A ttrss setup guide.

Build your own RSS.

Posted by Tony Chan on 2019-03-21

This is a detailed guide to setup a fully running ttrss instance and explore its potential.

docker


Requirements


yum-utils provides the yum-config-manager utility, and device-mapper-persistent-data and lvm2 are required by the devicemapper storage driver.

1
2
3
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2

SET UP THE REPOSITORY


1
2
3
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

INSTALL DOCKER CE


1
$ sudo yum install docker-ce docker-ce-cli containerd.io

Start Docker


1
$ sudo systemctl start docker

PostgreSQL


I chose this image because it allows you to specify the extensions you want to enable. pg_trgm is required for marking similar feeds as read via the ttrss plugin af_psql_trgm.

The default user is postgres.

It persists its data in directory /docker/postgres/data/.

1
2
3
4
5
6
$ sudo docker run -d --name postgres --restart=always \
-v /docker/postgres/data/:/var/lib/postgresql/ \
-e PG_PASSWORD=mydbpass \
-e DB_EXTENSION=pg_trgm \
-p 5432:5432 \
sameersbn/postgresql:latest

change password


tonystudio.ml

navicat

nginx


SSL功能需要openssl库,直接通过yum安装:

sudo yum install openssl

gzip模块需要zlib库,直接通过yum安装:

sudo yum install zlib

rewrite模块需要pcre库,直接通过yum安装:

sudo yum install pcre

sudo yum install nginx

sudo service nginx start

config


ssl certificate can be obtained for free here at Let’s Encrypt.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
upstream ttrss {
server 127.0.0.1:7722;
}

server {
listen 80;
server_name rss.tonystudio.ml;
return 301 https://rss.tonystudio.ml$request_uri;
}

server {
listen 443 ssl;
gzip on;
server_name rss.tonystudio.ml;

ssl_certificate /home/kiritochan1990/tonystudio/Nginx/1_tonystudio.ml_bundle.crt;
ssl_certificate_key /home/kiritochan1990/tonystudio/Nginx/2_tonystudio.ml.key;

access_log /var/log/nginx/ttrss_access.log combined;
error_log /var/log/nginx/ttrss_error.log;

location / {
proxy_redirect off;
proxy_pass http://ttrss;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;

client_max_body_size 100m;
client_body_buffer_size 128k;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}

test todo


curl https://127.0.0.1

1
2
3
4
5
6
7
8
9
10
11
12
13
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

TTRSS


This links ttrss with the PostgreSQL container created just now and exposes port 7722 to the public.

The default credential is admin and password. You should be prompted to change them upon first login, please do so.

1
2
3
4
5
6
7
8
9
$ sudo docker run -dit --name=ttrss --restart=always \
-e SELF_URL_PATH=http://rss.tonystudio.ml \
-e DB_HOST=postgres \
-e DB_PORT=5432 \
-e DB_NAME=myttrss \
-e DB_USER=tonychan \
-e DB_PASS=your-passwd \
-p 7722:80 \
wangqiru/ttrss

test

curl http://127.0.0.1:7722 测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<!DOCTYPE html>
<html>
<head>
<title>Startup failed</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="css/default.css">
</head>
<body class='sanity_failed claro ttrss_utility'>
<div class="content">

<h1>Startup failed</h1>

<p>Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade. Please fix
errors indicated by the following messages:</p>

<div class="alert alert-danger" id="">Please set SELF_URL_PATH to the correct value for your server (possible value: <b>http://127.0.0.1:7722/</b>)</div><div class="alert alert-danger" id="">Please set SELF_URL_PATH to the correct value detected for your server: <b>http://127.0.0.1:7722/</b></div>
<p>You might want to check tt-rss <a href="http://tt-rss.org/wiki">wiki</a> or the
<a href="http://tt-rss.org/forum">forums</a> for more information. Please search the forums before creating new topic
for your question.</p>

