CryptPad

3 minute read
, , ,

I decided that it would be nice to have a secure(ish) method of sharing docs, so went by a friends recommendation to try CryptPad. This is a sort of google docs lookalike with E2E encryption and can be hosted locally.

CryptPad has decentish docs, and the process is explained here. There were a couple of things that I had to work out on my own:

Node setup

  • Install NVM - this requires either logging in/out, or running the magical commands that result of it
  • Setup the recommended version of node: nvm install v16.14.2 && nvm use v16.14.2
  • Install all dependancies: npm install
  • Setup bower: npm install -g bower && bower install && bower update

Config

Next the config has to be, well, configured. This is described in the docs and quite obvious. There were a couple of extra things that needed to be added, but weren’t in the sample doc - but I found these in some random web search:

/*  CryptPad will display a point of contact for your instance on its contact page
 *  (/contact.html) if you provide it below.
 */
adminEmail: 'postmaster@ahiru.pl',

/*
 *  By default, CryptPad contacts one of our servers once a day.
 *  This check-in will also send some very basic information about your instance including its
 *  version and the adminEmail so we can reach you if we are aware of a serious problem.
 *  We will never sell it or send you marketing mail.
 *
 *  If you want to block this check-in and remain set 'blockDailyCheck' to true.
 */
blockDailyCheck: true,


/*  We're very proud that CryptPad is available to the public as free software!
 *  We do, however, still need to pay our bills as we develop the platform.
 *
 *  By default CryptPad will prompt users to consider donating to
 *  our OpenCollective campaign. We publish the state of our finances periodically
 *  so you can decide for yourself whether our expenses are reasonable.
 *
 *  You can disable any solicitations for donations by setting 'removeDonateButton' to true,
 *  but we'd appreciate it if you didn't!
 */
removeDonateButton: true,

/* undocumented: disable anonymous file upload in drive */
disableAnonymousStore: true,

/* undocumented: disable crowdfunding messages */
disableCrowdfundingMessages: true,

After exiting the config, run npm run build to generate metadata.

Customization

Can be done as described here.

Nginx

Setting up nginx is also mainly an issue of fetching the template and modifying it. I use the EEF certbot for SSL certificates, which adds it’s own config file, so the certificate specific stuff could mainly be removed. One thing that caused me problems was mixing up the main and sandbox servers. Another is that the config has settings to allow separate endpoints for the API and for files - this would require extra setup so after strange bugs, I realised that I can just have them all point to the same place:

set $api_domain "docs.ahiru.pl";
set $files_domain "docs.ahiru.pl";

Services

Coz I’m a lazy slob, I don’t want to have to restart things each time my Pi dies, so I added a service file. A template for which is provided via the docs, which is always nice. It requires some modifying for it to point to the correct places, but otherwise works fine. At this point I also setup a dedicated user for this:

sudo useradd cryptpad -d /media/data/cryptpad/
sudo chown -R cryptpad:cryptpad cryptpad/

Troubleshooting

CryptPad has a nice option where you can call an endpoint for it to run a load of tests. This is nice, but the errors are somewhat cryptic. At least for me. Some fixes:

  • mkdir block && touch block/placeholder.txt - dunno why this folder isn’t created automatically
  • make sure all paths in the service file point to the right place. They’re unfortunately not all in the same place, so s//g is your friend