2013-10-27 11:44:59 +00:00
|
|
|
Isso Configuration
|
|
|
|
==================
|
|
|
|
|
|
|
|
The Isso configuration file is an `INI-style`__ textfile. Below is an example for
|
|
|
|
a basic Isso configuration. Each section has its own documentation.
|
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[general]
|
|
|
|
dbpath = /var/lib/isso/comments.db
|
|
|
|
host = https://example.tld/
|
|
|
|
[server]
|
|
|
|
port = 1234
|
|
|
|
|
|
|
|
You can point Isso to your configuration file either witg a command-line parameter
|
|
|
|
or using an environment variable:
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
|
|
|
~> isso -c path/to/isso.cfg
|
|
|
|
~> env ISSO_SETTINGS=path/to/isso.cfg isso
|
|
|
|
|
|
|
|
__ https://en.wikipedia.org/wiki/INI_file
|
|
|
|
|
|
|
|
|
|
|
|
General
|
|
|
|
-------
|
|
|
|
|
|
|
|
In this section, you configure most comment-related options such as database path,
|
|
|
|
session key and hostname. Here are the default values for this section:
|
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[general]
|
|
|
|
dbpath = /tmp/isso.db
|
|
|
|
host = http://localhost:8080/
|
|
|
|
max-age = 15m
|
|
|
|
session-key = ... # python: binascii.b2a_hex(os.urandom(24))
|
2013-11-09 14:18:21 +00:00
|
|
|
notify =
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
dbpath
|
|
|
|
file location to the SQLite3 database, highly recommended to change this
|
|
|
|
location to a non-temporary location!
|
|
|
|
|
|
|
|
host
|
|
|
|
URL to your website. When you start Isso, it will probe your website with
|
|
|
|
a simple ``GET /`` request to see if it can reach the webserver. If this
|
|
|
|
fails, Isso may not be able check if a web page exists, thus fails to
|
|
|
|
accept new comments.
|
|
|
|
|
2013-10-29 11:22:13 +00:00
|
|
|
You can supply more than one host:
|
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[general]
|
|
|
|
host =
|
|
|
|
http://localhost/
|
|
|
|
https://localhost/
|
|
|
|
|
|
|
|
This is useful, when your website is available on HTTP and HTTPS.
|
|
|
|
|
2013-10-27 11:44:59 +00:00
|
|
|
session-key
|
|
|
|
private session key to validate client cookies. If you restart the
|
|
|
|
application several times per hour for whatever reason, use a fixed
|
|
|
|
key.
|
|
|
|
|
|
|
|
max-age
|
|
|
|
time range that allows users to edit/remove their own comments. See
|
|
|
|
:ref:`Appendum: Timedelta <appendum-timedelta>` for valid values.
|
|
|
|
|
2013-11-09 14:18:21 +00:00
|
|
|
notify
|
|
|
|
Select notification backend for new comments. Currently, only SMTP
|
|
|
|
is available.
|
|
|
|
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
Moderation
|
|
|
|
----------
|
|
|
|
|
|
|
|
Enable moderation queue and handling of comments still in moderation queue
|
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[moderation]
|
|
|
|
enabled = false
|
|
|
|
purge-after = 30d
|
|
|
|
|
|
|
|
enabled
|
|
|
|
enable comment moderation queue. This option only affects new comments.
|
|
|
|
Comments in modertion queue are not visible to other users until you
|
|
|
|
activate them.
|
|
|
|
|
|
|
|
purge-after
|
|
|
|
remove unprocessed comments in moderation queue after given time.
|
|
|
|
|
|
|
|
|
|
|
|
Server
|
|
|
|
------
|
|
|
|
|
2013-11-06 15:48:43 +00:00
|
|
|
HTTP server configuration.
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[server]
|
2013-11-06 15:48:43 +00:00
|
|
|
listen = http://localhost:8080
|
2013-10-27 11:44:59 +00:00
|
|
|
reload = off
|
2013-11-03 11:32:38 +00:00
|
|
|
profile = off
|
2013-10-27 11:44:59 +00:00
|
|
|
|
2013-11-06 15:48:43 +00:00
|
|
|
listen
|
|
|
|
interface to listen on. Isso supports TCP/IP and unix domain sockets:
|
|
|
|
|
2013-11-08 09:05:12 +00:00
|
|
|
.. code-block:: ini
|
2013-11-06 15:48:43 +00:00
|
|
|
|
|
|
|
; UNIX domain socket
|
|
|
|
listen = unix:///tmp/isso.sock
|
|
|
|
; TCP/IP
|
|
|
|
listen = http:///localhost:1234/
|
|
|
|
|
|
|
|
When ``gevent`` is available, it is automatically used for `http://`
|
|
|
|
Currently, gevent can not handle http requests on unix domain socket
|
|
|
|
(see `#295 <https://github.com/surfly/gevent/issues/295>`_ and
|
|
|
|
`#299 <https://github.com/surfly/gevent/issues/299>`_ for details).
