Hi Markus,
Maybe: flusdns
and history
?
Michel-André
Hi Markus,
Maybe: flusdns
and history
?
Michel-André
one addition to funkwhale - in case u plan on updating the guide or making a module maybe?(i read the worries bout the legal issues ;)) .
postgres12 is bound to port 55434. didnt see that and ran postgres12 commands with postgres 95 port ^^ so the music importer refused to work.
Maybe:
flusdns
andhistory
?
i dont particular feel the urge to mess with working certs at the moment, but this machine never really had a clean reboot after all that configurating. so maybe its worth a try again - reboot went fine by the way - all started as expected
Nice job, but I seriously think it would be safer for both, the host (nethserver) and the apps, to run it inside Docker. (https://docs.funkwhale.audio/installation/docker.html)
hey, i am trying to upgrade funkwhale to 1.1. pip now needs python 3.7 and 3.6.8 is installed. what pkg am i missing? thanks, phil
I just received an email from one of the devs from funkwhale:
Hi there!
Its Georg from the Funkwhale collective. When I was checking around for Funkwhale instances I noticed you are still running version 0.20.1, which is totally outdated. May I ask for the reason you are not updating? Are there some problems?
To avoid security and federation issues we highly recommend updating to the latest version, which right now is 1.1.4. If there is anything we can do to support you, let us know! Thanks for your efforts to run this instance.
Kind regards, Georg
@mrmarkuz Time for a module update?
I’m going to test the native install with rh-python3*.
If that doesn’t work, we still have the docker way.
also on my todo list… hope i dont have to switch to a docker solution.
currently looking into upgrading FW to stable 1.2. i cant seem to figure out how to backup the postgres db before breaking everything.
su - postgres -c 'scl enable rh-postgresql12 -- psql -p 55434'
pg_dump funkwhale > /local/path/on/server/funkwhale20220116.sql
is writing out a sql file with 0 bytes… tried writing it into /tmp and
pg_dump -F t funkwhale > /tmp/backup.tar
without any luck… any ideas?
pg_dump is an independent tool, it’s not part of the psql client. This should work:
su - postgres -c 'scl enable rh-postgresql12 -- pg_dump -p 55434 funkwhale > /tmp/funkwhale.sql'
very cool, thanks - that worked. ill update my FW progress as i go along.
ok - all solved!
so those notes should work if you are updating from a previous FW install. the only thing i did not check is if the apache config file still needs to be customized or FW 1.2 solved everything. also i saw that postgres 1.3 is available. i am still using 1.2.
below are the update steps i did, i can clean up / post the full install process if anyone needs it.
yum -y install nethserver-postgresql12 nethserver-redis curl gcc python3-pip git unzip ffmpeg make curl file ffmpeg libjpeg-turbo libpqxx python-devel openldap-devel rh-postgresql12-postgresql-contrib python3-devel mod_xsendfile nethserver-rh-python38.noarch rh-postgresql12-postgresql-devel postgresql-devel rh-python38-python-devel
su - postgres -c 'scl enable rh-postgresql12 -- pg_dump -p 55434 funkwhale > /tmp/funkwhale20220116.sql'
cp /tmp/funkwhale20220116.sql /to/backup/folder/
su - postgres -c 'scl enable rh-postgresql12 -- pg_restore -p 55434 -d funkwhale > /tmp/funkwhale20220116.sql'
curl -L -o "/etc/systemd/system/funkwhale.target" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale.target"
curl -L -o "/etc/systemd/system/funkwhale-server.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale-server.service"
curl -L -o "/etc/systemd/system/funkwhale-worker.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale-worker.service"
curl -L -o "/etc/systemd/system/funkwhale-beat.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale-beat.service"
systemctl stop funkwhale-\*
sudo -u funkwhale -H bash
cd /srv/funkwhale
rm -rf *_bak
mv api api_bak
mv front front_bak
mv data/static data/static_bak
mv virtualenv virtualenv_bak
mkdir -p api front
curl -L -o "build_api.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/stable/download?job=build_api"
unzip "build_api.zip" -d extracted
mv extracted/api/* api/
rm -rf extracted
curl -L -o "build_front.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/stable/download?job=build_front"
unzip "build_front.zip" -d extracted
mv extracted/front/dist front/
rm -rf extracted
scl enable rh-python38 bash
python3.8 -m venv /srv/funkwhale/virtualenv
source /srv/funkwhale/virtualenv/bin/activate
pip install wheel service_identity uvloop httptools
pip install -r api/requirements.txt
python api/manage.py migrate
python api/manage.py collectstatic
exit
exit
systemctl daemon-reload
systemctl start httpd funkwhale.target
systemctl status funkwhale-\*
Yay all that sounds great!
