Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How to self-host comments on your otherwise static blog?
104 points by abdullahkhalids on May 6, 2020 | hide | past | favorite | 51 comments
I am using pelican to self host my blog/website. What is the best way to self-host comments?

What is the scope of GDPR compliance with storing these comments?

There's an open source version of https://commento.io/ for self-hosting a comment system. https://news.ycombinator.com/item?id=19210697 lists several others like https://github.com/posativ/isso

I would instead of hosting comments on the site itself offload comments to Twitter/HN and link to it from the article like https://overreacted.io

I wrote a self-hosted "comment server" a few years back, but in the end found it was more annoying than useful.

In the end I just setup a simple CGI script which takes each submitted comment, writes it to /srv/comments/pending/ and then sends me an email.

When I rebuild the blog all the comments from /srv/comments/approved are automatically inserted at the foot of the appropriate post. I have a manual step where I move the comments into the right directory "/approved" vs "/spam".

It isn't ideal, but it is simple, reliable, and works well at the level of scale I deal with at https://blog.steve.fi/

Hmm, I actually got an idea from your comment and the other comment suggesting to off-load the comments to a social site such as HN or Twitter: maybe instead of hosting the comments yourself, you just have a script that automatically aggregates comments from multiple sites and displays them on your site. I am not sure this is allowed by the Twitter/HN terms of use though.

I thought about just letting people send an e-mail with an ID that associates it to a blog article, but I'm worried that it increases the barrier of entry too much..

The best balance of usability, Freedom, and civility for me has been relying on people to email me, then sometimes—and with permission—edit their comment into my posts/pages.

That's what I do. Each of my pages has a comment link, it's just a mailto:. If I think the comment is useful, I'll append it to the comment section with my reply.

I bet it has a higher abandon rate than a webform. But that may be desirable I guess.

I'm sure it does, but, as you say, not a bad thing.

I changed my blog to be static. I don't trust any of these embedded comment systems, and don't don't want to risk the legal burden of hosting comments myself. I killed off a small community this way, which felt not great :(

I guess it was assumed that a GDPR-compliant software infrastructure would be able to grow from the ashes, but I haven't been following, and don't know what the state of the art is. It seems people mostly offload to other platform (twitter/discord) rather than host themselves now?

I miss when websites were more participatory - I respect + envy people who still do blogs with lively comment threads.

Another option is to host the comments in Github/Gitlab issues. There are several plugins that allow users to login using OAuth and post comments.

Gitalk is one of them: https://github.com/gitalk/gitalk/

Vssue supports both GitHub and GitLab, and allows users to edit and delete their comments: https://vssue.js.org/

And there is also Gitment: https://github.com/imsun/gitment

As someone who has been through this process, I strongly agree with the advice of Lammy and nikivi posted in this thread.

Unless you have a high-traffic blog with lots of user engagement, I think it's best to keep your blog clean and handle comments/feedback elsewhere.

It would be nice if there were a service where people could write their comments and have them expire after, say 24 hours, but the blogger could run a script which downloads them before that happens. By having a local copy of the comments, the blogger could check them and include the approved ones into their static content.

Each comment would be associated with a salted hash based on either an IP address (for anonymous comments) or an account on a social login provider (like Google or Facebook). By default, a user could only post 1 comment every 24 hours, but the blogger could then publish a whitelist of people who are exempt from that restriction.

If this were an open standard, then the blogger could switch their comment provider at a moment's notice, without losing any data.

That open standard exists, it’s called Webmention. You can use a free Webmention server like https://webmention.io and download comments with your API. Comments are just webpages where people respond to your blog.

Webmention works like this: Someone writes a reply on their blog and then sends you a Webmention. You can add it to your site or do whatever with it. It’s decentralized and there’s no vendor lock-in.

So it's just like trackbacks we used to have in the late 2000s?

Webmention is the current standard for doing what trackbacks did, and simplified. Webmention doesn’t require any sort of RDF or special code like trackbacks. Verifying a Webmention only involves looking in the HTML for any link to the page being mentioned.

Use Webmention W3C standard and the free service at https://webmention.io/

Webmention works like this: Someone writes a reply on their blog and then sends you a Webmention. You can add it to your site or do whatever with it. It’s decentralized and there’s no vendor lock-in.

See it in action here: https://aaronparecki.com/2020/05/04/10/

You can even use services like https://brid.gy to back feed Twitter comments into Webmentions.

I just finished setting up brid.gy for my blog a week ago. while I havent handle and display the comments or reactions to the posts, it is satisfying to see the response from my friends on twitter or mastodon about my contents.

reading this thread makes me want to finish the reaction displayer design & script :D

I haven't tried it yet, but I came across Staticman which seems really cool: https://staticman.net/

Netlify also provides support for forms which could be used to accomplish this.

Can't speak to the GDPR aspect, but I don't imagine it would be much of an issue for just saving and displaying comments.

I successfully use Staticman for around three years now. It works really well.

I wrote a short post how to set it up on heroku to avoid GitHub quotas problem: https://muffinman.io/running-staticman-on-heroku/

Watch out, it is no longer maintained.

I used Staticman for a couple of years and it worked fine. But GitHub changed their API policy which broke Staticman.

Also, spam is really hard to handle with this. I had to unplug Staticman from my site because of it.

> GitHub changed their API policy which broke Staticman.

Can you clarify this / have any links? Thanks

EDIT: Ah, just tried the demo (now broken). It looks like it was allowing internet random's to post to GitHub under a single account owned by the site or the project, and I totally get why GitHub is going to pull that ASAP.

Ah, too bad. Thanks for the heads up.

I switched from Isso to Commento, but the latter has had an open bug that prevents login for almost a year:


For my site, I think I might as well not add comments at all, as I haven't found them to be terribly useful. The most useful discussion happens on HN, Twitter/Mastodon and email.

Plug for the platform that I work on, Coral[0]. We support newsrooms in many regions (including those that need to be GDPR compliant). You can self host the application on Heroku pretty easily with the button or run on a server if you like too.

[0]: https://docs.coralproject.net/talk/

I had a blog with comments. But spam made it painful to administer. Almost nothing beats spam except for very sophisticated captchas but then normal people also have trouble writing comments. So I have no comments on my blog now. If you want to "comment" you'll have to email me directly.

Well it's not self-hosted, but I made [1] YComments to allow hacker news comments on a static website.

[1] https://ycomments.benwinding.com/

Could have called it YCommentator :)

My god, that is brilliant!

That’s actually a good question. Yes hosting static htmls have been super easy for a decade. (Might have been getting harder recently actually lol) But managing comments always have been a headache.

I would add utterances [0], even if its not self-hosted.

[0] https://github.com/utterance/utterances

Last time it was posted, it was noted that utterances breaks GitHub's ToS in pretty much every way, and they could pull the plug on this really fast.

Can you clarify this? When you said this I assumed it was allowing internet random's to post to GitHub under a single account owned by the site or the project, and I totally get why GitHub is going to pull that ASAP (have seen that and got in rows over that before). But I just checked and it looks like you have to authorise the app and hence Utterances is posting under your GitHub account?

Come on people, the OP asked for a self-hosted comments solution. The number of OT replies is excessive, particularly when the same OT reply is repeated by several people.

I have built it myself using websockets. Wasn't that that hard or bad. https://worktheme.com

Happy to answer questions.

Anything for inline comments / annotations?

Take a look at https://hypothes.is/

I'd be far more worried about spam and malicious content than GDPR. Always assume someone will be trying to cram ads, pornography, and viruses into anything you create that allows user content.

My blog is decently high-traffic and has been static/Pelican for several years.

After using Disqus for a while I decided to drop comments entirely because they're more trouble than they're worth. A quick write up about it -- https://eli.thegreenplace.net/2018/turning-off-blog-comments...

TL;DR: don't.

Most of your issues seem to have been with Disqus and not with comments on your page in general, though I agree it's probably not worth attempting these days. Blog posts can be linked on FB, Twitter, Reddit and other places and those pages can deal with spam and their monetization better on their own premises, while you are not confined to one particular flavour of filtering/censorship for user comments (as with one service like Disqus). OTOH I don't particularly like the idea of actually interacting with Twitter/FB users as a blogger.

Your blog is very useful and knowledgeable I have read it for many yrs, and I think if someone has to reach out to you for asking any question surely they will reach out on twitter than blog comments.

I thought once of using NNTP for comments (the blog messages themself can also be readable with NNTP). You can have a link from a static web page to separate page that displays read-only comments, and has instructions to post (you could also use iframe, although I do not recommend that; a normal link would do better, I think). That is what I wanted to do, at least.

(I don't know about GDPR, though, sorry)

How about telling your users to post on github/gitlab issues if they have something valid to add?

There's also Talkyard Blog Comments: https://www.talkyard.io/blog-comments

GDPR: People can download their personal data, and delete their own accounts, via their user profile pages.

No ads, no tracking. Open source. (I develop Talkyard.)

AFAIK, GDPR only really becomes an issue for you, if your blog crosses a certain threshhold of views/comments.

Not sure where I read it, but it was in the range of something around 10,000 per day/week/month.

Definitely not something to crack your head over, if you just want to host a personal blog (unless you're a celebrity?).

SOURCE: I self-host a personal blog in Germany, and had read up on it a year or two ago.

Datensparsamkeit! There are more reasons to wanna to be in control of the data if your users instead of selling it off easily (e.g. the trust of your users). Additionally it can feel good to just know what happens instead of telling yourself: "I use google analytics like everybody else — that must be okay"

I actually develop my own solutions, there is no third-party analytics involved in my blog, the only "analytics" I do, is to keep track of which IP visits what resource, the only cookies that are set on my blog are session and chain IDs.

If you have the information available, on what the mentioned threshold is, please do share.

For the less than 10 visits a day my blog receives, of which 98% are bots, I'm not going to do a deep dive into GDPR policies.

In Europe, law doesn't work like in the US in the way that it's to be taken literally, but in the way that the law was intended - which is not to discriminate amateur blogs, but to enforce data protection amongst the big players, i.e. Facebook, YouTube, etc...

Therefore, I still stand by my original claim: For an amateur blog, don't crack your head over GDPR.

EDIT: Provided, of course, you don't use the tools of the big players, e.g. Google Analytics.

There is another tool call disqus. It's free and is really easy to integrate into your own page. You can check that out on my blog page.


Disqus was baked into the template I used for my blog so I kept it: https://thoughts.willcipriano.com/weird-python-tricks/

It works well and is simple to implement.

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact