--- title: "Cryptpad" date: 2021-05-7T22:08:55+02:00 draft: true image: "uploads/ILMO_bordered.png" tags: [FOSS] categories: [Projects, English] --- # Prerequisites ## Install nginx, npm and bower ``` $ sudo apt update $ sudo apt upgrade $ sudo apt install nginx npm certbot $ npm install -g bower ``` ## Set domain to your server Your server should be reachable via `pad.example.com` # Installation In your webroot clone the repository ``` $ git clone https://github.com/xwiki-labs/cryptpad cd ~/cryptpad ``` List the latest releases ``` $ git tag | tail 4.0.0 4.1.0 4.2.0 4.2.1 4.3.0 4.3.1 4.4.0 4.5.0 <--- this is the latest v1.14.0 v1.15.0 ``` and checkout the latest ``` $ git checkout 4.5.0 ``` Now install the needed dependencies ``` $ npm install $ bower install ``` And make sure that the files are owned by the web user ``` $ cd .. $ chown -R www-data:www-data cryptpad/ ``` # Configure ## Configure reverse proxy and SSL Request your letsencrypt certificate ``` certbot certonly --nginx --agree-tos -d bbb.example.com ``` $ ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net ~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/ Create the configuration for the site in `/etc/nginx-sites-enabled/pad` ``` server { listen 80; listen [::]:80; if ($scheme = http) { return 301 https://$server_name$request_uri; } # listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/pad.hyteck.de/cert.pem; ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem; ssl_protocols TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; server_name pad.hyteck.de; # Set header add_header X-Clacks-Overhead "GNU Terry Pratchett"; add_header Permissions-Policy interest-cohort=(); #Anti FLoC location / { if (-f $document_root/under_maintenance.html) { return 503; } proxy_pass http://127.0.0.1:3000; } error_page 503 /under_maintenance.html; location = /under_maintenance.html { } } ``` and test with `nginx -t`. If everything is fine use `nginx -s reload`. ## Configure cryptpad Copy the config, uncomment and adjust httpSafeOrigin $ cp config/config.example.js config/config.js $ vim config/config.js ``` If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration). # Start ## Start via systemd Create a service with the following content ``` $ vim /etc/systemd/system/cryptpad.service ``` enable and start the service ``` $ systemctl enable cryptpad Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service. $ systemctl start ``` # Final notes The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution! If you have any questions or you found any errors, please contact me!