Install tt-rss with nginx and Percona on Ubuntu 12.04

Starting with a base install of Ubuntu 12.04 with openssh installed

Install the Percona repo

import the Percona gpg key

sudo gpg --keyserver hkp:// --recv-keys 1C4CBDCDCD2EFD2A
sudo gpg -a --export CD2EFD2A | sudo apt-key add -

now edit /etc/apt/sources.list and add these lines

# for percona
deb precise main
deb-src precise main

now install percona

sudo apt-get update
sudo apt-get install percona-server-common-5.5 percona-server-server-5.5 libmysqlclient18 libmysqlclient16

Now install the rest of the pre-reqs

sudo apt-get install nginx php5-mysql php5-xmlrpc php5-curl php5-cli php5-fpm php5-gd php5-mcrypt php-apc git

Stop nginx

sudo service nginx stop

Create the directory for tt-rss

sudo mkdir -p /var/www/tt-rss

Create a suitable config for nginx in sites-available and link it to sites-enabled

server {
        listen [::]:80;
        server_name tt-rss;
        access_log  /var/log/nginx/tt-rss.access.log;
        error_log /var/log/nginx/tt-rss.error.log;
        root   /var/www/tt-rss;
 index index.php;
 client_max_body_size 20M;
 # while setting up I set an allow for the local network and deny all others, this prevents automatic logon to setup pages etc before default passwords have been set
        location / {
               # allow the local net
               # deny everything else
               deny all;
 # Lock out access to some folders that contains files that should not be world readable (not fully tested)
 location ~* (include/|lock/|utils/|locale/|classes/*) {deny all; }
 location = / { } # Needed for index.* to work
 # location ~* \.(txt|css|js|png|gif|ico|jpg|svg)$ { } # Allow these file endings
        location ~ \.php$ {
                # Filter out arbitrary code execution
 fastcgi_index index.php;
                # location ~ \..*/.*\.php$ {return 404;}
                include fastcgi_params;
 fastcgi_param SCRIPT_FILENAME /var/www/rss/$fastcgi_script_name;
 location ~* .(?:ico|css|js|gif|inc|txt|gz|xml|png|jpe?g) {
 expires max;
 access_log        off;
 log_not_found     off;

Now grab the source and change the owndership

sudo git clone /var/www/tt-rss
sudo chown -R www-data:www-data /var/www/tt-rss

Create the database and the user

mysql -u root -p 
GRANT ALL ON tt-rss.* TO ttrss-user IDENTIFIED BY "Password";

Import the schema

mysql -u root -p tt-rss < /var/www/tt-rss/schema/ttrss_schema_mysql.sql

Now start nginx and browse to the URL to complete the configuration

Once the configuration has been completed, create an executable upstart .conf script in /etc/init to update the feeds

description "tt-rss upstart script"
start on (runlevel [!2345] local-filesystems and net-device-up IFACE!=lo and started mysql)
stop on stopping mysql
respawn limit 2 1
setuid www-data
setgid www-data
exec /var/www/tt-rss/update_daemon2.php