[5 Mins Docker] Deploy FreshRSS Using Docker Run Command and Deploy To Fly.io - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Monday, January 30, 2023

[5 Mins Docker] Deploy FreshRSS Using Docker Run Command and Deploy To Fly.io

FreshRSS is a free, self-hostable RSS feeds aggregator. Fly.io is a super amazing platform that runs application servers close to end users.
Fly.io can take Docker images (or Dockerfiles, or buildpacks) and boot them into Firecracker powered microVMs. When you deploy with Fly.io, you get an Anycast IP, along with TLS offloading by them.


The method for installing FreshRSS in fly.io is mostly coming from Sathyasays's blog post: Self-hosting FreshRSS (for free) on Fly.io in under 10 minutes

Free Tier Plan from Fly.io

Free tier Free Allowances

Resources included for free on all plans:

  • Up to 3 shared-cpu-1x 256mb VMs†
  • 3GB persistent volume storage (total)
  • 160GB outbound data transfer, inbound transfer is free
  • 10 Free Single Hostname Certificates

†3 VM's total between Apps and Machines

Price

Additional resources are billed at the usage-based pricing detailed below.

App/Machine Type      CPU(s)                  RAM                Price
shared-cpu-1x 1           shared                    256MB             $0.0000008/s ($1.94/mo)

Related Websites


  • Website: https://www.freshrss.org/
  • Github : https://github.com/FreshRSS
  • Demo: https://demo.freshrss.org/
  • Doc: https://freshrss.github.io/FreshRSS/
  • Docker Github: https://github.com/FreshRSS/FreshRSS/tree/edge/Docker
  • Docker Hub : https://hub.docker.com/r/freshrss/freshrss/


Docker Deployment Steps


  • Docker Github: https://github.com/FreshRSS/FreshRSS/tree/edge/Docker
  • Docker Hub : https://hub.docker.com/r/freshrss/freshrss/

Quick Run


docker run -d --restart unless-stopped --log-opt max-size=10m \
  -p 8080:80 \
  -e TZ=Europe/Paris \
  -e 'CRON_MIN=1,31' \
  -v freshrss_data:/var/www/FreshRSS/data \
  -v freshrss_extensions:/var/www/FreshRSS/extensions \
  --name freshrss \
  freshrss/freshrss
  • Exposing on port 8080
  • With a server timezone (default is UTC)
  • With an automatic cron job to refresh feeds
  • Saving FreshRSS data in a Docker volume freshrss_data and optional extensions in freshrss_extensions
  • Using the default image, which is the latest stable release

Update the docker

# Rebuild an image (see build section below) or get a new online version:
docker pull freshrss/freshrss
# And then
docker stop freshrss
docker rename freshrss freshrss_old
# See the run section above for the full command
docker run -d --restart unless-stopped --log-opt max-size=10m \
  -p 8080:80 \
  -e TZ=Europe/Paris \
  -e 'CRON_MIN=1,31' \
  -v freshrss_data:/var/www/FreshRSS/data \
  -v freshrss_extensions:/var/www/FreshRSS/extensions \
  --name freshrss \
  freshrss/freshrss
# If everything is working, delete the old container
docker rm freshrss_old

Launch it from Docker Play Lab Site



[node1] (local) [email protected] ~
$ docker run -d --restart unless-stopped --log-opt max-size=10m \
  -p 8080:80 \
  -e TZ=Europe/Paris \
  -e 'CRON_MIN=1,31' \
  -v freshrss_data:/var/www/FreshRSS/data \
  -v freshrss_extensions:/var/www/FreshRSS/extensions \
  --name freshrss \
  freshrss/freshrss
Unable to find image 'freshrss/freshrss:latest' locally
latest: Pulling from freshrss/freshrss
025c56f98b67: Pull complete 
f2b032307188: Pull complete 
c734ca29865c: Pull complete 
ed09e49b5ed8: Pull complete 
805bd4108688: Pull complete 
bab3534d3cd6: Pull complete 
6432adbeb0a5: Pull complete 
c8a3e550804c: Pull complete 
Digest: sha256:8db984756da7dde0a634ca602f47793294d006e00c3157dc3aca2935d5ad60ef
Status: Downloaded newer image for freshrss/freshrss:latest
c6b69882f2a87d2ee679ab870d43fbbdf35b2214775458bdda393c16f9796d4b
[node1] (local) [email protected] ~
$



Fly.IO Deployment Steps

This is assuming you have installed fly.io's flyctl tool. If not you will need to install flyctl. 


Basically for windows, you just need to run following command from administrator's powershell window:
  • iwr https://fly.io/install.ps1 -useb | iex

1 Sign Up for Fly.io and Sign in

You can use your github account to log in or use an email account to sign up

You will need to add your credit card for free credit allowances, else you will get an error message when do deployment:

2 Sign into your Fly.io account by typing flyctl auth login

PS C:\Users\WDAGUtilityAccount> flyctl auth login
Opening https://fly.io/app/auth/cli/8e426809a69c7d38e2ca77e0f62ae57 ...

