# Install default Docker Compose and automatically the corresponding version of Docker
apt install docker-compose
```
## Quick run
## Create an isolated network
Example running FreshRSS (or scroll down to the [Docker Compose](#docker-compose) section instead):
```sh
docker network create freshrss-network
```
## Recommended: use [Træfik](https://traefik.io/) reverse proxy
It is a good idea to use a reverse proxy on your host server, providing HTTPS.
Here is the recommended configuration using automatic [Let’s Encrypt](https://letsencrypt.org/) HTTPS certificates and with a redirection from HTTP to HTTPS. See further below for alternatives.
```sh
docker volume create traefik-letsencrypt
docker volume create traefik-tmp
# Just change your e-mail address in the command below:
docker run -d --restart unless-stopped --log-opt max-size=10m \
See [more information about Docker and Let’s Encrypt in Træfik](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/).
## Run FreshRSS
Example using the built-in refresh cron job (see further below for alternatives).
You must first chose a domain (DNS) or sub-domain, e.g. `freshrss.example.net`.
> **N.B.:** Default images are for x64 (Intel, AMD) platforms. For ARM (e.g. Raspberry Pi), use the `*-arm` tags. For other platforms, see the section *Build Docker image* further below.
```sh
docker volume create freshrss-data
docker volume create freshrss-extensions
# Remember to replace freshrss.example.net by your server address in the command below:
docker run -d --restart unless-stopped --log-opt max-size=10m \
* You may remove the `--label traefik.*` lines if you do not use Træfik.
* Add `-p 8080:80 \` if you want to expose FreshRSS locally, e.g. on port `8080`.
* Replace `freshrss/freshrss` by a more specific tag (see below) such as `freshrss/freshrss:edge` for the development version, or `freshrss/freshrss:arm` for a Raspberry Pi version.
This already works with a built-in **SQLite** database (easiest), but more powerful databases are supported:
### [MySQL](https://hub.docker.com/_/mysql/) or [MariaDB](https://hub.docker.com/_/mariadb)
```sh
# If you already have a MySQL or MariaDB instance running, just attach it to the FreshRSS network:
docker network connect freshrss-network mysql
# Otherwise, start a new MySQL instance, remembering to change the passwords:
docker volume create mysql-data
docker run -d --restart unless-stopped --log-opt max-size=10m \
> ℹ️ You have to replace `--user www-data` by `--user apache` when using our images based on Linux Alpine.
## Our Docker image variants
The [tags](https://hub.docker.com/r/freshrss/freshrss/tags) correspond to FreshRSS branches and versions:
* `:latest` (default) is the [latest stable release](https://github.com/FreshRSS/FreshRSS/releases/latest)
* `:edge` is the rolling release, same than our [git `edge` branch](https://github.com/FreshRSS/FreshRSS/tree/edge)
* `:x.y.z` are [specific FreshRSS releases](https://github.com/FreshRSS/FreshRSS/releases)
* `:arm` or `:*-arm` are the ARM `arm32v7` versions (e.g., for Raspberry Pi).
* For other platforms, see the [custom build section](#build-custom-docker-image)
### Linux: Debian vs. Alpine
Our default image is based on [Debian](https://www.debian.org/). We offer an alternative based on [Alpine](https://alpinelinux.org/) (with the `:alpine` or `*-alpine` tag suffix).
In [our tests](https://github.com/FreshRSS/FreshRSS/pull/2205) (2019), Alpine was slower,
while Alpine is smaller on disk (and much faster to build),
and with newer packages in general (Apache, PHP).
> ℹ️ For some rare systems, one variant might work but not the other, for instance due to kernel incompatibilities.
## Environment variables
* `TZ`: (default is `UTC`) A [server timezone](http://php.net/timezones) (default is `UTC`)
* `CRON_MIN`: (default is disabled) Define minutes for the built-in cron job to automatically refresh feeds (see below for more advanced options)
* `FRESHRSS_ENV`: (default is `production`) Enables additional development information if set to `development` (increases the level of logging and ensures that errors are displayed) (see below for more development options)
* `COPY_LOG_TO_SYSLOG`: (default is `On`) Copy all the logs to syslog
* `COPY_SYSLOG_TO_STDERR`: (default is `On`) Copy syslog to Standard Error so that it is visible in docker logs
* `LISTEN`: (default is `0.0.0.0:80`) Modifies the internal Apache listening port, e.g. `0.0.0.0:8080` (for advanced users; useful for [Docker host networking](https://docs.docker.com/network/host/))
* `FRESHRSS_INSTALL`: automatically pass arguments to command line `cli/do-install.php` (for advanced users; see example in Docker Compose section). Only executed at the very first run (so far), so if you make any change, you need to delete your `freshrss` service, `freshrss_data` volume, before running again.
