Comments on your website: How to setup the Commento commenting platform

Commento is, according to its developer, “A fast, privacy-focused commenting platform”. You can use it to enable visitors to comment on your website. It’s also what is powering the comments on this website. You can either make use of Commento’s hosted service, or deploy a self-hosted version, available on GitLab. This is how I set it up.

sudo apt install postgresql -y
sudo -i -u postgres psql -c "CREATE DATABASE commento;"
sudo -i -u postgres psql -c "CREATE USER commento WITH PASSWORD '____PASSWORD____';"
sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE commento TO commento;"

sudo adduser \
    --system \
    --shell /bin/bash \
    --gecos 'Commento' \
    --group \
    --disabled-password \
    --home /home/commento \
    commento
sudo mkdir -p /opt/commento/assets
wget https://dl.commento.io/release/commento-v1.8.0-linux-glibc-amd64.tar.gz

sudo rm -rf /opt/commento/assets/*
sudo mv commento-v1.8.0-linux-glibc-amd64.tar.gz /opt/commento/assets
cd /opt/commento/assets
sudo tar xf commento-*.tar.gz
sudo rm commento-*.tar.gz
sudo mv commento ../
sudo chown -R commento:commento /opt/commento

sudo tee /etc/systemd/system/commento.service <<EOF > /dev/null
[Unit]
Description=Commento daemon service
After=network.target postgresql.service

[Service]
Type=simple
User=commento
Group=commento
ExecStart=/opt/commento/commento
EnvironmentFile=/etc/commento/commento.conf
Environment=

[Install]
WantedBy=multi-user.target
EOF

sudo tee /etc/commento/commento.conf <<EOF > /dev/null
# Commento

# Network settings
## This should be set to the subdomain or the IP address hosting Commento. All API requests will go to this server. This may include subdirectories if Commento is hosted behind a reverse proxy, for example. Include the protocol in the value to use HTTP/HTTPS.
COMMENTO_ORIGIN=https://comments.example.com
## The port to bind the Commento server to. Defaults to 8080.
COMMENTO_PORT=8001
## The address to bind the Commento server to. Useful if the server has multiple network interfaces. If not specified, this value defaults to COMMENTO_ORIGIN.
#COMMENTO_BIND_ADDRESS=

# Database settings
COMMENTO_POSTGRES="user=commento password=____PASSWORD____ host=/var/run/postgresql/ port=5432 dbname=commento sslmode=disable"

# Configuration file
## A configuration file for Commento. Useful to store secrets and credentials. No config file will be loaded by default, if left unspecified.
#COMMENTO_CONFIG_FILE=/etc/commento.env

# Forbid registration of new users
## Used to disable new dashboard registrations. Useful if you are the only person using Commento on your server. Does not impact the creation of accounts for your readers. Defaults to false.
COMMENTO_FORBID_NEW_OWNERS=false

# Static files settings
## If you want to store the binary in a different directory from the static assets, set this directory to point to the static assets (HTML, JS, CSS, email templates and database migrations). Defaults to the same directory as the binary.
COMMENTO_STATIC=/opt/commento/assets

## If set to true, all static content will be served GZipped if the client's browser supports compression. Defaults to false.
#COMMENTO_GZIP_STATIC=false

# SMTP settings
## SMTP credentials and configuration the server should use to send emails. By default, all settings are empty and email features such as email notification and reset password are turned off.
COMMENTO_SMTP_HOST=mail.example.com
COMMENTO_SMTP_PORT=587
COMMENTO_SMTP_USERNAME=comments@example.com
COMMENTO_SMTP_PASSWORD=____PASSWORD____
COMMENTO_SMTP_FROM_ADDRESS=comments@example.com

# Akismet API key
## Create a key in your Akismet dashboard. By default, Akismet integration is turned off when this value is left empty.
#COMMENTO_AKISMET_KEY=

# Google OAuth configuration
## Create a new project in the Google developer console (https://console.developers.google.com/project) to generate a set of credentials. By default, Google login is turned off when these values are left empty.
#COMMENTO_GOOGLE_KEY=
#COMMENTO_GOOGLE_SECRET=

# GitHub OAuth configuration
## Create a new OAuth app in GitHub developer settings (https://github.com/settings/developers) to generate a set of credentials. By default, GitHub login is turned off when these values are left empty.
#COMMENTO_GITHUB_KEY=
#COMMENTO_GITHUB_SECRET=

# Gitlab OAuth configuration
## Create a new application in your GitLab settings (https://gitlab.com/profile/applications) to generate a set of credentials. By default, GitLab login is turned off when these values are left empty.
#COMMENTO_GITLAB_KEY=
#COMMENTO_GITLAB_SECRET=

# Twitter OAuth configuration
## Create an app in the Twitter developer dashboard (https://developer.twitter.com/en/apps) to generate a set of credentials. By default, Twitter login is turned off when these values are left empty.
#COMMENTO_TWITTER_KEY=
#COMMENTO_TWITTER_SECRET=

EOF



sudo tee /etc/nginx/conf.d/comments.conf <<EOF > /dev/null
server {
    listen 80;
    server_name comments.example.com;

    location /.well-known/acme-challenge/ {
        root /var/www/acme;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name comments.example.com;

    ssl_certificate /etc/letsencrypt/live/comments.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/comments.example.com/privkey.pem;
    ssl_dhparam /etc/ssl/certs/dhparam_4096.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 127.0.0.1 valid=300s;
    resolver_timeout 5s;
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security "max-age=63072000; preload";
    keepalive_timeout 300s;

    location ~ ^/(css/commento.css|js/commento.js)$ {
        # the css and js file can be cached
        expires modified 365d;
        proxy_pass http://localhost:8001;
    }

    location ~ ^/(api/(commenter|comment|page|oauth))/ {
        proxy_pass http://localhost:8001;
    }

    location / {
        satisfy any;
        proxy_pass http://localhost:8001;
  }
}
EOF

sudo systemctl stop nginx
sudo certbot certonly --standalone --rsa-key-size 4096 -d comments.example.com
sudo systemctl start nginx

Go to comments.example.com and sign up for an account. If you don’t want strangers to be able to register as commento admin, execute the following commands after doing so.

sudo sed -i "s/COMMENTO_FORBID_NEW_OWNERS=false/COMMENTO_FORBID_NEW_OWNERS=true/g" /etc/commento/commento.conf
sudo systemctl restart commento

Related