www/friendica.example.com;
index index.php;
ssl_certificate /etc/letsencrypt/live/friendica.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/friendica.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/friendica.example.com/chain.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_timeout 4h;
ssl_session_cache shared:SSL:40m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security “max-age=63072000” always;
add_header X-Content-Type-Options nosniff;
location /.well-known/acme-challenge {
root /var/www;
}
location = /robots.txt {
allow all;
}
location / {
rewrite ^/(.*) /index.php?q=$uri&$args last;
}
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|svg)$ {
expires 30d;
try_files $uri /index.php?q=$uri&$args;
}
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
access_log /var/log/sites/friendica.example.com/access.log;
error_log /var/log/nginx/friendica.example.com.error.log notice;
}
Replace example.com with your actual domain name. Then create the access log directory for friendica.example.com:
mkdir /var/log/sites/friendica.example.com
Next, you need to create the .well-known/host-meta directory and set appropriate permissions:
cd /var/www/friendica.example.com
mkdir -p .well-known/host-meta
chown -R www-data:www-data .well-knownRestart Nginx:
systemctl restart nginx
29.3. Configure logrotate to rotate Friendica logs
Also, don't forget to configure logrotate to rotate the access log files for Friendica:
nano /etc/logrotate.d/nginx
Enter the following lines at the bottom of the file:
/var/log/sites/friendica.example.com/access.log {
missingok
rotate 10
compress
delaycompress
notifempty
create 0640 www-data adm
size 2M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}
Save and exit.
29.4. Run the installation
Open a browser and navigate to https://friendica.example.com
You should see a screen like this:
Click ‘Next’ at the bottom of the page. On the next page at ‘SSL link policy’ select ‘Force all links to use SSL’, at ‘Host name’ leave friendica.example.com, at ‘Base path to installation’ leave /var/www/friendica.example.com, leave ‘Sub path of the URL’ empty, click ‘Submit’. On the next screen at ‘Database Server Name’ enter localhost, at ‘Database Login Name’ enter the username set up earlier in phpMyAdmin, at ‘Database Login Password’ enter the username’s password, and at ‘Database Name’ enter the name of the database that you set up earlier, click ‘Submit’.
On the next screen, at ‘Site administrator email address’ enter your Friendica admin email address, for example admin@example.com, at ‘Please select a default timezone for your website’ select your town or the nearest town, at ‘System Language’ select ‘en’ or any other language, then click on ‘Submit’. The next screen will be the following:
29.5. Configure Friendica daemon
The next step is to start the Friendica daemon manually. First open the /var/www/friendica.example.com/config/local.config.php file:
nano /var/www/friendica.example.com/config/local.config.phpIn the ‘system’ section, add the line for the pid file and a line to prevent an error while resetting passwords, like this:
'system' => [
'pidfile' => '/var/www/friendica.example.com/friendica.pid',
'disable_password_exposed' => true,
...Change file permissions:
cd /var/www/friendica.example.com/config
chown www-data:www-data local.config.php
chmod 600 local.config.phpThen navigate to /var/www/friendica.example.com/bin :
cd /var/www/friendica.example.com/binChange permissions for the /var/www/friendica.example.com/bin/daemon.php file:
chmod 640 daemon.phpthen start the worker daemon by running:
php daemon.php startYou can check if the daemon is running using the following command:
php daemon.php statusThe result should look like this:
Daemon process 31511 is running.To start the daemon after each reboot, we need to create a service, like this:
nano /etc/systemd/system/friendicadaemon.serviceEnter the following content in this file:
[Unit]
Description=Friendica worker daemon
After=network.target
After=mariadb.service
[Service]
User=www-data
Group=www-data
Type=simple
ExecStart=/var/www/friendica.example.com/bin/daemon.php start
Restart=on-failure
PIDFile=/var/www/friendica.example.com/friendica.pid
[Install]
WantedBy=multi-user.targetReplace example.com with your actual domain.