* `FRESHRSS_USER`: automatically pass arguments to command line `cli/create-user.php` (for advanced users; see example in Docker Compose section). Only executed at the very first run (so far), so if you make any change, you need to delete your `freshrss` service, `freshrss_data` volume, before running again.
## How to update
```sh
# Rebuild an image (see build section above) or get a new online version:
# Rebuild an image (see build section below) or get a new online version:
docker pull freshrss/freshrss
# And then
docker stop freshrss
@ -140,139 +103,18 @@ docker run ... --name freshrss freshrss/freshrss
The tags correspond to FreshRSS branches and versions:
* `:latest` (default) is the latest stable release
* `:edge` is the rolling release
* `:x.y.z` are specific FreshRSS releases
* `:arm` or `:*-arm` are the ARM versions (e.g. for Raspberry Pi)
### Linux: Debian vs. Alpine
Our default image is based on [Debian](https://www.debian.org/). We offer an alternative based on [Alpine](https://alpinelinux.org/) (with the `*-alpine` tag suffix).
In [our tests](https://github.com/FreshRSS/FreshRSS/pull/2205), Alpine is slower,
while Alpine is [smaller on disk](https://hub.docker.com/r/freshrss/freshrss/tags) (and much faster to build).
## Optional: Build Docker image of FreshRSS
Building your own Docker image is optional because online images can be fetched automatically.
Note that prebuilt images are less recent and only available for x64 (Intel, AMD) platforms.
Building your own Docker image is especially relevant for platforms not available on our Docker Hub,
which is currently limited to `x64` (Intel, AMD) and `arm32v7`.
> ℹ️ The parameter `--default-authentication-plugin` is not needed if using PHP 8+ (which is the case for our Alpine images but not yet for our Debian images).
In the FreshRSS setup, you will then specify the name of the container (`freshrss-db`) as the host for the database.
## More deployment options
### Custom Apache configuration (advanced users)
Changes in Apache `.htaccess` files are applied when restarting the container.
The FreshRSS Docker image uses the [Web server Apache](https://httpd.apache.org/) internally.
Changes in [Apache `.htaccess` files](https://httpd.apache.org/docs/trunk/howto/htaccess.html) are applied when restarting the container.
In particular, if you want FreshRSS to use HTTP-based login (instead of the easier Web form login), you can mount your own `./FreshRSS/p/i/.htaccess`:
```sh
@ -316,35 +228,198 @@ AuthType Basic
Require valid-user
```
### Example with [docker-compose](https://docs.docker.com/compose/)
### Modify the configuration of a running FreshRSS instance
A [docker-compose.yml](docker-compose.yml) file is given as an example, using PostgreSQL. In order to use it, you have to adapt:
* In the `postgresql` service:
* `container_name` directive. Whatever you set this to will be the value you put in the "Host" field during the "Database Configuration" step of installation;
* the `volumes` section. Be careful to keep the path `/var/lib/postgresql/data` for the container. If the path is wrong, you will not get any error but your db will be gone at the next run;
* the `POSTGRES_PASSWORD` in the `.env` file;
* the `POSTGRES_DB` in the `.env` file;
* the `POSTGRES_USER` in the `.env` file;
* In the `freshrss` service:
* the `volumes` section;
* options under the `labels` section are specific to [Træfik](https://traefik.io/), a reverse proxy. If you are not using it, feel free to delete this section. If you are using it, adapt accordingly to your config, especially the `traefik.frontend.rule` option.
* the `environment` section to adapt the strategy to update feeds.
* the `EXPOSED_PORT` variable in the `.env` file;
If you don’t want to use the `.env` file you can also directly edit the `docker-compose.yml` file. It’s highly recommended to change the password. If you don’t change it, it will use the default option.
You can then launch the stack (FreshRSS + PostgreSQL) with:
Some FreshRSS configuration parameters are stored in [`./FreshRSS/data/config.php`](../config.default.php)
Use the local (git) FreshRSS source code instead of the one inside the Docker container,
to avoid having to rebuild/restart at each change in the source code.
