How to Install Selfoss RSS Reader on a CentOS 7 LAMP VPS
Selfoss RSS Reader is a free and open source self-hosted web-based multipurpose, live stream, mashup, news feed (RSS/Atom) reader and universal aggregator. Selfoss RSS Reader features OPML import, a restful JSON API, and its open plug-in system allows you to easily extend the default functionality by writing your own custom data connectors. You can use Selfoss to live stream and collect all of your posts, tweets, podcasts, and feeds in one central place that you can easily access from any desktop or mobile device.
In this tutorial, we are going to install Selfoss RSS Reader 2.17 on a CentOS 7 LAMP VPS using Apache web server, PHP 7.1, and a MariaDB database.
Prerequisites
- A clean Vultr CentOS 7 server instance with SSH access
Step 1: Add a Sudo User
We will start by adding a new sudo user.
First, log into your server as root:
ssh root@YOUR_VULTR_IP_ADDRESSAdd a new user called user1 (or your preferred username):
useradd user1Next, set the password for the user1 user:
passwd user1When prompted, enter a secure and memorable password.
Now check the /etc/sudoers file to make sure that the sudoers group is enabled:
visudoLook for a section like this:
%wheel ALL=(ALL) ALLThis line tells us that users who are members of the wheel group can use the sudo command to gain root privileges. It will be uncommented by default so you can simply exit the file.
Next we need to add user1 to the wheel group:
usermod -aG wheel user1We can verify the user1 group membership and check that the usermod command worked with the groups command:
groups user1Now use the su command to switch to the new sudo user user1 account:
su - user1The command prompt will update to indicate that you are now logged into the user1 account. You can verify this with the whoami command:
whoamiNow restart the sshd service so that you can login via ssh with the new non-root sudo user account you have just created:
sudo systemctl restart sshdExit the user1 account:
exitExit the root account (which will disconnect your ssh session):
exitYou can now ssh into the server instance from your local host using the new non-root sudo user user1 account:
ssh user1@YOUR_VULTR_IP_ADDRESSIf you want to execute sudo without having to type a password every time, then open the /etc/sudoers file again, using visudo:
sudo visudoEdit the section for the wheel group so that it looks like this:
%wheel ALL=(ALL) NOPASSWD: ALLPlease note: Disabling the password requirement for the sudo user is not a recommended practice, but it is included here as it can make server configuration much more convenient and less frustrating, especially during longer systems administration sessions. If you are concerned about the security implications, you can always revert the configuration change to the original after you finish your administration tasks.
Whenever you want to log into the root user account from within the sudo user account, you can use one of the following commands:
sudo -i
sudo su -You can exit the root account and return back to your sudo user account at any time:
exitStep 2: Update CentOS 7 System
Before installing any packages on the CentOS server instance, we will first update the system.
Make sure you are logged in to the server using a non-root sudo user and run the following command:
sudo yum -y updateStep 3: Install Apache Web Server
Install the Apache web server:
sudo yum -y install httpdThen use the systemctl command to start and enable Apache to execute automatically at boot time:
sudo systemctl enable httpd
sudo systemctl start httpdCheck your Apache configuration file to ensure that the DocumentRoot directive points to the correct directory:
sudo vi /etc/httpd/conf/httpd.conf The DocumentRoot configuration option will look like this:
DocumentRoot "/var/www/html"Now, let's make sure that the mod_rewrite Apache module is loaded. We can do this by searching the Apache base modules configuration file for the term "mod_rewrite".
Open the file:
sudo vi /etc/httpd/conf.modules.d/00-base.confSearch for the term mod_rewrite.
If the mod_rewrite Apache module is loaded, you will find a configuration line looking like this:
LoadModule rewrite_module modules/mod_rewrite.soIf the above line starts with a semi-colon, you will need to remove the semi-colon to uncomment the line and load the module. This, of course, applies to any other required Apache modules too.
We now need to edit Apache's default configuration file so that mod_rewrite will work correctly with Selfoss RSS Reader.