Next, run the following commands to reload the systemctl daemon, enable the friendicadaemon service, restart it and check its status:
systemctl daemon-reload
systemctl enable friendicadaemon
systemctl restart friendicadaemon
systemctl status friendicadaemon
29.6. Register as administrator
Next go to your Friendica node registration page:
and register as a new user using the same email address that you entered earlier as administrator email. This will give you access to the site admin panel. Thus, leave the 'Your OpenID (optional)' field empty, in the 'Your Full Name ...' field enter your full name or a name that looks like a real full name, in the 'Your Email Address ' field enter the administrator email address, then enter the password two times, in the 'Choose a nickname:' field enter any nickname that you want, at 'Include your profile in member directory?' you can check 'Yes', then click 'Register'. In the next screen enter your email address or nickname and your password, leave the 'OpenID' field empty, then click on 'Login'. Once logged in, you can upload a profile photo and update your personal data by clicking on the 'Edit profile' icon next to your name, in the upper left corner.
Please note that to be able to send registration emails, Friendica server needs the www-data user to be allowed to send emails with Postfix. This means that in /etc/postfix/main.cf you have to have the user www-data listed in the authorized_submit_users parameters like this:
authorized_submit_users = root, www-data
29.7. Enable logging in Admin settings
If we want to be able to configure Fail2ban to protect Friendica against brute-force attacks we need to enable logging in Admin settings. Thus, while logged in with the admin email address, click on the profile picture on the upper bar, choose ‘Admin’, click on ‘Logs’ in the left bar, then under ‘Administration – Logs’ check ‘Enable debugging’, in the ‘Log file’ box enter the full path of your log file /var/log/friendica/friendica.log , in the ‘Log level’ choose ‘Notice’, then click on ‘Save settings’.
Then create the /var/log/friendica directory and the friendica.log file inside it and set the appropriate permissions:
cd /var/log
mkdir friendica
cd friendica
touch friendica.log
cd ../
chown -R www-data:www-data friendica29.8. Configure logrotate to rotate Friendica logs
Navigate to /etc/logrotate.d:
cd /etc/logrotate.d
Create a configuration file for Friendica:
nano friendica
Enter the following content:
/var/log/friendica/friendica.log {
missingok
rotate 5
size 2M
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
}
29.9. Configure Fail2ban to protect Friendica against brute-force attacks
In order to configure Fail2ban to protect the login page against brute-force attacks first edit the
/etc/fail2ban/jail.local file:
nano /etc/fail2ban/jail.local
Just beneath the [nextcloud] block add the following block:
[friendica]
enabled = true
filter = friendica
logtimezone = UTC
logpath = /var/log/friendica/friendica.log
port = 80,443
maxretry = 4
bantime = 604800
#logencoding = utf-8
Please note the use of the logtimezone parameter. It forces Fail2ban to use UTC time when analyzing Friendica's log, since the time stamps of this log use UTC time.
Save and exit the file, then create the filter configuration file:
cd /etc/fail2ban/filter.d
nano friendica.conf
Enter the following content inside this file:
[Definition]
failregex = ^.*authenticate\: failed login attempt.*\"ip\"\:\"<HOST>\".*$
ignoreregex =
Then restart Fail2ban:
systemctl restart fail2ban
29.10. Change system theme
To customize your Friendica installation you can go to the upper bar and click on the ‘Settings’ icon next to the ‘Full text’ button. When you click on ‘Site’, by default, the screen will look like this:
Then, in the left panel click on ‘Theme selection’. Check ‘frio’ to enable the ‘frio’ theme which is the theme that looks the best. Then, click again on ‘Site’. In the ‘Administration – Site’ section of the settings, in the ‘System theme’ field, you can change the default system theme (which can be overridden by users in their profiles). It’s recommended to choose the ‘frio’ theme. If you choose ‘frio’ then click on ‘Save settings’ at the bottom of the first section of the settings. Then click on ‘General Information’ to return to the first section, scroll to the ‘System theme’ field, click on ‘Change default theme settings’ and then at ‘Select color scheme’ choose ‘Custom’. Next, in the ‘Navigation bar background color’ box enter #2e659b or a different color that suits you. In the ‘Link color’ box enter #1e6cb5 or other color that suits you. Then click ‘Submit’ and refresh the page. The ‘Site’ screen will look like this:
29.11. Change registration policy
Then, to disallow public registration, so that only a limited number of users (such as your employees, collaborators, etc.) can register, click on ‘Site’ in the left panel, then, under ‘Administration Site’ click on ‘Registration’ , then next to ‘Registration policy’ choose ‘Requires approval’. This way, you can inform your collaborators, employees, etc. to register on the registration page (https://friendica.example.com/register), then you can approve their registration, then, after all of them have registered, you can change ‘Registration policy’ to Closed, so that no other user can register. In the same section you can also disable OpenID support for registration and logins by checking the respective checkbox. Before reviewing other settings don’t forget to click the ‘Save settings’ button at the bottom of the ‘Registration’ section.
