The following article describes on how to install Tiny Tiny RSS on recent versions of OpenBSD using httpd. As of this writing, I am using OpenBSD 6.3.
Start by installing MariaDB on the server:
# pkg_add mariadb-server
Since OpenBSD's httpd runs in a chroot you have to do some extra steps so that ttrss and the MariaDB command line programs can reach the control socket. Basically, you create a new run/mysql
directory within httpd's chroot add a proper symlink from outside and change the configuration accordingly.
# install -d -m 0755 -o root -g wheel /var/www/var # install -d -m 0755 -o root -g wheel /var/www/var/run # install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql # rmdir /var/run/mysql # ln -s /var/www/var/run/mysql /var/run/mysql
Set path in /etc/my.cnf accordingly
# grep run/mysql /etc/my.cnf [client] socket = /var/www/var/run/mysql/mysql.sock [mysqld] socket = /var/www/var/run/mysql/mysql.sock
Make sure that the permissions match the ones of /var/run/mysql
for the whole path! Otherwise mysqld won't start. In the following steps the MariaDB service will be enabled, the initial database setup happens, the daemon will be started and finally, initialized.
# rcctl enable mysqld # mysql_install_db Installing MariaDB/MySQL system tables in '/var/mysql' ... 180924 18:23:27 [Note] /usr/local/libexec/mysqld (mysqld 10.0.36-MariaDB) starting as process 1229 ... [...] # rcctl start mysqld mysqld(ok) # mysql_secure_installation [...] Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] [...] Remove anonymous users? [Y/n] [...] Disallow root login remotely? [Y/n] [...] Remove test database and access to it? [Y/n] [...] Reload privilege tables now? [Y/n] [...] Thanks for using MariaDB!
Remember the root password and check if it works with mysql -u root -p
We create a separate user and database for ttrss. Make sure that you remember the password.
$ mysql -p -u root mysql> CREATE USER 'ttrss'@'localhost' IDENTIFIED BY 'somepassword'; mysql> CREATE DATABASE ttrss; mysql> GRANT ALL PRIVILEGES ON ttrss.* TO "ttrss"@"localhost" IDENTIFIED BY 'somepassword';
In case something goes wrong, start mysqld
with the following command in case MariaDB fails to start:
# mysqld_safe 180831 10:43:22 mysqld_safe Logging to '/var/mysql/db.example.com.err'. 180831 10:43:22 mysqld_safe Starting mysqld daemon with databases from /var/mysql
This shows the log path and probable errors:
# tail -f /var/mysql/db.example.com.err [...] 180831 10:42:18 [Note] InnoDB: Waiting for purge to start 180831 10:42:18 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.36-83.0 started; log sequence number 1616817 180831 10:42:18 [Note] Server socket created on IP: '127.0.0.1'. 180831 10:42:18 [ERROR] Can't start server : Bind on unix socket: Permission denied 180831 10:42:18 [ERROR] Do you already have another mysqld server running on socket: /var/www/var/run/mysql/mysql.sock ? 180831 10:42:18 [ERROR] Aborting [...]
The error above was caused by wrong permissions of the socket directory. Remember what I said about making sure that the permissions are correct earlier :)
I use the following configuration for httpd. Basically, it instructs httpd to listen on Port 443 via HTTPS. The TLS certificates are from Let's Encrypt and fetched with acme-client(1) from OpenBSD's base installation.
# cat /etc/httpd.conf ext_addr="egress" server "default" { listen on $ext_addr tls port 443 # TLS certificate and key files created with acme-client(1) tls certificate "/etc/ssl/host.fullchain.pem" tls key "/etc/ssl/private/host.key" location "*.php" { fastcgi socket "/run/php-fpm.sock" } location "/tt-rss/*" { directory { index "index.php" } } } # Include MIME types instead of the built-in ones types { include "/usr/share/misc/mime.types" }
Populate the chroot with some more files to enable DNS lookup and certificate validation. Otherwise, ttrss cannot update your feeds and will complain about missing DNS resolution.
# cd /var/www # mkdir -p etc/ssl # cp /etc/resolv.conf etc # cp /etc/ssl/cert.pem etc/ssl
And now we are ready to enable and start httpd.
# rcctl enable httpd # rcctl start httpd
I chose PHP Version 7 and not Version 5:
# pkg_add php php-curl php-gd php-mysqli php-pdo_mysql
Now, enable all needed modules, enable php_fpm and start the service via rcctl.
# cat /etc/php-7.0/php.ini extension=gd.so extension=mysqli.so extension=pdo_mysql.so extension=curl.so zend_extension=opcache.so # rcctl enable php70_fpm # rcctl start php70_fpm
The installation of ttrss is quite simple since you only have to clone the git repository. Usually, I clone a shadow copy since I don't need the history of the project on my web server. If you haven't already installed git, do so by fetching the package via pkg_add
. You can also download a ZIP file from the latest git mater from Github but that makes updates harder.
# cd /var/www/htdocs # git clone --depth=1 https://tt-rss.org/git/tt-rss.git tt-rss # chown -R www:www tt-rss/
Go to https://your.domain.example.com/tt-rss/install/ for configuration. Use the name of the separate database and the corresponding password.
Use chsh
to set /bin/ksh
as shell for www
and set up a cronjob to call the update process every 5 minutes (or whatever interval you like.
# su - www # crontab -e MAILTO="" */5 * * * * /usr/local/bin/php-7.0 /var/www/htdocs/tt-rss/update.php --feeds --quiet
Since I don't like the default theme, I use the Feedly theme. Installation is quite easy and similar to the one of ttrss.
# ftp https://github.com/levito/tt-rss-feedly-theme/archive/master.zip Trying 192.30.253.113... [...] 2008441 bytes received in 3.20 seconds (612.35 KB/s) # unzip master.zip Archive: master.zip 833fc144d5e36d31e7d6de167583dab6ae9623ed creating: tt-rss-feedly-theme-master/ inflating: tt-rss-feedly-theme-master/README.md [...] # cp feedly.css feedly-night.css /var/www/htdocs/tt-rss/themes # cp -R feedly /var/www/htdocs/tt-rss/themes
Now select the theme in the preferences menu.
Since I had a disk crash on one of my servers, I also have some notes on how to restore a ttrss database from a backup. Basically, my backup consists of a nightly MariaDB dump to a remote location. YMMV but this should give you an idea how it works.
Maybe you have to create the ttrss database before, see above on how to. Then just restore and tt-rss should look as before.
# mysql -u root -p ttrss < /home/xhr/restore2/var/backups/ttrss-20180826.dump
text/gemini
This content has been proxied by September (ba2dc).