Waiting for session... Done
successfully logged in as [email protected]


3 Create fly.toml file. You can use fly launch command to auto-generate your project , then use notepad create fly.toml with follow content.


PS C:\Users\WDAGUtilityAccount> fly launch
Creating app in C:\Users\WDAGUtilityAccount
Scanning source code
Could not find a Dockerfile, nor detect a runtime or framework from source code. Continuing with a blank app.
? Choose an app name (leave blank to generate one): freshrss-netsec2

? Choose an app name (leave blank to generate one): freshrss-netsec2
? Select Organization: 51Sec (51sec)
? Choose a region for deployment: Toronto, Canada (yyz)
Created app freshrss-netsec2 in organization 51sec
Admin URL: https://fly.io/apps/freshrss-netsec
Hostname: freshrss-netsec.fly.dev
Oops, something went wrong! Could you try that again?
PS C:\Users\WDAGUtilityAccount> notepad fly.toml

It will give you an error, but no worries. The app will auto-created. You can continue to use "notepad fly.toml" to create your deployment file.

The most important part is to change app name, which must be uniqe. 

app = "freshrss-netsec"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[build]
  image = "freshrss/freshrss:1.20.1"

[env]
  CRON_MIN='*/20'

[mounts]
  source="freshrss51sec_data"
  destination="/var/www/FreshRSS/data"

[experimental]
  allowed_public_ports = []
  auto_rollback = true

[[services]]
  http_checks = []
  internal_port = 80
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"


4 After created fly.toml file, you can create a persisting data volume using the command 

  • fly volumes create freshrss51sec_data --size 1
In this command, we create a volume of size 1GB. This can be increased later, so I selected the lowest possible number, as flyctl expects size in GB and doesn’t accept fractional numbers.


PS C:\Users\WDAGUtilityAccount> fly volumes create freshrss51sec_data --size 1
? Select region: Toronto, Canada (yyz)
        ID: vol_53q80vdpk66vgzy6
      Name: freshrss51sec_data
       App: freshrss51
    Region: yyz
      Zone: 5e29
   Size GB: 1
 Encrypted: true
Created at: 25 Jan 23 01:29 UTC
PS C:\Users\WDAGUtilityAccount> fly launch
An existing fly.toml file was found for app freshrss51
App is not running, deploy...
==> Building image
Searching for image 'freshrss/freshrss:1.20.1' remotely...
image found: img_y7nxpkrd5j2v8w25
==> Creating release
--> release v2 created

--> You can detach the terminal anytime without stopping the deployment
==> Monitoring deployment
Logs: https://fly.io/apps/freshrss51/monitoring

 1 desired, 1 placed, 1 healthy, 0 unhealthy [health checks: 1 total, 1 passing]
--> v0 deployed successfully

PS C:\Users\WDAGUtilityAccount> flyctl ips list
VERSION IP                      TYPE            REGION  CREATED AT
v6      2a09:8280:1::3:d1e9     public          global  12m8s ago
v4      66.241.124.170          public (shared)

Check from online website, please make sure you are using right organization.


It is running now:


You will get a default url which is <appname>.fly.dev, as you can see from the screenshot I am having


Custom Domains and SSL Certificates:

Website fly.io does support to add your own domain for your apps ,and also provide 10 free ssl certificates for your apps. 


Of course, you will need to confirm your domain ownership using cname (optional) and add A / AAAA record for it:

You can visit my testing site: https://reader.51sec.org or https://myrss.51sec.eu.org


Custom Domains and SSL Certificates Doc:
  • https://fly.io/docs/app-guides/custom-domains-with-fly/#creating-a-custom-domain-on-fly-manually
Note: https://sathyasays.com/2022/09/05/self-hosting-freshrss-fly-io-free/



Some Commands

  •  fly volumes list

PS C:\Users\WDAGUtilityAccount> fly volume list
ID                      STATE   NAME                    SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT
vol_53q80vdpk66vgzy6    created freshrss51sec_data      1GB     yyz     5e29    true            53c402b6        1 hour ago
vol_g2yxp4mdy5z463qd    created freshrss_data           1GB     yyz     5e29    true                            1 hour ago

PS C:\Users\WDAGUtilityAccount>
PS C:\Users\WDAGUtilityAccount> fly volume delete vol_g2yxp4mdy5z463qd
Deleting a volume is not reversible.
? Are you sure you want to destroy this volume? Yes
Destroyed volume vol_g2yxp4mdy5z463qd from freshrss51
PS C:\Users\WDAGUtilityAccount>

Currently, we are having 1GB volume created. If 1GB is not enough, you will be able to expand it to at most 3GB for free using command line tool.


Demo Sites


Videos

 



References


  • Website: https://www.freshrss.org/
  • Github : https://github.com/FreshRSS
  • Demo: https://demo.freshrss.org/
  • Doc: https://freshrss.github.io/FreshRSS/
  • Docker Github: https://github.com/FreshRSS/FreshRSS/tree/edge/Docker
  • Docker Hub : https://hub.docker.com/r/freshrss/freshrss/




No comments:

Post a Comment