I'm trying to deploy CryptPad on a virtual host. I'm following the admin guide from https://docs.cryptpad.org/en/admin_guide/installation.html but am struggling to setup Nginx.

I've setup a separate user and group for cryptpad, but I suspect I am using the wrong webroot on the acme.sh command line. Every time I try to issue the SSL certs, I get an error about the connection being refused. The admin guide doesn't seem to specify what webroot setting I should be using. I don't think that it's a firewall issue since I can reach the default Nginx page through visiting the site's IP address.

Can anyone offer any suggestions for how to proceed? Thank you in advance!

I was able to setup the TLS certs by following the tutorial provided, but now I am getting a 403 Forbidden webpage when I try to visit my CryptPad instance. From the command line, the files under /home/cryptpad/cryptpad seem to be publicly readable, so I'm not sure what is causing the error...

When I look at the /var/log/nginx/error.log file I see recent entries that start out like this:

2025/01/10 11:56:38 [error] 96876#96876: *21 open() "/home/cryptpad/cryptpad/customize.dist//.git/config" failed (13: Permission denied)

2025/01/10 11:56:38 [crit] 96876#96876: *21 stat() "/home/cryptpad/cryptpad/customize//.git/config" failed (13: Permission denied)

2025/01/10 11:50:30 [error] 96876#96876: *7 "/home/cryptpad/cryptpad/customize.dist//index.html" is forbidden (13: Permission denied)

There are many other similar lines in the error.log file.

Any ideas for how I can proceed?

I found a solution to my problem while browsing Nginx issues on Stack Overflow. I added:

user cryptpad;

to my /etc/nginx/nginx.conf file. Since this virtual machine will be used only for CryptPad, this seems to be a workable solution.

Many thanks, @David, for your help with my earlier problem!

    Hello @chris0320 , thanks for the feedback / solution and a late welcoem to the forum.

    1. If you need no further help in this thread then please "close" it by marking one of the posts as the solution, so I would say either your last posting or the one David.
    2. If possible please post the part of your nginx-conf (maybe not 1 line, but with some additanal context lines of the conf) where you added "user cryptpad;" so that others can learn from your solution and so that others can comment your solution, if it is missing something.

    Thanks and success

    a month later

    chris0320 user cryptpad;

    Hello,

    You shouldn't be doing that. Nginx should be running under its own user.

    If either Nginx or CryptPad are facing a security vulnerability, both could be attacked and all your data could be compromised.

    I believe your issue is tied to the fact that on modern Linux distributions, you cannot access home directories from one user to the other. So you have to explicitly give permission for other users to navigate the cryptpad user's home.

    This can be done by using the following command:

    sudo chmod o+x /home/cryptpad/

    Hope this helps!