Commento++ is a free, open source, fast & lightweight comments box that you can embed in your static website instead of Disqus.
- Markdown support
- Import from Disqus
- Voting
- Automated spam detection (Askimet and Perspective integration)
- Moderation tools
- Sticky comments
- Thread locking
- OAuth login (Google, Github, Twitter) and single sign-on
- Hot-reloading of comments
- Email notifications.
Please (donate) if you find my work helpful (this will always remain free and open source)!
- 🐱👤 Respects your privacy and no adverts
- 💄 Prettier comments box compared to other FOSS alternatives
- ⚡ Orders of magnitude lighter and faster than alternatives
- 🕐 One click to deploy your own instance to a free Heroku account in seconds
- 🔌 You can self-host too for maximum control!
To start you just need to launch an instance.
The button below will work for a Heroku account:
The button below will work for a free Railway account:
Otherwise, most of the below is the same as documented at https://docs.commento.io
If you want to self-host, you will need a PostgreSQL server handy and then:
- Use this repo's Dockerfile if you're into that kind of thing
- Download the plug and play pre-compiled version from the releases
- To build yourself, you can clone this repo (you will require
nodejs
,yarn
,golang
installed) and runmake prod
and you will generate./build/prod/commento
To launch, you should configure the following environment variables below:
$ export COMMENTO_ORIGIN=http://commento.example.com:8080
$ export COMMENTO_PORT=8080
$ export COMMENTO_POSTGRES=postgres://username:[email protected]:5432/commento?sslmode=disable
$ export COMMENTO_CDN_PREFIX=$COMMENTO_ORIGIN
And then you can run the commento
binary.
The logging defaults to off to preseve disk space, but you can specify the COMMENTO_ENABLE_LOGGING
environment variable to true to enable each page view being logged and a nice graph generated on your dashboard. This will however use up a lot of space quickly if you have a high traffic website; you may want to consider a more fully-featured analytics solution for your website.
e.g.
$ export COMMENTO_ENABLE_LOGGING=true
to turn this feature on.
A new feature added recently, with better edge-case handling of domain names, etc.
This feature however will open up your commento instance to abuse if it is shared between a lot of people (e.g. people registering e%
to register every domain beginning with e...)
As most of commento++ instances are serving one user only, I have assumed you will be sensible about this and enabled wildcard domain support by default.
If you want the old behaviour, you can disable this with an environment variable:
$ export COMMENTO_ENABLE_WILDCARDS=false
To enable Perspective (https://www.perspectiveapi.com/) spam detection add following environment variables:
$ export COMMENTO_PERSPECTIVE_KEY=YOUR_API_KEY_FROM_PERSPECTIVE
$ export COMMENTO_PERSPECTIVE_LIMIT=0.5
$ export COMMENTO_PERSPECTIVE_LANGUAGE=en
COMMENTO_PERSPECTIVE_KEY: To create a new Perspective API key follow the instructions at https://developers.perspectiveapi.com/s/docs-get-started
COMMENTO_PERSPECTIVE_LIMIT: The limit defines the minimum value for the Perspective probability summary score. Everything above the value will be flagged in Commentoplus. (Default 0.5)
COMMENTO_PERSPECTIVE_LANGUAGE: Configure the language to your requirements. (Default: en)
Make sure that you have enabled the automatic spam detection in the dashboard.
Commento++ allows configuration of the tlsConfig for both SMTPS as well as StartTLS for email sending. For context, this is required for the https://cloudron.io/ app package.
To skip SMTP hostname verification, use:
$ export SMTP_SKIP_HOST_VERIFY=true
If you have any issues with email sending relating to not using STARTTLS, consider:
$ export USE_STARTTLS=true
Alternatively you can use the pre-build images from:
Instructions for configuring the docker image can be found here. Are you missing a version? Please contact @caroga here.
Once you have created an account in your commento instance, it should give you instructions on how to embed this into your site! It should be as simple as:
<script defer src="https://(server url)/js/commento.js"></script>
<div id="commento"></div>
Remember to either forward the websockets through to commento in your nginx config, e.g.:
location / {
proxy_pass http://commento;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
Or if you'd rather not do that, disable websockets in favour of HTTP polling by adding data-no-websockets="true"
to the commento <script> tag (or `data-no-livereload="true"`` to only load comments on page load, see below!)
Commento++ supports native SSL without use of an nginx proxy. Three properties are required for Native SSL:
- COMMENTO_SSL
- COMMENTO_SSL_CERT
- COMMENTO_SSL_KEY
COMMENTO_SSL=true
enables native SSL. Default is false.
If COMMENTO_SSL=true
then COMMENTO_SSL_CERT
and COMMENTO_SSL_KEY
must be set to the path to a valid SSL Certificate and Key pair.