29.12. Change the number of parallel workers
Scroll down to the ‘Worker’ section and next to ‘Maximum number of parallel workers’ enter 20, then click ‘Save settings’ at the bottom of the ‘Worker’ section.
29.13. Change profile settings
You can also change settings that apply to your profile by going to your picture on the upper bar and clicking on ‘Settings’.
For example, if you don’t want your profile to show up in the public global directories, you should go to Settings > Account > Security and privacy > in ‘Publish default profile in global directory?’ change to ‘No’. You can also change ‘Hide your profile details from anonymous viewers?’ to ‘Yes’. Then click on ‘Save Settings’.
29.14. Move the configuration file outside the web root
To increase the security of this installation, first copy the configuration file outside the web root directory, to /srv/scripts :
cp /var/www/friendica.example.com/conf/conf.php /srv/scripts/friendica.php
Then delete all the content of the /var/www/friendica.example.com/conf/conf.php file:
cat /dev/null > /var/www/friendica.example.com/conf/conf.php
Then open it:
nano /var/www/friendica.example.com/conf/conf.php
Add the following line inside it:
<?php include(‘/srv/scripts/friendica.php’); ?>
Change ownership and permissions for the friendica.php file:
chown www-data:www-data /srv/scripts/friendica.php
chmod 400 /srv/scripts/friendica.php29.15. Add a post
Once logged in, to add a post go to Home > Status > click on the pencil icon on the upper bar (or on ‘Share’ for the default ‘vier’ theme), enter a title, then enter the text. You can also add pictures (by clicking on the ‘Link or media’ icon (or ‘Upload photo’ icon for ‘vier’ theme)), embed videos (by clicking on the ‘Link or media’ icon (or link icon for ‘vier’ theme) etc., then click on ‘Share’.
29.16. Friendica directories
Friendica has two types of directories (lists of users):
– a local directory, where you can find all the users registered to the local Friendica server:
– a global directory (like https://dir.friendica.social/) where all Friendica servers can send their users’ account information.
Assuming you are using the ‘frio’ theme, to see the directories, click on your profile picture on the upper bar, then choose ‘Directory’. In the left panel you will see links to the ‘Local directory’ and ‘Global directory’.
There are several global directories that exchange information with each other regularly. The global directory that you will see when clicking on ‘Global directory’ depends on where your server is located and can be configured in the Admin settings > ‘Policies’ > ‘Global directory URL’. If you click on ‘Global directory’, you will see a list of everybody who choses to be listed across all instances of Friendica.
You can use the local or global directory to search for users you want to connect with.
29.17. Connect to other Friendica users
When you look at the list of users on the local or global directories, if you want to connect with a user just click on ‘Follow’, next to their profile picture. If the user is on the local server, your “identity address” (https://friendica.example.com/profile/nickname) will be selected by default, so all you have to do next is click on ‘Submit request’. If the user is on the global directory, you will be asked to enter your “identity address” which is https://friendica.example.com/profile/nickname (you can also enter nickname@friendica.example.com) then click on ‘Submit Request’.
After you submit the follow request, also called ‘introduction’ request, the user will receive an email about your request. Then, while logged in their Friendica account, they will be able to approve your request by clicking on the notification (in ‘Notifications’ on the upper bar), then clicking on the ‘Approve’ tick sign in the upper right corner of the notification.
Let’s say that a different user has sent you a follow request. While logged in to your Friendica account you can click on the notification, then click on the ‘Approve’ sign. You will be prompted with a message that informs you that you can chose between accepting the new contact as a ‘friend‘ or as a ‘subscriber‘. The difference between the two is the following:
– accepting the new contact as a friend will allow them to subscribe to your posts and you will also receive updates from them in your newes/conversations feed.
– accepting the new contact as a subscriber allows them to subscribe to your posts, but you will not receive updates from them in your news/conversations feed.
You can also connect to groups and forums. You follow the same steps to connect to groups and forums. The difference is that when you send the follow/introduction request, the groups and forums can accept your request automatically whereas individuals have to approve your request manually.