I would be very interested in a complete installation procedure.
Could you describe one? And put it on the wiki for everyone to use?
Regards,
Hi @mrmarkuz
On a LOCAL virtual machine, I installed Funkwhale 0.20.1:
uvloop
& httptools
api/requirements.txt
which installed psycopg2-binary-2.9 // cannot loginpip install psycopg2==
2.8.6 to replace 2.9 // I can loginWith Firefox, I can login to LOCAL Funkwhale at https://funkwhale.domain.tld, import/play music etc… All is working correctly.
On my main server, directly connected to the Internet, I created:
With TOR, when I access https://funkwhale.domain.tld, I received Bad Request (400)
In redirection, if I uncheck Forward HTTP "Host" header to target
, then with TOR I receive the default NethServer web page.
So, I rechecked Forward HTTP "Host" header to target
,
And in zzz_funkwhale.conf
, after ProxyRequests Off
I added
RequestHeader set X-Forwarded-Proto "https"
AllowEncodedSlashes NoDecode
Then restarted httpd
=> Same problem Bad Request (400).
Any suggestions?
Michel-André
hey lclaude, yes i can do that, just beware that my notes are all based on mrmarkuz original FW post at the very top of this page. they divert here and there somewhat based on my system.
Hi @mrmarkuz,
I followed the same procedures as before but installed:
No more error and everything is working properly with Firefox/Chrome and also with TOR.
I upgraded to Funkwhale 1.2.1 (1.2.1+git.c82f64cc ).
Everything is still working properly with Firefox/Chrome and TOR.
Next step is to use LDAP…
Michel-André
hey, hope this helps, those are my sanitized notes on FW. based on mrmarkuz original notes, tweaked for FW 1.2 and python 3.8 , have not updated to postgres 13 yet. greetings, phil
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum -y install nethserver-postgresql12 nethserver-redis curl gcc python3-pip git unzip ffmpeg make curl file ffmpeg libjpeg-turbo libpqxx python-devel openldap-devel rh-postgresql12-postgresql-contrib python3-devel mod_xsendfile nethserver-rh-python38.noarch rh-postgresql12-postgresql-devel postgresql-devel rh-python38-python-devel
useradd -r -s /usr/sbin/nologin -d /srv/funkwhale -m funkwhale
chmod 755 /srv/funkwhale
su - postgres -c ‘scl enable rh-postgresql12 – psql -p 55434’
DROP DATABASE funkwhale;
DROP USER IF EXISTS funkwhale;
\du
\list
su - postgres -c ‘scl enable rh-postgresql12 – pg_dump -p 55434 funkwhale > /tmp/funkwhale20220116.sql’
cp /tmp/funkwhale20220116.sql /mnt/tank/system/backup/nethserver/FW/
su - postgres -c ‘scl enable rh-postgresql12 – pg_restore -p 55434 -d funkwhale > /tmp/funkwhale20220116.sql’
curl -L -o "/etc/systemd/system/funkwhale.target" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale.target"
curl -L -o "/etc/systemd/system/funkwhale-server.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale-server.service"
curl -L -o "/etc/systemd/system/funkwhale-worker.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale-worker.service"
curl -L -o "/etc/systemd/system/funkwhale-beat.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/funkwhale-beat.service"
curl -L -o /etc/httpd/conf.d/zzz_funkwhale.conf "https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/stable/deploy/apache.conf"
