|
@@ -0,0 +1,240 @@
|
|
1
|
+---
|
|
2
|
+title: "Isso Comments"
|
|
3
|
+layout: post
|
|
4
|
+---
|
|
5
|
+
|
|
6
|
+I've been meaning to add a commenting system to this blog for a while, but I
|
|
7
|
+couldn't think of a good way to do it. I implemented my own commenting system on
|
|
8
|
+my [old Django personal site](https://github.com/thallada/personalsite). While I
|
|
9
|
+enjoyed working on it at the time, it was a lot of work, especially to fight the
|
|
10
|
+spam. Now that my blog is hosted statically on Github's servers, I have no way
|
|
11
|
+to host something dynamic like comments.
|
|
12
|
+
|
|
13
|
+[Disqus](http://disqus.com/) seems to be the popular solution to this problem
|
|
14
|
+for other people that host static blogs. The way it works is that you serve a
|
|
15
|
+javascript client script on the static site you own. The script will make AJAX
|
|
16
|
+requests to a separate server that Disqus owns to retrieve comments and post new
|
|
17
|
+ones.
|
|
18
|
+
|
|
19
|
+The price you pay for using Disqus, however, is that [they get to sell all of
|
|
20
|
+the data that you and your commenters give
|
|
21
|
+them](https://replyable.com/2017/03/disqus-is-your-data-worth-trading-for-convenience/).
|
|
22
|
+That reason, plus the fact that I wanted something more DIY, meant this blog has
|
|
23
|
+gone without comments for a few years.
|
|
24
|
+
|
|
25
|
+Then I discovered [Isso](https://github.com/posativ/isso). Isso calls itself a
|
|
26
|
+lightweight alternative to [Disqus](http://disqus.com/). Isso allows you to
|
|
27
|
+install the server code on your own server so that the comment data never goes
|
|
28
|
+to a third party. Also, it does not require logging into some social media
|
|
29
|
+account just to comment. Today, I installed it on my personal AWS EC2 instance
|
|
30
|
+and added the Isso javascript client script on this blog. So far, my experience
|
|
31
|
+with it has been great and it performs exactly the way I expect.
|
|
32
|
+
|
|
33
|
+I hit a few snags while installing it, however.
|
|
34
|
+
|
|
35
|
+## Debian Package
|
|
36
|
+
|
|
37
|
+There is a very handy [Debian package](https://github.com/jgraichen/debian-isso)
|
|
38
|
+that someone has made for Isso. Since my server runs Ubuntu 16.04, and Ubuntu is
|
|
39
|
+based off of Debian, this is a package I can install with my normal ubuntu
|
|
40
|
+package manager utilities. There is no PPA to install since the package is in
|
|
41
|
+the [main Ubuntu package archive](https://packages.ubuntu.com/xenial/isso). Just
|
|
42
|
+run `sudo apt-get install isso`.
|
|
43
|
+
|
|
44
|
+I got a bit confused after that point, though. There seems to be no
|
|
45
|
+documentation I could find about how to actually configure and start the server
|
|
46
|
+once you have installed it. This is what I did:
|
|
47
|
+
|
|
48
|
+```bash
|
|
49
|
+sudo cp /etc/default/isso /etc/isso.d/available/isso.cfg
|
|
50
|
+sudo ln -s /etc/isso.d/available/isso.cfg /etc/isso.d/enabled/isso.cfg
|
|
51
|
+```
|
|
52
|
+
|
|
53
|
+Then you can edit `/etc/isso.d/available/isso.cfg` with your editor of choice to
|
|
54
|
+[configure the Isso server for your
|
|
55
|
+needs](https://posativ.org/isso/docs/configuration/server/). Make sure to set
|
|
56
|
+the `host` variable to the URL for your static site.
|
|
57
|
+
|
|
58
|
+Once you're done, you can run `sudo service isso restart` to reload the server
|
|
59
|
+with the new configuration. `sudo service isso status` should report `Active
|
|
60
|
+(running)`.
|
|
61
|
+
|
|
62
|
+Right now, there should be a [gunicorn](http://gunicorn.org/) process running
|
|
63
|
+the isso server. You can check that with `top` or running `ps aux | grep
|
|
64
|
+gunicorn`, which should return something about "isso".
|
|
65
|
+
|
|
66
|
+## Nginx Reverse Proxy
|
|
67
|
+
|
|
68
|
+In order to map the URL "comments.hallada.net" to this new gunicorn server, I
|
|
69
|
+need an [nginx reverse
|
|
70
|
+proxy](https://www.nginx.com/resources/admin-guide/reverse-proxy/).