Open the file:
sudo vi /etc/httpd/conf/httpd.confThen find the section that starts with <Directory "/var/www/html"> and change AllowOverride none to AllowOverride All. The end result (with all comments removed) will look something like this:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>Now save and close the Apache configuration file.
We will restart Apache at the end of this tutorial, but restarting Apache regularly during installation and configuration is certainly a good habit, so let's do it now:
sudo systemctl restart httpdStep 4: Open Web Firewall Ports
We now need to open the default HTTP and HTTPS ports as they will be blocked by firewalld by default.
Open the firewall ports:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcpReload the firewall to apply the changes:
sudo firewall-cmd --reloadYou will see the word success displayed in your terminal after each successful firewall configuration command.
We can quickly verify that the Apache HTTP port is open by visiting the IP address or domain of the server instance in a browser:
http://YOUR_VULTR_IP_ADDRESS/You will see the default Apache web page in your browser.
Step 5: Disable SELinux (if enabled)
SELinux stands for "Security Enhanced Linux". It is a security enhancement to Linux which allows users and administrators more control over access control. It is disabled by default on Vultr CentOS 7 instances, but we will cover the steps to disable it, just in case you are not starting from a clean install and it was previously enabled.
To avoid file permission problems with Selfoss RSS Reader we need to ensure that SELinux is disabled.
First, let's check whether SELinux is enabled or disabled with the sestatus command:
sudo sestatusIf you see something like: SELinux status: disabled then it is definitely disabled and you can skip straight to Step 6. If you see any other message, then you will need to complete this section.
Open the SELinux configuration file with your favourite terminal editor:
sudo vi /etc/selinux/configChange SELINUX=enforcing to SELINUX=disabled and then save the file.
To apply the configuration change, SELinux requires a server reboot, so you can either restart the server using the Vultr control panel or you can simply use the shutdown command:
sudo shutdown -r nowWhen the server reboots, your SSH session will get disconnected and you may see a message informing you about a 'broken pipe' or 'Connection closed by remote host'. This is nothing to worry about, simply wait for 20 seconds or so and then SSH back in again (with your own username and domain):
ssh user1@YOUR_DOMAINOr (with your own username and IP address):
ssh user1@YOUR_VULTR_IP_ADDRESSOnce you have logged back in, you should check the status of SELinux again with the sestatus command to make sure it is properly disabled:
sudo sestatusYou should see a message saying SELinux status: disabled. If you see a message saying SELinux status: enabled (or something similar) you will need to repeat the above steps and ensure that you properly restart your server.
Step 6: Install PHP 7.1
CentOS 7 requires us to add an external repo in order to install PHP 7.1, so run the following command:
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpmWe can now install PHP 7.1 along with all of the necessary PHP modules required by Selfoss RSS Reader:
sudo yum -y install php71w php71w-gd php71w-mbstring php71w-mysql php71w-xml php71w-common php71w-pdo php71w-mysqlndStep 7: Install MariaDB (MySQL) Server
CentOS 7 defaults to using MariaDB database server, which is an enhanced, fully open source, community developed, drop-in replacement for MySQL server.
Install MariaDB database server:
sudo yum -y install mariadb-serverStart and enable MariaDB server to execute automatically at boot time:
sudo systemctl enable mariadb
sudo systemctl start mariadb Secure your MariaDB server installation:
sudo mysql_secure_installationThe root password will be blank, so simply hit enter when prompted for the root password.
When prompted to create a MariaDB/MySQL root user, select "Y" (for yes) and then enter a secure root password. Simply answer "Y" to all of the other yes/no questions as the default suggestions are the most secure options.
Step 8: Create Database for Selfoss RSS Reader
Log into the MariaDB shell as the MariaDB root user by running the following command:
sudo mysql -u root -pTo access the MariaDB command prompt, simply enter the MariaDB root password when prompted.
Run the following queries to create a MariaDB database and database user for Selfoss RSS Reader:
CREATE DATABASE selfoss_db CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'selfoss_user'@'localhost' IDENTIFIED BY 'UltraSecurePassword';
GRANT ALL PRIVILEGES ON selfoss_db.* TO 'selfoss_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;You can replace the database name selfoss_db and username selfoss_user with something more to your liking, if you prefer. (Please note that the default maximum length for usernames in MariaDB on CentOS 7 is 16 characters). Also, make sure that you replace "UltraSecurePassword" with an actually secure password.
