Add unfinished cryptpad post
This commit is contained in:
parent
6565cd3519
commit
775a2afede
154
content/post/cryptpad.md
Normal file
154
content/post/cryptpad.md
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
---
|
||||||
|
title: "Cryptpad"
|
||||||
|
date: 2021-05-7T22:08:55+02:00
|
||||||
|
draft: true
|
||||||
|
image: "uploads/ILMO_bordered.png"
|
||||||
|
tags: [FOSS]
|
||||||
|
categories: [Projects, English]
|
||||||
|
---
|
||||||
|
|
||||||
|
# Prerequisites
|
||||||
|
|
||||||
|
## Install nginx, npm and bower
|
||||||
|
|
||||||
|
```
|
||||||
|
$ sudo apt update
|
||||||
|
$ sudo apt upgrade
|
||||||
|
$ sudo apt install nginx npm certbot
|
||||||
|
$ npm install -g bower
|
||||||
|
```
|
||||||
|
## Set domain to your server
|
||||||
|
|
||||||
|
Your server should be reachable via `pad.example.com`
|
||||||
|
|
||||||
|
# Installation
|
||||||
|
|
||||||
|
In your webroot clone the repository
|
||||||
|
```
|
||||||
|
$ git clone https://github.com/xwiki-labs/cryptpad
|
||||||
|
cd ~/cryptpad
|
||||||
|
```
|
||||||
|
|
||||||
|
List the latest releases
|
||||||
|
```
|
||||||
|
$ git tag | tail
|
||||||
|
4.0.0
|
||||||
|
4.1.0
|
||||||
|
4.2.0
|
||||||
|
4.2.1
|
||||||
|
4.3.0
|
||||||
|
4.3.1
|
||||||
|
4.4.0
|
||||||
|
4.5.0 <--- this is the latest
|
||||||
|
v1.14.0
|
||||||
|
v1.15.0
|
||||||
|
|
||||||
|
```
|
||||||
|
and checkout the latest
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git checkout 4.5.0
|
||||||
|
```
|
||||||
|
|
||||||
|
Now install the needed dependencies
|
||||||
|
```
|
||||||
|
$ npm install
|
||||||
|
$ bower install
|
||||||
|
```
|
||||||
|
|
||||||
|
And make sure that the files are owned by the web user
|
||||||
|
|
||||||
|
```
|
||||||
|
$ cd ..
|
||||||
|
$ chown -R www-data:www-data cryptpad/
|
||||||
|
```
|
||||||
|
|
||||||
|
# Configure
|
||||||
|
|
||||||
|
## Configure reverse proxy and SSL
|
||||||
|
|
||||||
|
Request your letsencrypt certificate
|
||||||
|
```
|
||||||
|
certbot certonly --nginx --agree-tos -d bbb.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
$ ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de
|
||||||
|
curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net
|
||||||
|
~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/
|
||||||
|
|
||||||
|
Create the configuration for the site in `/etc/nginx-sites-enabled/pad`
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
if ($scheme = http) {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/pad.hyteck.de/cert.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem;
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
|
||||||
|
|
||||||
|
server_name pad.hyteck.de;
|
||||||
|
|
||||||
|
|
||||||
|
# Set header
|
||||||
|
add_header X-Clacks-Overhead "GNU Terry Pratchett";
|
||||||
|
add_header Permissions-Policy interest-cohort=(); #Anti FLoC
|
||||||
|
|
||||||
|
|
||||||
|
location / {
|
||||||
|
if (-f $document_root/under_maintenance.html) {
|
||||||
|
return 503;
|
||||||
|
}
|
||||||
|
proxy_pass http://127.0.0.1:3000;
|
||||||
|
}
|
||||||
|
error_page 503 /under_maintenance.html;
|
||||||
|
location = /under_maintenance.html {
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
and test with `nginx -t`. If everything is fine use `nginx -s reload`.
|
||||||
|
|
||||||
|
## Configure cryptpad
|
||||||
|
|
||||||
|
Copy the config, uncomment and adjust httpSafeOrigin
|
||||||
|
|
||||||
|
$ cp config/config.example.js config/config.js
|
||||||
|
$ vim config/config.js
|
||||||
|
```
|
||||||
|
|
||||||
|
If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration).
|
||||||
|
|
||||||
|
|
||||||
|
# Start
|
||||||
|
|
||||||
|
## Start via systemd
|
||||||
|
|
||||||
|
Create a service with the following content
|
||||||
|
|
||||||
|
```
|
||||||
|
$ vim /etc/systemd/system/cryptpad.service
|
||||||
|
```
|
||||||
|
|
||||||
|
enable and start the service
|
||||||
|
```
|
||||||
|
$ systemctl enable cryptpad
|
||||||
|
Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service.
|
||||||
|
$ systemctl start
|
||||||
|
```
|
||||||
|
|
||||||
|
# Final notes
|
||||||
|
|
||||||
|
The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution!
|
||||||
|
|
||||||
|
If you have any questions or you found any errors, please contact me!
|
Loading…
Reference in New Issue
Block a user