RSS Bridge with tt-rss

nobody · September 22, 2020, 7:22pm

Describe the problem you’re having:

Using rss-bridge with tt-rss
rss-bridge is installed in a subfolder of tt-rss called rssbridge and works correctly
…

If possible include steps to reproduce the problem:

When attempting to update the feed, ttrss throws the following error (and the feed does not update):
Requested URL failed extended validation.

Worked until recent vulnerability fixes.

Sample url feed:
http://localhost/rssbridge/?action=display&bridge=NasaApod&format=Atom
…

tt-rss version (including git commit id):
v20.09-05744bb47
…

Platform (i.e. Linux distro, PHP, PostgreSQL, etc) versions:
ubuntu 20.1
Linux localhost-u 5.4.0-48-generic #52-Ubuntu SMP
PostgreSQL 12.2

evildarkarchon · September 22, 2020, 10:42pm

TT-RSS was recently updated to not download anything from localhost or any 127.0.0.0/8 IP addresses. Try using the network IP instead and see if it works.

teddokarrun · September 23, 2020, 12:48am

ok this was unexpected, tt-rss has stopped getting rss from my supporting apps

rssbridge, rsshub, morss, nitter, bibliogram

at least mercury-parser-api working, i wonder.

for example rsshub
internal docker: http://rsshub:1200/hackernews/ask/story (host:port - this was working)
external browser (LAN only): http://rsshub.domain/hackernews/ask/story
now tt-rss cant access internal url and for extenal url it says

Couldn’t download the specified URL: ; 28 Connection timed out after 15001 milliseconds

evildarkarchon · September 23, 2020, 1:46am

If you can, put the internal server on a standard port (80 for HTTP, 443 for HTTPS), the fetch_file_contents function has been restricted to only downloading from those ports because of security concerns. I re-read the commit log and I think you can access tt-rss locally on any address/port combo, but it won’t download anything (including feeds) from servers that are not on a standard port.

nobody · September 23, 2020, 10:14pm

I tried naming the server (ttrss) instead eg: http://ttrss/rssbridge/?action=display&bridge=NasaApod&format=Atom in the hosts file.

I got ttrss to work, but the same error was reported. I was using the regular port 80.

dugite-code · September 24, 2020, 2:25am

I have tt-rss and rss-bridge in docker containers with nginx in front as a reverse proxy without any issues.

When subscribing to a feed I use the full domain and not the docker alias. The docker container resolves the domain as the server’s external IP address i.e. 10.1.1.100

https://example.tld/rss-bridge/?action=display&bridge=TheHackerNews&format=Atom

I should also note that tt-rss and rss-bridge do not share the same docker network and I don’t have the network set to host.

fox · September 24, 2020, 5:02am

short hosts are allowed, unless they resolve to loopback. URL hostname doesn’t have to be fully qualified. it has to be accessible for tt-rss, though. short hostname on a different docker network won’t be.

also,

this isn’t a validation related error. check your docker networking / firewall.

nobody · September 24, 2020, 9:10pm

Can there be a setting in config.php added to allow loopback for certain directories?

Thanks…

IllIllI · October 1, 2020, 3:22pm

I face the same issue. I use a LAN IP address instead of the local loopback now.
For example in /etc/hosts:

192.168.60.59   myself-on-LAN

and then replacing any RSS subscription feed URL from http://localhost:1234/bridge.php[...] to http://myself-on-LAN/bridge.php[...]

Edit: By the way, I found out that using a host name such as “myself_on_LAN” (with underscore “_” characters) will make the “extended validation” fail (because of filter_var($url_filter_var, FILTER_VALIDATE_URL) so don’t use them in your /etc/hosts file!

Here is how to update the fields in Postgresql:

UPDATE ttrss_feeds SET feed_url = REPLACE ( feed_url, 'localhost:1234', 'myself-on-LAN' );
SELECT feed_url FROM ttrss_feeds; //Display the results

Obviously this assumes a reverse proxy has been set up to forward requests on port 80 to the appopriate port.
Example for nginx:

server {
  listen       80;
  server_name  mylocalhost;
  location / {
    include proxy_params;
    proxy_pass http://127.0.0.1:1234;
  }
}

I find it a bit daft to have to hit a router/gateway in order to reach a locally hosted service (instead of going straight for loopback), but I’m no security expert nor sysadmin so I guess we have no choice here? Still very weird to me.

teddokarrun · November 17, 2020, 2:43pm

my docker container had external DNS, thats why it was not talking to each other. Added internal DNS too and issue was fixed

abjil · April 18, 2024, 12:31am

I set up tt-rss and RSS-bridge (rssbridge.userver.lan on a machine userver.lan with NPM installed) and both are working. When I am trying to subscribe to a feed from RSS-bridge, say,

http://rssbridge.userver.lan/?action=display&bridge=VkBridge&u=downtr&format=Atom

I get an error message

Couldn’t download the specified URL: cURL error 6: Could not resolve host: rssbridge.userver.lan (see libcurl - Error Codes) for … (feed url)

In FreshRSS subscription works just fine.

wn_name · April 18, 2024, 2:53am

Are you running both in Docker containers? Are you able to subscribe to Internet-based feeds? tt-rss doesn’t have anything to do with DNS resolution, so you may need to adjust something.

abjil · April 18, 2024, 1:37pm

Both answers are “yes”, and I fixed the DNS, thanks to your question/comment (a rather silly mistake of mine).