hyteck-blog/content/post/cryptpad.md

155 lines
3.2 KiB
Markdown
Raw Permalink Normal View History

2023-01-24 14:17:27 +00:00
---
title: "Cryptpad"
date: 2021-05-7T22:08:55+02:00
draft: true
image: "uploads/ILMO_bordered.png"
tags: [FOSS]
categories: [Projects, English]
---
# Prerequisites
## Install nginx, npm and bower
```
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nginx npm certbot
$ npm install -g bower
```
## Set domain to your server
Your server should be reachable via `pad.example.com`
# Installation
In your webroot clone the repository
```
$ git clone https://github.com/xwiki-labs/cryptpad
cd ~/cryptpad
```
List the latest releases
```
$ git tag | tail
4.0.0
4.1.0
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.0 <--- this is the latest
v1.14.0
v1.15.0
```
and checkout the latest
```
$ git checkout 4.5.0
```
Now install the needed dependencies
```
$ npm install
$ bower install
```
And make sure that the files are owned by the web user
```
$ cd ..
$ chown -R www-data:www-data cryptpad/
```
# Configure
## Configure reverse proxy and SSL
Request your letsencrypt certificate
```
certbot certonly --nginx --agree-tos -d bbb.example.com
```
$ ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de
curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net
~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/
Create the configuration for the site in `/etc/nginx-sites-enabled/pad`
```
server {
listen 80;
listen [::]:80;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
#
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/pad.hyteck.de/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem;
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name pad.hyteck.de;
# Set header
add_header X-Clacks-Overhead "GNU Terry Pratchett";
add_header Permissions-Policy interest-cohort=(); #Anti FLoC
location / {
if (-f $document_root/under_maintenance.html) {
return 503;
}
proxy_pass http://127.0.0.1:3000;
}
error_page 503 /under_maintenance.html;
location = /under_maintenance.html {
}
}
```
and test with `nginx -t`. If everything is fine use `nginx -s reload`.
## Configure cryptpad
Copy the config, uncomment and adjust httpSafeOrigin
$ cp config/config.example.js config/config.js
$ vim config/config.js
```
If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration).
# Start
## Start via systemd
Create a service with the following content
```
$ vim /etc/systemd/system/cryptpad.service
```
enable and start the service
```
$ systemctl enable cryptpad
Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service.
$ systemctl start
```
# Final notes
The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution!
If you have any questions or you found any errors, please contact me!