</div>
</body>
</html>

stop&&delete


sudo docker container ls

sudo docker stop ttrss

sudo docker rm ttrss

1
2
3
4
5
6
7
8
9
10
$ sudo docker run -dit --name=ttrss --restart=always \
--net ttrss_network \
-e SELF_URL_PATH=http://localhost:7722/ \
-e DB_HOST=127.0.0.1 \
-e DB_PORT=5432 \
-e DB_NAME=myttrss \
-e DB_USER=tonychan \
-e DB_PASS=your-passwd \
-p 7722:80 \
wangqiru/ttrss

docker network


sudo docker network create ttrss_network
sudo docker network connect ttrss_network postgres
sudo docker network connect ttrss_network ttrss
sudo docker restart ttrss

docker-compose


for centos

sudo curl -L “https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

docker-compose --version

up


sudo docker-compose up -d

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
version: "3"
services:
database.postgres:
image: sameersbn/postgresql:latest
container_name: postgres
ports:
- 5678:5432
environment:
- PG_PASSWORD=your-passwd # please change the password
- DB_EXTENSION=pg_trgm
volumes:
- ~/postgres/data/:/var/lib/postgresql/ # persist postgres data to ~/postgres/data/ on the host
restart: always

service.rss:
image: wangqiru/ttrss:latest
container_name: ttrss
ports:
- 7722:80
environment:
- SELF_URL_PATH=https://rss.tonystudio.ml/ # please change to your own domain
- DB_HOST=database.postgres
- DB_PORT=5432
- DB_NAME=ttrss
- DB_USER=postgres
- DB_PASS=your-passwd # please change the password
stdin_open: true
tty: true
restart: always
command: sh -c 'sh /wait-for database.postgres:5432 -- php /configure-db.php && exec s6-svscan /etc/s6/'

service.mercury: # set Mercury Parser API endpoint to `service.mercury:3000` on TTRSS plugin setting page
image: wangqiru/mercury-parser-api:latest
container_name: mercury
expose:
- 3000
restart: always

service.opencc: # set OpenCC API endpoint to `service.opencc:3000` on TTRSS plugin setting page
image: wangqiru/opencc-api-server:latest
container_name: opencc
environment:
NODE_ENV: production
expose:
- 3000
restart: always

The default credential is admin and password.

fever


Reeder3 邮箱地址填你的用户名 默认使用admin
密码 在Fever中设置

fever API不支持添加和删除订阅源 只支持Star等常规操作.

GCP


Something about GCP Settings.

  • 禁止root登陆
  • 只开放需要的端口。
  • 不要用常规默认端口。例如ssh 不要用22
  • 不使用默认账号(但是始终要记一个管理员账号)
  • 限制IP段登录 (暂时没做)
  • 没使用Linux的iptable做, 使用VPC网络做(相当于路由器)

image

Backup


backup database.

主从复制


主流 todo

物理备份


复制的恢复不出来 而且需要版本的一致

逻辑备份


转存SQL


这个跨平台能通用 缺点是包比较大 (10.8M)


应该有兼容性问题 例如 部署在centos中的postgres的备份 在macos中恢复失败

但是用SQL先恢复出来后 然后在macos中备份 然后在macos中恢复成功

postgres备份


SQL转储


SQL 转储方法的思想是创建一个由SQL命令组成的文件,当把这个文件回馈给服务器时,服务器将利用其中的SQL命令重建与转储时状态一样的数据库。pg_dump创建的备份在内部是一致的, 也就是说,转储表现了pg_dump开始运行时刻的数据库快照,且在pg_dump运行过程中发生的更新将不会被转储。pg_dump工作的时候并不阻塞其他的对数据库的操作。 (但是会阻塞那些需要排它锁的操作,比如大部分形式的ALTER TABLE)

文件系统级别备份


流复制


流复制允许一台后备服务器比使用基于文件的日志传送更能保持为最新的状态。 后备服务器连接到主服务器, 主服务器则在 WAL(write ahead log) 记录产生时即将它们以流式传送给后备服务器而不必等到 WAL文件被填充。在这种情况下主服务器上提交一个事务与该变化在后备服务器上变得可见之间存在短暂的延迟。 不过这种延迟比基于文件的日志传送方式中要小得多, 在后备服务器的能力足以跟得上负载的前提下延迟通常低于一秒。


Reference:

GitHub Repo:Tony Studio

Follow: CoderTonyCHan · GitHub