Skip to content

Debian 11 TT-RSS

date: 2021-09-11

Introduction

Install tt-rss on Debian 11 the Debian way.

Why?

Debian packages tt-rss, so unlike instructions you may find elsewhere, you can depend on the Debian Maintainers to look out for security concerns. And it's easier to install this way.

And if I may say, tt-rss runs really well. It's been around for many years now, and the smartphones and vps hosts continue getting more powerful.

Apache

Install apache2 web server: apt install apache2

Lan

If you are installing in a virtual machine on your lan, then this is all you need to do; i.e. later after you have finished installing tt-rss, you will find the following in /etc/tt-rss/apache.conf:

  • Alias /tt-rss /usr/share/tt-rss/www

Wan

If you deploy on a vps, for instance Linode has Debian 11 images, you definitely want to setup Let's Encrypt Certs.

Create a virtual host

# /etc/apache2/sites-available/005-rss.example.com.conf
<VirtualHost *:80>
    ServerName rss.example.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Activate the new virtual host:

  • a2ensite 005-rss.example.com.conf
  • systemctl reload apache2

Certbot

  • install certbot: apt install python3-certbot-apache
  • get certificate certbot --apache -d rss.example.com
Verify Certbot Request

Your virtual host has been modified.

# /etc/apache2/sites-available/005-rss.example.com.conf
<VirtualHost *:80>
    ServerName rss.example.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =rss.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Furthermore, a new virtual host has been created and enabled.
# /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName rss.example.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
And you should now have a systemd timer to automatically renew your certs:
/etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer

CatchAll VirtualHost

You can prevent apache from responding to incorrect subdomains by adding a CatchAll virtual host and enabling it.

# /etc/apache2/sites-available/999-catchall.conf
<VirtualHost *:80>
    ServerName null
    ServerAlias *

    Redirect 404 /
</VirtualHost>

<VirtualHost *:443>
    ServerName null
    ServerAlias *

    Redirect 404 /
</VirtualHost>

MariaDB

  • Install mariadb: apt install mariadb-server
  • Setup mariadb: mysql_secure_installation

As far as running mysql_secure_installation, I would imagine that you want to remove anonymous users, disallow root login remotely, remove the test database, and reload the privilege table.

TT-RSS

After installing apache2 and mariadb, install tt-rss: apt install tt-rss. You will be prompted 3 times by dpkg-configure, but it will be obvious what to do.

You're done! Open http://examplelanhost/tt-rss or https://rss.example.com/tt-rss, login with the default admin:password and have fun playing with your server. I particularly appreciate the 2fa and opml import.

In order to use the Android application check enable API in preferences.

All the best blogs still have rss feeds. If you can't find the rss feed for a blog, type Ctrl+U to show page source and look for rss feed url in the head section. Alternately on a mobile phone you can prepend the url with view-source:.