Install Awesome TTRSS with NGINX and Let’s Encrypt on Ubuntu 20.04

In this post I will show you how to install Awesome TTRSS with NGINX and Let’s Encrypt.

Install Docker:

apt install docker-compose

Download docker-compose.yml

Edit docker-compose.yml:

nano docker-compose.yml

Change the ‘SELF_URL_PATH’, ‘DB_PASS’ and ‘POSTGRES_PASSWORD’.

version: "3"
services:
  service.rss:
    image: wangqiru/ttrss:latest
    container_name: ttrss
    ports:
      - 181:80
    environment:
      - SELF_URL_PATH=https://ttrss.yourdomain.com # please change to your own domain
      - DB_PASS=YourPassword Use the same password defined in `database.postgres`
      - PUID=1000
      - PGID=1000
    volumes:
      - feed-icons:/var/www/feed-icons/
    networks:
      - public_access
      - service_only
      - database_only
    stdin_open: true
    tty: true
    restart: always

  service.mercury: # set Mercury Parser API endpoint to `service.mercury:3000` on TTRSS plugin setting page
    image: wangqiru/mercury-parser-api:latest
    container_name: mercury
    networks:
      - public_access
      - service_only
    restart: always

  service.opencc: # set OpenCC API endpoint to `service.opencc:3000` on TTRSS plugin setting page
    image: wangqiru/opencc-api-server:latest
    container_name: opencc
    environment:
      - NODE_ENV=production
    networks:
      - service_only
    restart: always

  database.postgres:
    image: postgres:13-alpine
    container_name: postgres
    environment:
      - POSTGRES_PASSWORD=YourPassword
    volumes:
      - ~/postgres/data/:/var/lib/postgresql/data # persist postgres data to ~/postgres/data/ on the host
    networks:
      - database_only
    restart: always

  # utility.watchtower:
  #   container_name: watchtower
  #   image: containrrr/watchtower:latest
  #   volumes:
  #     - /var/run/docker.sock:/var/run/docker.sock
  #   environment:
  #     - WATCHTOWER_CLEANUP=true
  #     - WATCHTOWER_POLL_INTERVAL=86400
  #   restart: always

volumes:
  feed-icons:

networks:
  public_access: # Provide the access for ttrss UI
  service_only: # Provide the communication network between services only
    internal: true
  database_only: # Provide the communication between ttrss and database only
    internal: true

Deploy the docker containers:

docker-compose up -d

Install Certbot:

apt install certbot

Assign your A record to your public IP address and generate a certificate:
Choose: Spin up a temporary webserver (standalone)

certbot certonly -d ttrss.yourdomain.com

Install NGINX:

apt install nginx

Add the NGINX config:

nano /etc/nginx/sites-available/ttrss

Replace ‘yourdomain.com’ with your domain name.

upstream ttrssdev {
    server 127.0.0.1:181;
}

server {
    listen 80;
    server_name  ttrss.yourdomain.com;
    return 301 https://ttrss.yourdomain.com$request_uri;
}

server {
    listen 443 ssl;
    gzip on;
    server_name  ttrss.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/ttrss.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ttrss.yourdomain.com/privkey.pem;

    access_log /var/log/nginx/ttrssdev_access.log combined;
    error_log  /var/log/nginx/ttrssdev_error.log;

    location / {
        proxy_redirect off;
        proxy_pass http://ttrssdev;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

Enable the link:

ln -s /etc/nginx/sites-available/ttrss /etc/nginx/sites-enabled/

Enable NGINX & (re)start the service.

systemctl enable nginx && systemctl start nginx

Sign in with the following default TTRSS credentials:
Login: admin
Password: password

It’s that simple!

Leave a Reply

Your email address will not be published. Required fields are marked *