Debian 11 TT-RSS
date: 2021-09-11
Introduction
Install tt-rss on Debian 11 the Debian way.
Why?
Debian packages tt-rss, so unlike instructions you may find elsewhere, you can depend on the Debian Maintainers to look out for security concerns. And it's easier to install this way.
And if I may say, tt-rss runs really well. It's been around for many years now, and the smartphones and vps hosts continue getting more powerful.
Apache
Install apache2 web server: apt install apache2
Lan
If you are installing in a virtual machine on your lan,
then this is all you need to do; i.e. later after you
have finished installing tt-rss, you will find the following
in /etc/tt-rss/apache.conf
:
Alias /tt-rss /usr/share/tt-rss/www
Wan
If you deploy on a vps, for instance Linode has Debian 11 images, you definitely want to setup Let's Encrypt Certs.
Create a virtual host
# /etc/apache2/sites-available/005-rss.example.com.conf
<VirtualHost *:80>
ServerName rss.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
a2ensite 005-rss.example.com.conf
systemctl reload apache2
Certbot
- install certbot:
apt install python3-certbot-apache
- get certificate
certbot --apache -d rss.example.com
Verify Certbot Request
Your virtual host has been modified.
# /etc/apache2/sites-available/005-rss.example.com.conf
<VirtualHost *:80>
ServerName rss.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =rss.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName rss.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
/etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer
CatchAll VirtualHost
You can prevent apache from responding to incorrect subdomains by adding a CatchAll virtual host and enabling it.
# /etc/apache2/sites-available/999-catchall.conf
<VirtualHost *:80>
ServerName null
ServerAlias *
Redirect 404 /
</VirtualHost>
<VirtualHost *:443>
ServerName null
ServerAlias *
Redirect 404 /
</VirtualHost>
MariaDB
- Install mariadb:
apt install mariadb-server
- Setup mariadb:
mysql_secure_installation
As far as running mysql_secure_installation
, I would
imagine that you want to remove anonymous users,
disallow root login remotely, remove the test
database, and reload the privilege table.
TT-RSS
After installing apache2 and mariadb, install tt-rss:
apt install tt-rss
. You will be prompted 3 times
by dpkg-configure, but it will be obvious what to do.
You're done! Open
http://examplelanhost/tt-rss
or https://rss.example.com/tt-rss
, login with the default
admin:password and have fun playing with your server.
I particularly appreciate the 2fa and opml import.
In order to use the Android application check enable API in preferences.
All the best blogs still have rss feeds. If you can't
find the rss feed for a blog, type Ctrl+U to
show page source and look for rss feed url in the
head section. Alternately on a mobile phone you can
prepend the url with view-source:
.