FreeBSD TT-RSS

Posted on Wed 29 October 2014 in english

Since Google shut down its Reader you were desperately looking for an alternative? Or you would simply like to have a central place to follow your favourite news sites?
For all of you: tt-rss to the resque!

"What's tt-rss?" you ask?
tt-rss is an open source news feed reader and aggregator you can run on your own server. There are an Android client and several appealing themes available (personally I like the Feedly theme most).

Jail setup

In order to run PostgreSQL correctly, you have to change your jail configuration (enter in jail host and substitute MY_JAIL_NAME with your jail name) - thanks to Dan Langille:

# echo 'export jail_**MY_JAIL_NAME**_parameters="allow.raw_sockets=1 allow.sysvipc=1"' >> /usr/local/etc/ezjail/**MY_JAIL_NAME**

If your jail is running at this moment you have to restart it for the parameters to get active.

Installation

Install the packages and enable the services:

# pkg install postgresql94-server nginx php5-iconv php5-pgsql tt-rss php5
# echo 'postgresql_enable="YES"' >> /etc/rc.conf
# echo 'php_fpm_enable="YES"' >> /etc/rc.conf
# echo 'nginx_enable="YES"' >> /etc/rc.conf

EDIT: I found out that the php5-pgsql package has a hard depedency on postgresql93-server/client, so if you want to use version 9.4 you have to compile it yourself from ports.

PostgreSQL

Initialize a new database:

# /usr/local/etc/rc.d/postgresql initdb

Now to configure the hash authentication on passwords change the file /usr/local/pgsql/data/pg_hba.conf and add the following line at the bottom:

host all all 10.0.1.12/32 md5

NOTE: I'll use my PostgreSQL server on a dedicated jail for tt-rss. You can find other tutorials out there where another subnets gets used (/24 or something like that), but these are for dedicated PostgreSQL servers.

To alter the default pgsql admin password and create a postgresql user for tt-rss enter:

# service postgresql start
# su - pgsql
# psql postgres
postgres=# ALTER USER pgsql PASSWORD 'YOUR_PASSWORD';
ALTER ROLE
postgres=# CREATE USER "www-data" WITH PASSWORD 'yourpasshere';
CREATE ROLE
postgres=# CREATE DATABASE ttrss WITH OWNER "www-data";
CREATE DATABASE
postgres=# \q
$ exit

You have to change the PHP Fast CGI settings /usr/local/etc/php-fpm.conf:

listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0666

Optional

If you want SSL encrypted traffic (YES) you have to create SSL certs:

# mkdir /usr/local/etc/ssl && cd /usr/local/etc/ssl
# openssl req -new -x509 -days 365 -nodes -out rss.pem -keyout rss.key -newkey rsa:2048

The nginx config file (/usr/local/etc/nginx/nginx.conf) should look similar to (btw. this is totally free of any POODLEs):

user  www;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;

    server {
        listen      443 ssl; 
        server_name  rss;

        root   /usr/local/www/tt-rss;
        access_log /var/log/ttrss-access.log;
        error_log /var/log/ttrss-error.log info;


        ssl_certificate      /usr/local/etc/ssl/rss.pem;
        ssl_certificate_key  /usr/local/etc/ssl/rss.key; 
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSKULL:!MD5:!DSS;
        ssl_session_timeout 5m;
        ssl_prefer_server_ciphers on;

        location / {
            index  index.php;
        }

        error_page  404              /404.html;

        # pass the PHP scripts to FastCGI server listening on /var/run/php-fpm.sock
        #
        location ~ \.php$ {
            try_files $uri = 404; #Prevents autofixing of path which could be used for exploit
            fastcgi_pass   unix:/var/run/php-fpm.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include         /usr/local/etc/nginx/fastcgi_params;
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
    }
}

(Re)start the services (if you haven't already):

# service php-fpm restart && service nginx restart

Before you start the installer you have to delete the tt-rss config file that came with the package:

# rm /usr/local/www/tt-rss/config.php

Now you should be able to reach the installer via https://IP_OF_YOUR_SERVER/install/.

The values are as following:

Database type   = PostgreSQL
Username = www-data
Password = yourpasshere
Database name = ttrss

Change your password after first login with 'admin':'password' (Preferences --> Users --> Click on admin user!).

Have fun with your new info jail!

FreeBSD Server RSS

Previous Post Next Post

You might enjoy