You can add the following to commento's script tag:
data-css-override="http://server/styles.css"
- A URL to a CSS file with overriding styles. Defaults to no override and uses Commento's default theme.data-auto-init="false"
- Commento automatically initialises itself when the page is loaded. If you prefer to load Commento dynamically (for example, after the user clicks a button), you can disable this. You will be required to callwindow.commento.main()
when you want to load Commento. By default, this is true.data-id-root="notcommento"
- By default, Commento looks for a<div>
withid="commento"
. If you want to load Commento in a different element, you can set this attribute to the ID of that element.data-no-fonts="true"
- By default, Commento uses the Source Sans Pro font to present a good design out-of-the-box. If you'd like to disable this so that Commento never loads the font files, you can set this to true. By default, this is true.data-hide-deleted
- By default, deleted comments with undeleted replies are shown with a "[deleted]" tag. If you'd like to disable this, setting this to true will hide deleted comments even if there are legitimate replies underneath. Deleted comments without any undeleted comments underneath are hidden irrespective of the value of this function. By default, this is false.data-no-websockets="true"
- Disables websocket functionality in favour of HTTP polling to have the same live reload functionality in a situation where websockets aren't allowed (e.g. a reverse proxy)data-no-livereload="true"
- Disabled all hot reload functionality (this supercedes the above flag) - all comments are loaded once and only once on page load.
e.g. Usage example:
<script defer src="https://chat.mookerj.ee/js/commento.js" data-no-websockets="true"></script>
Original source is from @adtac at https://gitlab.com/commento/commento/ - this fork is largely a result of me getting carried away fixing a lot of bugs but the original maintainer seemingly disappearing!
(Inconclusive) list of changes from upstream:
- NEW FEATURE: Auto refreshing comments with WebSockets for push updates
- NEW FEATURE: Window title updates when there's new activity
- NEW FEATURE: Permalinks, and a subtle yellow highlight animation for new comments when they come in live
- NEW FEATURE: Smooth scrolling
- NEW FEATURE: Hide +/- if no children
- NEW FEATURE: Errors now slide down from the top rather than the ugly error system before
- NEW FEATURE: Guests can leave their name
- FIXED: Twitter profile photo bug
- FIXED: Duplicate comment bug on login
- FIXED: Add target="_blank" to all external links, while also adding "noopener" to prevent XSS
- FIXED: Allow anchor links onto same page
- NEW FEATURE: Comment moderation dashboard, to approve/delete comments across your entire domain from one place
- NEW FEATURE: MathJax support hook, will plug in to any MathJax library included on the same page commento is on
- NEW FEATURE: Press enter to log in after entering your password
- FIXED: Deleted comments not returned in array
- NEW FEATURE: Reinit widget functionality for Single Page Applications
- NEW FEATURE: Wildcards possible in domain name (so can serve %.example.com)
- NEW FEATURE: Support of the Perspective API for spam detection (https://www.perspectiveapi.com/)
I've sent in merge requests for a lot of the above but I don't know when they'll be accepted, so here's a ready to use version with all batteries included to help out fellow bloggers!
Commento++ runs a bit of code on page load to initialize the widget. This widget can be customized by using data attributes on the script tag. When using commento++ in a SPA you might want to change the pageId for the widget when navigating to a new blog post without a browser page load. Below you'll find an example for an Commento++ component in React:
import React, { useEffect } from 'react'
const Commento = ({ pageId }) => {
useEffect(() => {
if (typeof window !== 'undefined' && !window.commento) {
// init empty object so commento.js script extends this with global functions
window.commento = {}
const script = document.createElement('script')
// Replace this with the url to your commento instance's commento.js script
script.src = `http://localhost:8080/js/commento.js`
script.defer = true
// Set default attributes for first load
script.setAttribute('data-auto-init', false)
script.setAttribute('data-page-id', pageId)
script.setAttribute('data-id-root', 'commento-box')
script.onload = () => {
// Tell commento.js to load the widget
window.commento.main()
}
document.getElementsByTagName('head')[0].appendChild(script)
} else if (typeof window !== 'undefined' && window.commento) {
// In-case the commento.js script has already been loaded reInit the widget with a new pageId
window.commento.reInit({
pageId: pageId,
})
}
}, [])
return <div id="commento-box" />
}
export default Commento
Commento initializes itself and extends the window.commento
object. When you have an HTML element with the id commento
this will live on the window.commento
namespace. Replacing the HTML element (as SPAs do) the window.commento
is reset to the new element, losing all extended functionality provided by the commento++ script. Make sure to provide a data-id-root
other than commento
for this to work, see commento-box
in the example above.
The window.commento.reInit
function can be called with the following updated options (all optional):
{
pageId: "string", // eg: "path/to/page"
idRoot: "string", // eg: "new-element-id"
noFonts: "string", // Boolean string, "true" or "false"
hideDeleted: "string", // Boolean string, "true" or "false"
cssOverride: "string" // or null to reset to undefined
}