How to Enable TLS 1.3 in Apache on Fedora 30
Using a Different System? TLS 1.3 is a version of the Transport Layer Security (TLS) protocol that was published in 2018 as a proposed standard in RFC 8446
Tiny Tiny RSS Reader is a free and open source self-hosted web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close as possible to a real desktop application. Tiny Tiny RSS Reader supports feed aggregation and syndication, OPML import and export, social sharing, internationalization, duplicate article detection, flexible article filtering, plugins and themes, a JSON API, and much more!
In this tutorial, we are going to install Tiny Tiny RSS Reader 17.4 on a Fedora 26 LAMP VPS using Apache web server, PHP 7.1, and a MariaDB database.
We will start by adding a new sudo
user.
First, log into your server as root
:
ssh root@YOUR_VULTR_IP_ADDRESS
Add a new user called user1
(or your preferred username):
useradd user1
Next, set the password for the user1
user:
passwd user1
When prompted, enter a secure and memorable password.
Now check the /etc/sudoers
file to make sure that the sudoers
group is enabled:
visudo
Look for a section like this:
%wheel ALL=(ALL) ALL
And make sure it is uncommented. This line tells us that users who are members of the wheel
group can use the sudo
command to gain root
privileges.
Once you have edited the file, you can save and exit by pressing Esc
and then entering :wq
to "write" and "quit" the file.
Next we need to add user1
to the wheel
group:
usermod -aG wheel user1
We can verify the user1
group membership and check that the usermod
command worked with the groups
command:
groups user1
Now use the su
command to switch to the new sudo user user1
account:
su - user1
The command prompt will update to indicate that you are now logged into the user1
account. You can verify this with the whoami
command:
whoami
Now, restart the sshd
service so that you can login via ssh
with the new non-root sudo user account you have just created:
sudo systemctl restart sshd
Exit the user1
account:
exit
Exit the root
account (which will disconnect your ssh
session).
exit
You can now ssh
into the server instance from your local host using the new non-root sudo user user1
account:
ssh user1@YOUR_VULTR_IP_ADDRESS
If you want to execute sudo without having to type a password every time, then open the /etc/sudoers
file again, using visudo
:
sudo visudo
Edit the section for the wheel
group so that it looks like this:
%wheel ALL=(ALL) NOPASSWD: ALL
Please note: Disabling the password requirement for the sudo user is not a recommended practice, but it is included here as it can make server configuration much more convenient and less frustrating, especially during longer systems administration sessions. If you are concerned about the security implications, you can always revert the configuration change to the original after you finish your administration tasks.
Whenever you want to log into the root
user account from within the sudo
user account, you can use one of the following commands:
sudo -i
sudo su -
You can exit the root
account and return back to your sudo
user account any time by simply typing:
exit
Before installing any packages on the Fedora server instance, we will first update the system.
Make sure you are logged into the server using a non-root sudo user and run the following command:
sudo dnf -y update
Install the Apache web server:
sudo dnf -y install httpd
Then use the systemctl
command to start and enable Apache to execute automatically at boot time.
sudo systemctl enable httpd
sudo systemctl start httpd
Check your Apache configuration file to ensure that the DocumentRoot
directive points to the correct directory.
sudo vi /etc/httpd/conf/httpd.conf
The DocumentRoot
configuration option should look like this:
DocumentRoot "/var/www/html"
Now, let's make sure that the mod_rewrite
Apache module is loaded. We can do this by searching the Apache base modules configuration file for the term "mod_rewrite
".
Open the file:
sudo vi /etc/httpd/conf.modules.d/00-base.conf
Search for the term mod_rewrite
.
If the mod_rewrite
Apache module is loaded, you should find a configuration line looking like this:
LoadModule rewrite_module modules/mod_rewrite.so
If the above line starts with a semi-colon, you will need to remove the semi-colon to uncomment the line and load the module. This, of course, applies to any other required Apache modules too.
We now need to edit Apache's default configuration file so that mod_rewrite
will work correctly with Tiny Tiny RSS.