|
2013-10-27 11:44:59 +00:00
|
|
|
|
2013-11-06 15:48:43 +00:00
|
|
|
Does not apply for `uWSGI`.
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
reload
|
|
|
|
reload application, when the source code has changed. Useful for
|
2013-11-06 15:48:43 +00:00
|
|
|
development (don't forget to use a fixed `session-key`). Only works
|
|
|
|
when ``gevent`` and ``uwsgi`` are *not* available.
|
2013-10-27 11:44:59 +00:00
|
|
|
|
2013-11-03 11:32:38 +00:00
|
|
|
profile
|
|
|
|
show 10 most time consuming function in Isso after each request. Do
|
|
|
|
not use in production.
|
|
|
|
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
SMTP
|
|
|
|
----
|
|
|
|
|
|
|
|
Isso can notify you on new comments via SMTP. In the email notification, you
|
2013-11-09 14:18:21 +00:00
|
|
|
also can moderate (=activate or delete) comments. Don't forget to configure
|
|
|
|
``notify = smtp`` in the general section.
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[smtp]
|
|
|
|
username =
|
|
|
|
password =
|
|
|
|
host = localhost
|
|
|
|
port = 465
|
|
|
|
ssl = on
|
|
|
|
to =
|
|
|
|
from =
|
|
|
|
|
|
|
|
username
|
|
|
|
self-explanatory, optional
|
|
|
|
|
|
|
|
password
|
|
|
|
self-explanatory (yes, plain text, create a dedicated account for
|
|
|
|
notifications), optional.
|
|
|
|
|
|
|
|
host
|
|
|
|
SMTP server
|
|
|
|
|
|
|
|
port
|
|
|
|
SMTP port
|
|
|
|
|
|
|
|
ssl
|
|
|
|
use SSL to connect to the server. Python probably does not validate the
|
|
|
|
certificate. Needs research, though. But you should use a dedicated
|
|
|
|
email account anyways.
|
|
|
|
|
|
|
|
to
|
|
|
|
recipient address, e.g. your email address
|
|
|
|
|
|
|
|
from
|
|
|
|
sender address, e.g. isso@example.tld
|
|
|
|
|
|
|
|
|
|
|
|
Guard
|
|
|
|
-----
|
|
|
|
|
|
|
|
Enable basic spam protection features, e.g. rate-limit per IP address (``/24``
|
|
|
|
for IPv4, ``/48`` for IPv6).
|
|
|
|
|
|
|
|
.. code-block:: ini
|
|
|
|
|
|
|
|
[guard]
|
|
|
|
enabled = true
|
|
|
|
ratelimit = 2
|
2013-11-13 15:10:17 +00:00
|
|
|
direct-reply = 3
|
2013-11-13 20:19:02 +00:00
|
|
|
reply-to-self = false
|
2013-10-27 11:44:59 +00:00
|
|
|
|
|
|
|
enabled
|
|
|
|
enable guard, recommended in production. Not useful for debugging
|
|
|
|
purposes.
|
|
|
|
|
2013-11-13 15:10:17 +00:00
|
|
|
ratelimit
|
2013-10-27 11:44:59 +00:00
|
|
|
limit to N new comments per minute.
|
|
|
|
|
2013-11-13 15:10:17 +00:00
|
|
|
direct-reply
|
|
|
|
how many comments directly to the thread (prevent a simple
|
|
|
|
`while true; do curl ...; done`.
|
|
|
|
|
2013-11-13 20:19:02 +00:00
|
|
|
reply-to-self
|
|
|
|
allow commenters to reply to their own comments when they could still edit
|
|
|
|
the comment. After the editing timeframe is gone, commenters can reply to
|
|
|
|
their own comments anyways.
|
|
|
|
|
2013-11-16 21:15:31 +00:00
|
|
|
Do not forget to configure the client.
