Martin G. @ Frndk.de

we had a broken MySQL table... all old items lost :-( sorry for that!

Okay. So I wanted to contribute a little something for myself to @Friendica Day and install ~friendica

on my NAS. It's running 24/7 here anyway, so why not toss ~friendica

onto it, have my own install that I can do with whatever I want and take some load off of frndk.de?

A downright insane plan in hindsight. Install ~friendica

on an ARM-based Qnap TS-119 NAS (which is powerful enough hardware-wise, I believe), access it via dynamic DNS from Selfhost.de using a *.selfhost.me domain (as opposed to my very own domain) and use a certificate from StartSSL.

First of all: No, StartSSL doesn't give you a certificate for a subdomain. I'd have to be the owner of the second-level domain. And one of the last things I'd do unless absolutely necessary, next to paying an annual three-digit fee for an SSL cert just to secure my ~friendica

install, is get myself my own domain. I cannot guarantee that I'll have it up and running for good without an interruption. Once I leave it abandoned for a split-second, here comes a domain grabber and yoinks it and tries to resell it to me. Either that, or pay for a potentially unused domain. That, and I cannot for the life of me think up a domain name that I might use and pay for forever (to keep domain grabbers away from it; and no, I'm so not going to register my name as a domain).

Well, Friendica has built-in OpenSSL support. Although self-signed certs aren't always recommended. But if you have the intention to explicitly not use a 2nd level domain of your own (like me), OpenSSL is your one and only option. But: The system test page puts out an error message which this thread tries to handle, a conversation between @Waitman Gobble and a guy named John, possibly the only other person who ever tried to install ~friendica

on a Qnap so far. Maybe I'm really going to edit the files and see what'll happen. I don't believe I'll get it up and running before the end of the day (which is in half an hour). Perhaps someone from @Friendica Support knows more.

Also, Qnap's most recent firmware still has PHP 5.2 which means no Diaspora* connection. Yep, they're that slow with rolling out new versions of system components. PHP 5.3 isn't bleeding-edge, it's the current stable release while PHP 5.2 is past end-of-life and not supported anymore, neither by its own developers nor by a lot of web apps. They say that a new firmware version will be rolled out at the end of May which is announced to include a stable version of PHP 5.3, but PHP 5.3 has been announced and not rolled out so often already that hardly any Qnap users believe this announcement will come true.

So as long as I haven't got my own server running, I'll stay here at frndk.de.

@Friendica Day @Waitman Gobble @Friendica Support

Martin G.

3 days ago

5 comments show more

Still trying to get ~friendica

to work on the Qnap.

I added "/mnt/ext/opt/apache/bin" to PATH and the line "export OPENSSL_CONF=/etc/ssl/openssl.cnf" to both the admin's .profile and the admin's .bash_profile to overcome the problem of not being able to find the PHP executable (because its location can't be found within the system's PATH) and the openssl_pkey_new problem. Rebooted the Qnap twice. It didn't change anything about these two issues. I have absolutely no idea where ~friendica

tries to draw the contents of these two variables from or whether it finds my OpenSSL configuration at all.

All possible solutions and hints I've found on the Web so far are about installing OpenSSL on a Windows machine, generating a certificate on said Windows machine and importing it to the Qnap. Not only can my Qnap make its own OpenSSL certificates (because Qnap include OpenSSL into their firmware meanwhile), but I also don't want to crank up a Windows box for this purpose.

I'm not sure if I want to apply the hack suggested by @Waitman Gobble in the thread linked above because if the ~friendica

auto-updater replaces any one of the edited files, I have to both know this just happened, know which file was replaced and apply the hack again.

I might just as well get me the VirtualBox image and put it onto my nettop. Would probably be reliable as anything, not to mention faster, but I'd have to abandon that machine's automatic sleep mode and put the chance of running ~friendica

on a small server that's up 24/7 anyway (not to mention the opportunity of exploring the chances of getting ~friendica

to run on a Qnap NAS) to waste.

Maybe someone with both a x19-series Qnap and a knack for coding can make it happen with more ease one day. Maybe even provide a ready-to-run ~friendica

QPKG.

@Waitman Gobble

Martin G.

3 days ago

Based on an article @Bob Mottram posted, SSL doesn't much matter anyhow.

I'm working on hacking squid for gpg end-to-end encryption, maybe it will be worthwhile.

