We recently presented Tiny Tiny RSS to you as a great alternative to Google reader, which is one more way you can extend the functionality of your home server or your hosting space. Hopefully, you already exported your data from Google Reader. In this post, we will show you how to secure TT-RSS reader to prevent unauthorized access. Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible. As we previously explained, it makes an ideal candidate to replace Google Reader. While there are services like Feedly and Newsblur grabbing the crowd Google Reader, which some of you may prefer, there are a group of people who would like to run a RSS reader on their own server and keep things private. Assuming that you have already installed Tiny Tiny RSS on your alternative to Google reader or hosting space, we will now show you how to secure TT-RSS reader.
Table of Contents
Secure TT-RSS Reader
One of the main reasons to move to an RSS aggregator like TT-RSS is maintaining your privacy. So if you do not secure TT-RSS reader well you are not only making your data available public but also making your system vulnerable to potential attacks. Choosing a strong username and password while setting your TT-RSS is the first basic thing that you can do to secure TT-RSS reader. Listed below are few more ways you can increase TT-RSS reader's security.
1. Rename TT-RSS Folder
One of the first lines of defense is to not use
tt-rss in your URL to access your TT-RSS reader. To do this on your hosting account, use a folder name other than
tt-rss while installing TT-RSS. On your Linux home server, edit
/etc/tt-rss/apache.conf and change the first
/tt-rss to something else. An example is shown below.
After making the change, restart your TT-RSS and Apache to apply the changes:
sudo service tt-rss restart sudo serivce apache2 reload
Your TT-RSS reader is now available through the new URL (example: http://mydomain.com/myreader) only.
2. Enable SSL
Accessing TT-RSS through
http sends all information as unencrypted data. This could mean less privacy due to potential sniffing. The solution is to encrypt the data during transfer, which makes sniffing by hackers harder. To enable and enforce HTTPS access on Linux servers with Apache, install the following run-time libraries:
sudo apt-get install libssl0.9.8 libpam0g openssl
Restart your Apache server as shown above. You should now be able to access your TT-RSS reader with
HTTPS. Note that you may have to have a SSL certificate generated. Refer to Apache documentation if you want to generate your own certificate. By default, the system will install self-signed certificates for you. These certificates are likely to raise warnings when you point your browser to the site.
3. Disable Single User Mode
By default the single user mode is already disabled (in
/etc/tt-rss/config.php). Enabling single user mode will also disable TT-RSS login system. Therefore, keep the single user mode disabled.
A better way to make it a single user system is by limiting the number of registrations to 1 as described below. For whatever reason, you still want to enable single user mode, make sure you implement Apache Authentication method described below.
4. Self Registrations
Self registrations allow a visitor to register themselves, which could reduce TT-RSS security. If your TT-RSS will be for personal use only, then you may want to disable user registration by setting "ENABLE_REGISTRATION" to "false".
To further secure TT-RSS Reader, uou may also want to change "REG_MAX_USERS" to "1" to make your account the only account on TT-RSS.
ASUS (RT-AC68U) Wireless-AC1900 Dual-Band Gigabit Router
Find out why it is rated the best wireless router in its class.
5. Apache Authentication
Last but not the least, enable Authentication. This is even more important if you have enabled "Single User Mode" describe above. Every time you access TT-RSS, you will be asked for a username and password as shown in the picture below:
On your hosting account this equivalent to password protecting a directory, in this case the TT-RSS directory. To do this on your Ubuntu server, you will have to create a
.htpasswd file. More information is available in Apache documentation. But the easiest way to achieve this is to use one of the htpasswd generators available online.
After you enter the username and password two code blocks will be generated. Copy the contents of the
.htpasswd code block and save it to
/etc/apache2/.htpasswd_ttrss. Next, copy the contents of the
.htaccess code block and add it to
/etc/tt-rss/apache.conf as shown below:
Save and exit. Restart both TT-RSS and Apache previous shown above. You should be prompted for a password every time you try to access TT-RSS. Some may think that this double authentication method is an extra inconvenience. But I would rather be safe than sorry.
Go ahead, secure Tiny Tiny RSS Reader and enjoy reading articles on your private secure RSS Reader.