Mar 08, 2025 /

9 min read

Getting started

This guide will walk you through the basic configuration and customization of your trueblog installation.

Basic Site Configuration

The primary configuration is handled through the src/consts.ts file. This file contains essential settings that define your blog’s identity and behavior.

Core Configuration

1
export const SITE: Site = {
2
  TITLE: 'Name of your blog',
3
  DESCRIPTION: 'Description for your blog',
4
  AUTHOR: 'Name of the author',
5
  CANONICAL_URL: import.meta.env.DEV
6
    ? 'http://localhost:4321'
7
    : 'https://example.com',
8
  LOCALE: 'en',
9
  CATEGORIES: ['blog', 'projects'],
10
  OG_IMAGE: '/og-image.webp',
11

12
  TWITTER: {
13
    CREATOR: '@',
14
    CARD: 'summary_large_image',
15
  },
16

17
  NUM_POSTS_ON_HOMEPAGE: 3,
18
  NUM_PROJECTS_ON_HOMEPAGE: 3,
19
  SCHEDULED_POST_MARGIN: minutesToMilliseconds(15),
20
};

Configuration Fields Reference

Field	Required	Description
`TITLE`	✅	Your blog’s title - appears in header, SEO, and RSS feeds
`DESCRIPTION`	✅	Brief blog description for SEO and meta tags
`AUTHOR`	✅	Site author’s name
`CANONICAL_URL`	✅	Your site’s base URL (automatically switches for development)
`LOCALE`	❌	Site language code (defaults to ‘en’)
`CATEGORIES`	✅	Content categories for organization
`OG_IMAGE`	✅	Default social media preview image path
`TWITTER.CREATOR`	❌	Twitter handle for attribution
`TWITTER.CARD`	❌	Twitter card type (summary_large_image recommended)
`NUM_POSTS_ON_HOMEPAGE`	✅	Number of posts to show on homepage
`NUM_PROJECTS_ON_HOMEPAGE`	✅	Number of projects to display on homepage
`SCHEDULED_POST_MARGIN`	✅	Buffer time for scheduled posts (in milliseconds)

Configure your social media links in the same src/consts.ts file:

1
export const SOCIALS: Socials = [
2
  {
3
    NAME: 'Facebook',
4
    ICON: 'facebook',
5
    LABEL: `${SITE.AUTHOR} on Facebook`,
6
    HREF: 'https://www.facebook.com/johndoe',
7
  },
8
  // Add more social media platforms here
9
];

Field	Required	Description
`NAME`	✅	Platform name
`ICON`	✅	Platform icon identifier
`LABEL`	✅	Accessibility label and tooltip
`HREF`	✅	Profile URL

Open Graph Image Configuration

trueblog generates Open Graph images automatically at build time using Satori and Sharp. You can customize these images for both posts and your site.

Template Customization

The OG image templates are located in src/utils/og-images/templates/:

postTemplate.ts - For individual post images
siteTemplate.ts - For site-wide default images

Example template modification:

1
const markup = html(`
2
  // Your custom HTML template here
3
`);

Image Configuration

Customize image generation settings in src/utils/og-images/config.ts:

1
import { readFileSync } from 'fs';
2
import type { ImageConfig, SvgConfig } from './types';
3
import type { Font } from 'satori';
4

5
// Custom font configuration
6
const interRegular = readFileSync(
7
  `${process.cwd()}/public/og-fonts/inter-v18-latin-regular.ttf`
8
);
9
const interBlack = readFileSync(
10
  `${process.cwd()}/public/og-fonts/inter-v18-latin-900.ttf`
11
);
12

13
// Image format configuration
14
export const DEFAULT_IMAGE: ImageConfig = {
15
  format: 'webp',
16
  webpOptions: {
17
    quality: 90,
18
  },
19
};
20

21
// SVG dimensions
22
export const DEFAULT_SVG: SvgConfig = {
23
  width: 1200,
24
  height: 630,
25
  embedFont: true,
26
};
27

28
// Font configuration
29
export const DEFAULT_FONTS: Font[] = [
30
  {
31
    name: 'Inter',
32
    data: interRegular,
33
    weight: 400,
34
    style: 'normal',
35
  },
36
  {
37
    name: 'Inter',
38
    data: interBlack,
39
    weight: 900,
40
    style: 'normal',
41
  },
42
];

Configuration Options Reference

Font Configuration:

Option	Description
`name`	Font family name
`data`	Font file data
`weight`	Font weight (400=regular, 900=bold)
`style`	Font style (‘normal’/‘italic’)

Image Format Options:

Format	Available Options
JPEG	quality (1-100), chromaSubsampling, progressive, mozjpeg
WebP	quality (1-100), lossless, smartSubsample, effort (0-6)
AVIF	quality (1-100), lossless, chromaSubsampling, effort (0-9)

SVG Configuration:

Option	Description
`width`	Image width (default: 1200px)
`height`	Image height (default: 630px)
`embedFont`	Whether to embed fonts

Content Security Policy (CSP) Configuration

trueblog comes with pre-configured security headers optimized for Cloudflare Pages

Default Security Headers

The main security headers are defined in public/_headers:

1
/*
2
  X-Frame-Options: DENY
3
  X-Content-Type-Options: nosniff
4
  X-XSS-Protection: 0
5
  Referrer-Policy: no-referrer
6
  Permissions-Policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(self), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(self), xr-spatial-tracking=()
7
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
8
  Access-Control-Allow-Origin: https://example.com

Note: Make sure to change https://example.com in Access-Control-Allow-Origin: https://example.com to your domain. Alternatively, you can remove this line entirely if you don’t need to specify CORS access control.

