---
title: "TT-RSS on Debian 11"
date: 2021-09-11
draft: false
tags: ["rss", "debian", "tt-rss", "apache"]
authors: ["trent"]
post: 21
---
date: 2021-09-11
## **Introduction**
Install [tt-rss](https://tt-rss.org/){target=_blank}
on Debian 11 the Debian way.
### Why?
Debian packages [tt-rss](https://tt-rss.org/){target=_blank},
so unlike instructions you
may find elsewhere, you can depend on the Debian Maintainers
to look out for security concerns. And it's easier to install this way.
And if I may say, tt-rss runs really well. It's been around
for many years now, and the smartphones and vps hosts
continue getting more powerful.
## Apache
Install apache2 web server: `apt install apache2`
### Lan
If you are installing in a virtual machine on your lan,
then this is all you need to do; i.e. later after you
have finished installing tt-rss, you will find the following
in `/etc/tt-rss/apache.conf`:
* `Alias /tt-rss /usr/share/tt-rss/www`
### Wan
If you deploy on a vps, for instance Linode has Debian 11 images,
you definitely want to setup Let's Encrypt Certs.
#### Create a virtual host
```apache
# /etc/apache2/sites-available/005-rss.example.com.conf
ServerName rss.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
```
Activate the new virtual host:
* `a2ensite 005-rss.example.com.conf`
* `systemctl reload apache2`
#### Certbot
* install certbot: `apt install python3-certbot-apache`
* get certificate `certbot --apache -d rss.example.com`
##### Verify Certbot Request
Your virtual host has been modified.
```apache
# /etc/apache2/sites-available/005-rss.example.com.conf
ServerName rss.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =rss.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
```
Furthermore, a new virtual host has been created and enabled.
```apache
# /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf
ServerName rss.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
```
And you should now have a systemd timer to automatically renew your certs:
```shell
/etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer
```
#### CatchAll VirtualHost
You can prevent apache from responding to incorrect subdomains
by adding a CatchAll virtual host and enabling it.
```apache
# /etc/apache2/sites-available/999-catchall.conf
ServerName null
ServerAlias *
Redirect 404 /
ServerName null
ServerAlias *
Redirect 404 /
```
## MariaDB
* Install mariadb: `apt install mariadb-server`
* Setup mariadb: `mysql_secure_installation`
As far as running `mysql_secure_installation`, I would
imagine that you want to remove anonymous users,
disallow root login remotely, remove the test
database, and reload the privilege table.
## TT-RSS
After installing apache2 and mariadb, install tt-rss:
`apt install tt-rss`. You will be prompted 3 times
by dpkg-configure, but it will be obvious what to do.
You're done! Open
`http://examplelanhost/tt-rss` or `https://rss.example.com/tt-rss`, login with the default
admin:password and have fun playing with your server.
I particularly appreciate the 2fa and opml import.
In order to use the Android application check
_enable API_ in _preferences_.
All the best blogs still have rss feeds. If you can't
find the rss feed for a blog, type ++ctrl+u++ to
show page source and look for rss feed url in the
head section. Alternately on a mobile phone you can
prepend the url with `view-source:`.