Debian 11 TT-RSS
+ +date: 2021-09-11
+Introduction
+Install tt-rss +on Debian 11 the Debian way.
+Why?
+Debian packages tt-rss, +so unlike instructions you +may find elsewhere, you can depend on the Debian Maintainers +to look out for security concerns. And it's easier to install this way.
+And if I may say, tt-rss runs really well. It's been around +for many years now, and the smartphones and vps hosts +continue getting more powerful.
+Apache
+Install apache2 web server: apt install apache2
Lan
+If you are installing in a virtual machine on your lan,
+then this is all you need to do; i.e. later after you
+have finished installing tt-rss, you will find the following
+in /etc/tt-rss/apache.conf:
-
+
Alias /tt-rss /usr/share/tt-rss/www
+
Wan
+If you deploy on a vps, for instance Linode has Debian 11 images, +you definitely want to setup Let's Encrypt Certs.
+Create a virtual host
+# /etc/apache2/sites-available/005-rss.example.com.conf
+<VirtualHost *:80>
+ ServerName rss.example.com
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+-
+
a2ensite 005-rss.example.com.conf
+systemctl reload apache2
+
Certbot
+-
+
- install certbot:
apt install python3-certbot-apache
+ - get certificate
certbot --apache -d rss.example.com
+
Verify Certbot Request
+Your virtual host has been modified. +
# /etc/apache2/sites-available/005-rss.example.com.conf
+<VirtualHost *:80>
+ ServerName rss.example.com
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+RewriteEngine on
+RewriteCond %{SERVER_NAME} =rss.example.com
+RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+# /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+ ServerName rss.example.com
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+</IfModule>
+/etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer
+CatchAll VirtualHost
+You can prevent apache from responding to incorrect subdomains +by adding a CatchAll virtual host and enabling it. +
# /etc/apache2/sites-available/999-catchall.conf
+<VirtualHost *:80>
+ ServerName null
+ ServerAlias *
+
+ Redirect 404 /
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName null
+ ServerAlias *
+
+ Redirect 404 /
+</VirtualHost>
+MariaDB
+-
+
- Install mariadb:
apt install mariadb-server
+ - Setup mariadb:
mysql_secure_installation
+
As far as running mysql_secure_installation, I would
+imagine that you want to remove anonymous users,
+disallow root login remotely, remove the test
+database, and reload the privilege table.
TT-RSS
+After installing apache2 and mariadb, install tt-rss:
+apt install tt-rss. You will be prompted 3 times
+by dpkg-configure, but it will be obvious what to do.
You're done! Open
+http://examplelanhost/tt-rss or https://rss.example.com/tt-rss, login with the default
+admin:password and have fun playing with your server.
+I particularly appreciate the 2fa and opml import.
In order to use the Android application check +enable API in preferences.
+All the best blogs still have rss feeds. If you can't
+find the rss feed for a blog, type Ctrl+U to
+show page source and look for rss feed url in the
+head section. Alternately on a mobile phone you can
+prepend the url with view-source:.