Einleitung

Read it later Dienste können ganz praktisch sein, um interessante Artikel, die man im Netz findet (und für die man gerade keine Zeit hat, sie zu lesen), zu archivieren und bei Gelegenheit und Zeiten zu lesen. Bekanntester Dienst hierfür ist z.B. Pocket. Das Open Source Pendant dazu heißt Wallabag. Anbei eine schnelle Anleitung, wie man den Dienst auf seinem eignen Server mit Docker zum Laufen bringt.

Docker

docker-compose.yml

version: '3'
services:
  wallabag:
    image: wallabag/wallabag
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
      - SYMFONY__ENV__DATABASE_HOST=db
      - SYMFONY__ENV__DATABASE_PORT=3306
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=wallabag
      - SYMFONY__ENV__DATABASE_PASSWORD=wallapass
      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
      #- SYMFONY__ENV__MAILER_HOST=smtp.host.com
      - SYMFONY__ENV__MAILER_HOST=smtp
      #- SYMFONY__ENV__MAILER_USER=email@from.com
      #- SYMFONY__ENV__MAILER_PASSWORD=password
      - SYMFONY__ENV__FROM_EMAIL=email@from.com
      - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.domain.com
      - SYMFONY__ENV__FOSUSER_REGISTRATION=true
    ports:
      - "127:0.0.1:8500:80"
    volumes:
      - ./images:/var/www/wallabag/web/assets/images

  smtp:
    image: namshi/smtp
    restart: unless-stopped

  db:
    image: mariadb
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
    command: ["--character-set-server=utf8mb4",  "--collation-server=utf8mb4_unicode_ci"]
    volumes:
      - ./db:/var/lib/mysql
  redis:
    image: redis:alpine
    restart: unless-stopped

Im gleichen Verzeichnis dann sudo docker-compsoe up -d

Warte ca. 5 Minuten, bis im sudo docker-compsoe logs folgendes auftaucht: wallabag_1 | Provisioner finished. Dann folgt jetzt die abschließende Konfiguration (soll in den neueren Wallabag-Versionen nicht mehr manuell nötig sein): sudo docker exec -t your-wallabag-container /var/www/wallabag/bin/console wallabag:install --env=prod --no-interaction, danach sudo docker-compose restart und dann heißt es wieder warten bis wallabag_1 | Provisioner finished. in den Container Logs auftaucht.

Reverse proxy (nginx)

Reverse proxy konfigurieren: sudo nano /etc/nginx/sites-enabled/wallabag.domain.com.conf

upstream wallabag {
    server 127.0.0.1:8500;
    keepalive 512;
}

server {
   listen 80;
   listen [::]:80;
   server_name wallabag.domain.com www.wallabag.domain.com;
   return 301 https://wallabag.domain.com$request_uri;
}

server {
   listen 127.0.0.1:443 ssl;
   listen [::1]:443 ssl; #HTTPS IPv6 support
   server_name wallabag.domain.com www.wallabag.domain.com;
   server_tokens off;

   # Add headers to serve security related headers
   # Before enabling Strict-Transport-Security headers please read into this
   # topic first.
   add_header Strict-Transport-Security "max-age=15768000;
   # includeSubDomains; preload;";
   #
   # WARNING: Only add the preload option once you read about
   # the consequences in https://hstspreload.org/. This option
   # will add the domain to a hardcoded list that is shipped
   # in all major browsers and getting removed from this list
   # could take several months.
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Robots-Tag none;
   add_header X-Download-Options noopen;
   add_header X-Permitted-Cross-Domain-Policies none;

   #charset utf-8;

   ssl_certificate /ssl-directory/fullchain.pem;
   ssl_certificate_key /ssl-directory/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers   on;
   # used cloudflares ciphers https://github.com/cloudflare/sslconfig/blob/master/conf
   ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
   ssl_dhparam /etc/ssl/certs/dhparam.pem;

   #Logging accesses and errors - change to PATH according your needs
   access_log /access-log-directory/access.wallabag.log;
   error_log /error-log-directory/error.wallabag.log;

   client_max_body_size 16G; # set max upload size depending on your desires
   fastcgi_buffers 64 4K;

   location / {
   #     auth_basic "Root Login";
   #     auth_basic_user_file /if-you-want-a-plus-password-prompt/htpasswd;
        include /etc/nginx/conf.d/proxy.conf;
        proxy_pass http://wallabag;
   }

   location /nginx_status {
        stub_status on;    # activate stub_status module
        access_log off;
        allow 127.0.0.1;   # restrict access to local only
        deny all;
    }

}

sudo nano /etc/nginx/conf.d/proxy.conf

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

Quellen

• Wallabag docker (Stand: 21.06.2020)
• github issue (Stand: 21.06.2020)