3.2 KiB
title | date | draft | image | tags | categories | |||
---|---|---|---|---|---|---|---|---|
Cryptpad | 2021-05-7T22:08:55+02:00 | true | uploads/ILMO_bordered.png |
|
|
Prerequisites
Install nginx, npm and bower
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nginx npm certbot
$ npm install -g bower
Set domain to your server
Your server should be reachable via pad.example.com
Installation
In your webroot clone the repository
$ git clone https://github.com/xwiki-labs/cryptpad
cd ~/cryptpad
List the latest releases
$ git tag | tail
4.0.0
4.1.0
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.0 <--- this is the latest
v1.14.0
v1.15.0
and checkout the latest
$ git checkout 4.5.0
Now install the needed dependencies
$ npm install
$ bower install
And make sure that the files are owned by the web user
$ cd ..
$ chown -R www-data:www-data cryptpad/
Configure
Configure reverse proxy and SSL
Request your letsencrypt certificate
certbot certonly --nginx --agree-tos -d bbb.example.com
$ ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net ~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/
Create the configuration for the site in /etc/nginx-sites-enabled/pad
server {
listen 80;
listen [::]:80;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
#
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/pad.hyteck.de/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem;
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name pad.hyteck.de;
# Set header
add_header X-Clacks-Overhead "GNU Terry Pratchett";
add_header Permissions-Policy interest-cohort=(); #Anti FLoC
location / {
if (-f $document_root/under_maintenance.html) {
return 503;
}
proxy_pass http://127.0.0.1:3000;
}
error_page 503 /under_maintenance.html;
location = /under_maintenance.html {
}
}
and test with nginx -t
. If everything is fine use nginx -s reload
.
Configure cryptpad
Copy the config, uncomment and adjust httpSafeOrigin
$ cp config/config.example.js config/config.js $ vim config/config.js
If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration).
# Start
## Start via systemd
Create a service with the following content
$ vim /etc/systemd/system/cryptpad.service
enable and start the service
$ systemctl enable cryptpad Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service. $ systemctl start
# Final notes
The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution!
If you have any questions or you found any errors, please contact me!