Getting Selfoss Running On A Raspberry Pi

This is the propeller-hat follow up post on yesterday's thoughts on replacing Google Reader with a local Selfoss RSS aggregator instance running on a Raspberry Pi. As it's not a 2 minute straight forward installation I thought the results of my efforts might be useful to some of you as well. And as a goodie, I have some tips at the end of how to disable http so only https is exposed to the outside world and how to do http digest authentication to ensure bad guys don't even get to try anything funny in case the Apache web server configuration is not quite water tight. So here we go:

• Most importantly, use a fresh Raspian image without Apache or PHP already installed

• Create a folder selfoss in your homefolder (mkdir selfoss) and download the file

mkdir selfoss
cd selfoss
wget http://selfoss.aditu.de/selfoss-2.X.zip into it (2.X -> replace with current version number, check here).

• Unzip the file

unzip selfoss-2.3.zip

• Make sure your .htaccess file has:

  "RewriteEngine On" and
  "RewriteBase /selfoss   (double check there's no "#" at the beginning of the line)

• Change permissions via

chmod a+w data/cache data/favicons data/logs data/thumbnails data/sqlite public/

• Change the ownership of the "selfoss" folder and all content to www-data

cd ..
sudo chown -R www-data:www-data selfoss

• Now install apache2 with php:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install apache2 php5 sqlite libapache2-mod-php5 php5-sqlite php5-gd

• Enable rewrite and headers:

sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod php5
sudo service apache2 restart

• Change rewrite-settings

in /etc/apache2/sites-available/default and also

in /etc/apache2/sites-available/default-ssl

by setting "AllowOverride All"

• Change directory to "/var/www" and create a link to your installation of selfoss via

sudo ln -s /home/pi/selfoss

At this point things should be working so give it a try by going to http://localhost/selfoss

Once you are happy with the setup, here are some additionl steps for privacy and security:

• Password Protect Basic HTTP Access Moin Moin Wiki via Apache Pwd Protection: Put the following Directory configuration in /etc/apache2/apache2.conf somewhere at the end:

<Directory />
AuthType Basic
AuthName "Wiki"
AuthBasicProvider file
AuthUserFile /etc/apache2/pwd.txt
Require user PUT_IN_YOUR_USERNAME
</Directory>

• For some reason this does not protect the root directory. Therefore create a .htaccess file in the root directory (in  /var/www) and put the same info inside minus the directory xml lines.
• Give .htaccess the right owner:

sudo chown www-data:www-data /var/www/.htaccess

• Create the password file referenced above:

sudo htpasswd -c /etc/apache2/pwd.txt PUT_IN_YOUR_USERNAME
  New password: mypassword
  Re-type new password: mypassword
  Adding password for user xxxxx

• And finally, block port 80 by commenting out 'Listen 80' in /etc/apache2/ports.conf by putting a # in front of the line.

• Finish with a sudo service apache2 restart

Auto Update The Feeds

• To always have the content on Selfoss updated put the following line in /etc/crontab to update once an hour at 41 minutes past the hour:

41 *    * * *   root    wget –no-check-certificate –user=xxx –password="xxxx" https://localhost/selfoss/Update

• Note the upper case 'U' in Update, it won't work with a lower case. 

• Also note that the no check certificate flag is necessary by the way as we use self generated https certificates that can't be validated.