Installing selfoss on a Raspberry Pi

Selfoss is an RSS reader.
We are going to install it and configure it using Nginx.

Preparing the vhost

In this example I’m using selfoss.local as the url to set it up. Change the url to whatever you want.

sudo mkdir -p /var/www/selfoss.local/public_html
sudo chown www-data:www-data /var/www/selfoss.local -R
cd /var/www/selfoss.local/public_html

Create the vhost file: sudo nano /etc/nginx/sites-enabled/selfoss.local.conf

server {
    listen 80;

    server_name selfoss.local;
    root /var/www/selfoss.local/public_html;

    index index.php index.html;

    location ~* \ (gif|jpg|png) {
        expires 30d;

    location ~ ^/(favicons|thumbnails)/.*$ {
        try_files $uri /data/$uri;

    location ~* ^/(data\/logs|data\/sqlite|config\.ini|\.ht) {
        deny all;

    location / {
        index index.php;
        try_files $uri /public/$uri /index.php$is_args$args;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

And finally reload nginx: sudo nginx -t && sudo service nginx reload

Download Selfoss

Next we download Selfoss. On the Selfoss home page there is a download button. Copy the destination of that link.
At the time of writing it is on version 2.18 and the download zip is: []/2.18/
Replace the url if needed.

sudo wget -O
sudo unzip
sudo rm
sudo chown www-data:www-data /var/www/selfoss.local -R

Now visit the uel. You should see an empty -but working- selfoss screen. Screenshot of selfoss empty installation


Although this installation works we are going co configure some aspects of it.

DB connection.

Be default Selfoss uses sqlite. Mysql has a better performance. Instructions to install Mysql are in a separate article.
More detailed instruction are there. So here are the quick instructions to create a database.

Login to mysql as root: sudo mysql -uroot
Create a db, and assign a new user. !Replace the password
You can set your own database name and user.

CREATE DATABASE misc_selfoss;
CREATE USER 'selfoss'@'localhost' IDENTIFIED BY '%%SAFE_PASSWORD%%';
GRANT ALL PRIVILEGES ON `misc_selfoss`.* TO `selfoss`@`localhost`;

Creating the database for Selfoss

Next we set the db connection in the config file: sudo nano config.ini


A few cleanup commands afterwards

sudo rm data/sqlite/selfoss.db
sudo chown www-data:www-data /var/www/selfoss.local -R

Password protection

To protect your selfoss installation we will set a password.
Go to your url/password in my case: http://selfoss.local/password

Screenshot of the Seelfoss password generation screen

After go got the hash add it to the config file: sudo nano config.ini


Other configurations.

There are more configurations. See the official documentation Personally I prefer that items get marked as read when I open them.


Now you are ready to start using Selfoss. Have fun!

WP-cli run command over each subsite

If you use WP-cli command on a multisite it be default will only run on the mainsite.
But often you want to change a setting for all the sites.
In my case I wanted to set the timezone to Amsterdam for the whole network. That’s not hard:

wp option set timezone_string 'Europe/Amsterdam'

On a multisite this is a bit more difficult. But the script below will do the same for each site in a multisite.

wp site list --field=url | xargs -I % sh -c 'printf "%\n"; wp option set timezone_string 'Europe/Amsterdam'


VVV disable backups

list of vvv custom action filesVVV is great but if you have 20+ sites in it most of which are quite big doing a reload or halt can be quite slow.
Disabling it isn’t the easiest. In vagrant-root/config/homebin/ create these 3 files:

  • vagrant_destroy_custom
  • vagrant_halt_custom
  • vagrant_suspend_custom

I wish there was a way to easily disable these. The vvv-custom.yml would be great for this.
Also adding a way to exclude specific databases.


php array; insert new item at specific index

The php function array_splice can be used to insert new items. At specific places.

$breadcrumbs = [
$new_crumb = [
array_splice($breadcrumbs, 1, 0, $new_crumb);

The result is that category is inserted at the second place.

array (
    0 => 'home',
    1 => 'category',
    2 => 'year',
    3 => 'month',
    4 => 'day',

Running php from command line

This is one of those “I know this is possible, but don’t know how”.

php -r 'echo "hello world";'

Only useful for simple onelines. You’re very likely to be better of putting code in a php file and run that script like:

php ./helloworld.php

Installing PHP7.3 on a Rapsberry Pi

Note: this post call also be used to install php7.2, just change every 7.3 reference to 7.2.

