Isso is a self-hosted alternative to Disqus (comments on websites).
I installed it. You can comment on my blog without loading third party sites or creating any accounts now. You can even comment anonymously. Please don't abuse this, or I will turn it off.
I modified the Debian
isso package's systemd init script,
/lib/systemd/system/isso.service, to start Isso's Python server directly, and not through GUnicorn, which I could not get working easily. This loses performance (I just have one worker thread, this means ~40 requests/second tops; totally not enough for my high-traffic site).
(You can find the location of the systemd script and anything else installed by the Debian package using
dpkg -L isso | less).
# Enable automatic startup on system boot using systemd $ sudo systemctl enable isso # Start it right now also $ sudo systemctl start isso
I preferred Debian's package because it conveniently creates an
isso user. This was the only one with write rights to the comment DB. Still, e-mails are sensitive data, so I changed it so that no users other than
root have read rights either:
sudo chmod 600 /var/lib/isso/comments.db
The Debian package config is in
/etc/isso.d/enabled/. But that is an empty directory, somehow to be interpreted by GUnicorn. I also hammered the SystemD service to use a fixed file
/etc/isso.d/enabled/isso.cfg. It's not like you have tens of configs.
My config, in order to have the /isso/ virtual subdir instead of a subdomain which would require a separate SSL certificate:
[general] ; database location, check permissions, automatically created if not exists dbpath = /var/lib/isso/comments.db ; your website or blog (not the location of Isso!) host = http://danuker.go.ro https://danuker.go.ro [server] listen = http://localhost:1550 public-endpoint = https://danuker.go.ro/isso/ reload = off profile = off [guard] enabled = true ratelimit = 2 direct-reply = 5 reply-to-self = false require-author = false require-email = false [hash] salt = <censored> algorithm = pbkdf2 [admin] enabled = true password = <censored>
I decided to import the old comments from Disqus. Given that the original users wanted to publish them, it is clear they would have wanted this as well.
scp -P 22 -r disqus-export.xml email@example.com:/home/dan/disqus-export.xml mosh firstname.lastname@example.org # (enter password) sudo su # (enter password again) isso -c /etc/isso.d/enabled/isso.cfg import /home/dan/disqus-export.xml
I use an Apache server instead of the illustrated Nginx. I had to learn to use the
ProxyPassReverse directives in my
/etc/apache2/sites-enabled/ configs. In case you want its endpoint to be on
/isso/ and run the isso server on port 1550, Here they are:
# Proxy for Isso commenting ProxyPass /isso/ http://localhost:1550/ ProxyPassReverse /isso/ http://localhost:1550/
Integration in your website (without NodeJS/Bower/NPM optimization crud). I just hammered this into the comment section of the
<script data-isso="isso/" data-isso-reply-to-self="false" data-isso-require-author="false" data-isso-require-email="false" data-isso-avatar="true" data-isso-avatar-bg="#f0f0f0" data-isso-vote="true" data-isso-feed="false" src="issojs/embed.js"></script> <div id="isso-thread"> </div>
I did not want to use any NodeJS/Bower/NPM package managers. I don't want Bower and NPM and browserify and whatnot for a script that validates 3 forms and sends a post request. To me they look like trojan horses. Sure, PyPi is not much different, but Python includes string padding without needing to install another shady 3rd party dependency that could go rogue at any moment.
Luckily, the Debian and PyPi packages contain the standalone embeddable JS files, with all dependencies included.
I didn't bother setting up e-mail notifications. If you want to see what people reply to your discussion, bookmark the page and visit it later.
See all I have to say on the Privacy statement page.