Open the file:
sudo vi /etc/httpd/conf/httpd.conf
Then find the section that starts with <Directory "/var/www/html">
and change AllowOverride none
to AllowOverride All
. The end result (with all comments removed) should look something like this:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Now save and close the Apache configuration file.
We will restart Apache at the end of this tutorial, but restarting Apache regularly during installation and configuration is certainly a good habit, so let's do it now.
sudo systemctl restart httpd
We now need to open the default HTTP
and HTTPS
ports as they will be blocked by firewalld
by default.
Open the firewall ports:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
Reload the firewall to apply the changes.
sudo firewall-cmd --reload
You will see the word success
displayed in your terminal after each successful firewall configuration command.
We can quickly verify that the Apache HTTP
port is open by visiting the IP address or domain of the server instance in a browser:
http://YOUR_VULTR_IP_ADDRESS/
If everything has been set up correctly, you will see the default Apache web page in your browser.
SELinux stands for "Security Enhanced Linux". It is a security enhancement to Linux which allows users and administrators more control over access control. It is enabled by default in Fedora 26, but it is definitely not essential for server security as many Linux server distributions do not ship with it installed or enabled by default.
To avoid file permission problems with Tiny Tiny RSS later down the line, we are going to disable SELinux, for now. So open the SELinux configuration file with your favorite terminal editor:
sudo vi /etc/selinux/config
Change SELINUX=enforcing
to SELINUX=disabled
, then save the file.
To apply the configuration change, SELinux requires a server reboot, so you can either restart the server using the Vultr control panel or you can simply use the shutdown
command to cleanly shutdown and restart the server:
sudo shutdown -r now
When the server reboots, your SSH session will get disconnected and you may see a message informing you about a 'broken pipe'
or informing you 'Connection closed by remote host'
. This is nothing to worry about, simply wait for 20 seconds or so and then SSH back in again (with your own username and domain):
ssh user1@YOUR_DOMAIN
Or (with your own username and IP address):
ssh user1@YOUR_VULTR_IP_ADDRESS
Once you have logged back in, you should check the status of SELinux with the sestatus
command to make sure it has been properly disabled:
sudo sestatus
You will see a message saying SELinux status: disabled
. If you see a message saying SELinux status: enabled
(or something similar) you will need to repeat the above steps and ensure that you properly restart your server.
We can now install PHP 7.1 along with all of the necessary PHP modules required by Tiny Tiny RSS.
sudo dnf -y install php php-mysqlnd php-mbstring php-gd php-common php-pdo php-pecl-imagick php-xml php-zip
Fedora 26 defaults to using MariaDB database server, which is an enhanced, fully open source, community developed, drop-in replacement for MySQL server.
Install MariaDB database server:
sudo dnf -y install mariadb-server
Start and enable MariaDB server to execute automatically at boot time.
sudo systemctl enable mariadb
sudo systemctl start mariadb
Secure your MariaDB server installation:
sudo mysql_secure_installation
The root
password will be blank, so simply hit enter when prompted for the root
password.
When prompted to create a MariaDB/MySQL root
user, select "Y" (for yes) and then enter a secure root
password. Simply answer "Y" to all of the other yes/no questions as the default suggestions are the most secure options.
Log into the MariaDB shell as the MariaDB root
user by running the following command.
sudo mysql -u root -p
To access the MariaDB command prompt, simply enter the MariaDB root
password when prompted.
Run the following queries to create a MariaDB database and database user for Tiny Tiny RSS.
CREATE DATABASE tiny_db CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'tiny_user'@'localhost' IDENTIFIED BY 'UltraSecurePassword';
GRANT ALL PRIVILEGES ON tiny_db.* TO 'tiny_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
You can replace the database name tiny_db
and username tiny_user
with something more to your liking, if you prefer. Also, make sure that you replace "UltraSecurePassword" with an actually secure password.
Change your current working directory to the default web directory.
cd /var/www/html/
If you get an error message saying something like 'No such file or directory'
then try the following command:
cd /var/www/ ; sudo mkdir html ; cd html
Your current working directory will now be: /var/www/html/
. You can check this with the pwd
(print working directory) command:
pwd
Now use wget
to download the Tiny Tiny RSS installation package.
sudo wget --content-disposition https://git.tt-rss.org/git/tt-rss/archive/17.4.zip
Please note: The above Tiny Tiny RSS package URL was correct at the time of writing, but you should definitely check for the most recent version by visiting the Tiny Tiny RSS download page.
