Cryptpad is an open-source office suite program that you can self host on your server. It is similar to Office 365 that allows you to access an office suite right from the browser. The main difference is that Cryptpad focuses on user privacy and allows you to create and share documents without the risk of leaking any personal information.
This tutorial shows how to install Cryptpad on your server, how Cryptpad works and how you can create your first user account.
What Is Cryptpad and Why Should You Use It?
Cryptpad is an online office suite that provides you with a privacy-oriented alternative for collaborative document editing. Similar to online suites, such as Office 365 and Google Docs, it allows you to create and share documents with other people over the Internet.
One of the biggest advantages of Cryptpad over Office 365 is that it is fully end-to-end encrypted. Only you and your collaborators can access the document that you are editing, which could be useful when sharing documents that contain sensitive information with other people.
Cryptpad also excels over Office 365 in that you can fully self-host it on your own hardware. This is especially helpful if you are concerned about storing your information on a third-party provider.
Do you know: uou can easily share a Google Docs document over email.
Requirements
Before you can install Cryptpad, you need to make sure that you have the following resources ready:
- Machine that is accessible from an outside network
- At least 2GB of RAM and 20GB of storage
- Domain name (and a sub-domain name) pointing to your server’s IP address
Note: this tutorial was created on an Ubuntu VPS from Digitalocean.
Tip: while Cryptpad will work from a stock VPS, its developers highly recommend that you also secure your Linux server before installing the program.
Installing Cryptpad
- Install the dependencies of Cryptpad:
sudo gpasswd -a www-data ramces sudo apt install git nodejs npm nginx certbot python3-certbot-nginx
- Clone the program’s source code from its repository:
git clone https://github.com/xwiki-labs/cryptpad.git cryptpad
- Go inside the repository and switch to the latest branch:
cd cryptpad git checkout -b 5.2.1
- Use
npmto install Bower, a package manager that helps install some of the libraries that Cryptpad needs.
sudo npm install -g bower
- Install the Cryptpad binary by running both
npmandbowerinside the repository.
npm install bower install
Good to know: you don’t need Microsoft Office to open and view a docx file. learn about other ways to open the docx file you have.
Configuring the SSL Certificate
Once Cryptpad is in your machine, you can run Certbot to create the certificate for your instance:
sudo certbot certonly --standalone
This will bring up a prompt that asks for your email address.
The Certbot utility will ask for the domains that you want to link to your certificate. Enter both the root and subdomain.
Create a Diffie-Hellman parameter file for your instance. This is a security measure that the developers require to ensure that your instance is secure.
sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
Good to know: you can learn more about OpenSSL and TLS by creating your own self-signed certificate.
Configuring Nginx
To configure Nginx to serve Cryptpad to your domain, you can make use of the example config file provided by the developers.
sudo cp /home/$USER/cryptpad/docs/example.nginx.conf /etc/nginx/conf.d/cryptpad.conf
Modify your new configuration file with a text editor.
sudo nano /etc/nginx/conf.d/cryptpad.conf
Change some variables to make this file work. First, comment the include letsencrypt-webroot; line.
Next, modify both the $main_domain and $sandbox_domain variables. The former should contain your root domain, while the latter should contain your subdomain.
Also modify $api_domain and $files_domain. Unlike the ones above, you only need to change them to your machine’s root domain.
Change the server_name variable to both your root and subdomain.
Change ssl_certificate and ssl_certificate_key to the location of your SSL certificate.
Lastly, replace the value of the root variable with the location of your Cryptpad repository.
Configuring Cryptpad
Use the example config file provided by the developers by running:
cp /home/$USER/cryptpad/config/config.example.js /home/$USER/cryptpad/config/config.js
Open it with a text editor and change the httpUnsafeOrigin: variable to your root domain.
Change the httpSafeOrigin: variable to your subdomain.
Add the following line of code immediately after the httpSafeOrigin: variable.
adminEmail: 'working_email@address.here',
Creating the SystemD Service
It is also possible to link Cryptpad to a SystemD service to allow you to launch it during the system startup by running the following:
nano /home/$USER/cryptpad/docs/cryptpad.service
The code block below is a version that I have modified to work with my machine.
[Unit] Description=Cryptpad Service # Replace the username values with your own username. [Service] ExecStart=/bin/node /home/ramces/cryptpad/server.js WorkingDirectory=/home/ramces/cryptpad Restart=always RestartSec=2 StandardOutput=syslog StandardError=syslog SyslogIdentifier=ramces User=ramces Group=ramces Environment='PWD="/home/ramces/cryptpad"' LimitNOFILE=1000000 [Install] WantedBy=multi-user.target
Save and exit this file, then copy it to the SystemD service folder:
sudo cp /home/$USER/cryptpad/docs/cryptpad.service /etc/systemd/system/cryptpad.service
Reload SystemD to enable your service file:
sudo systemctl daemon-reload sudo systemctl enable cryptpad sudo systemctl start cryptpad sudo systemctl reload nginx
Running Cryptpad
If everything is done correctly, you should be able to access Cryptpad through your root domain.
Creating Your Admin Account in Cryptpad
While you can use Cryptpad without an account, it is good practice to create an Admin user to allow you to manage your instance through its web interface.
- Press “Sign Up” on Cryptpad’s home page.
- Enter your username and password to create a new account.
- Once you are logged in, click the “User Menu” button on the page’s upper-right corner.
- Click “Settings.”
- Copy the contents of the “Public Signing Key” text box.
- Go back to your repository folder and open your configuration file:
nano /home/$USER/cryptpad/config/config.js
Look for the adminKeys: variable and paste your signing key in between the square brackets:
- Reload your Cryptpad instance through SystemD:
sudo systemctl restart cryptpad
Frequently Asked Questions
Why am I getting a blank page when I try to connect to Cryptpad?
This issue is most likely due to your machine’s DNS record still not propagating across major DNS servers. You can fix this by reducing the TTL value in your domain’s DNS record page to 3600.
How do I update Cryptpad after I have installed it?
You can update Cryptpad by going to your repository and running git pull. This will download all the latest source files for Cryptpad. After that, you also need to run npm update && bower update to update your binary files.
Image credit: Unsplash. All alterations and screenshots by Ramces Red.
Our latest tutorials delivered straight to your inbox