If you already know somebody’s “identity address”, you can enter it in the “Add new contact” box on the left panel, on the Contacts page (click the Contacts icon in the first upper bar (in ‘frio’ theme)), then click “Connect”.
29.18. Connect to users of alternate networks accross the Fediverse
You can also use your “identity address” to connect to other people across the so-called “Fedivese” of free and open source self-hosted social media platforms. Currently, Friendica supports connections with users on diaspora*, Mastodon, GNU social, Red, Hubzilla, StatusNet, Pleroma, Socialhome, pump.io and GangGo platforms.
If you know (for instance) “tom” on gnusocial.net (a GNU Social site) you could put tom@gnusocial.net into your “Add new contact” box on the Contacts page (click the Contacts icon in the first upper bar) and click Connect to add him as a friend. Instead of tom@gnusocial.net you can also enter the URL to Tom’s gnusocial.net profile page.
People on these networks can also send you contact requests, if they know your “identity address”.
29.19. Syndication feeds
You can “follow” almost anybody or any website that produces a syndication feed (RSS/Atom, etc.). For example, if you want to follow the RSS feed of a WordPress website, you have to know the URL of that RSS feed. If the URL is https://www.website.com/feed/, to follow this feed, all you have to do is click on the ‘Contacts’ icon in the first upper bar, then in the left panel, in the ‘Add new contact’ box enter: https://www.website.com/feed/, then click 'Connect', then click 'Submit request', then in the 'Update public posts' dropdown list select 'Daily' or 'Weekly', then click 'Submit'. Next, to see the newly added RSS feed, go to the first upper bar and click on the "My friends' conversations" icon.
29.20. Ignoring, blocking and deleting contacts
Once you have added a contact as a friend, if you find that they send you spam or worthless information you can “Ignore” them without breaking off the friendship or even alerting them to the fact that you don’t want to receive updates from them anymore. In a way they become similar to followers, but without knowing it. They think they are still a friend.
You can also “Block” a contact. This completely breaks communications with that contact. They may still be able to see your public posts, as can anybody on the Internet, but they cannot communicate with you directly.
You can also “Delete” a friend no matter what the friendship status is. This completely removes everything relating to that person from your server.
To “Ignore”/”Block”/”Delete” a contact click on the ‘Contacts’ icon in the first upper bar, scroll down to the contact that you want to ignore or search for it using the search box, then, in the upper right corner of the contact line click on the ‘View contact’ icon (the 4th from the left). In the next screen, click on ‘Actions’ in the upper right corner of the screen, then click on “Ignore”/”Block”/”Delete”.
29.21. Upgrading Friendica
Before upgrading Friendica to a new version, it’s recommended to verify if the new version has been tested and confirmed to function well within the suite of applications described in this guide. Once we test an application and confirm that it works well, we include it on this page.
To upgrade Friendica to a new version follow these steps:
– Make a complete backup of the database and of the /var/www/friendica.example.com directory.
– Create a new folder to download the new archive:
cd /var/www
mkdir friendica.example.com_new
- Download the new archive as you did for installing Friendica (described above).
– Unpack the new Friendica archive.
– Copy /var/www/friendica.example.com/config/local.config.php, and /var/www/friendica.example.com/config/addon.config.php (if you have this file) to /var/www/friendica.example.com_new :
cp /var/www/friendica.example.com/config/local.config.php /var/www/friendica.example.com_new/config
cp /var/www/friendica.example.com/config/addon.config.php /var/www/friendica.example.com_new/config
– Rename the friendica.example.com folder to friendica.example.com_old :
mv friendica.example.com friendica.example.com_old
– Rename the friendica.example.com_new folder to friendica.example.com:
mv /var/www/friendica.example.com_new /var/www/friendica.example.com
Navigate to https://friendica. example.com.
The database update should start automatically and the site will go into maintenance mode. If the database update gets stuck, you can initiate the database update in command line like this:
cd /var/www/friendica.example.com
bin/console dbstructure updateTo update the addons, after you download and extract the new addon archive as described for installing Friendica, you can simply delete the old addon directory and replace it with the new addon directory.
After the upgrade, if you can log in as an administrator and as a regular user and everything seems to be ok, you can delete the /var/www/friendica.example.com_old folder.
