Etebase: Difference between revisions

From NixOS Wiki
imported>Aktaboot
No edit summary
m Modified Caddy example values to reflect Nginx example
 
(6 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[https://www.etebase.com/ {{PAGENAME}}] is an end-to-end encrypted backend as a service. Think Firebase, but encrypted in a way that only your users can access their data.
[https://www.etebase.com/ {{PAGENAME}}] is an end-to-end encrypted backend as a service. Think Firebase, but encrypted in a way that only your users can access their data.


== Example configurations ==
* For the server to accept requests from a remote machine {{nixos:option|services.etebase-server.settings.allowed_hosts.allowed_host1}} variable should be set as the server's subdomain/domain name and your proxy has to present a {{ic| Host}} header.
* The django [https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY secret key] is preferably a randomly generated key, the use of a secret managing scheme might prove useful. see [[Comparison_of_secret_managing_schemes]].
* {{nixos:option|services.etebase-server.global.secret_file}} needs to be writeable by configured {{nixos:option|services.etebase-server.user}}. If you're experiencing errors on initial setup, make sure there is no file at the filepath so that Etebase can generate it
=== Nginx example ===
This is a basic configuration to run the Etebase server:
This is a basic configuration to run the Etebase server:


<syntaxHighlight lang=nix>
<syntaxhighlight lang="nixos">
services = {
  networking.firewall.allowedTCPPorts = [ 443 ];
  services = {
     etebase-server = {
     etebase-server = {
       enable = true;
       enable = true;
       port = 8001;  
       unixSocket = "/var/lib/etebase-server/etebase-server.sock";
      user = "etebase-server";
       settings = {
       settings = {
         global.secret_file = /path/to/secret;
        global.debug = false;
         allowed_hosts.allowed_host1 = "http:/etebase./your.domain/";
         global.secret_file = "/path/to/secret";
         allowed_hosts.allowed_host1 = "etebase.your.domain";
       };
       };
     };
     };
</syntaxHighlight>
    nginx = {
      enable = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedGzipSettings = true;
      virtualHosts."etebase.your.domain" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = "http://unix:/var/lib/etebase-server/etebase-server.sock";
      };
    };
  };
</syntaxhighlight>


For the server to accept requests from a remote machine {{ic| allowed_host1}} variable should be set as the server's subdomain/domain name.
=== Caddy example ===
<syntaxhighlight lang="nixos">
services.caddy = {
  enable = true;
  virtualHosts = {
    "etebase.your.domain".extraConfig = ''
      reverse_proxy 127.0.0.1:8001 {
        header_up Host {upstream_hostport}
      }
    '';
  };
};


The django [https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY secret key] is preferably a randomly generated key, the use of a secret managing scheme might prove useful. see [[Comparison_of_secret_managing_schemes]].
services.etebase-server = {
  enable = true;
  settings = {
    allowed_hosts = {
      allowed_host2 = "etebase.your.domain";
      allowed_host1 = "127.0.0.1";
    };
    global.secret_file = "/path/to/secret";
  };
};
</syntaxhighlight>


== Admin user ==
== Admin user ==
Line 23: Line 68:
To use the Etebase server, the creation of an admin account is required. This requires manual intervention:
To use the Etebase server, the creation of an admin account is required. This requires manual intervention:


==== CLI Method ====
{{Note|This method possibly might only when using the NixOS service. If this command fails, use the INI Method described below}}
<syntaxhighlight lang="bash">
sudo etebase-server createsuperuser
</syntaxhighlight>
==== INI Method ====
First you need to find where the generated {{ic|.ini}} configuration file is located:
First you need to find where the generated {{ic|.ini}} configuration file is located:
<syntaxHighlight lang=sh>
<syntaxHighlight lang=sh>
Line 29: Line 81:




As a super user, run this command: <code>ETEBASE_EASY_CONFIG_INI=/path/to/etebase-server.ini etebase-server createsuperuser</code> and that should prompt you to create a user.
As a super user, run this command: <code>ETEBASE_EASY_CONFIG_PATH=/path/to/etebase-server.ini etebase-server createsuperuser</code> and that should prompt you to create a user.


Login with these credentials to http://your.domain/admin and create users for your etebase clients through the GUI.
==== After ====
Login with these credentials to https://etebase.your.domain/admin and create users for your etebase clients through the GUI.


== See also ==
== See also ==
* https://github.com/etesync/server#usage
* https://github.com/etesync/server#usage
[[Category:Server]]

Latest revision as of 12:21, 2 September 2024

Etebase is an end-to-end encrypted backend as a service. Think Firebase, but encrypted in a way that only your users can access their data.


Example configurations

Nginx example

This is a basic configuration to run the Etebase server:

  networking.firewall.allowedTCPPorts = [ 443 ];
  services = {
    etebase-server = {
      enable = true;
      unixSocket = "/var/lib/etebase-server/etebase-server.sock"; 
      user = "etebase-server";
      settings = {
        global.debug = false;
        global.secret_file = "/path/to/secret";
        allowed_hosts.allowed_host1 = "etebase.your.domain";
      };
    };
    nginx = {
      enable = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedGzipSettings = true;
      virtualHosts."etebase.your.domain" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = "http://unix:/var/lib/etebase-server/etebase-server.sock";
      };
    };
  };

Caddy example

services.caddy = {
  enable = true;
  virtualHosts = {
    "etebase.your.domain".extraConfig = ''
      reverse_proxy 127.0.0.1:8001 {
        header_up Host {upstream_hostport}
      }
    '';
  };
};

services.etebase-server = {
  enable = true;
  settings = {
    allowed_hosts = {
      allowed_host2 = "etebase.your.domain";
      allowed_host1 = "127.0.0.1";
    };
    global.secret_file = "/path/to/secret";
  };
};

Admin user

To use the Etebase server, the creation of an admin account is required. This requires manual intervention:

CLI Method

Note: This method possibly might only when using the NixOS service. If this command fails, use the INI Method described below
sudo etebase-server createsuperuser

INI Method

First you need to find where the generated .ini configuration file is located:

ls /nix/store | grep etebase-server.ini


As a super user, run this command: ETEBASE_EASY_CONFIG_PATH=/path/to/etebase-server.ini etebase-server createsuperuser and that should prompt you to create a user.

After

Login with these credentials to https://etebase.your.domain/admin and create users for your etebase clients through the GUI.

See also