|
|
71
|
+
|
|
72
|
+To do that, I made a new server block: `sudo vim
|
|
73
|
+/etc/nginx/sites-available/isso` which I added:
|
|
74
|
+
|
|
75
|
+```nginx
|
|
76
|
+server {
|
|
77
|
+ listen 80;
|
|
78
|
+ listen [::]:80;
|
|
79
|
+ server_name comments.hallada.net;
|
|
80
|
+
|
|
81
|
+ location / {
|
|
82
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
83
|
+ proxy_set_header X-Script-Name /isso;
|
|
84
|
+ proxy_set_header Host $host;
|
|
85
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
86
|
+ proxy_pass http://localhost:8000;
|
|
87
|
+ }
|
|
88
|
+}
|
|
89
|
+```
|
|
90
|
+
|
|
91
|
+Then I enabled this new server block with:
|
|
92
|
+
|
|
93
|
+```bash
|
|
94
|
+sudo ln -s /etc/nginx/sites-available/isso /etc/nginx/sites-enabled/isso
|
|
95
|
+sudo systemctl restart nginx
|
|
96
|
+```
|
|
97
|
+
|
|
98
|
+## DNS Configuration
|
|
99
|
+
|
|
100
|
+I added a new A record for "comments.hallada.net" that pointed to my server's IP
|
|
101
|
+address to the DNS configuration for my domain (which I recently switched to
|
|
102
|
+[Amazon Route 53](https://aws.amazon.com/route53/)).
|
|
103
|
+
|
|
104
|
+After the DNS caches had time to refresh, visiting `http://comments.hallada.net`
|
|
105
|
+would hit the new `isso` nginx server block, which would then pass the request
|
|
106
|
+on to the gunicorn process.
|
|
107
|
+
|
|
108
|
+You can verify if nginx is getting the request by looking at
|
|
109
|
+`/var/log/nginx/access.log`.
|
|
110
|
+
|
|
111
|
+## Adding the Isso Script to my Jekyll Site
|
|
112
|
+
|
|
113
|
+I created a file called `_includes/comments.html` with the contents that [the
|
|
114
|
+Isso documentation](https://posativ.org/isso/docs/quickstart/#integration)
|
|
115
|
+provides. Then, in my post template, I simply included that on the page where I
|
|
116
|
+wanted the comments to go:
|
|
117
|
+
|
|
118
|
+```html
|
|
119
|
+{% include comments.html %}
|
|
120
|
+```
|
|
121
|
+
|
|
122
|
+Another thing that was not immediately obvious to me is that the value of the
|
|
123
|
+`name` variable in the Isso server configuration is the URL path that you will
|
|
124
|
+need to point the Isso JavaScript client to. For example, I chose `name = blog`,
|
|
125
|
+so the `data-isso` attribute on the script tag needed to be
|
|
126
|
+`http://comments.hallada.net/blog/`.
|
|
127
|
+
|
|
128
|
+## The Uncaught ReferenceError
|
|
129
|
+
|
|
130
|
+There's [an issue](https://github.com/posativ/isso/issues/318) with that Debian
|
|
131
|
+package that causes a JavaScript error in the console when trying to load the
|
|
132
|
+Isso script in the browser. I solved this by uploading the latest version of the
|
|
133
|
+Isso `embeded.min.js` file to my server, which I put at
|
|
134
|
+`/var/www/html/isso/embeded.min.js`. Then I modified the nginx server block to
|
|
135
|
+serve that file when the path matches `/isso`:
|
|
136
|
+
|
|
137
|
+```nginx
|
|
138
|
+server {
|
|
139
|
+ listen 80;
|
|
140
|
+ listen [::]:80;
|
|
141
|
+ server_name comments.hallada.net;
|
|
142
|
+ root /var/www/html;
|
|
143
|
+
|
|
144
|
+ location / {
|
|
145
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
146
|
+ proxy_set_header X-Script-Name /isso;
|
|
147
|
+ proxy_set_header Host $host;
|
|
148
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
149
|
+ proxy_pass http://localhost:8000;
|
|
150
|
+ }
|
|
151
|
+
|
|
152
|
+ location /isso {
|
|
153
|
+ try_files $uri $uri/ $uri.php?$args =404;
|
|
154
|
+ }
|
|
155
|
+}
|
|
156
|
+```
|
|
157
|
+
|
|
158
|
+Now requesting `http://comments.hallada.net/isso/embeded.min.js` would return
|
|
159
|
+the newer script without the bug.