Default rasbian still ships with php7.0 even though that version in not supported any more. We will install the latest php 7.3. But because this is not the default we will need to do a few extra tweaks.

Add newer source

Let’s create a new source list: sudo nano /etc/apt/sources.list.d/10-buster.list.
In that file add.

deb buster main contrib non-free rpi

After saving create the next file sudo nano /etc/apt/preferences.d/10-buster.
In that file add.

Package: *
Pin: release n=stretch
Pin-Priority: 900

Package: *
Pin: release n=buster
Pin-Priority: 750

Again save. Make the system aware of this source list with

sudo apt update

Actual install php

Now we are ready to install PHP7 with all it’s modules:

sudo apt install -y -t buster php7.3-fpm php7.3-curl php7.3-gd php7.3-intl php7.3-mbstring php7.3-mysql php7.3-imap php7.3-opcache php7.3-sqlite3 php7.3-xml php7.3-xmlrpc php7.3-zip php-apcu

When done check it with php -v it should show a PHP 7.3.. Now we need to add a few fpm things for nginx to work properly. Create a extra config file sudo nano /etc/php/7.3/fpm/conf.d/90-pi-custom.ini.
And add:



Finally reload php

sudo service php7.3-fpm reload

Now PHP is ready to use


You might want to follow these instructions to install. wp-cli, composer, image compression support in php

Installing Nginx on a Rapsberry Pi

In this step we are going to install a webserver (nginx). For those who are bit familiar with webservers you might wonder why we are not using apache? I myself are far more familiar with Apache but Nginx just has better performance. And on the not so powerful pi that is important.

Install Nxing

Like with php we want a newer version. So again we will use the buster source. (see first step of installing php to add buster source)
It should install 1.14. To install nginx run the command:

sudo apt install -y -t buster nginx

Check the version nginx -v it should be version nginx/1.14. or higher

To test if it works enter the IP address in the browser. You should see this page.

If you see an error most likely IPv6 isn’t supported. Open the nginx config file sudo nano /etc/nginx/sites-enabled/default.
At the top you should see these lines

    listen 80 default_server;
    listen [::]:80 default_server;

Change them to:

    listen 80 default_server;
    #listen [::]:80 default_server;

Save then restart nginx.

sudo nginx -t && sudo service nginx reload

Then test the page again in the browser.

Setting up a site with php and url

First we will do some global settings open: sudo nano /etc/nginx/conf.d/99-custom.conf
Add the following line, we increase the allowed upload sizes.

client_max_body_size 64M;

Note: for the example I use example.local replace that with the url you want to use. If you don’t have the url setup yet you can add it to you own host file. Or instead of the url use the IP-address of the Pi.

We will create our own vhost files. PS I’ll be using example.local but use whatever you intend to use. Create the vhost file: sudo nano /etc/nginx/sites-enabled/example.local.conf

server {
    listen 80;

    server_name example.local;
    root /var/www/example.local/public_html;

    index index.php index.html;

    location / {
        try_files $uri $uri/ =404;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

Next create the folders needed. Set the rights of those files and add a test page.

sudo mkdir -p /var/www/example.local/public_html
sudo touch /var/www/example.local/public_html/index.php
sudo chown www-data:www-data /var/www/example.local -R
sudo nginx -t && sudo service nginx reload

In the main file add sudo nano /var/www/example.local/public_html/index.php


To test the url example.local you need to add it to your host file. Depending if you’re on Windows, Mac or Linux the instructions are different. See this guide: How to edit your hostfile

Now go the the url and you should see this:
phpinfo dump on a working example.local

Now we have a basic and functioning webserver with php.
For security sake delete the index.php file

sudo rm /var/www/example.local/public_html/index.php 

Permissions and Nginx

So far we use sudo for pretty much everything. This is fine.
After the initial setup most of the work has to be done in /var/www/*. These files are owned by the www-data user. This also is normal and fine.
We can change Nginx to use the pi user.

That way you can avoid the sudo for every small change.
This is a security risk of course.
The big upside is no more sudo and changing owners of files.
The downside is that every file pi can access Nginx also can access.

