Skip to content

FreshRSS

Overview

FreshRSS is a self-hosted RSS feed aggregator. It is lightweight, easy to work with, powerful, and customizable.

Container: freshrss
Image: freshrss/freshrss:edge
LXC: LXC-104 (Services)
IP: 192.168.1.104
Port: 8787 → 80
Data: /opt/docker/freshrss/
External: https://feed.ncls.ltd

Configuration

Compose Configuration

  • Timezone: Europe/Paris
  • Cron Schedule: Feeds refresh at minutes 2 and 32 of each hour
  • Environment: Development mode for detailed logs
  • Trusted Proxy: 192.168.1.103/16 (LXC-103 Caddy reverse proxy)
  • Health Check: Runs every 75 seconds

Volumes

  • /opt/docker/freshrss/data: Application data (database, config)
  • /opt/docker/freshrss/extensions: Custom extensions

Authentication

Web UI

auth_type: form — FreshRSS manages its own login. No Authelia SSO on feed.ncls.ltd.

Why not http_auth (SSO via Remote-User header)?
In http_auth mode, FreshRSS ignores the Google Reader/Fever API's own token-based authentication and relies exclusively on the Remote-User header for every request. API clients (Capyreader, etc.) bypass Authelia in Caddy and therefore never receive that header — write operations (mark as read, star) fail silently with HTTP 200 but no DB change. form auth is the only mode compatible with both the web UI and API clients simultaneously.

API (Mobile Clients)

The Google Reader API uses a separate API password, independent of the web login password.

  • API endpoint: https://feed.ncls.ltd/api/greader.php
  • Username: FreshRSS username (nico)
  • Password: API password set in FreshRSS → Profile → Authentication → API password

To reset the API password via CLI (no current password required):

lxc-attach -n 104 -- docker exec freshrss \
  php /var/www/FreshRSS/cli/update-user.php --user=nico --api-password="<newpassword>"
lxc-attach -n 104 -- docker exec freshrss cli/access-permissions.sh

Compatible clients: Capyreader (Android), Read You, Fluent Reader Lite, Newsflash, Reeder Classic.