CryptPad is an open-source, privacy-focused collaborative platform that enables users to create and share encrypted documents, spreadsheets, kanban boards, and more. Designed with end-to-end encryption, CryptPad ensures user data remains private and inaccessible to the server operator. Self-hosting CryptPad empowers users with full control over their data, customization options, and enhanced security. In this guide, we’ll cover how to install, configure, and manage CryptPad, ensuring a smooth and secure deployment tailored to your needs.
Installing CryptPad
📦 Docker/Docker Compose Setup
Docker is the most efficient way to run CryptPad with minimal dependency management. Below is a docker-compose.yml
file configured for CryptPad:
version: '3.7'
services:
cryptpad:
image: cryptpad/cryptpad:latest
container_name: cryptpad
ports:
- "3000:3000"
volumes:
- cryptpad_data:/cryptpad/data
- cryptpad_custom:/cryptpad/customize
environment:
- NODE_ENV=production
restart: always
volumes:
cryptpad_data:
driver: local
cryptpad_custom:
driver: local
To deploy CryptPad using Docker Compose:
nano docker-compose.yml
## Start the CryptPad container
docker-compose up -d
## Verify CryptPad is running
docker ps
Access CryptPad on http://<your-server-ip>:3000
.
🚀 Manual Installation
For those not using Docker, follow these steps to install CryptPad manually on a Linux server:
- Install Node.js, npm, and required dependencies:
sudo apt update
sudo apt install -y nodejs npm git build-essential
- Clone the CryptPad repository:
git clone https://github.com/xwiki-labs/cryptpad.git
cd cryptpad
- Install dependencies and build CryptPad:
npm install
npm run build
- Start CryptPad:
NODE_ENV=production node server.js
CryptPad will be accessible on http://<your-server-ip>:3000
.
Configuring Nginx as a Reverse Proxy
🌐 Nginx Configuration
To serve CryptPad through Nginx, create an Nginx server block:
server {
listen 80;
server_name cryptpad.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Save the configuration as /etc/nginx/sites-available/cryptpad
and enable it:
sudo ln -s /etc/nginx/sites-available/cryptpad /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
🔒 SSL/TLS Setup
Secure CryptPad with Let's Encrypt:
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d cryptpad.example.com
Automate certificate renewal:
sudo systemctl enable certbot-renew.timer
sudo systemctl start certbot-renew.timer
🛠️ Testing and Reloading Nginx
After configuring Nginx, reload it and ensure the service is active:
sudo nginx -t
sudo systemctl reload nginx
Logging and Debugging CryptPad
🗃️ Enabling Debug Logs
Increase the log verbosity in config/config.json
by setting logLevel
to debug
:
"logLevel": "debug"
Restart CryptPad to apply changes:
docker restart cryptpad # if using Docker
## OR
pkill -f node && NODE_ENV=production node server.js # manual setup
📄 Viewing Logs
View CryptPad logs directly:
## For Docker
docker logs cryptpad
## For manual setup
cat logs/cryptpad.log
🛠️ Troubleshooting Common Issues
Check for common errors like missing dependencies or port conflicts in the logs. For example:
-
Missing
NODE_ENV=production
: Ensure the environment variable is set before running the app. -
Port conflicts: Use
netstat -tuln | grep 3000
to identify conflicting services.
📤 Exporting Logs
Forward logs to an external system like ELK Stack:
docker logs cryptpad > /path/to/export/cryptpad.log
Backup and Restore
🗂️ File-Based Backups
Backup CryptPad’s data directory:
## For Docker
docker cp cryptpad:/cryptpad/data /backup/cryptpad_data
## For manual setup
tar -czvf cryptpad_backup.tar.gz /path/to/cryptpad/data
🔄 Database Backups
If CryptPad uses a database (e.g., for advanced configurations), export it:
mysqldump -u root -p cryptpad_db > cryptpad_db_backup.sql
📅 Automated Backup Scripts
Automate periodic backups with a cron job:
crontab -e
## Add the following line to schedule daily backups at 3 AM
0 3 * * * docker cp cryptpad:/cryptpad/data /backup/cryptpad_data
Updating and Upgrading CryptPad
⬆️ Updating Docker Images
Update CryptPad with Docker:
docker-compose pull
docker-compose down
docker-compose up -d
🛠️ Manual Updates
Pull the latest code and rebuild:
cd /path/to/cryptpad
git pull
npm install
npm run build
Restart the app:
pkill -f node && NODE_ENV=production node server.js
🔍 Checking for Updates
Visit CryptPad’s GitHub repository or official documentation for the latest release notes:
https://github.com/xwiki-labs/cryptpad/releases
Leveraging CryptPad’s Unique Features
🔧 Enabling APIs
CryptPad provides APIs for advanced integrations. Enable API access in config/config.json
:
"api": {
"enabled": true,
"authKey": "your-secure-api-key"
}
Use the API for automation:
curl -H "Authorization: Bearer your-secure-api-key" http://localhost:3000/api/some-endpoint
🌟 Advanced Configurations
Customize CryptPad by modifying the config/config.json
file:
"adminEmail": "[email protected]",
"maxUploadSize": 10485760, // 10 MB
"allowSubscriptions": true
Restart CryptPad after making changes:
docker restart cryptpad
Wrapping Up
Self-hosting CryptPad provides unparalleled control over your collaborative tools while ensuring data privacy and customization. By following this guide, you’ve learned how to deploy, secure, and manage CryptPad effectively. Start leveraging its powerful features today to create a secure and private workspace tailored to your needs.