See [`docker-compose-development.yml`](./freshrss/docker-compose-development.yml)
```sh
cd ./FreshRSS/Docker/freshrss/
# Update
git pull --ff-only --prune
docker-compose pull
# Run
docker-compose -f docker-compose-development.yml -f docker-compose.yml -f docker-compose-local.yml up --remove-orphans
# Stop with [Control]+[C] and purge
docker-compose down --remove-orphans --volumes
```
> ℹ️ You can combine it with `-f docker-compose-db.yml` to spin a PostgreSQL database.
## Run in production
For production, it is a good idea to use a reverse proxy on your host server, providing HTTPS.
A dedicated solution such as [Træfik](https://traefik.io/traefik/) is recommended
(or see [alternative options below](#alternative-reverse-proxy-configurations)).
You must first chose a domain (DNS) or sub-domain, e.g. `freshrss.example.net`, and set it in your `.env` file:
```ini
SERVER_DNS=freshrss.example.net
```
### Use [Træfik](https://traefik.io/traefik/) reverse proxy
Here is the recommended configuration using automatic [Let’s Encrypt](https://letsencrypt.org/) HTTPS certificates and with a redirection from HTTP to HTTPS.
See [`docker-compose-proxy.yml`](./freshrss/docker-compose-proxy.yml)
docker-compose -f docker-compose.yml -f docker-compose-proxy.yml down --remove-orphans
```
> ℹ️ You can combine it with `-f docker-compose-db.yml` to spin a PostgreSQL database.
See [more information about Docker and Let’s Encrypt in Træfik](https://doc.traefik.io/traefik/https/acme/).
## Alternative reverse proxy configurations
### Alternative reverse proxy using Apache
Here is an example of a configuration file for running FreshRSS behind an [Apache 2.4 reverse proxy](https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html) (as a subdirectory).
You need a working SSL configuration and the Apache modules `proxy`, `proxy_http` and `headers` installed (depends on your distribution) and enabled (`a2enmod proxy proxy_http headers`).
```apache
ProxyPreserveHost On
<Location/freshrss/>
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Prefix "/freshrss"
RequestHeader set X-Forwarded-Proto "https"
Require all granted
Options none
</Location>
```
### Alternative reverse proxy using nginx
#### Hosted in a subdirectory
Here is an example of configuration to run FreshRSS behind an Nginx reverse proxy (as subdirectory).
Here is an example of configuration to run FreshRSS behind an [nginx reverse proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) (as subdirectory).
```nginx
upstream freshrss {
@ -437,20 +512,77 @@ server {
}
```
### Alternative reverse proxy using [Apache 2.4](https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html)
## Cron job to automatically refresh feeds
Here is an example of a configuration file for running FreshRSS behind an Apache reverse proxy (as a subdirectory).
You need a working SSL configuration and the Apache modules `proxy`, `proxy_http` and `headers` installed (depends on your distribution) and enabled (```a2enmod proxy proxy_http headers```).
We recommend a refresh rate of about twice per hour (see *WebSub* / *PubSubHubbub* for real-time updates).
There are no less than 3 options. Pick a single one.
```apache
ProxyPreserveHost On
### Option 1) Cron inside the FreshRSS Docker image
<Location/freshrss/>
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Prefix "/freshrss"
RequestHeader set X-Forwarded-Proto "https"
Require all granted
Options none
</Location>
Easiest, built-in solution, also used already in the examples above
(but your Docker instance will have a second process in the background, without monitoring).
Just pass the environment variable `CRON_MIN` to your `docker run` command,
containing a valid cron minute definition such as `'13,43'` (recommended) or `'*/20'`.
Not passing the `CRON_MIN` environment variable – or setting it to empty string – will disable the cron daemon.
```sh
docker run ... \
-e 'CRON_MIN=13,43' \
--name freshrss freshrss/freshrss
```
### Option 2) Cron on the host machine
Traditional solution.
Set a cron job up on your host machine, calling the `actualize_script.php` inside the FreshRSS Docker instance.
Remember not pass the `CRON_MIN` environment variable to your Docker run, to avoid running the built-in cron daemon of option 1.
Example on Debian / Ubuntu: Create `/etc/cron.d/FreshRSS` with: