
Ask HN: How to self-host comments on your otherwise static blog? - abdullahkhalids
I am using pelican to self host my blog&#x2F;website. What is the best way to self-host comments?<p>What is the scope of GDPR compliance with storing these comments?
======
mtmail
There's an open source version of [https://commento.io/](https://commento.io/)
for self-hosting a comment system.
[https://news.ycombinator.com/item?id=19210697](https://news.ycombinator.com/item?id=19210697)
lists several others like
[https://github.com/posativ/isso](https://github.com/posativ/isso)

------
nikivi
I would instead of hosting comments on the site itself offload comments to
Twitter/HN and link to it from the article like
[https://overreacted.io](https://overreacted.io)

------
stevekemp
I wrote a self-hosted "comment server" a few years back, but in the end found
it was more annoying than useful.

In the end I just setup a simple CGI script which takes each submitted
comment, writes it to /srv/comments/pending/ and then sends me an email.

When I rebuild the blog all the comments from /srv/comments/approved are
automatically inserted at the foot of the appropriate post. I have a manual
step where I move the comments into the right directory "/approved" vs
"/spam".

It isn't ideal, but it is simple, reliable, and works well at the level of
scale I deal with at [https://blog.steve.fi/](https://blog.steve.fi/)

~~~
XCSme
Hmm, I actually got an idea from your comment and the other comment suggesting
to off-load the comments to a social site such as HN or Twitter: maybe instead
of hosting the comments yourself, you just have a script that automatically
aggregates comments from multiple sites and displays them on your site. I am
not sure this is allowed by the Twitter/HN terms of use though.

------
Lammy
The best balance of usability, Freedom, and civility for me has been relying
on people to email me, then sometimes—and with permission—edit their comment
into my posts/pages.

~~~
leephillips
That's what I do. Each of my pages has a comment link, it's just a mailto:. If
I think the comment is useful, I'll append it to the comment section with my
reply.

~~~
im3w1l-alt
I bet it has a higher abandon rate than a webform. But that may be desirable I
guess.

~~~
leephillips
I'm sure it does, but, as you say, not a bad thing.

------
ravila4
Another option is to host the comments in Github/Gitlab issues. There are
several plugins that allow users to login using OAuth and post comments.

Gitalk is one of them:
[https://github.com/gitalk/gitalk/](https://github.com/gitalk/gitalk/)

Vssue supports both GitHub and GitLab, and allows users to edit and delete
their comments: [https://vssue.js.org/](https://vssue.js.org/)

And there is also Gitment:
[https://github.com/imsun/gitment](https://github.com/imsun/gitment)

------
jan_Inkepa
I changed my blog to be static. I don't trust any of these embedded comment
systems, and don't don't want to risk the legal burden of hosting comments
myself. I killed off a small community this way, which felt not great :(

I guess it was assumed that a GDPR-compliant software infrastructure would be
able to grow from the ashes, but I haven't been following, and don't know what
the state of the art is. It seems people mostly offload to other platform
(twitter/discord) rather than host themselves now?

I miss when websites were more participatory - I respect + envy people who
still do blogs with lively comment threads.

------
jamieweb
As someone who has been through this process, I strongly agree with the advice
of Lammy and nikivi posted in this thread.

Unless you have a high-traffic blog with lots of user engagement, I think it's
best to keep your blog clean and handle comments/feedback elsewhere.

------
dane-pgp
It would be nice if there were a service where people could write their
comments and have them expire after, say 24 hours, but the blogger could run a
script which downloads them before that happens. By having a local copy of the
comments, the blogger could check them and include the approved ones into
their static content.

Each comment would be associated with a salted hash based on either an IP
address (for anonymous comments) or an account on a social login provider
(like Google or Facebook). By default, a user could only post 1 comment every
24 hours, but the blogger could then publish a whitelist of people who are
exempt from that restriction.

If this were an open standard, then the blogger could switch their comment
provider at a moment's notice, without losing any data.

~~~
alexmingoia
That open standard exists, it’s called Webmention. You can use a free
Webmention server like [https://webmention.io](https://webmention.io) and
download comments with your API. Comments are just webpages where people
respond to your blog.

Webmention works like this: Someone writes a reply on their blog and then
sends you a Webmention. You can add it to your site or do whatever with it.
It’s decentralized and there’s no vendor lock-in.

