Cryptpad

Cryptpad is a Zero Knowledge realtime collaborative editor. It is based on Node.js and comes with encryption. It relies on the ChainPad.


Note

For this guide you need some tools:

Prerequisites

Your website domain or subdomain needs to be setup up:

[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$

We also need Bower:

[isabell@stardust ~]$ npm install -g bower
npm WARN deprecated bower@1.8.8: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/

Please ignore Bower’s warning. As of this writing, CryptPad still uses Bower (not Yarn, not Parcel), and so will you.

Installation

Start with cloning the Cryptpad source code from Github and be sure to replace the branch 4.14.0 with the current release number from the feed:

[isabell@stardust ~]$ git clone --branch 5.2.1 --depth 1 https://github.com/xwiki-labs/cryptpad.git ~/cryptpad
Cloning into '~/cryptpad'...
remote: Enumerating objects: 15111, done.
remote: Counting objects: 100% (15111/15111), done.
remote: Compressing objects: 100% (11685/11685), done.
remote: Total 15111 (delta 3527), reused 14548 (delta 3359), pack-reused 0
Receiving objects: 100% (15111/15111), 84.83 MiB | 16.52 MiB/s, done.
Resolving deltas: 100% (3527/3527), done.
Note: checking out 'b0b4029556d89d8b6b0c30e9dfab528edb65813b'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

git checkout -b <new-branch-name>

Checking out files: 100% (19152/19152), done.
[isabell@stardust ~]$

Now we need to install the dependencies:

[isabell@stardust ~]$ cd ~/cryptpad
[isabell@stardust cryptpad]$ npm install
added 212 packages from 231 contributors and audited 375 packages in 4.828s
(...)
found 0 vulnerabilities
[isabell@stardust cryptpad]$ bower install
(...)
[isabell@stardust cryptpad]$

Configuration

Copy example configuration

[isabell@stardust ~]$ cd ~/cryptpad/
[isabell@stardust cryptpad]$ cp config/config.example.js config/config.js
[isabell@stardust cryptpad]$

Update configuration

Open config/config.js in an editor and edit following lines:

  1. Replace your instance URL for httpUnsafeOrigin: like so:

httpUnsafeOrigin: 'https://isabell.uber.space/',

This is the URL that will be used from the outside to access the Cryptpad installation.

2. Find the line //httpAddress: '::', and uncomment it by removing the two slashes. The value :: remains as it is. This will make sure that the server listens on all network interfaces.

  1. Find the line //httpSafePort: 3000,, uncomment it and replace the port with 80:

httpSafePort: 80,

Unfortunatley, it seems impossible to run Cryptpad with an unsafe and a safe domain as suggested. This would make it possible to mitigate cross site scripting attacks. That is why only the httpUnsafeOrigin is set while the httpSafeOrigin`is not set. So it is surprsing that the `httpSafePort needs to be set. This is hack to make Cryptpad generate the correct URL in the HTML.

Note

If you forget to make change 2, the command uberspace web backend list will later complain as follows:

[isabell@stardust ~]$ uberspace web backend list
/ http:3000 => NOT OK, wrong interface (127.0.0.1): PID 15682, /usr/bin/node server

Setup daemon

Create ~/etc/services.d/cryptpad.ini with the following content:

[program:cryptpad]
directory=%(ENV_HOME)s/cryptpad
command=node server
startsecs=60
autorestart=yes

Now let’s start the service:

After creating the configuration, tell supervisord to refresh its configuration and start the service:

[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE                            RUNNING   pid 26020, uptime 0:03:14
[isabell@stardust ~]$

Configure web server

Note

Cryptpad is running on port 3000. You need to use / or a sub-domain since subfolders are not allowed in cryptpad.

To make the application accessible from the outside, configure a web backend:

[isabell@stardust ~]$ uberspace web backend set / --http --port <port>
Set backend for / to port <port>; please make sure something is listening!
You can always check the status of your backend using "uberspace web backend list".
[isabell@stardust ~]$

Customization

For any further configuration or customization you should have a look at the Cryptpad Wiki.

Also you should configure a password salt as explained in the Cryptpad Admin Guide. You probably want to set up an admin account in config/config.js.

Updates

Note

Check the update feed regularly to stay informed about the newest version.

If there is a new version available, you can get the code using git. Replace the version number 4.14.0 with the latest version number you got from the release feed:

[isabell@stardust ~]$ cd ~/cryptpad
[isabell@stardust cryptpad]$ git pull origin 5.2.1
From https://github.com/xwiki-labs/cryptpad
 * tag                 4.14.0     -> FETCH_HEAD
Already up to date.

[isabell@stardust cryptpad]$

Now update the dependencies:

[isabell@stardust cryptpad]$ npm install
removed 1 package and audited 313 packages in 14.535s
found 0 vulnerabilities

[isabell@stardust cryptpad]$ bower update
(...)
[isabell@stardust cryptpad]$

Then you need to restart the service, so the new code is used by the webserver:

[isabell@stardust cryptpad]$ supervisorctl restart cryptpad
[isabell@stardust cryptpad]$

Tested with Cryptpad 5.2.1 and Uberspace 7.14.0

Written by: humbug <uberspace@humbug.pw>