diff --git a/content/post/cryptpad.md b/content/post/cryptpad.md new file mode 100644 index 0000000..f3d7e99 --- /dev/null +++ b/content/post/cryptpad.md @@ -0,0 +1,154 @@ +--- +title: "Cryptpad" +date: 2021-05-7T22:08:55+02:00 +draft: true +image: "uploads/ILMO_bordered.png" +tags: [FOSS] +categories: [Projects, English] +--- + +# Prerequisites + +## Install nginx, npm and bower + +``` +$ sudo apt update +$ sudo apt upgrade +$ sudo apt install nginx npm certbot +$ npm install -g bower +``` +## Set domain to your server + +Your server should be reachable via `pad.example.com` + +# Installation + +In your webroot clone the repository +``` +$ git clone https://github.com/xwiki-labs/cryptpad +cd ~/cryptpad +``` + +List the latest releases +``` +$ git tag | tail +4.0.0 +4.1.0 +4.2.0 +4.2.1 +4.3.0 +4.3.1 +4.4.0 +4.5.0 <--- this is the latest +v1.14.0 +v1.15.0 + +``` +and checkout the latest + +``` +$ git checkout 4.5.0 +``` + +Now install the needed dependencies +``` +$ npm install +$ bower install +``` + +And make sure that the files are owned by the web user + +``` +$ cd .. +$ chown -R www-data:www-data cryptpad/ +``` + +# Configure + +## Configure reverse proxy and SSL + +Request your letsencrypt certificate +``` +certbot certonly --nginx --agree-tos -d bbb.example.com +``` + +$ ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de +curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net +~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/ + +Create the configuration for the site in `/etc/nginx-sites-enabled/pad` + +``` +server { + listen 80; + listen [::]:80; + + if ($scheme = http) { + return 301 https://$server_name$request_uri; + } + + # + listen 443 ssl; + listen [::]:443 ssl; + ssl_certificate /etc/letsencrypt/live/pad.hyteck.de/cert.pem; + ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem; + ssl_protocols TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + + + server_name pad.hyteck.de; + + + # Set header + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + add_header Permissions-Policy interest-cohort=(); #Anti FLoC + + + location / { + if (-f $document_root/under_maintenance.html) { + return 503; + } + proxy_pass http://127.0.0.1:3000; + } + error_page 503 /under_maintenance.html; + location = /under_maintenance.html { + } + +} +``` + +and test with `nginx -t`. If everything is fine use `nginx -s reload`. + +## Configure cryptpad + +Copy the config, uncomment and adjust httpSafeOrigin + +$ cp config/config.example.js config/config.js +$ vim config/config.js +``` + +If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration). + + +# Start + +## Start via systemd + +Create a service with the following content + +``` +$ vim /etc/systemd/system/cryptpad.service +``` + +enable and start the service +``` +$ systemctl enable cryptpad +Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service. +$ systemctl start +``` + +# Final notes + +The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution! + +If you have any questions or you found any errors, please contact me!