If you are running static website or blog to be precise with hugo, you may have came across how to add comments to your site. Disqus for example is one of them, but it may not be your 1st choice to go with for many reasons.

Isso is another choice with complete control over your data with no trackers and data minning. You host it and you own it.

Server os is Ubuntu 18.04. We will use subdomain isso.MYDOMAIN.com, you can use comments, discuss or any other name instead of isso. Change MYDOMAIN.com to your actual domain.

Requirements

  • Python (we will use python3)
  • Pip
  • SQLite
  • Apache (proxy)
  • Certbot

1. Installation

Install the following packages.

apt install python3 python3-pip sqlite3 build-essential

If you have fresh system, you may need these packages too otherwise will get errors while installing isso.

apt install python3-setuptools python3-dev

Create new user as we would like to run isso under separate user account.

adduser --disabled-login --gecos 'Isso Comments' isso

Login to isso account.

sudo su - isso

Install the necessary pip wheel package.

pip3 install wheel

Now let’s install isso.

pip3 install isso

2. Configuration

2.1 Server Configuration

Let’s create a conf file. The documentation is not up-to-date on the website, but here you can check the latest configurations.

vim /home/isso/isso.conf

Paste this in it, change things accordingly like MYDOMAIN, ADMINPASSWORD, enter SMTP details for email.

[general]
dbpath = /home/isso/comments.db
host = https://MYDOMAIN.com/
max-age = 5m
notify = smtp
log-file = /home/isso/isso.log
admin_password = ADMINPASSWORD

[moderation]
enabled = false

[server]
listen = http://localhost:8080
reload = off
profile = off
public-endpoint = https://isso.MYDOMAIN.com/

[guard]
enabled = true
ratelimit = 2
direct-reply = 3
reply-to-self = false
require-author = true
require-email = false

[smtp]
username =
password =
host =
port = 587
security = starttls
to =
from =
timeout = 10

[hash]
salt = 3EFech7co8Ohlsad4324aso6Adsbaimi
algorithm = pbkdf2

Isso will be accessible via port 8080.

Test the installation.

/home/isso/.local/bin/isso -c /home/isso/isso.conf

Ctrl+c to exit.

2.2 Client Configuration

You can check all the isso client side configuration here.

Paste the following where you want your comments to be displayed on your site. This is my configuration used for hugo.

<script data-isso="https://isso.MYDOMAIN.com/" data-isso-css="false" data-isso-require-author="true" src="https://isso.MYDOMAIN.com/js/embed.min.js"></script>
<section id="isso-thread" data-title="{{ .Title }}"></section>

data-title is needed if you are to setup SMTP, otherwise the mails subject will be empty.

I have customized the css taken from here. Add it in the head section of your site.

<link href="/css/isso.css" rel="stylesheet">

Isso comments <>

3. Isso as systemd service

Switch back to your privileged(root) user and create new service file.

vim /etc/systemd/system/isso.service

Paste the following in it.

[Unit]
Description=Isso Commenting Server
After=network.target
[Service]
Type=simple
User=isso
WorkingDirectory=/home/isso
ExecStart=/home/isso/.local/bin/isso -c /home/isso/isso.conf
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

Enable and start the service.

systemctl enable isso
systemctl start isso

Check the status.

systemctl status isso

4. Upgrade Isso

Login to your server and switch to isso user.

sudo su - isso

Then run.

pip3 install --upgrade isso

Switch back to your privileged user and restart isso service.

systemctl restart isso

5. Apache as reverse proxy

Note: Make sure that your domain or subdomain which you want to use for isso has DNS configured already.

Enable proxy modules.

a2enmod proxy
a2enmod proxy_http

You can just follow this post to install, setup Apache with certbot except for the part of virtualhost configuration.

Instead use this with proxy configuration.

<VirtualHost *:80>

  ServerName isso.MYDOMAIN.com
  ServerAlias isso.MYDOMAIN.com

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

  ProxyPass / http://localhost:8080/
  ProxyPassReverse / http://localhost:8080/

  LogLevel warn

  ErrorLog ${APACHE_LOG_DIR}/isso_error.log
  CustomLog ${APACHE_LOG_DIR}/isso_access.log combined

</VirtualHost>

<VirtualHost *:443>

  ServerName isso.MYDOMAIN.com
  ServerAlias isso.MYDOMAIN.com

  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLHonorCipherOrder On
  Header always set Strict-Transport-Security "max-age=63072000;"
  Header always set X-Frame-Options DENY
  Header always set X-Content-Type-Options nosniff

  SSLEngine on
  SSLCertificateKeyFile /etc/letsencrypt/live/isso.MYDOMAIN.com/privkey.pem
  SSLCertificateFile /etc/letsencrypt/live/isso.MYDOMAIN.com/fullchain.pem

  ProxyPass / http://localhost:8080/
  ProxyPassReverse / http://localhost:8080/

  ErrorLog ${APACHE_LOG_DIR}/isso_error.log
  CustomLog ${APACHE_LOG_DIR}/isso_access.log combined

</VirtualHost>

Don’t forget to enable your site, for example a2ensite /etc/apache2/sites-available/isso.conf. Reload or restart Apache afterwards.

And that would be it. :)