Tips when using the default Nginx user.

  1. Files created by Nginx will have owner and group www-data
  2. The default pi user can’t edit these. When editing use sudo
    If you are changing a lot you want want too temporarily change the entire folder to the pi user.

    Change user to PI
    sudo chown pi:pi -R /var/www/PATH

    Change user to the Nginx default.
    sudo chown www-data:www-data -R /var/www/PATH

Changing the Nginx user

Use this at own risk. The rest of the guide(s) acts as if you didn’t do this.

Open file sudo nano /etc/php/7.3/fpm/pool.d/zzz-users.conf and add.

user = pi
group = pi
listen.owner = pi = pi

And reload php sudo service php7.3-fpm restart

Next open sudo nano /etc/nginx/nginx.conf on line 1 the user to pi
Restart nginx sudo nginx -t && sudo service nginx restart

Last step is really making pi the owner of all webfiles: sudo chown pi:pi /var/www/ -R

Curl output format

A lot of usefull informatoin can be caught using curl. Formating the output can be done with the -w --write-out argument

curl -w 'Home loadtime: %{time_total}\nResponse code: %{http_code}\n' -o /dev/null -s ''

Output example: Bash output of curl request

This example will show the load time and response code. These 2 values are duable. But If you want more it’s more readable to pass a file.

In file: nano curlformat.txt

    time_namelookup:  %{time_namelookup}\n
       time_connect:  %{time_connect}\n
    time_appconnect:  %{time_appconnect}\n
   time_pretransfer:  %{time_pretransfer}\n
      time_redirect:  %{time_redirect}\n
 time_starttransfer:  %{time_starttransfer}\n
         time_total:  %{time_total}\n

Then pass the file to curl:

curl -w "@curl-format.txt" -o /dev/null -s ""

Bash output of curl format file

A list of all avialable variables are in the man pages


Extra programs on a Raspberry Pi

In this series the pi itself is installed using Raspbian Stretch Lite to keep it light. Some extra’s will come in handy.

Installing git on a Raspberry Pi

sudo apt install git -y

After installing git, set your credentials

git config --global "John Doe"
git config --global

Git documentation

Installing wp-cli on a Raspberry pi

! Wp-cli will not work without php installed

curl -O
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
wp --info

WP-cli documentation

Installing composer on a Raspberry pi

! composer will not work without php and git

curl -O
chmod +x composer.phar
sudo mv composer.phar /usr/local/bin/composer
sudo composer self-update
composer --version

Composer documentation

Installing optipng gifsicle libjpeg-progs on a Raspberry Pi

You might want image optimization & compression. In the main php article php-gp was installed. But that is not enough.

sudo apt install -y optipng gifsicle libjpeg-progs

Installing PHP on a Raspberry Pi

PHP is covered in it’s own article.

Installing mariaDB/mysql on a Raspberry Pi

MariaDB or Mysql is covered in it’s own article.

Installing NginX on a Raspbery Pi

NginX is covered in it’s own article

RaspberryPi, Only allow ssh key login

This is the followup of Opening a Raspberry Pi to the outside world On the internet bots constantly try to hack servers. The Raspberry Pi is popular target. That’s why by default ssh is disabled nowadays.
To make this more secure we will only allow login by ssh key instead of a password. Ssh keys are a lot safer and you also won’t need to type/paste the password on login.

Open file: sudo nano /etc/ssh/sshd_config

Look for PasswordAuthentication
remove the # at the front and change the value to no.

PasswordAuthentication no

As a fall-back we will allow login in from the home network. So at the bottom of the file add. (the 4 spaces in front of the line matter)

Match address 192.168.*.*
    PasswordAuthentication yes

Restart the ssh service. sudo service ssh restart

ssh keys

Generate keys on the raspberry pi: ssh-keygen -t rsa -b 4096 -C "pi-webserver"
Just press enter for both the location and password.
Add your local key. Form your own machine mac/linux/windows.

Open File: sudo nano .ssh/authorized_keys

Paste your public key in this file.
For linux/mac you can find your public key with: cat ~/.ssh/

In a new terminal tab/window, try to login again. This way you can change things in the current tab. If something went wrong. You should login without needing to type the password. To check if the password is disabled you should try login in from a different computer and a different ip.