add debian-11-ttrss
This commit is contained in:
138
docs/posts/debian-11-ttrss.md
Normal file
138
docs/posts/debian-11-ttrss.md
Normal file
@ -0,0 +1,138 @@
|
||||
---
|
||||
title: "TT-RSS on Debian 11"
|
||||
date: 2021-09-11
|
||||
draft: false
|
||||
tags: ["rss", "debian", "tt-rss", "apache"]
|
||||
authors: ["trent"]
|
||||
post: 21
|
||||
---
|
||||
date: 2021-09-11
|
||||
|
||||
## **Introduction**
|
||||
Install [tt-rss](https://tt-rss.org/){target=_blank}
|
||||
on Debian 11 the Debian way.
|
||||
### Why?
|
||||
Debian packages [tt-rss](https://tt-rss.org/){target=_blank},
|
||||
so unlike instructions you
|
||||
may find elsewhere, you can depend on the Debian Maintainers
|
||||
to look out for security concerns. And it's easier to install this way.
|
||||
|
||||
And if I may say, tt-rss runs really well. It's been around
|
||||
for many years now, and the smartphones and vps hosts
|
||||
continue getting more powerful.
|
||||
|
||||
## Apache
|
||||
Install apache2 web server: `apt install apache2`
|
||||
### Lan
|
||||
If you are installing in a virtual machine on your lan,
|
||||
then this is all you need to do; i.e. later after you
|
||||
have finished installing tt-rss, you will find the following
|
||||
in `/etc/tt-rss/apache.conf`:
|
||||
|
||||
* `Alias /tt-rss /usr/share/tt-rss/www`
|
||||
|
||||
### Wan
|
||||
If you deploy on a vps, for instance Linode has Debian 11 images,
|
||||
you definitely want to setup Let's Encrypt Certs.
|
||||
|
||||
#### Create a virtual host
|
||||
```apache
|
||||
# /etc/apache2/sites-available/005-rss.example.com.conf
|
||||
<VirtualHost *:80>
|
||||
ServerName rss.example.com
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
</VirtualHost>
|
||||
```
|
||||
Activate the new virtual host:
|
||||
|
||||
* `a2ensite 005-rss.example.com.conf`
|
||||
* `systemctl reload apache2`
|
||||
#### Certbot
|
||||
* install certbot: `apt install python3-certbot-apache`
|
||||
* get certificate `certbot --apache -d rss.example.com`
|
||||
##### Verify Certbot Request
|
||||
Your virtual host has been modified.
|
||||
```apache
|
||||
# /etc/apache2/sites-available/005-rss.example.com.conf
|
||||
<VirtualHost *:80>
|
||||
ServerName rss.example.com
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
RewriteEngine on
|
||||
RewriteCond %{SERVER_NAME} =rss.example.com
|
||||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
||||
</VirtualHost>
|
||||
```
|
||||
Furthermore, a new virtual host has been created and enabled.
|
||||
```apache
|
||||
# /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ServerName rss.example.com
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
```
|
||||
And you should now have a systemd timer to automatically renew your certs:
|
||||
```shell
|
||||
/etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer
|
||||
```
|
||||
#### CatchAll VirtualHost
|
||||
You can prevent apache from responding to incorrect subdomains
|
||||
by adding a CatchAll virtual host and enabling it.
|
||||
```apache
|
||||
# /etc/apache2/sites-available/999-catchall.conf
|
||||
<VirtualHost *:80>
|
||||
ServerName null
|
||||
ServerAlias *
|
||||
|
||||
Redirect 404 /
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName null
|
||||
ServerAlias *
|
||||
|
||||
Redirect 404 /
|
||||
</VirtualHost>
|
||||
```
|
||||
|
||||
## MariaDB
|
||||
* Install mariadb: `apt install mariadb-server`
|
||||
* Setup mariadb: `mysql_secure_installation`
|
||||
|
||||
As far as running `mysql_secure_installation`, I would
|
||||
imagine that you want to remove anonymous users,
|
||||
disallow root login remotely, remove the test
|
||||
database, and reload the privilege table.
|
||||
|
||||
## TT-RSS
|
||||
After installing apache2 and mariadb, install tt-rss:
|
||||
`apt install tt-rss`. You will be prompted 3 times
|
||||
by dpkg-configure, but it will be obvious what to do.
|
||||
|
||||
You're done! Open
|
||||
`http://examplelanhost/tt-rss` or `https://rss.example.com/tt-rss`, login with the default
|
||||
admin:password and have fun playing with your server.
|
||||
I particularly appreciate the 2fa and opml import.
|
||||
|
||||
In order to use the Android application check
|
||||
_enable API_ in _preferences_.
|
||||
|
||||
All the best blogs still have rss feeds. If you can't
|
||||
find the rss feed for a blog, type ++ctrl+u++ to
|
||||
show page source and look for rss feed url in the
|
||||
head section. Alternately on a mobile phone you can
|
||||
prepend the url with `view-source:`.
|
||||
Reference in New Issue
Block a user