|
|
|
|
|
2013-10-27 11:44:59 +00:00
|
|
|
|
2013-11-16 23:35:32 +00:00
|
|
|
Multiple Sites
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Isso is designed to serve comments for a single website and therefore stores
|
|
|
|
comments for a relative URL to support HTTP, HTTPS and even domain transfers
|
|
|
|
without manual intervention. But you can chain Isso to support multiple
|
|
|
|
websites on different domains.
|
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
The following example uses `gunicorn <http://gunicorn.org/>`_ as WSGI server (you
|
2013-11-16 23:35:32 +00:00
|
|
|
can use uWSGI as well). It is *not* possible to run the isso executable for
|
|
|
|
multiple sites.
|
|
|
|
|
|
|
|
Let's say you maintain two websites, like foo.example and other.foo:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
$ cat /etc/isso.d/foo.example.cfg
|
|
|
|
[general]
|
|
|
|
host = http://foo.example/
|
|
|
|
dbpath = /var/lib/isso/foo.example.db
|
2013-11-16 23:41:34 +00:00
|
|
|
|
2013-11-16 23:35:32 +00:00
|
|
|
$ cat /etc/isso.d/other.foo.cfg
|
|
|
|
[general]
|
|
|
|
host = http://other.foo/
|
|
|
|
dbpath = /var/lib/isso/other.foo.db
|
2013-11-16 23:41:34 +00:00
|
|
|
|
|
|
|
Then you run Isso with gunicorn like this:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2013-11-16 23:35:32 +00:00
|
|
|
$ export ISSO_SETTINGS="/etc/isso.d/foo.example.cfg;/etc/isso.d/other.foo.cfg"
|
|
|
|
$ gunicorn isso.dispatch -b localhost:8080
|
|
|
|
|
|
|
|
Now, there are two options to configure the webserver:
|
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
1. using a single host to serve comments for both websites
|
|
|
|
2. different hosts for both websites
|
2013-11-16 23:35:32 +00:00
|
|
|
|
|
|
|
In the former case, Isso dispatches based on the HTTP Referer and (if provided)
|
|
|
|
HTTP Origin. If you expect users to supress their referer completely, you
|
|
|
|
should use the second option.
|
|
|
|
|
|
|
|
1. Using a single host to serve comments.
|
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
.. code-block:: nginx
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
server {
|
|
|
|
listen [::]:80;
|
|
|
|
server_name comments.example;
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
location / {
|
|
|
|
proxy_pass http://localhost:8080;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
}
|
|
|
|
}
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
To verify the setup, run:
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
.. code-block:: bash
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
$ curl -vH "Origin: http://foo.example" http://comments.example/
|
|
|
|
...
|
|
|
|
$ curl -vH "Origin: http://other.foo" http://comments.example/
|
|
|
|
...
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
In case of a 418 (I'm a teapot), the setup is *not* correctly configured.
|
2013-11-16 23:35:32 +00:00
|
|
|
|
|
|
|
2. Using different hosts for both websites (no need for a dedicated domain,
|
2013-11-16 23:41:34 +00:00
|
|
|
you can also proxy Isso on a sub-uri like /isso).
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
.. code-block:: nginx
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
server {
|
|
|
|
listen [::]:80;
|
|
|
|
server_name comments.foo.example comments.other.foo;
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
location / {
|
|
|
|
proxy_pass http://localhost:8080;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
}
|
|
|
|
}
|
2013-11-16 23:35:32 +00:00
|
|
|
|
2013-11-16 23:41:34 +00:00
|
|
|
No need to verify this setup, here the webserver automatically sets the
|
|
|
|
proper host.
|
2013-11-16 23:35:32 +00:00
|
|
|
|
|
|
|
|
2013-10-27 11:44:59 +00:00
|
|
|
Appendum
|
|
|
|
---------
|
|
|
|
|
|
|
|
.. _appendum-timedelta:
|
|
|
|
|
|
|
|
Timedelta
|
|
|
|
A human-friendly representation of a time range: `1m` equals to 60
|
|
|
|
seconds. This works for years (y), weeks (w), days (d) and seconds (s),
|
|
|
|
e.g. `30s` equals 30 to seconds.
|
|
|
|
|
|
|
|
You can add different types: `1m30s` equals to 90 seconds, `3h45m12s`
|
|
|
|
equals to 3 hours, 45 minutes and 12 seconds (12512 seconds).
|