- Edited
Hi,
I'm trying to use cryptpad with docker. Normally such things are not an issue for me but with the original cryptpad container I'm not able to get it working.
config.js
httpUnsafeOrigin: 'https://sub1.domain.tld',
httpSafeOrigin: 'https://sub2.domain.tld',
httpAddress: '0.0.0.0',
httpPort: 3000,
httpSafePort: 3001,
websocketPort: 3003,
adminKeys: [
"[admin@domain/key]",
],
filePath: './datastore/',
archivePath: './data/archive',
pinPath: './data/pins',
taskPath: './data/tasks',
blockPath: './block',
blobPath: './blob',
blobStagingPath: './data/blobstage',
decreePath: './data/decrees',
logPath: './data/logs',
logToStdout: true,
logLevel: 'info',
logFeedback: false,
verbose: false,
installMethod: 'docker',
};
nginx-site.conf
As reverse proxy I use nginx with the [basic example](https://github.com/cryptpad/cryptpad/blob/main/docs/example.nginx.conf) with small changes for port 80 redirections and logging:
server {
listen 12.34.56.78:80;
server_name sub1.domain.tld;
access_log /.../sub1.domain.tld-access.log;
error_log /.../sub1.domain.tld-error.log;
return 301 https://$server_name$request_uri;
}
server {
listen 12.34.56.78:443 ssl http2;
access_log /.../sub1.domain.tld-access.log;
error_log /.../sub1.domain.tld-error.log;
server_name sub1.domain.tld sub2.domain.tld;
ssl_certificate /.../certificate.pem;
ssl_certificate_key /../certificate.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /.../certificate_fullchain.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 150m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
docker-compose.yml:
docker is deployed by docker-compose
version: '3.8'
services:
cryptpad:
image: "cryptpad/cryptpad:version-5.6.0"
container_name: sub1.domain.tld
hostname: cryptpad
environment:
- CPAD_MAIN_DOMAIN=https://sub1.domain.tld
- CPAD_SANDBOX_DOMAIN=https://sub2.domain.tld
- CPAD_CONF=/cryptpad/config/config.js
- CPAD_TRUSTED_PROXY=0.0.0.0/0
- CPAD_REALIP_HEADER=X-Forwarded-For
- CPAD_REALIP_RECURSIVE=on
# Traefik can't use HTTP2 to communicate with cryptpad_websocket
# A workaround is to disable HTTP2 in Nginx
- CPAD_HTTP2_DISABLE=true
volumes:
- ./data/blob:/cryptpad/blob
- ./data/block:/cryptpad/block
- ./customize:/cryptpad/customize
- ./data/data:/cryptpad/data
- ./data/files:/cryptpad/datastore
- ./config/config.js:/cryptpad/config/config.js
ports:
- "3000:3000"
- "3001:3001"
- "3003:3003"
ulimits:
nofile:
soft: 1000000
hard: 1000000
Tests done
My nginx reverse throws 502 Bad Gateway.
A telnet test against 127.0.0.1:3000 shows that the connection is immidately closed by the container
$ telnet 127.0.0.1 3000
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.
With the container from hub.docker.com of elestio/cryptpad and promasu/cryptpad I'm able to get it running.
But I want to use the official one.
What am I doing wrong? :-)