List the current directory to check that you have successfully downloaded the file.
ls -la
Let's quickly install unzip
so we can unzip the file.
sudo dnf -y install unzip
Now uncompress the zip archive.
sudo unzip tt-rss-17.4.zip
Move all of the installation files to the web root directory:
sudo mv -v tt-rss/* tt-rss/.* /var/www/html 2>/dev/null
Change ownership of the web files to avoid any permissions problems.
sudo chown -R apache:apache * ./
Restart Apache once again.
sudo systemctl restart httpd
Now we're ready to move onto the final step.
It's now time to visit the IP address of your server instance in your browser, or if you've already configured your Vultr DNS settings (and given it enough time to propagate) you can simply visit your domain instead.
To access the Tiny Tiny RSS installation page, enter your Vultr instance IP address into your browser address bar, followed by /install/
:
http://YOUR_VULTR_IP_ADDRESS/install/
On the Database Settings
section of the Tiny Tiny RSS Installer
page, enter the following database values:
Database type: MySQL
Username: u1
Password: usecpass1
Database name: db1
Host name: localhost
Port: 3306
The Tiny Tiny RSS URL
field should be filled in with your URL automatically so you can leave it with the default value (which will be your IP address if you haven't set up your DNS yet). If you later decide to set up your Vultr DNS, you will be able to modify this value in the Tiny Tiny RSS configuration settings.
When you have filled in the correct details, simply click Test Configuration
to continue.
If everything went smoothly you will see two messages that say Configuration check succeeded
and Database test succeeded
. Simply click on the Initialize Databse
button to continue.
The installer will generate a configuration file for you using the values you have already entered. Click on Save Configuration
to save the file automatically.
You will see a message that says Successfully saved config.php
.
You can now access the admin section by clicking on the loading tt-rss now
link and entering the default username and password shown below:
Login: admin
Password: password
If you aren't redirected to the admin login page, you can enter the admin address manually:
http://YOUR_VULTR_IP_ADDRESS/
Once you have logged in, the first thing you must do is change the admin password from the default to something more secure, so click on Actions...
in the top right corner of the page and select Preferences...
.
Now click on the Users
tab and then click on the admin
user. A User editor
dialog box will pop up so simply enter you new password into the Change Password
field and click Save
If you haven't yet configured your Vultr DNS settings, you can do so using the Vultr DNS control panel.
It's also advisable to configure your site to use SSL as most modern browsers will give warnings when sites do not have SSL enabled and SSL certificates are now available for free.
In any case, you are now free to start exploring the many configuration settings for Tiny Tiny RSS and you can configure it according to your personal preferences. Make sure you check out the Tiny Tiny RSS wiki for more information about how to configure and optimize your reader.
I hope you enjoyed this tutorial, and I hope you have fun self-hosting your very own personalized RSS feed aggregator with Tiny Tiny RSS Reader!
