This is the propeller-hat follow up post on yesterday's thoughts on replacing Google Reader with a local Selfoss RSS aggregator instance running on a Raspberry Pi. As it's not a 2 minute straight forward installation I thought the results of my efforts might be useful to some of you as well. And as a goodie, I have some tips at the end of how to disable http so only https is exposed to the outside world and how to do http digest authentication to ensure bad guys don't even get to try anything funny in case the Apache web server configuration is not quite water tight. So here we go:
- Most importantly, use a fresh Raspian image without Apache or PHP already installed
- Create a folder selfoss in your homefolder (mkdir selfoss) and download the file
wget http://selfoss.aditu.de/selfoss-2.X.zip into it (2.X -> replace with current version number, check here).
- Unzip the file
- Make sure your .htaccess file has:
"RewriteEngine On" and
"RewriteBase /selfoss (double check there's no "#" at the beginning of the line)
- Change permissions via
chmod a+w data/cache data/favicons data/logs data/thumbnails data/sqlite public/
- Change the ownership of the "selfoss" folder and all content to www-data
sudo chown -R www-data:www-data selfoss
- Now install apache2 with php:
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install apache2 php5 sqlite libapache2-mod-php5 php5-sqlite php5-gd
- Enable rewrite and headers:
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod php5
sudo service apache2 restart
- Change rewrite-settings
in /etc/apache2/sites-available/default and also
by setting "AllowOverride All"
- Change directory to "/var/www" and create a link to your installation of selfoss via
sudo ln -s /home/pi/selfoss
At this point things should be working so give it a try by going to http://localhost/selfoss
Once you are happy with the setup, here are some additionl steps for privacy and security:
- Password Protect Basic HTTP Access Moin Moin Wiki via Apache Pwd Protection: Put the following Directory configuration in /etc/apache2/apache2.conf somewhere at the end:
Require user PUT_IN_YOUR_USERNAME
- For some reason this does not protect the root directory. Therefore create a .htaccess file in the root directory (in /var/www) and put the same info inside minus the directory xml lines.
- Give .htaccess the right owner:
sudo chown www-data:www-data /var/www/.htaccess
- Create the password file referenced above:
sudo htpasswd -c /etc/apache2/pwd.txt PUT_IN_YOUR_USERNAME
New password: mypassword
Re-type new password: mypassword
Adding password for user xxxxx
- And finally, block port 80 by commenting out 'Listen 80' in /etc/apache2/ports.conf by putting a # in front of the line.
- Finish with a sudo service apache2 restart
Auto Update The Feeds
- To always have the content on Selfoss updated put the following line in /etc/crontab to update once an hour at 41 minutes past the hour:
41 * * * * root wget –no-check-certificate –user=xxx –password="xxxx" https://localhost/selfoss/Update
- Note the upper case 'U' in Update, it won't work with a lower case.
- Also note that the no check certificate flag is necessary by the way as we use self generated https certificates that can't be validated.