insights/content/tutorials/how-to-install-self-hosted-commento-and-use-nginx-as-reverse-proxy/index.md

9.3 KiB
Raw Blame History

title description date lastmod draft noindex nav_weight series categories tags images authors
How to Install self-hosted Commento and Use Nginx as Reverse Proxy Guide to install Commento and it's required dependencies like PostgreSQL, setting up required Commento configuration and it's SystemD and use Nginx as reverse proxy to serve Commento instance using HTTPS. 2022-09-14T03:09:19+07:00 false false 1000
Self-Hosted
SysAdmin
Commento
PostgreSQL
Nginx
ditatompel

Commento is open-source privacy-focused commenting platform, It's fast, bloat-free and can be self-hosted. This article guide you to install required dependencies like PostgreSQL (Ubuntu 20.04), setting up required Commento configuration and it's SystemD to start the server automatically on when the system boot up. Additionally (but recommended), use Nginx as reverse proxy to serve Commento instance using HTTPS.

UPDATES:

WARNING: I've been using Commento for a long time, but since 1 year ago until this article was written, I didn't find any updates or commits to their git master repository. You can try Commento++ as replacement.

Hardware requirements

Commento is pretty lightweight, but it's recommend having at least 64MB of free RAM and at least 30MB of free disk space. This requirement does not include the requirements for running the PostgreSQL server. You may, of course, choose to use a separate server or a cloud PostgreSQL provider for the database.

Commento binary release has been verified to be working on the following hardware architectures: amd64, x86.

Software requirements

To run Commento, you need to have a PostgreSQL database version 9.6 or later. There aren't any other software requirements, unless you're compiling from source.

Install PostgreSQL

Let's assume you use Ubuntu 20.04 which provide PostgreSQL >= 9.6 from their official repository package.

To install PostgreSQL, first refresh your servers local package index:

sudo apt update

Then, install the Postgres package along with a -contrib package that adds some additional utilities and functionality:

sudo apt install postgresql postgresql-contrib

By default, Postgres uses a concept called roles to handle authentication and authorization. These are, in some ways, similar to regular Unix-style users and groups.

Upon installation, Postgres is set up to use ident authentication, meaning that it associates Postgres roles with a matching Unix/Linux system account. If a role exists within Postgres, a Unix/Linux username with the same name is able to sign in as that role.

The installation procedure created a user account called postgres that is associated with the default Postgres role. There are a few ways to utilize this account to access Postgres. One way is to switch over to the postgres account on your server by running the following command:

sudo -i -u postgres

Creating a New Role

If you are logged in as the postgres account, you can create a new role by running the following command:

createuser --interactive

If you prefer to use sudo for each command without switching from your normal account, run:

sudo -u postgres createuser --interactive
Enter name of role to add: commento
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n

Creating a New Database

Another assumption that the Postgres authentication system makes by default is that for any role used to log in, that role will have a database with the same name which it can accessed.

This means that if the user you created in the last section is called ditatompel, that role will attempt to connect to a database which is also called ditatompel by default. You can create the appropriate database with the createdb command.

If you are logged in as the postgres account, you would type something like the following:

createdb commento

If, instead, you prefer to use sudo for each command without switching from your normal account, you would run:

sudo -u postgres createdb commento

Create User Password

sudo -u postgres psql
ALTER USER postgres PASSWORD '[ChangeThisWithYourSecretPassword]';

If successful, Postgres will output a confirmation of ALTER ROLE as seen above.

Download Commento Binary

Find the latest Commento release binary archive from the releases page and download it to your server.

wget https://dl.commento.io/release/commento-v1.8.0-linux-glibc-amd64.tar.gz

Extract to desired Commento installation, in this example /opt/commento.

mkdir /opt/commento
tar -xvzf commento-v1.8.0-linux-glibc-amd64.tar.gz -C /opt/commento/

Launching Commento

You need to set up some required configuration before starting Commento and optionally additional configuration like SMTP and OAuth. In this example, let's assume our Commento instance will be running on server localhost port 8088 and will be available at https://commento.ditatompel.com via Nginx reverse proxy.

Before you launch Commento, you will also need a usable PostgreSQL server. Let's say the server is available at localhost on port 5432 using database named commento with the user credentials commento and password commentoPassword.

Set up the environment variables to start the Commento server on 127.0.0.1 on port 8088. You can create .env file under /etc/commento/commento.env for easier management.

COMMENTO_ORIGIN=https://commento.ditatompel.com
#COMMENTO_CDN_PREFIX=https://commento.ditatompel.com
# Set binding values
COMMENTO_BIND_ADDRESS=127.0.0.1
COMMENTO_PORT=8088

# Set PostgreSQL settings
COMMENTO_POSTGRES=postgres://commento:commentoPassword@127.0.0.1:5432/commento?sslmode=disable

#
# Below configuration is optional
# Uncomment and edit to fit your needs
#

# Prevent registration
#COMMENTO_FORBID_NEW_OWNERS=false # default true

# If set to true, all static content will be served GZipped if the client's browser supports compression. Defaults to false.
#COMMENTO_GZIP_STATIC=true


# Set the SMTP credentials
#COMMENTO_SMTP_HOST=mail.example.com
#COMMENTO_SMTP_PORT=587
#COMMENTO_SMTP_USERNAME=notification@example.com
#COMMENTO_SMTP_PASSWORD=examplePassword
#COMMENTO_SMTP_FROM_ADDRESS=notification@example.com

# Set Google OAuth credentials
#COMMENTO_GOOGLE_KEY=some-random-string-key.apps.googleusercontent.com
#COMMENTO_GOOGLE_SECRET=somerandomsecret

Set COMMENTO_CDN_PREFIX to the appropriate URL if you are serving static content from a CDN. Otherwise, set it to the same value as COMMENTO_ORIGIN.

Then, create systemd service file located on /etc/systemd/system/commento.service:

[Unit]
Description=Commento daemon service
After=network.target postgresql.service

[Service]
Type=simple
ExecStart=/opt/commento/commento
Environment=COMMENTO_CONFIG_FILE=/etc/commento/commento.env

[Install]
WantedBy=multi-user.target

Reload systemd unit files configuration and start Commento service.

sudo systemctl daemon-reload
sudo systemctl start commento
sudo systemctl enable commento

Setting up Nginx reverse proxy for Commento (sub)domain

Now, time to configure Nginx in front of Commento. Nginx server block configuration below is basic example to use Nginx as reverse proxy to serve Commento using SSL (HTTPS).

server {
    listen 80;
    server_name commento.ditatompel.com;
    root /var/www/default;
    # in case you use certbot...
    location /.well-known/acme-challenge/ { allow all; }
    location / { return 301 https://$host$request_uri; }
}

server {
    listen 443 ssl http2;
    server_name commento.ditatompel.com;
	
    # Edit to fit with your server environment and path
    ssl_certificate     /path/to/your/cert/fullchain.pem;
    ssl_certificate_key /path/to/your/cert/privkey.pem;
    ssl_dhparam         /path/to/your/cert/dhparam.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    root /var/www/default;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8088/;
    }
}

Restart Nginx service and try to access your Commento instance.

Resources