---
title: "Cryptpad"
date: 2021-05-07T22:08:55+02:00
draft: true
image: "uploads/ILMO_bordered.png"
tags: [FOSS]
categories: [Projects, English]
---

# Prerequisites

## Install nginx, npm and bower

```
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nginx npm certbot
$ npm install -g bower
```
## Set domain to your server

Your server should be reachable via `pad.example.com`

# Installation

In your webroot clone the repository
```
$ git clone https://github.com/xwiki-labs/cryptpad
cd ~/cryptpad
```

List the latest releases
```
$ git tag | tail
4.0.0
4.1.0
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.0 <--- this is the latest
v1.14.0
v1.15.0

```
and checkout the latest

```
$ git checkout 4.5.0
```

Now install the needed dependencies
```
$ npm install
$ bower install
```

And make sure that the files are owned by the web user

```
$ cd ..
$ chown -R www-data:www-data cryptpad/
```

# Configure

## Configure reverse proxy and SSL

Request your letsencrypt certificate 
```
certbot certonly --nginx --agree-tos -d bbb.example.com
```

$  ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de
curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net
~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/

Create the configuration for the site in `/etc/nginx-sites-enabled/pad`

```
server {
        listen 80;
        listen [::]:80;

        if ($scheme = http) {
                return 301 https://$server_name$request_uri;
        }

        #
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate     /etc/letsencrypt/live/pad.hyteck.de/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem;
        ssl_protocols       TLSv1.3;
        ssl_ciphers         HIGH:!aNULL:!MD5;


        server_name pad.hyteck.de;


    # Set header
    add_header X-Clacks-Overhead "GNU Terry Pratchett";
    add_header Permissions-Policy interest-cohort=(); #Anti FLoC


        location  / {
            if (-f $document_root/under_maintenance.html) {
                            return 503;
            }
                proxy_pass http://127.0.0.1:3000;
        }
    error_page 503 /under_maintenance.html;
                location = /under_maintenance.html {
        }

}
```

and test with `nginx -t`. If everything is fine use `nginx -s reload`.

## Configure cryptpad

Copy the config, uncomment and adjust httpSafeOrigin

$ cp config/config.example.js config/config.js
$ vim config/config.js
```

If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration).


# Start

## Start via systemd

Create a service with the following content

```
$ vim /etc/systemd/system/cryptpad.service
```

enable and start the service
```
$ systemctl enable cryptpad
Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service.
$ systemctl start
```

# Final notes

The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution!

If you have any questions or you found any errors, please contact me!