Poche on Uberspace

This is a tutorial on how to install Poche (fr.: pocket) a self-hosted read-it-later app on an uberspace. Poche is an open-source version of Instapaper, Readabilty and co.

Edit 10.02.14: Poche is now called Wallabag. Added Section Security below.

Installation

This is assuming that you want to install poche into ~/html/poche/. The process is pretty straighforward and was adopted from the original documentation here and here.

  1. Download and Unzip
    wget https://github.com/inthepoche/poche/archive/1.2.0.zip -O poche-1.2.0.zip unzip poche-1.2.0.zip -d html/

  2. Remove the version number by renaming the directory
    mv ~/html/poche-1.2.0/ ~/html/poche

  3. Install dependent PHP packages
    cd ~/html/poche/ curl -s http://getcomposer.org/installer | php php composer.phar install

Configuration

  1. Install a config file and enter a salt value
    mv inc/poche/config.inc.php.new inc/poche/config.inc.php
    Now open inc/poche/config.inc.php with your favorite editor and change the SALT value to a random string.

  2. You can either use MySQL/Postgres or SQLite. Here we use the latter.
    cp install/poche.sqlite db/

  3. Finally, remove the install directory.
    rm install

In contrast to the original destination, the file permissions need not to be changed on an uberspace, since the webserver process runs as your user.

Now go to https://YOU.HOSTNAME.uberspace.de/poche/ and create a new account.

Use Poche

One of the first things to check out is the config page. It has links to the Browser Addons and the bookmarklet. From there you can also import your articles from another service, like Instapaper. Before, you have to download your data from the original site and copy it into your poche directory.

Drawbacks

The only drawback I have found so far is that there's no iOS client app, yet. On those devices, one can only use Poche via browser. However, there are apps for Android and Windows Phone.

Security

As Daniel from invisibletower.de pointed out to me, this installation procedure leaves a big gapping security hole. Everyone can access the sqlite database with this setup, e.g. https://yourhostname/poche/db/poche.sqlite. Daniel provides a tutorial for installing Wallabag circumventing this problem.
Another solution is to place an .htaccess file with the following content in the critical directories (assest/, cache/, db/, inc/, locale/).
Order deny,allow Deny from all
This seems to be standard procedure for many php based projects, can be done to an existing installation, and doesn't require symlinking during installation. The .htaccess files should be part of the Wallabag installation by default!