Self-Hosting Commento on a Hugo Blog

2025-07-01 18:22

誰還不是個蝜蝂⋯⋯
你看，
順手背起來個評論系統，又。

Goal
Stand up a fully self‑hosted Commento++ instance for a Hugo site.

0 · Component Diagram

Layer	Choice / Notes
VPS	Any small VM ≈ 1 GB RAM
OS	Ubuntu 24.04 LTS
Database	PostgreSQL 16
Runtime	Docker (`--network host`)
Proxy + TLS	Caddy 2 (Let’s Encrypt auto‑renew)
DNS / CDN	Cloudflare
Static Site	Hugo + bearblog‑neo
Comments	Commento++ (open‑source fork)
Custom CSS	`commento‑custom.css` (hides footer)

All examples use example.com / comments.example.com. Replace them with your own.

1 · PostgreSQL 16 Setup

1
2


apt update && apt install -y postgresql
systemctl enable --now postgresql

Create DB & user:

1
2
3


-- as postgres
CREATE USER commento WITH ENCRYPTED PASSWORD 'REPLACE_ME';
CREATE DATABASE commento OWNER commento;

Put these at the top of /etc/postgresql/16/main/pg_hba.conf:

host    commento  commento   127.0.0.1/32   md5
host    commento  commento   ::1/128        md5

(Optional) make MD5 the default:

1
2
3


ALTER SYSTEM SET password_encryption='md5';
\q
systemctl reload postgresql

2 · Run Commento++ in Docker

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apt install -y docker.io
systemctl enable --now docker

# pull maintained fork
docker pull wonderfall/commentoplusplus:latest

docker run -d \
  --name commento \
  --network host \
  -e COMMENTO_ORIGIN=https://comments.example.com \
  -e COMMENTO_POSTGRES=postgres://commento:%40REPLACE_ME@localhost:5432/commento?sslmode=disable \
  wonderfall/commentoplusplus:latest

3 · Caddy 2 Reverse Proxy + TLS

3.1 Install

1
2
3
4
5
6


apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor \
     -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
     | tee /etc/apt/sources.list.d/caddy-stable.list
apt update && apt install -y caddy

3.2 `/etc/caddy/Caddyfile`

comments.example.com {
    reverse_proxy localhost:8080
}

1
2


caddy validate --config /etc/caddy/Caddyfile
systemctl restart caddy

Keep Cloudflare record grey‑cloud (DNS‑only) until TLS is issued.

4 · Cloudflare DNS

Name	Type	Value	Proxy
comments	A	`<VPS‑IP>`	DNS‑only

Switch to Proxied after TLS works.

5 · First‑Time Commento Admin

Visit https://comments.example.com → Register
Add site:

Domain: example.com
Name:   Example Blog

Copy the generated <script> snippet.

6 · Hugo Integration

6.1 Partial

layouts/partials/commento.html

1
2
3
4
5
6
7


<link rel="stylesheet" href="/css/commento-custom.css">

<div id="commento"></div>

<script defer
        src="https://comments.example.com/js/commento.js"
        data-css-override="/css/commento-custom.css"></script>

Insert in layouts/_default/single.html:

{{ partial "commento.html" . }}

6.2 Hide “Powered by Commento”

static/css/commento-custom.css

1
2


/* Hide Commento footer branding */
.commento-footer { display:none !important; }

Deploy your Hugo site.

7 · Maintenance

1
2
3


docker logs -f commento           # view logs
docker restart commento           # restart
pg_dump -U commento commento > backup.sql   # backup

Caddy auto‑renews TLS; keep ports 80/443 open.

8 · Troubleshooting

Symptom	Fix
`pq: unknown authentication response: 10`	Ensure MD5 rules are first in `pg_hba.conf`, then `ALTER ROLE commento WITH PASSWORD '...'`; or switch to SCRAM and Commento++ supports it.
502 from Caddy	Check `docker logs commento`; container may not be ready.
Caddy won’t start	`caddy validate`, ensure ports 80/443 free.
Footer still visible	Confirm `/css/commento-custom.css` loads via `data-css-override`.

9 · Migration Checklist

Backup DB + CSS + partials
Re‑provision new VM (sections 1‑3)
Restore DB with psql
Update DNS → Caddy re‑issues certs

Done. You now have a private, footer‑free Commento++ behind Cloudflare & Caddy, reproducible from this guide.

測試了幾個小時，不好玩，扔。