# Following variables MUST be modified according to your setup
Define funkwhale-sn your.funkwhale.domain.com
# Following variables should be modified according to your setup and if you
# use different configuration than what is described in our installation guide.
Define funkwhale-api http://localhost:5000
Define funkwhale-api-ws ws://localhost:5000
Define FUNKWHALE_ROOT_PATH /srv/funkwhale
Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/music
Define MEDIA_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/media
<VirtualHost *:80>
ServerName ${funkwhale-sn}
RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://${funkwhale-sn}
</VirtualHost>
# HTTP requests redirected to HTTPS
<VirtualHost *:80>
ServerName ${funkwhale-sn}
# Default is to force https
RewriteEngine on
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
<Location "/.well-known/acme-challenge/">
Options None
Require all granted
</Location>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ${funkwhale-sn}
# Path to ErrorLog and access log
ErrorLog /var/log/funkwhale/error.log
CustomLog /var/log/funkwhale/access.log combined
#Header always set Service-Worker-Allowed "/"
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommended)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
SSLEngine on
SSLProxyEngine On
# SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
# Include /etc/letsencrypt/options-ssl-apache.conf
sudo -u funkwhale -H bash
cd /srv/funkwhale
mkdir -p config api data/static data/media data/music front
curl -L -o "build_api.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/stable/download?job=build_api"
unzip "build_api.zip" -d extracted
mv extracted/api/* api/
rm -rf extracted
curl -L -o "build_front.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/stable/download?job=build_front"
unzip "build_front.zip" -d extracted
mv extracted/front/dist front/
rm -rf extracted
scl enable rh-python38 bash
python3.8 -m venv /srv/funkwhale/virtualenv
source /srv/funkwhale/virtualenv/bin/activate
python3 -V
pip install wheel service_identity uvloop httptools
pip install -r api/requirements.txt
curl -L -o config/.env “https://dev.funkwhale.audio/funkwhale/funkwhale/raw/master/deploy/env.prod.sample”
chmod 600 /srv/funkwhale/config/.env
sed -i ‘s!FUNKWHALE_HOSTNAME=yourdomain.funkwhale!FUNKWHALE_HOSTNAME=your.funkwhale.domain.com!’ /srv/funkwhale/config/.env
sed -i ‘s!REVERSE_PROXY_TYPE=nginx!REVERSE_PROXY_TYPE=apache2!’ /srv/funkwhale/config/.env
sed -i ‘s!DJANGO_SECRET_KEY=$!DJANGO_SECRET_KEY=’"$(openssl rand -base64 45)"’!’ /srv/funkwhale/config/.env
DATABASE_URL=postgresql://funkwhale:SECRET@localhost:55434/funkwhale
CACHE_URL=redis://127.0.0.1:6379/0
EOF
vi /etc/httpd/conf.d/zzz_funkwhale.conf
# strip the X-Forwarded-Proto header from incoming requests
RequestHeader unset X-Forwarded-Proto
# set the header for requests using HTTPS
RequestHeader set X-Forwarded-Proto https env=HTTPS
python api/manage.py migrate
python api/manage.py createsuperuser
python api/manage.py collectstatic
exit
systemctl daemon-reload
systemctl enable funkwhale-server funkwhale-worker funkwhale-beat
systemctl restart httpd funkwhale-*
systemctl status funkwhale-* httpd
systemctl stop funkwhale-*
python api/manage.py fw users --help
sudo -u funkwhale -H bash
cd /srv/funkwhale
source /srv/funkwhale/virtualenv/bin/activate
python api/manage.py fw users create
python api/manage.py fw users set --staff --superuser yourusername
python api/manage.py import_files --help
sudo -u funkwhale -H bash
cd /srv/funkwhale
source /srv/funkwhale/virtualenv/bin/activate
ln -s /mnt/your/audio/location /srv/funkwhale/data/music/audio_raid
you will find the id on the page where you created the library
export LIBRARY_ID=“b3f91384”
python api/manage.py import_files $LIBRARY_ID “/srv/funkwhale/data/music/audio_raid/Blues” --recursive --noinput --in-place
remove obsolte files from db
python api/manage.py check_inplace_files --no-dry-run
prune db entries that is not tied to a file
python api/manage.py prune_library --tracks --albums --artists --no-dry-run
Associate tags that are found on all tracks to the corresponding artist or album
python api/manage.py fw artists add-tags-from-tracks
systemctl stop funkwhale-\*
sudo -u funkwhale -H bash
cd /srv/funkwhale
rm -rf *_bak
mv api api_bak
mv front front_bak
mv data/static data/static_bak
mv virtualenv virtualenv_bak
mkdir -p api front
curl -L -o "build_api.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/stable/download?job=build_api"
unzip "build_api.zip" -d extracted
mv extracted/api/* api/
rm -rf extracted
curl -L -o "build_front.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/stable/download?job=build_front"
unzip "build_front.zip" -d extracted
mv extracted/front/dist front/
rm -rf extracted
scl enable rh-python38 bash
python3.8 -m venv /srv/funkwhale/virtualenv
source /srv/funkwhale/virtualenv/bin/activate
pip install wheel service_identity uvloop httptools
pip install -r api/requirements.txt
python api/manage.py migrate
python api/manage.py collectstatic
exit
exit
systemctl daemon-reload
systemctl start httpd funkwhale.target
systemctl status funkwhale-*
journalctl -xn -u funkwhale-server
journalctl -xn -u funkwhale-worker
Reverse proxy: /var/log/httpd/*.log
python3 --version
redis-cli FLUSHALL
https://your.funkwhale.domain.com/api/admin
chmod 644 zzz_funkwhale.conf
hey michel,
nope sorry - mostly just me that uses that service. wanted access to my music from the office / mobile phone.