|
|
160
|
+
|
|
161
|
+## Sending Emails Through Amazon Simple Email Service
|
|
162
|
+
|
|
163
|
+I already set up [Amazon's SES](https://aws.amazon.com/ses/) in my [last
|
|
164
|
+blog
|
|
165
|
+post](http://www.hallada.net/2017/08/30/making-mailing-list-jekyll-blog-using-sendy.html).
|
|
166
|
+To get Isso to use SES to send notifications about new comments, create a new
|
|
167
|
+credential in the SES UI, and then set the `user` and `password` fields in the
|
|
168
|
+`isso.cfg` to what get's generated for the IAM user. The SES page also has
|
|
169
|
+information for what `host` and `port` to use. I used `security = starttls` and
|
|
170
|
+`port = 587`. Make sure whatever email you use for `from` is a verified email in
|
|
171
|
+SES. Also, don't forget to add your email as the `to` value.
|
|
172
|
+
|
|
173
|
+## Enabling HTTPS with Let's Encrypt
|
|
174
|
+
|
|
175
|
+[Let's Encrypt](https://letsencrypt.org/) allows you to get SSL certificates for
|
|
176
|
+free! I had already installed the certbot/letsencrypt client before, so I just
|
|
177
|
+ran this to generate a new certificate for my new sub-domain
|
|
178
|
+"comments.hallada.net":
|
|
179
|
+
|
|
180
|
+```bash
|
|
181
|
+sudo letsencrypt certonly --nginx -d comments.hallada.net
|
|
182
|
+```
|
|
183
|
+
|
|
184
|
+Once that successfully completed, I added a new nginx server block for the https
|
|
185
|
+version at `/etc/nginx/sites-available/isso-https`:
|
|
186
|
+
|
|
187
|
+```nginx
|
|
188
|
+server {
|
|
189
|
+ listen 443 ssl http2;
|
|
190
|
+ listen [::]:443 ssl http2;
|
|
191
|
+ server_name comments.hallada.net;
|
|
192
|
+ root /var/www/html;
|
|
193
|
+
|
|
194
|
+ ssl_certificate /etc/letsencrypt/live/comments.hallada.net/fullchain.pem;
|
|
195
|
+ ssl_certificate_key /etc/letsencrypt/live/comments.hallada.net/privkey.pem;
|
|
196
|
+ ssl_trusted_certificate /etc/letsencrypt/live/comments.hallada.net/fullchain.pem;
|
|
197
|
+
|
|
198
|
+ location / {
|
|
199
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
200
|
+ proxy_set_header X-Script-Name /isso;
|
|
201
|
+ proxy_set_header Host $host;
|
|
202
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
203
|
+ proxy_pass http://localhost:8000;
|
|
204
|
+ }
|
|
205
|
+
|
|
206
|
+ location /isso {
|
|
207
|
+ try_files $uri $uri/ $uri.php?$args =404;
|
|
208
|
+ }
|
|
209
|
+}
|
|
210
|
+```
|
|
211
|
+
|
|
212
|
+And, I changed the old http server block so that it just permanently redirects
|
|
213
|
+to the https version:
|
|
214
|
+
|
|
215
|
+```nginx
|
|
216
|
+server {
|
|
217
|
+ listen 80;
|
|
218
|
+ listen [::]:80;
|
|
219
|
+ server_name comments.hallada.net;
|
|
220
|
+ root /var/www/html;
|
|
221
|
+
|
|
222
|
+ location / {
|
|
223
|
+ return 301 https://comments.hallada.net$request_uri;
|
|
224
|
+ }
|
|
225
|
+}
|
|
226
|
+```
|
|
227
|
+
|
|
228
|
+Then I enabled the https version:
|
|
229
|
+
|
|
230
|
+```bash
|
|
231
|
+sudo ln -s /etc/nginx/sites-available/isso-https /etc/nginx/sites-enabled/isso-https
|
|
232
|
+sudo systemctl restart nginx
|
|
233
|
+```
|
|
234
|
+
|
|
235
|
+I checked that I didn't get any errors visiting `https://comments.hallada.net/`,
|
|
236
|
+and then changed my Jekyll include snippet so that it pointed at the `https`
|
|
237
|
+site instead of `http`.
|
|
238
|
+
|
|
239
|
+Now you can securely leave a comment if you want to yell at me for writing the
|
|
240
|
+wrong thing!
|