New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running cryptpad as background service #62

Closed
pojebunny opened this Issue Dec 3, 2016 · 9 comments

Comments

Projects
None yet
5 participants
@pojebunny
Contributor

pojebunny commented Dec 3, 2016

Going through installation guide I've found out that there is no mention of "How to run Cryptpad as background service" or "How to run Cryptpad with nginx/apache".

Running node with screen results in "Cannot GET /" when no address extensions is specified. Accessing pads works flawlessly.

  • screen -DmS node /cryptpad/location/server.js

Running node with systemd is a way to go if you want cryptpad as background service accessible on port specified in settings file:

  • Add cryptpad.service file to /etc/systemd/system/
  • Fill it with:
[Unit]
Description=cryptpad
After=network.target

[Service]
ExecStart=/usr/bin/node /root/of/your/cryptpad/server.js
Restart=always
User=nobody
Group=nobody
Environment=PATH=/usr/bin:/usr/local/bin
Environment=NODE_ENV=production
WorkingDirectory=/root/of/your/cryptpad

[Install]
WantedBy=multi-user.target
  • Start the service with:
    systemctl start cryptpad

My school has a very strict firewall.
Access to cryptpad on port 3000 is blocked, so I've thought about proxypass in nginx, but it only forwards you to port 3000 which is blocked anyway.

@kpcyrd

This comment has been minimized.

Contributor

kpcyrd commented Dec 3, 2016

Access to cryptpad on port 3000 is blocked, so I've thought about proxypass in nginx, but it only forwards you to port 3000 which is blocked anyway.

This should work, can you please post your nginx config?

https://www.nginx.com/resources/admin-guide/reverse-proxy/
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

@pojebunny

This comment has been minimized.

Contributor

pojebunny commented Dec 3, 2016

Well.

  1. Last time I checked schools firewall was filtering it. I'll have to try again.
  2. That's how the main page is passed when using proxy_pass: IMGUR
    For now I'm accessing it localy.

nginx server config:

server {
        listen       80;
        server_name  my_server_name;

        location  /cp/ {
                proxy_pass http://localhost:3000/;
        }
}

nginx.conf file:

user http;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
        include         mime.types;
        include         /etc/nginx/conf.d/*.conf;
        default_type    application/octet-stream;

        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';

        #access_log  logs/access.log  main;

        sendfile        on;
        #tcp_nopush     on;

        #keepalive_timeout  0;
        keepalive_timeout  65;

        #gzip  on;
}

Browser returns errors like this:

http://my_domain_name/bower_components/requirejs/require.js
Failed to load resource: the server responded with a status of 404 (Not Found)

With configuration like this:

server {
        listen       80;
        server_name  codepad.my_domain_name;

        location  / {
                proxy_pass http://localhost:3000/;
        }
}

Main page loads fine, but creating a pad results in:
WebSocket connection to 'ws://codepad.my_domain_name/cryptpad_websocket' failed: Error during WebSocket handshake: Unexpected response code: 303

Thanks to @ansuz I've been able to get a cryptpad.my_domain_name setup running.
Here is a working config file for NGINX:

server {
	listen       80;
	server_name  cryptpad.my_domain_name;

	#charset koi8-r;

	#access_log  logs/host.access.log  main;

	error_log /var/log/nginx/error.log;

	location  / {
                proxy_pass http://localhost:3000/;
		proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection upgrade;
	}
}
@derfalx

This comment has been minimized.

derfalx commented Jan 3, 2017

@pojebunny
You also need to proxy the websocket separately, since it's connecting to ws://domain:port/cryptpad_websocket . I'm not using nginx, but my apache config looks like this:

<VirtualHost *:80>
	Servername cryptpad.your-domain.tld
	ServerAlias www.cryptpad.your-domain.tld

	ProxyPass /cryptpad_websocket ws://127.0.0.1:3000/cryptpad_websocket
	ProxyPassReverse /cryptpad_websocket ws://127.0.0.1:3000/cryptpad_websocket

	ProxyPass / http://127.0.0.1:3000/
	ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>
@ansuz

This comment has been minimized.

Member

ansuz commented Jan 4, 2017

I highly recommend using a new-ish version of nginx, if possible. I use 1.11.4.

As stated above, apache doesn't support websockets, meaning you must use a different port from the rest of the web content, and this generally means that restrictive networks will block the websockets, making your installation unusable for users on that network.

Additionally, we develop everything with nginx in mind, so the solutions that we tend to use might not work for you if you use a different setup.

@derfalx

This comment has been minimized.

derfalx commented Jan 4, 2017

Hm, I've got it set up with apache2 and everything is running fine - web content and -socket on the same port. I just needed to proxy the websocket extra (like posted above).

@ansuz

This comment has been minimized.

Member

ansuz commented Jan 5, 2017

That's good to know. What version of apache? Last time I tried it was hopelessly broken, but that was on a Debian machine, so it might have been a really old package.

@derfalx

This comment has been minimized.

derfalx commented Jan 5, 2017

I'm currently running Apache 2.4.18 on Ubuntu 16.04.

@CheatCoder

This comment has been minimized.

CheatCoder commented Feb 21, 2017

This config is Working for my NGINX installation.
I post it here an hope this is a little usefull.

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

upstream wscrypt {
        server 127.0.0.1:3000;
}


server {
    listen       80;
    server_name crypt.example.com;

    return 301 https://crypt.example.com$request_uri;

}
server {
    listen 443;
    server_name crypt.example.com;


    ssl_certificate /etc/letsencrypt/live/crypt.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/crypt.example.com/privkey.pem;

    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers       on;

    #The following is all one long line. We use an explicit list of ciphers to enable
    #forward secrecy without exposing ciphers vulnerable to the BEAST attack
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;

  location /.well-known/ {
        root /srv/www;
  }


  location / {
        proxy_pass http://wscrypt;
  }

  location /cryptpad_websocket {
        proxy_pass http://wscrypt/cryptpad_websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
  }

}
@ansuz

This comment has been minimized.

Member

ansuz commented Apr 21, 2017

Closing as I'm not sure how this discussion relates to the original issue.

@ansuz ansuz closed this Apr 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment