Hedgedoc: Difference between revisions
m →Nginx reverse proxy (virtualization host/server with public IPv4): Remove link to immaginary example |
Musicmatze (talk | contribs) m Make the first "Hedgedoc" a link to the software website. |
||
(2 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
Hedgedoc is a is an open-source, web-based, self-hosted, collaborative markdown editor. | [https://hedgedoc.org/ Hedgedoc] is a is an open-source, web-based, self-hosted, collaborative markdown editor. | ||
You can use it to easily collaborate on notes, graphs and even presentations in real-time. For this you can use a just the same link to the pad. | You can use it to easily collaborate on notes, graphs and even presentations in real-time. For this you can use a just the same link to the pad. | ||
Line 15: | Line 15: | ||
In a setup with a VM/internal machine on 192.168.1.100 and a public accessible reverse proxy/VM host running the „hedgedoc.example.com“ domain you will probably use a setup like this: | In a setup with a VM/internal machine on 192.168.1.100 and a public accessible reverse proxy/VM host running the „hedgedoc.example.com“ domain you will probably use a setup like this: | ||
=== Hedgedoc server (virtual machine/internal server) === | === Hedgedoc server (virtual machine/internal server) === | ||
Hedgedoc does not need more than a handful options for configuration. | Hedgedoc does not need more than a handful options for configuration. | ||
<syntaxhighlight lang="nixos"> | <syntaxhighlight lang="nixos"> | ||
networking.firewall = { | networking.firewall = { | ||
Line 33: | Line 33: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Notice: With this configuration hedgedoc is freely usable without authentification. In the current version of hedgedoc there is no admin backend. To have control about the users you can restrict usage by disabling self registration (allowEmailRegister) and guest access (allowAnonymous): Set both to false in services.hedgedoc.settings. | |||
=== Nginx reverse proxy (virtualization host/server with public IPv4) === | === Nginx reverse proxy (virtualization host/server with public IPv4) === | ||
The reverse proxy for <code><nowiki>https://hedgedoc.example.com</nowiki></code> with an internal hedgedoc server running on 192.168.1.100 will work with this: | The reverse proxy for <code><nowiki>https://hedgedoc.example.com</nowiki></code> with an internal hedgedoc server running on 192.168.1.100 will work with this: | ||
Line 75: | Line 76: | ||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Cookbook]] | [[Category:Cookbook]] | ||
[[Category:Web Applications]] |
Latest revision as of 14:47, 7 July 2024
Hedgedoc is a is an open-source, web-based, self-hosted, collaborative markdown editor.
You can use it to easily collaborate on notes, graphs and even presentations in real-time. For this you can use a just the same link to the pad.
Install and run hedgedoc
You can just enable it. There are 15 options in Nixpkgs to configure it.
services.hedgedoc = {
enable = true;
}
Usage with nginx reverse proxy
Hedgedoc itself provides a web server. In most cases you will use a web server like nginx to provide SSL and access to static hedgedoc files as well as the hedgedoc websocket. In a setup with a VM/internal machine on 192.168.1.100 and a public accessible reverse proxy/VM host running the „hedgedoc.example.com“ domain you will probably use a setup like this:
Hedgedoc server (virtual machine/internal server)
Hedgedoc does not need more than a handful options for configuration.
networking.firewall = {
allowedTCPPorts = [ 8001 ];
};
services.hedgedoc = {
enable = true;
settings.domain = "hedgedoc.example.com";
settings.port = 8001;
settings.host = "192.168.1.100"; # IP of the VM (or public IP of webserver)
settings.protocolUseSSL = true;
settings.allowOrigin = [
"localhost"
"hedgedoc.example.com"
];
};
Notice: With this configuration hedgedoc is freely usable without authentification. In the current version of hedgedoc there is no admin backend. To have control about the users you can restrict usage by disabling self registration (allowEmailRegister) and guest access (allowAnonymous): Set both to false in services.hedgedoc.settings.
Nginx reverse proxy (virtualization host/server with public IPv4)
The reverse proxy for https://hedgedoc.example.com
with an internal hedgedoc server running on 192.168.1.100 will work with this:
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."hedgedoc.example.com" = {
forceSSL = true;
enableACME = true;
root = "/var/www/hedgedoc";
locations."/".proxyPass = "http://192.168.1.100:8001";
locations."/socket.io/" = {
proxyPass = "http://192.168.1.100:8001";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;"
;
};
};
};
Troubleshooting
(nothing yet)
References
- Hedgedoc (site): https://hedgedoc.org/
- Hedgedoc Nixpgks options: https://search.nixos.org/options?query=hedgedoc
- Hedgedoc (sourcecode): https://github.com/hedgedoc/hedgedoc