Cryptpad is a Zero Knowledge realtime collaborative editor. It is based on Node.js and comes with encryption. It relies on the ChainPad.
For this guide you need some tools:
Your website domain or subdomain needs to be setup up:
[isabell@stardust ~]$ uberspace web domain list isabell.uber.space [isabell@stardust ~]$
We also need Bower:
[isabell@stardust ~]$ npm install -g bower npm WARN deprecated email@example.com: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
Please ignore Bower’s warning. As of this writing, CryptPad still uses Bower (not Yarn, not Parcel), and so will you.
Start with cloning the Cryptpad source code from Github and be sure to replace the branch
4.14.0 with the current release number from the feed:
[isabell@stardust ~]$ git clone --branch 5.2.1 --depth 1 https://github.com/xwiki-labs/cryptpad.git ~/cryptpad Cloning into '~/cryptpad'... remote: Enumerating objects: 15111, done. remote: Counting objects: 100% (15111/15111), done. remote: Compressing objects: 100% (11685/11685), done. remote: Total 15111 (delta 3527), reused 14548 (delta 3359), pack-reused 0 Receiving objects: 100% (15111/15111), 84.83 MiB | 16.52 MiB/s, done. Resolving deltas: 100% (3527/3527), done. Note: checking out 'b0b4029556d89d8b6b0c30e9dfab528edb65813b'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by performing another checkout. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -b with the checkout command again. Example: git checkout -b <new-branch-name> Checking out files: 100% (19152/19152), done. [isabell@stardust ~]$
Now we need to install the dependencies:
[isabell@stardust ~]$ cd ~/cryptpad [isabell@stardust cryptpad]$ npm install added 212 packages from 231 contributors and audited 375 packages in 4.828s (...) found 0 vulnerabilities [isabell@stardust cryptpad]$ bower install (...) [isabell@stardust cryptpad]$
Copy example configuration¶
[isabell@stardust ~]$ cd ~/cryptpad/ [isabell@stardust cryptpad]$ cp config/config.example.js config/config.js [isabell@stardust cryptpad]$
config/config.js in an editor and edit following lines:
Replace your instance URL for
This is the URL that will be used from the outside to access the Cryptpad installation.
2. Find the line
//httpAddress: '::', and uncomment it by removing the two slashes. The value
:: remains as it is.
This will make sure that the server listens on all network interfaces.
Find the line
//httpSafePort: 3000,, uncomment it and replace the port with 80:
Unfortunatley, it seems impossible to run Cryptpad with an unsafe and a safe domain as suggested. This would make it possible to mitigate cross site scripting attacks. That is why only the httpUnsafeOrigin is set while the httpSafeOrigin`is not set. So it is surprsing that the `httpSafePort needs to be set. This is hack to make Cryptpad generate the correct URL in the HTML.
If you forget to make change 2, the command
uberspace web backend list will later complain as follows:
[isabell@stardust ~]$ uberspace web backend list / http:3000 => NOT OK, wrong interface (127.0.0.1): PID 15682, /usr/bin/node server
~/etc/services.d/cryptpad.ini with the following content:
[program:cryptpad] directory=%(ENV_HOME)s/cryptpad command=node server startsecs=60 autorestart=yes
Now let’s start the service:
After creating the configuration, tell supervisord to refresh its configuration and start the service:
[isabell@stardust ~]$ supervisorctl reread SERVICE: available [isabell@stardust ~]$ supervisorctl update SERVICE: added process group [isabell@stardust ~]$ supervisorctl status SERVICE RUNNING pid 26020, uptime 0:03:14 [isabell@stardust ~]$
Configure web server¶
Cryptpad is running on port 3000. You need to use
/ or a sub-domain since subfolders are not allowed in cryptpad.
To make the application accessible from the outside, configure a web backend:
[isabell@stardust ~]$ uberspace web backend set / --http --port <port> Set backend for / to port <port>; please make sure something is listening! You can always check the status of your backend using "uberspace web backend list". [isabell@stardust ~]$
For any further configuration or customization you should have a look at the Cryptpad Wiki.
Also you should configure a password salt as explained in the Cryptpad Admin Guide. You probably want to set up an admin account in
Check the update feed regularly to stay informed about the newest version.
If there is a new version available, you can get the code using git. Replace the version number
4.14.0 with the latest version number you got from the release feed:
[isabell@stardust ~]$ cd ~/cryptpad [isabell@stardust cryptpad]$ git pull origin 5.2.1 From https://github.com/xwiki-labs/cryptpad * tag 4.14.0 -> FETCH_HEAD Already up to date. [isabell@stardust cryptpad]$
Now update the dependencies:
[isabell@stardust cryptpad]$ npm install removed 1 package and audited 313 packages in 14.535s found 0 vulnerabilities [isabell@stardust cryptpad]$ bower update (...) [isabell@stardust cryptpad]$
Then you need to restart the service, so the new code is used by the webserver:
[isabell@stardust cryptpad]$ supervisorctl restart cryptpad [isabell@stardust cryptpad]$
Tested with Cryptpad 5.2.1 and Uberspace 7.14.0Written by: humbug <firstname.lastname@example.org>