Comments on your website: How to setup the Commento commenting platform

Commento is, according to its developer, “A fast, privacy-focused commenting platform”. You can use it to enable visitors to comment on your website. It’s also what is powering the comments on this website. You can either make use of Commento’s hosted service, or deploy a self-hosted version, available on GitLab. This is how I set it up.

sudo apt install postgresql -y
sudo -i -u postgres psql -c "CREATE DATABASE commento;"
sudo -i -u postgres psql -c "CREATE USER commento WITH PASSWORD '____PASSWORD____';"
sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE commento TO commento;"

sudo adduser \
    --system \
    --shell /bin/bash \
    --gecos 'Commento' \
    --group \
    --disabled-password \
    --home /home/commento \
sudo mkdir -p /opt/commento/assets

sudo rm -rf /opt/commento/assets/*
sudo mv commento-v1.8.0-linux-glibc-amd64.tar.gz /opt/commento/assets
cd /opt/commento/assets
sudo tar xf commento-*.tar.gz
sudo rm commento-*.tar.gz
sudo mv commento ../
sudo chown -R commento:commento /opt/commento

sudo tee /etc/systemd/system/commento.service <<EOF > /dev/null
Description=Commento daemon service postgresql.service



sudo tee /etc/commento/commento.conf <<EOF > /dev/null
# Commento

# Network settings
## This should be set to the subdomain or the IP address hosting Commento. All API requests will go to this server. This may include subdirectories if Commento is hosted behind a reverse proxy, for example. Include the protocol in the value to use HTTP/HTTPS.
## The port to bind the Commento server to. Defaults to 8080.
## The address to bind the Commento server to. Useful if the server has multiple network interfaces. If not specified, this value defaults to COMMENTO_ORIGIN.

# Database settings
COMMENTO_POSTGRES="user=commento password=____PASSWORD____ host=/var/run/postgresql/ port=5432 dbname=commento sslmode=disable"

# Configuration file
## A configuration file for Commento. Useful to store secrets and credentials. No config file will be loaded by default, if left unspecified.

# Forbid registration of new users
## Used to disable new dashboard registrations. Useful if you are the only person using Commento on your server. Does not impact the creation of accounts for your readers. Defaults to false.

# Static files settings
## If you want to store the binary in a different directory from the static assets, set this directory to point to the static assets (HTML, JS, CSS, email templates and database migrations). Defaults to the same directory as the binary.

## If set to true, all static content will be served GZipped if the client's browser supports compression. Defaults to false.

# SMTP settings
## SMTP credentials and configuration the server should use to send emails. By default, all settings are empty and email features such as email notification and reset password are turned off.

# Akismet API key
## Create a key in your Akismet dashboard. By default, Akismet integration is turned off when this value is left empty.

# Google OAuth configuration
## Create a new project in the Google developer console ( to generate a set of credentials. By default, Google login is turned off when these values are left empty.

# GitHub OAuth configuration
## Create a new OAuth app in GitHub developer settings ( to generate a set of credentials. By default, GitHub login is turned off when these values are left empty.

# Gitlab OAuth configuration
## Create a new application in your GitLab settings ( to generate a set of credentials. By default, GitLab login is turned off when these values are left empty.

# Twitter OAuth configuration
## Create an app in the Twitter developer dashboard ( to generate a set of credentials. By default, Twitter login is turned off when these values are left empty.


sudo tee /etc/nginx/conf.d/comments.conf <<EOF > /dev/null
server {
    listen 80;

    location /.well-known/acme-challenge/ {
        root /var/www/acme;

    location / {
        return 301 https://$host$request_uri;

server {
    listen 443 ssl http2;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    ssl_dhparam /etc/ssl/certs/dhparam_4096.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver valid=300s;
    resolver_timeout 5s;
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security "max-age=63072000; preload";
    keepalive_timeout 300s;

    location ~ ^/(css/commento.css|js/commento.js)$ {
        # the css and js file can be cached
        expires modified 365d;
        proxy_pass http://localhost:8001;

    location ~ ^/(api/(commenter|comment|page|oauth))/ {
        proxy_pass http://localhost:8001;

    location / {
        satisfy any;
        proxy_pass http://localhost:8001;

sudo systemctl stop nginx
sudo certbot certonly --standalone --rsa-key-size 4096 -d
sudo systemctl start nginx

Go to and sign up for an account. If you don’t want strangers to be able to register as commento admin, execute the following commands after doing so.

sudo sed -i "s/COMMENTO_FORBID_NEW_OWNERS=false/COMMENTO_FORBID_NEW_OWNERS=true/g" /etc/commento/commento.conf
sudo systemctl restart commento