~~~
p4bl0
So it's just like _trackbacks_ we used to have in the late 2000s?

~~~
alexmingoia
Webmention is the current standard for doing what trackbacks did, and
simplified. Webmention doesn’t require any sort of RDF or special code like
trackbacks. Verifying a Webmention only involves looking in the HTML for any
link to the page being mentioned.

------
1wheel
[https://schnack.cool/](https://schnack.cool/)

------
tanrax
Easy: [https://github.com/glosa/glosa-server](https://github.com/glosa/glosa-
server)

------
alexmingoia
Use Webmention W3C standard and the free service at
[https://webmention.io/](https://webmention.io/)

Webmention works like this: Someone writes a reply on their blog and then
sends you a Webmention. You can add it to your site or do whatever with it.
It’s decentralized and there’s no vendor lock-in.

See it in action here:
[https://aaronparecki.com/2020/05/04/10/](https://aaronparecki.com/2020/05/04/10/)

You can even use services like [https://brid.gy](https://brid.gy) to back feed
Twitter comments into Webmentions.

~~~
ybbond
I just finished setting up brid.gy for my blog a week ago. while I havent
handle and display the comments or reactions to the posts, it is satisfying to
see the response from my friends on twitter or mastodon about my contents.

reading this thread makes me want to finish the reaction displayer design &
script :D

------
justusthane
I haven't tried it yet, but I came across Staticman which seems really cool:
[https://staticman.net/](https://staticman.net/)

Netlify also provides support for forms which could be used to accomplish
this.

Can't speak to the GDPR aspect, but I don't imagine it would be much of an
issue for just saving and displaying comments.

~~~
fbnlsr
Watch out, it is no longer maintained.

I used Staticman for a couple of years and it worked fine. But GitHub changed
their API policy which broke Staticman.

Also, spam is really hard to handle with this. I had to unplug Staticman from
my site because of it.

~~~
jarofgreen
> GitHub changed their API policy which broke Staticman.

Can you clarify this / have any links? Thanks

EDIT: Ah, just tried the demo (now broken). It looks like it was allowing
internet random's to post to GitHub under a single account owned by the site
or the project, and I totally get why GitHub is going to pull that ASAP.

------
StavrosK
I switched from Isso to Commento, but the latter has had an open bug that
prevents login for almost a year:

[https://gitlab.com/commento/commento/-/issues/174](https://gitlab.com/commento/commento/-/issues/174)

For my site, I think I might as well not add comments at all, as I haven't
found them to be terribly useful. The most useful discussion happens on HN,
Twitter/Mastodon and email.

------
wyattjoh
Plug for the platform that I work on, Coral[0]. We support newsrooms in many
regions (including those that need to be GDPR compliant). You can self host
the application on Heroku pretty easily with the button or run on a server if
you like too.

[0]:
[https://docs.coralproject.net/talk/](https://docs.coralproject.net/talk/)

------
bjourne
I had a blog with comments. But spam made it painful to administer. Almost
nothing beats spam except for very sophisticated captchas but then normal
people also have trouble writing comments. So I have no comments on my blog
now. If you want to "comment" you'll have to email me directly.

------
gitgud
Well it's not self-hosted, but I made [1] YComments to allow _hacker news_
comments on a static website.

[1] [https://ycomments.benwinding.com/](https://ycomments.benwinding.com/)

~~~
smichel17
Could have called it YCommentator :)

~~~
gitgud
My god, that is brilliant!

------
hartator
That’s actually a good question. Yes hosting static htmls have been super easy
for a decade. (Might have been getting harder recently actually lol) But
managing comments always have been a headache.

------
runxel
I would add utterances [0], even if its not self-hosted.

[0]
[https://github.com/utterance/utterances](https://github.com/utterance/utterances)

~~~
fbnlsr
Last time it was posted, it was noted that utterances breaks GitHub's ToS in
pretty much every way, and they could pull the plug on this really fast.

~~~
jarofgreen
Can you clarify this? When you said this I assumed it was allowing internet
random's to post to GitHub under a single account owned by the site or the
project, and I totally get why GitHub is going to pull that ASAP (have seen
that and got in rows over that before). But I just checked and it looks like
you have to authorise the app and hence Utterances is posting under your
GitHub account?