Using a Different System? TLS 1.3 is a version of the Transport Layer Security (TLS) protocol that was published in 2018 as a proposed standard in RFC 8446
¿Usando un sistema diferente? osTicket es un sistema de tickets de soporte al cliente de código abierto. El código fuente de osTicket está alojado públicamente en Github. En este tutorial
Using a Different System? WonderCMS is an open source, fast and small flat file CMS written in PHP. WonderCMS source code is hosted on Github. This guide wil
¿Usando un sistema diferente? October 1.0 CMS es un sistema de gestión de contenido (CMS) simple y confiable, gratuito y de código abierto creado en el marco de Laravel
Using a Different System? MyBB is a free and open source, intuitive and extensible forum program. MyBB source code is hosted on GitHub. This guide will sho
Using a Different System? Redaxscript 3.2 CMS is a modern and ultra lightweight, free and open source Content Management System (CMS) with rocket-fas
¿Usando un sistema diferente? NGINX se puede utilizar como servidor HTTP / HTTPS, servidor proxy inverso, servidor proxy de correo, equilibrador de carga, terminador TLS o cachin
¿Usando un sistema diferente? ImpressPages CMS 5.0 es un sistema de gestión de contenido (CMS) simple y efectivo, gratuito y de código abierto, fácil de usar y basado en MVC
¿Usando un sistema diferente? Pagekit 1.0 CMS es un sistema de administración de contenido (CMS) hermoso, modular, extensible y liviano, gratuito y de código abierto con
Using a Different System? Gitea is an alternative open source, self-hosted version control system powered by Git. Gitea is written in Golang and is
Using a Different System? Paste 2.1 is a simple and flexible, free and open source pastebin application for storing code, text and more. It was initiall
¿Usando un sistema diferente? ProcessWire CMS 3.0 es un sistema de gestión de contenido (CMS) simple, flexible y potente, gratuito y de código abierto. ProcessWire CMS 3.
Using a Different System? Omeka Classic 2.4 CMS is a free and open source digital publishing platform and Content Management System (CMS) for sharing digita
¿Usando un sistema diferente? MODX Revolution es un sistema de gestión de contenido (CMS) de nivel empresarial rápido, flexible, escalable, gratuito y de código abierto escrito i
¿Usando un sistema diferente? TaskWarrior es una herramienta de gestión de tiempo de código abierto que es una mejora en la aplicación Todo.txt y sus clones. Debido a th
Using a Different System? Lychee 3.1 Photo Album is a simple and flexible, free and open source photo-management tool which runs on a VPS server. It install
Using a Different System? HTMLDoc will dynamically parse Postscript (PDF 1.6) documents from correctly written Hypertext (HTML 3.2). This will allow you t
Using a Different System? Matomo (formerly Piwik) is an open source analytics platform, an open alternative to Google Analytics. Matomo source is hosted o
¿Usando un sistema diferente? Couch CMS es un sistema de gestión de contenido (CMS) simple y flexible, gratuito y de código abierto que permite a los diseñadores web diseñar
Introduction MyCLI is a command line client for MySQL and MariaDB that allows you to auto-complete and helps with the syntax of your SQL commands. MyCL
Los ataques de ransomware van en aumento, pero ¿puede la IA ayudar a lidiar con el último virus informático? ¿Es la IA la respuesta? Lea aquí, sepa que la IA es una bendición o una perdición
ReactOS, un sistema operativo de código abierto y gratuito, está aquí con la última versión. ¿Puede satisfacer las necesidades de los usuarios de Windows de hoy en día y acabar con Microsoft? Averigüemos más sobre este estilo antiguo, pero una experiencia de sistema operativo más nueva.
Whatsapp finalmente lanzó la aplicación de escritorio para usuarios de Mac y Windows. Ahora puede acceder a Whatsapp desde Windows o Mac fácilmente. Disponible para Windows 8+ y Mac OS 10.9+
Lea esto para saber cómo la Inteligencia Artificial se está volviendo popular entre las empresas de pequeña escala y cómo está aumentando las probabilidades de hacerlas crecer y dar ventaja a sus competidores.
Recientemente, Apple lanzó macOS Catalina 10.15.4, una actualización complementaria para solucionar problemas, pero parece que la actualización está causando más problemas que conducen al bloqueo de las máquinas Mac. Lee este artículo para obtener más información
13 Herramientas comerciales de extracción de datos de Big Data
Nuestra computadora almacena todos los datos de una manera organizada conocida como sistema de archivos de diario. Es un método eficiente que permite a la computadora buscar y mostrar archivos tan pronto como presiona buscar.
A medida que la ciencia evoluciona a un ritmo rápido, asumiendo muchos de nuestros esfuerzos, también aumentan los riesgos de someternos a una singularidad inexplicable. Lea, lo que la singularidad podría significar para nosotros.
Una mirada a 26 técnicas analíticas de Big Data: Parte 1
La IA en la salud ha dado grandes pasos desde las últimas décadas. Por tanto, el futuro de la IA en el sector sanitario sigue creciendo día a día.