@Bob Mottram

Waitman Gobble

3 days ago

@Mike: That means that I can apply the code hacks for the install without having to worry if they're overwritten by updates? If yes, cool.

Otherwise, all I need to know is where ~friendica

gets the variables PATH and OPENSSL_CONF from, I'll edit the corresponding files on my Qnap, and all should be fine and dandy.

@Mike

Martin G.

3 days ago

Things are getting stranger.

First of all, I can't edit the hacks into the php files because they're already there, it all has made it into trunk meanwhile.

Then I discovered that it's nigh-impossible to change the PATH variable on a Qnap NAS in a way that it persists beyond reboot. Not that it matters, though, because ~friendica

makes no use of root's environment variables defined in /root/.profile or /root/.bash_profile anyway. You can edit yourself silly on these files, you can export whatever you want, but ~friendica

ignores it, and after the next reboot, all your edits are gone, and everything's back to vanilla.

So I'm still stuck with the very same errors described in that thread.

I guess all I need to do is tell Friendica a) where the PHP executable is located and b) where openssl.cnf is located. Maybe I'll try some SetEnv lines in Apache config files later.

Martin G.

2 days ago

@Simon: An ARM-based Qnap NAS has got very little in common with a regular x86-based web server running Debian GNU/Linux. You don't sudo on these machines because all you can is ssh into them as admin and run commands with full root rights. Also, things tend to be located in the weirdest places and act weirdly. For example, you find much of your Apache and php stuff (including config files) in /mnt/ext/opt/apache/bin, and neither /root/.profile nor /root/.bash_profile persist beyond reboot, they're auto-replaced by vanilla versions from 2004.

echo $PATH put out the following:

/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin

My next attempt was to teach ~friendica

where my files are in that out-of-whack file structure of a Qnap NAS (when you come from GNU/Linux, you won't find anything). So I added the following lines to the .htaccess file:

SetEnv PATH ${PATH}:/mnt/ext/opt/apache/bin
SetEnv OPENSSL_CONF /etc/ssl/openssl.cnf

Didn't work. Same errors as before.

Next trick: Environment variable file. /mnt/ext/opt/apache/bin/envvars is it. I added

PATH="/mnt/ext/opt/apache/bin:$PATH"
export $PATH

OPENSSL_CONF="/etc/ssl/openssl.cnf"
export OPENSSL_CONF

and restarted Apache. Didn't work either. Still the same errors as before.

However, as far as Apache is concerned, I think I'm completely out of luck. Qnap's build of Apache 2.2.14 (two and a half years old, older than even Mistpark) which comes with the current 3.6.1 firmware for the TS-x19 series lacks mod_env.so which is required for changing environment variables in Apache. Other Qnap users can look for themselves in /mnt/ext/opt/apache/modules.

I discovered a little error in the test script linked two posts above, namely the wrong location of openssl.conf. After fixing it, OpenSSL happily created a certificate for me. So OpenSSL itself works fine. However, it still doesn't work for ~friendica

.

I can't tell ~friendica

the location of php by editing htconfig.php either. Even then it complains that it can't find the php executable.

Conclusions:

In php's case, the problem is that the location of the php executable is not communicated between the Qnap's Apache web server and ~friendica

. a) It is near-impossible to add the php path to root's PATH variable persistantly beyond reboot. b) Even if the php path is part of PATH, ~friendica

doesn't find it because ~friendica

doesn't parse root's PATH variable.

In OpenSSL's case, the problem might be similar, namely that ~friendica

can't find openssl.cnf because it doesn't parse root's OPENSSL_CONF variable. However, I cannot prove this. It is quite likely that this is the case (because why should ~friendica

find a non-standard OPENSSL_CONF if it doesn't find a non-standard PATH either), but I don't have 100% rock-solid proof. It might just as well be an issue with the very contents of openssl.cnf itself. Still, the environment variable problem is the most likely by far.

As said above, the problem is quite likely that the Apache server on a Qnap TS-x19 is unable to change environment variables. So it's not ~friendica

that's looking in non-Qnap-compliant places, it's Apache that's unable to tell ~friendica

where to look.

Martin G.

2 days ago

Diese ~friendica Instanz wird von Tobias Diekershoff betrieben. Weitere Informationen zur Software und dem Impressum finden sich unter frndk.de/friendica.