------
rhizome31
Come on people, the OP asked for a _self-hosted comments_ solution. The number
of OT replies is excessive, particularly when the same OT reply is repeated by
several people.

------
zkmon
I have built it myself using websockets. Wasn't that that hard or bad.
[https://worktheme.com](https://worktheme.com)

Happy to answer questions.

------
hbcondo714
Anything for inline comments / annotations?

~~~
gtramont
Take a look at [https://hypothes.is/](https://hypothes.is/)

------
nitwit005
I'd be far more worried about spam and malicious content than GDPR. Always
assume someone will be trying to cram ads, pornography, and viruses into
anything you create that allows user content.

------
eliben
My blog is decently high-traffic and has been static/Pelican for several
years.

After using Disqus for a while I decided to drop comments entirely because
they're more trouble than they're worth. A quick write up about it --
[https://eli.thegreenplace.net/2018/turning-off-blog-
comments...](https://eli.thegreenplace.net/2018/turning-off-blog-comments/)

TL;DR: don't.

~~~
lazyjones
Most of your issues seem to have been with Disqus and not with comments on
your page in general, though I agree it's probably not worth attempting these
days. Blog posts can be linked on FB, Twitter, Reddit and other places and
those pages can deal with spam and their monetization better on their own
premises, while you are not confined to one particular flavour of
filtering/censorship for user comments (as with one service like Disqus). OTOH
I don't particularly like the idea of actually interacting with Twitter/FB
users as a blogger.

------
zzo38computer
I thought once of using NNTP for comments (the blog messages themself can also
be readable with NNTP). You can have a link from a static web page to separate
page that displays read-only comments, and has instructions to post (you could
also use iframe, although I do not recommend that; a normal link would do
better, I think). That is what I wanted to do, at least.

(I don't know about GDPR, though, sorry)

------
searchableguy
How about telling your users to post on github/gitlab issues if they have
something valid to add?

------
KajMagnus
There's also Talkyard Blog Comments: [https://www.talkyard.io/blog-
comments](https://www.talkyard.io/blog-comments)

GDPR: People can download their personal data, and delete their own accounts,
via their user profile pages.

No ads, no tracking. Open source. (I develop Talkyard.)

------
klingonopera
AFAIK, GDPR only _really_ becomes an issue for you, if your blog crosses a
certain threshhold of views/comments.

Not sure where I read it, but it was in the range of something around 10,000
per day/week/month.

Definitely not something to crack your head over, if you just want to host a
personal blog (unless you're a celebrity?).

SOURCE: I self-host a personal blog in Germany, and had read up on it a year
or two ago.

~~~
atoav
Datensparsamkeit! There are more reasons to wanna to be in control of the data
if your users instead of selling it off easily (e.g. the trust of your users).
Additionally it can feel good to just _know_ what happens instead of telling
yourself: "I use google analytics like everybody else — that _must_ be okay"

~~~
klingonopera
I actually develop my own solutions, there is no third-party analytics
involved in my blog, the only "analytics" I do, is to keep track of which IP
visits what resource, the only cookies that are set on my blog are session and
chain IDs.

If you have the information available, on what the mentioned threshold is,
please do share.

For the less than 10 visits a day my blog receives, of which 98% are bots, I'm
not going to do a deep dive into GDPR policies.

In Europe, law doesn't work like in the US in the way that it's to be taken
literally, but in the way that the law was intended - which is not to
discriminate amateur blogs, but to enforce data protection amongst the big
players, i.e. Facebook, YouTube, etc...

Therefore, I still stand by my original claim: For an amateur blog, don't
crack your head over GDPR.

EDIT: Provided, of course, you don't use the tools of the big players, e.g.
Google Analytics.

------
whattheyong
There is another tool call disqus. It's free and is really easy to integrate
into your own page. You can check that out on my blog page.

[https://blog.phuaxueyong.com/post/2020-05-03-3-more-cloud-
de...](https://blog.phuaxueyong.com/post/2020-05-03-3-more-cloud-design-
pattern)

------
willcipriano
Disqus was baked into the template I used for my blog so I kept it:
[https://thoughts.willcipriano.com/weird-python-
tricks/](https://thoughts.willcipriano.com/weird-python-tricks/)

It works well and is simple to implement.