Automatic CSP Hash Generation

trueblog uses Astro Shield to automatically generate Content Security Policy hashes during the build process. The system works as follows:

During build, astro-shield generates hashes in src/generated/sriHashes.mjs
The postbuild script (scripts/generate-csp-header.mjs) automatically adds these hashes to the _headers file

Here’s the script that handles the CSP header generation:

1
import fs from 'fs/promises';
2
import path from 'path';
3
import {
4
  inlineScriptHashes,
5
  inlineStyleHashes,
6
} from '../src/generated/sriHashes.mjs';
7

8
const headersPath = path.join(process.cwd(), 'dist', '_headers');
9

10
async function generateCSPHeader() {
11
  try {
12
    // Combine all script hashes
13
    const scriptHashes = new Set([...inlineScriptHashes]);
14

15
    // Combine all style hashes
16
    const styleHashes = new Set([...inlineStyleHashes]);
17

18
    // Generate CSP header
19
    const cspHeader =
20
      `Content-Security-Policy: default-src 'self'; object-src 'self'; script-src 'self' ${Array.from(
21
        scriptHashes
22
      )
23
        .map(hash => `'${hash}'`)
24
        .join(' ')}; connect-src 'self'; style-src 'self' ${Array.from(
25
        styleHashes
26
      )
27
        .map(hash => `'${hash}'`)
28
        .join(
29
          ' '
30
        )}; base-uri 'self'; img-src 'self' https://example.com; frame-ancestors 'none'; worker-src 'self'; manifest-src 'none'; form-action 'self';`.trim();
31

32
    // Read existing _headers file
33
    let headersContent = await fs.readFile(headersPath, 'utf-8');
34

35
    headersContent += '\n  ' + cspHeader;
36

37
    // Write updated content back to _headers file
38
    await fs.writeFile(headersPath, headersContent);
39

40
    console.log('CSP header generated and _headers file updated successfully.');
41
  } catch (error) {
42
    console.error('Error generating CSP header:', error);
43
  }
44
}
45

46
generateCSPHeader();

In the CSP header, you will find the directive:

1
img-src 'self' https://example.com;

This means images are allowed from the current origin (‘self’) and https://example.com. If you load images from a different source, replace https://example.com with your own image domain. If you only use local images, you can remove https://example.com entirely to enforce stricter security.

Same goes for fonts:

If you are using custom fonts, you need to ensure that they are included in your CSP. By default, you can import fonts into the public/fonts folder and reference them locally. However, if you are loading fonts from an external provider (e.g., Google Fonts), you need to update your CSP like this:

1
font-src 'self' https://example.com;

Replace https://example.com with the actual URL of your font provider. This ensures that only the specified sources can load fonts, improving security while allowing external font usage.

Syntax Highlighting

For syntax highlighting, Expressive Code is used.
Its configuration is defined in ec.config.mjs.

1
import { defineEcConfig } from 'astro-expressive-code';
2
import { pluginLineNumbers } from '@expressive-code/plugin-line-numbers';
3

4
export default defineEcConfig({
5
  plugins: [pluginLineNumbers()],
6
  themes: ['andromeeda'],
7

8
  styleOverrides: {
9
    // You can also override styles
10
    borderRadius: '0.5rem',
11
    uiFontFamily: 'JetBrains Mono',
12
    codeFontFamily: 'JetBrains Mono',
13
    codeFontSize: '1rem',
14
  },
15
});

Post Metadata Reference

Basic Fields

You can find frontmatter structure in src/content.config.ts

Field	Required	Type	Example / Default	Description
title	✅	string	”My Blog Post”	1-100 characters
pubDatetime	✅	date (z.coerce.date())	“2025-03-04T16:06:19Z” 1709571979000 ”March 4, 2025”	Can accept ISO 8601, timestamps, or natural date formats
description	✅	string	”Description of my post”	1-320 characters
draft	❌	boolean	false	If true, post won’t be published
author	❌	string	”truedaniyyel”	Defaults to SITE.AUTHOR
modDatetime	❌	date (z.coerce.date())	“2025-03-04T16:06:19Z”	Optional modification date
image	❌	image / string	”./images/post.png”	Min size 1200×630px if provided
demoUrl	❌	string (URL)	“https://demo.example.com”	Must be a valid URL
repoUrl	❌	string (URL)	“https://github.com/user/repo”	Must be a valid URL
canonicalURL	❌	string (URL)	“https://blog.example.com/post”	Must be a valid URL
editPost	❌	object	See below	Post editing configuration

editPost Object Properties

Property	Required	Type	Example / Default	Description
disabled	❌	boolean	false	Disable the edit button
url	❌	string	”https://github.com/user/repo/edit/main”	Edit URL
text	❌	string	”Edit this post”	Edit button text
appendFilePath	❌	boolean	true	Append file path to edit URL

Quick Copy Template

1
---
2
title: ''
3
pubDatetime: 2025-03-04
4
description: ''
5
draft: false
6
author: 'truedaniyyel'
7
# modDatetime: 2025-03-04
8
# image: "./images/post.png"
9
# demoUrl: ""
10
# repoUrl: ""
11
# canonicalURL: ""
12
# editPost:
13
#   url: ""
14
#   text: "Edit this post"
15
#   appendFilePath: true
16
---

Next Steps

After configuring these basic settings, you can:

Start creating content in the src/content/ directory
Customize your site’s appearance
Add or modify components in src/components/
Deploy your site using your preferred hosting platform

Deployment Options

Cloudflare

Configuration works out of the box with Cloudflare.

Other Hosting Platforms

For other hosting platforms, minor adjustments with CSP and SRI may be needed:

Vercel: Delete the scripts folder and follow the Vercel integration guide
Netlify: Delete the scripts folder and follow the Netlify integration guide

The security features work seamlessly with various Astro configurations, including Astro + Svelte or other frameworks.