RSS reader with VeilNet
Prerequisites
- Docker and Docker Compose installed
- VeilNet registration token
- Access to VeilNet Guardian service
- Sufficient disk space for feed data
Overview
This guide shows you how to deploy FreshRSS, a free, self-hosted RSS feed aggregator, with VeilNet for secure remote access. FreshRSS allows you to read and manage RSS feeds from a single interface, similar to Google Reader.
With VeilNet, you can securely access your RSS reader from anywhere without exposing it to the public internet.
Step 1: Create Docker Compose Configuration
Create a docker-compose.yml file with the following configuration:
services:
veilnet-conflux:
container_name: veilnet-conflux
restart: unless-stopped
env_file:
- .env
image: veilnet/conflux:beta
pull_policy: always
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
network_mode: host
freshrss:
image: freshrss/freshrss:latest
container_name: freshrss
restart: unless-stopped
volumes:
- freshrss:/var/www/FreshRSS/data
environment:
- TZ=<YOUR_TIMEZONE>
- CRON_MIN=*/15
network_mode: "container:veilnet-conflux"
depends_on:
- veilnet-conflux
volumes:
freshrss:
driver: local
driver_opts:
type: none
o: bind
device: ./freshrss
Step 2: Create Environment File
Create a .env file in the same directory as your docker-compose.yml with the following variables:
VEILNET_REGISTRATION_TOKEN=<YOUR_REGISTRATION_TOKEN>
VEILNET_GUARDIAN=<YOUR_GUARDIAN_URL>
VEILNET_PORTAL=true
VEILNET_CONFLUX_TAG=<YOUR_CONFLUX_TAG>
VEILNET_CONFLUX_CIDR=<VEILNET_CIDR>
Replace the placeholders:
<YOUR_REGISTRATION_TOKEN>: Your VeilNet registration token (obtained from the VeilNet portal)<YOUR_GUARDIAN_URL>: The URL of your VeilNet Guardian service (e.g.,https://guardian.veilnet.app)<YOUR_CONFLUX_TAG>: A tag to identify this Conflux instance (e.g.,rss-reader)<VEILNET_CIDR>: Any IP address (e.g.,10.128.0.5/16) in CIDR format that belongs to the realm subnet (e.g.,10.128.0.0/16)<YOUR_TIMEZONE>: Your timezone (e.g.,America/New_York,Europe/London)
Step 3: Create Data Directories
Create the directory for persistent data storage:
mkdir -p freshrss
This directory will store:
freshrss: FreshRSS configuration, user data, and feed cache
Step 4: Deploy the Stack
Start all services:
docker-compose up -d
This will:
- Pull the FreshRSS and VeilNet Conflux images
- Start both containers
- Create persistent volume for data storage
- Automatically restart containers if they stop
Step 5: Verify Deployment
Check that all containers are running:
docker-compose ps
View the VeilNet Conflux logs to verify it's connecting:
docker logs veilnet-conflux -f
You should see logs indicating successful registration and connection to the VeilNet network.
Step 6: Initial Configuration
Local Access
- Open
http://localhost:8080in your browser - Complete the FreshRSS setup wizard:
- Select your language
- Choose database type: SQLite (default, suitable for most users)
- Create your administrator account
- Set the base URL (use your VeilNet IP, e.g.,
http://10.128.0.5:8080) - Complete the installation
- Log in with your administrator account
Remote Access via VeilNet
- Find your host's VeilNet IP address:
ip addr show veilnet
Or check the VeilNet portal to see your assigned IP address.
- Access FreshRSS from anywhere using
http://<veilnet-ip>:8080(e.g.,http://10.128.0.5:8080)
Step 7: Access Your RSS Reader
Local Access
Once the service is running, you can access it locally:
- Web UI:
http://localhost:8080
Remote Access via VeilNet
With VeilNet configured, you can access your RSS reader remotely from anywhere in the world using the host's VeilNet IP address, as long as your device is also connected to the same VeilNet realm.
Access the web interface using:
- Web UI:
http://<veilnet-ip>:8080(e.g.,http://10.128.0.5:8080)
Step 8: Add RSS Feeds
- Log in to FreshRSS (locally or via VeilNet IP)
- Click "Add a feed" or use the subscription management
- Enter the feed URL (e.g.,
https://example.com/feed.xml) - Choose a category (optional)
- Click "Add"
FreshRSS will automatically fetch and update feeds based on the cron schedule (every 15 minutes by default).
Updating Services
To update to newer versions:
docker-compose pull
docker-compose up -d
This will pull the latest images and restart the containers with updated versions.
Stopping and Removing
To stop all services:
docker-compose down
To remove containers and volumes (this will delete all data):
docker-compose down -v
Warning: Removing volumes will delete all feeds, articles, and user data. Make sure to export your feeds (OPML) before removing volumes.
FAQ
Can I use the FreshRSS mobile app?
Yes! FreshRSS supports the Fever API and Google Reader API, which many mobile RSS apps support. Configure your mobile app to connect to http://<veilnet-ip>:8080/api/fever.php or use the Google Reader API endpoint.
How do I change the feed update frequency?
Edit the CRON_MIN environment variable in docker-compose.yml. For example, */30 updates every 30 minutes, */60 updates every hour. You can also configure per-feed update frequencies in FreshRSS settings.
Can I import feeds from another RSS reader?
Yes! FreshRSS supports OPML import. Go to Subscription management → Import/Export to import your feeds from another RSS reader.
How do I share access with family members?
- Add family members to the same VeilNet realm through the VeilNet portal
- Once they can access FreshRSS via VeilNet IP, they can create accounts
- Each user can have their own feeds and preferences
- Since FreshRSS shares the network namespace with veilnet-conflux, it can also use the VeilNet TUN device for optimal network performance
Can I use a database other than SQLite?
Yes! FreshRSS supports PostgreSQL and MySQL. You'll need to add a database service to docker-compose.yml and update the FreshRSS environment variables. SQLite is fine for most users.
How do I back up my feeds?
FreshRSS has built-in export functionality. Go to Subscription management → Import/Export to export your feeds as OPML. You can also back up the freshrss directory directly.
Why use NET_ADMIN capability instead of privileged mode?
The NET_ADMIN capability provides only the necessary permissions for VeilNet to create and manage network interfaces, without granting full privileged access. This is more secure while still allowing VeilNet to function properly.