August 27, 2021

Dockerized HedgeDoc on a Raspberry Pi

HedgeDoc is a Web application that provides a collaborative notepad. Things like an online family notepad to write grocery lists or plan the next trip can be realized. It is pretty easy to self-host this tool on a Raspberry Pi using Docker.

Unfortunately, there is no official Docker image for ARM. Instead one has to use the one from linuxserver.io or build the image on your own.

When testing the linuxserver.io image, I ran into a problem: for small installations, you probably want to use the CLI tool manage_users provided by HedgeDoc to create users as you do not have things like an LDAP server. However, that CLI tool does not work as it assumes that a Postgres database is used, not a MariaDB database, as defined by the docker-compose.yml file provided by linuxserver.io.

However, it is relatively easy to change the database to Postgres. Here is my docker-compose.yml that also contains some other configurations later used for proxying, etc…:

version: '3'
services:
  hd_db:
    container_name: hd_db
    image: postgres:13.4-alpine
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=hedgedoc
      - TZ=Europe/Berlin
    volumes:
      - ./database:/var/lib/postgresql/data
    restart: always
  hd_app:
    container_name: hd_app
    image: ghcr.io/linuxserver/hedgedoc:latest
    #image: quay.io/hedgedoc/hedgedoc:1.8.2
    environment:
      - CMD_DB_URL=postgres://hedgedoc:password@hd_db:5432/hedgedoc
      - CMD_DOMAIN=hedgedoc.domain.tld
      - CMD_PROTOCOL_USESSL=true
      - CMD_HSTS_ENABLE=true
      - CMD_URL_ADDPORT=false
      - CMD_SESSION_SECRET=secret
      - PGID=1000
      - PUID=1000
      - TZ=Europe/Berlin
      - CMD_ALLOW_ANONYMOUS=false       #no guests can create docs
      - CMD_ALLOW_ANONYMOUS_EDITS=true  #allow sharing existing docs with guests
      - CMD_ALLOW_FREEURL=true          #create docs http://hedgedoc.domain.tls/doc
      - CMD_EMAIL=true                  #allow login with email
      - CMD_ALLOW_EMAIL_REGISTER=false  #no public registration
    volumes:
      - ./hduploads:/opt/hedgedoc/public/uploads/
      - ./hdconfig:/config
    ports:
      - "3000:3000"
    restart: always
    depends_on:
      - hd_db

As we want to proxy the app to the Web, we need a configuration for Nginx. Mine is heavily inspired by the Nginx config example that can be found on the HedgeDoc Web page. I’m assuming that you already have Let’s Encrypt certificates for your domain and can create subdomains.

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}

server {
    server_name hedgedoc.domain.tld;
        location / {
                proxy_pass http://127.0.0.1:3000;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /socket.io/ {
                proxy_pass http://127.0.0.1:3000;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/hedgedoc.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/hedgedoc.domain.tld/privkey.pem;
}

server {
    if ($host = hedgedoc.domain.tld) {
        return 301 https://$host$request_uri;
    }
    server_name hedgedoc.domain.tld;
    listen 80;
    return 404;
}

On my machine, docker-compose up -d does not work when you spin up the containers for the first time. I assume Postgres is not ready when HedgeDoc tries to create the initial database entries. Just say docker-compose down and docker-compose up -d - stuff should be running now.

The last change you want to make is chowning the directory for the uploaded images to 1000:1000: just execute chown 1000:1000 -R hduploads.

Your instance should be running fine now, but there are no users yet. Just execute docker exec hd_app opt/hedgedoc/bin/manage_users --add name@mail.foo --pass somepassword. You can now log in to your instance.

© ho1ger 2015 - 2021