Hedgedoc

From NixOS Wiki

Hedgedoc is a is an open-source, web-based, self-hosted, collaborative markdown editor.

You can use it to easily collaborate on notes, graphs and even presentations in real-time. For this you can use a just the same link to the pad.

Install and run hedgedoc

You can just enable it. There are 15 options in Nixpkgs to configure it.

  services.hedgedoc = {
    enable = true;
  }

Usage with nginx reverse proxy

Hedgedoc itself provides a web server. In most cases you will use a web server like nginx to provide SSL and access to static hedgedoc files as well as the hedgedoc websocket. In a setup with a VM/internal machine on 192.168.1.100 and a public accessible reverse proxy/VM host running the „hedgedoc.example.com“ domain you will probably use a setup like this:

Hedgedoc server (virtual machine/internal server)

Hedgedoc does not need more than a handful options for configuration. Notice: With this configuration it is freely usable without authentification. In the current version of hedgedoc there is no admin backend. To restrict usage yo

  networking.firewall = {
    allowedTCPPorts = [ 8001 ];
  };
  services.hedgedoc = {
    enable = true;
    settings.domain = "hedgedoc.example.com";
    settings.port = 8001; 
    settings.host = "192.168.1.100"; # IP of the VM (or public IP of webserver)
    settings.protocolUseSSL = true;
    settings.allowOrigin = [
        "localhost"
        "hedgedoc.example.com"
    ];
  };

Nginx reverse proxy (virtualization host/server with public IPv4)

The reverse proxy for https://hedgedoc.example.com with an internal hedgedoc server running on 192.168.1.100 will work with this:

services.nginx = {
    enable = true;

    # Use recommended settings
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    # Only allow PFS-enabled ciphers with AES256
    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";

    virtualHosts."hedgedoc.example.com" = {
        forceSSL = true;
        enableACME = true;
        root = "/var/www/hedgedoc";
        locations."/".proxyPass = "http://192.168.1.100:8001";
        locations."/socket.io/" = {
          proxyPass = "http://192.168.1.100:8001";
          proxyWebsockets = true;
          extraConfig =
            "proxy_ssl_server_name on;"
            ;
        };
    };
  };

Troubleshooting

(nothing yet)

References