greetings, phil
In /srv/funkwhale/config/.env
:
LDAP_ENABLED=True
LDAP_SERVER_URI=ldaps://funkwhale.toto.org:636
LDAP_BIND_DN="cn=ldapservice,dc=directory,dc=nh"
LDAP_BIND_PASSWORD="1234567890ABCEF1"
LDAP_SEARCH_FILTER=(uid={0})
LDAP_START_TLS=False
LDAP_ROOT_DN="dc=directory,dc=nh"
I read somewhere in Funkwhale web site that you cannot use both ldaps
and LDAP_START_TLS=True
.
The command ldapsearch
always works:
# ldapsearch -x -H ldaps://funkwhale.toto.org -D cn=ldapservice,dc=directory,dc=nh -w "1234567890ABCEF1" -b dc=directory,dc=nh | grep "titi"
# titi, People, directory.nh
dn: uid=titi,ou=People,dc=directory,dc=nh
uid: titi
homeDirectory: /var/lib/nethserver/home/titi
sn: titi
mail: titi@funkwhale.toto.org
If I create a new user, he can login only once. He can insert albums, songs, etc…
His second login gives:
We cannot log you in
A server error occured
In messages
log:
django.request WARNING Bad Request: /api/v1/users/login
LDAP_SEARCH_FILTER: The LDAP user filter, using {0} as the username placeholder, e.g. (|(cn={0})(mail={0})); uses standard LDAP search syntax. Default: (uid={0}).
If you use: LDAP_SEARCH_FILTER=(|(cn={0})(mail={0}))
, it gives the error:
#### We cannot log you in
* Please double-check that your username and password combination is correct and make sure you verified your e-mail address.
Funkwhale admin can always login without any problem.
Any suggestion ?
Michel-André
sorry… i am not using ldap - but i had to swap my NS harddrive…
su - postgres -c ‘scl enable rh-postgresql12 – pg_dump -p 55434 funkwhale > /tmp/funkwhaledate +"%Y%m%d"
.sql’
cp /tmp/funkwhaledate +"%Y%m%d"
.sql /mnt/tank/system/backup/funkwhale/
tar -zcvf /mnt/tank/system/backup/funkwhale/funkwhale_date +"%Y%m%d"
.tar.gz /srv/funkwhale/
cp /etc/httpd/conf.d/zzz_funkwhale.conf /mnt/tank/system/backup/funkwhale/
cp /srv/funkwhale/config/.env /mnt/tank/system/backup/funkwhale/dot.env
cp /etc/systemd/system/funkwhale* /mnt/tank/system/backup/funkwhale/
tar -xf /mnt/tank/system/backup/funkwhale/funkwhale_20220917.tar.gz -C /root/
mv /root/srv/funkwhale /srv/funkwhale
rm -rf /root/srv
Do not enable the extensions unaccent and citext when setting up the database;
Do not initialize the database by applying the migrate command;
Do not create an admin account.
su - postgres -c ‘scl enable rh-postgresql12 – psql -p 55434’
create database funkwhale with template = template0 encoding ‘utf8’;
create user funkwhale with encrypted password ‘KEYPASS POSTGRES PASS’;
grant all privileges on database funkwhale to funkwhale;
\q
cp /mnt/tank/system/backup/funkwhale/funkwhale20220917.sql /tmp/funkwhale
su - postgres -c ‘scl enable rh-postgresql12 – psql -p 55434 -d funkwhale < /tmp/funkwhale’
systemctl daemon-reload
systemctl restart httpd funkwhale-*
systemctl status funkwhale-* httpd
systemctl enable funkwhale-server funkwhale-worker funkwhale-beat