hyteck-blog/content/post/cryptpad.md

3.2 KiB

title date draft image tags categories
Cryptpad 2021-05-7T22:08:55+02:00 true uploads/ILMO_bordered.png
FOSS
Projects
English

Prerequisites

Install nginx, npm and bower

$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nginx npm certbot
$ npm install -g bower

Set domain to your server

Your server should be reachable via pad.example.com

Installation

In your webroot clone the repository

$ git clone https://github.com/xwiki-labs/cryptpad
cd ~/cryptpad

List the latest releases

$ git tag | tail
4.0.0
4.1.0
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.0 <--- this is the latest
v1.14.0
v1.15.0

and checkout the latest

$ git checkout 4.5.0

Now install the needed dependencies

$ npm install
$ bower install

And make sure that the files are owned by the web user

$ cd ..
$ chown -R www-data:www-data cryptpad/

Configure

Configure reverse proxy and SSL

Request your letsencrypt certificate

certbot certonly --nginx --agree-tos -d bbb.example.com

$ ~/.acme.sh/acme.sh --issue --nginx -d pad.hyteck.de -d sandbox.hyteck.de curl https://get.acme.sh | sh -s email=julian-samuel@gebuehr.net ~/.acme.sh/acme.sh --issue -d pad.hyteck.de -d sandbox.hyteck.de -w /var/www/ILMO/

Create the configuration for the site in /etc/nginx-sites-enabled/pad

server {
        listen 80;
        listen [::]:80;

        if ($scheme = http) {
                return 301 https://$server_name$request_uri;
        }

        #
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate     /etc/letsencrypt/live/pad.hyteck.de/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/pad.hyteck.de/privkey.pem;
        ssl_protocols       TLSv1.3;
        ssl_ciphers         HIGH:!aNULL:!MD5;


        server_name pad.hyteck.de;


    # Set header
    add_header X-Clacks-Overhead "GNU Terry Pratchett";
    add_header Permissions-Policy interest-cohort=(); #Anti FLoC


        location  / {
            if (-f $document_root/under_maintenance.html) {
                            return 503;
            }
                proxy_pass http://127.0.0.1:3000;
        }
    error_page 503 /under_maintenance.html;
                location = /under_maintenance.html {
        }

}

and test with nginx -t. If everything is fine use nginx -s reload.

Configure cryptpad

Copy the config, uncomment and adjust httpSafeOrigin

$ cp config/config.example.js config/config.js $ vim config/config.js


If you also want to run Grafana on this server adjust the httpPort and httpSafePort (dont forget the nginx configuration).


# Start

## Start via systemd

Create a service with the following content

$ vim /etc/systemd/system/cryptpad.service


enable and start the service

$ systemctl enable cryptpad Created symlink /etc/systemd/system/multi-user.target.wants/cryptpad.service → /etc/systemd/system/cryptpad.service. $ systemctl start


# Final notes

The guide here was heavily inspired by the guide at [Uberspace](https://lab.uberspace.de/guide_cryptpad.html). If you want to only run a crpytpad, uberspace is a good solution!

If you have any questions or you found any errors, please contact me!