Step 9: Install Selfoss RSS Reader Files
Change your current working directory to the default web directory:
cd /var/www/html/If you get an error message saying something like 'No such file or directory' then try the following command:
cd /var/www/ ; sudo mkdir html ; cd htmlYour current working directory will now be: /var/www/html/. You can check this with the pwd (print working directory) command:
pwdNow use wget to download the Selfoss RSS Reader installation package:
sudo wget --content-disposition https://github.com/SSilence/selfoss/archive/2.17.zipPlease note: You should definitely check for the most recent version by visiting the Selfoss RSS Reader download page.
List the current directory to check that you have successfully downloaded the file:
ls -laLet's quickly install unzip so we can unzip the file:
sudo yum -y install unzipNow uncompress the zip archive:
sudo unzip selfoss-2.17.zipMove all of the installation files to the web root directory:
sudo mv -v selfoss-2.17/* selfoss-2.17/.* /var/www/html 2>/dev/nullChange ownership of the web files to avoid any permissions problems:
sudo chown -R apache:apache * ./Restart Apache again:
sudo systemctl restart httpdStep 10: Install and Run Composer
Selfoss RSS Reader requires us to use composer to download some plugins so let's install composer:
sudo yum -y install composerNow make sure you are in the webroot directory:
cd /var/www/htmlRun composer using the apache user:
sudo -u apache composer installYou will see some warning messages from composer about not being able to write to the cache, but don't worry too much about that as everything will still install just fine.
We're now ready to move on to the final step.
Step 11: Complete Selfoss RSS Reader Installation
We first need to update the Selfoss RSS Reader configuration file
config.iniwith the correct database settings so make sure you are still in the webroot directory and copydefaults.initoconfig.ini:sudo cp -iv defaults.ini config.iniNext, open the
config.iniconfiguration file and add the following database values:[globals] db_type=mysql db_host=localhost db_database=selfoss_db db_username=selfoss_user db_password=UltraSecurePassword db_port=3306We now need to add a password hash to
config.ini, but first we need to generate it, so visit the following URL in your browser:http://YOUR_VULTR_IP_ADDRESS/passwordThen enter your desired password into the
Passwordfield and click onGenerate.Simply copy the resulting hash value to the password option in the
config.inifile so the password section now looks something like this:username=admin password=b729a37c34ff9648c33d67de3b289b58b7486dd71236343a6c2c275c2cc0477bd1d254eb92248bfa753169547d4bd2e81c2c9e460ba5bba822af1e87722dd12a salt=<long string of random chracters>Note: Your password hash will obviously be different to the hash shown above and you are free to choose a different username.
Remove all of the other unedited options from the
config.inifile so your complete configuration file looks similar to this:[globals] db_type=mysql db_host=localhost db_database=db1 db_username=u1 db_password=usecpass1 db_port=3306 username=admin password=b729a37c34ff9648c33d67de3b289b58b7486dd71236343a6c2c275c2cc0477bd1d254eb92248bfa753169547d4bd2e81c2c9e460ba5bba822af1e87722dd12a salt=<long string of random chracters>Note: If you want to change any of the
defaults.inioptions, you can simply add them to the list of options above.When you have finished editing the configuration file, you can save and exit the file.
You can now login to Selfoss RSS Reader by visiting the home page and entering your username and password:
http://YOUR_VULTR_IP_ADDRESS/If you want the reader to auto-update your feeds (and you almost certainly do), you will need to edit your crontab:
sudo crontab -eAdd the following line to refresh your feeds hourly:
0 * * * * apache cd /var/www/html && php cliupdate.php
If you haven't yet configured your Vultr DNS settings, you can do so using the Vultr DNS control panel.
It's also advisable to configure your site to use SSL as most modern browsers will give warnings when sites do not have SSL enabled and SSL certificates are now available for free.
In any case, you are now free to start adding your feeds and further customizing your reader, if you desire.