Joplin Server 2.9 LXC Build

Joplin is my current note-taking app of choice because markdown notes are easy to read and I like the cross-platform support. Markdown is supported by many applications so there is no threat of being locked into a specific application.

In order to centrally store and share notes with other users in my home network, I reverse-engineered the docker build file and ran Joplin server in an Debian based LXC. I have included all of the steps to build your own.

1. Start by ensuring the apt tree is up-to-date. Apache2 is needed for reverse proxy functionality, however nginx can be used in its place.

    apt update
    apt upgrade
    apt install -y git vim curl postgresql make gcc g++ apache2
    curl -fsSL https://deb.nodesource.com/setup_16.x | bash -
    apt update
    apt upgrade
    apt install nodejs
    npm install -g pm2
   

2. Generate a self-signed https certificate, be sure to enter the IP address of the server as the Common Name. You can also use Lets Encrpyt if you so choose.

    openssl req -x509 -nodes -days 10000 -newkey rsa:4096 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
   

3. Switch to the postgres user to create a database and user for Joplin to use. Generate a secure password to use here. One method of doing so is using openssl

    openssl rand -base64 32
    su postgres
    psql
   

    REVOKE ALL PRIVILEGES ON SCHEMA public FROM PUBLIC;
    CREATE DATABASE joplin;
    CREATE USER joplin with password 'supers$cret';
    GRANT ALL PRIVILEGES ON DATABASE joplin to joplin;
   

4. As root, create joplin directory and joplin user

    mkdir -p /opt/joplin/packages/{fork-sax,lib}
    useradd --create-home --shell /bin/bash joplin
    chown -R joplin:joplin /opt/joplin
    su -l joplin
    git clone https://github.com/laurent22/joplin.git
   

5. Copy needed files from git repo into the joplin directory

    cp joplin/packages/fork-sax/package*.json /opt/joplin/packages/fork-sax/
    cp joplin/packages/lib/package*.json /opt/joplin/packages/lib/
    cp joplin/lerna.json /opt/joplin/
    cp joplin/tsconfig.json /opt/joplin/
    cp joplin/package*.json /opt/joplin/
    cp -r joplin/packages/fork-htmlparser2/ /opt/joplin/packages/
    cp -r joplin/packages/turndown-plugin-gfm/ /opt/joplin/packages
    cp -r joplin/packages/turndown/ /opt/joplin/packages/
    cp -r joplin/packages/renderer/ /opt/joplin/packages/
    cp -r joplin/packages/server/ /opt/joplin/packages/
    cp -r joplin/packages/tools/ /opt/joplin/packages/
    cp -r joplin/packages/lib /opt/joplin/packages/
    cp -r joplin/packages/htmlpack/ /opt/joplin/packages/
   

6. Build the application using npm

    cd /opt/joplin/
    BUILD_SEQUENCIAL=1 yarn install --inline-builds
   

7. Create autostart file for PM2 to use, updating the server IP. This will set the necessary environment variables for Joplin to use.

    $ cat /opt/joplin/packages/server/ecosystem.config.js
    module.exports = {
    apps : [
        {
            name: "joplin-server",
            script: "/opt/joplin/packages/server/dist/app.js",
            watch: false,
            env: {
            "DB_CLIENT": "pg",
        "POSTGRES_DATABASE": "joplin",
        "POSTGRES_PASSWORD": "supers$cret",
        "POSTGRES_USER": "joplin",
        "APP_BASE_URL": "https://<server IP>/joplin",
        "NODE_ENV": "development"
            }
        }
    ]
    }
   

8. Add the following line as a cron to joplin user to autostart server on boot

    @reboot sh -c 'cd /opt/joplin/packages/server/ && pm2 start /opt/joplin/packages/server/ecosystem.config.js'
   

9. Switch back to root user and enable proxy services in Apache

    a2enmod proxy
    a2enmod proxy_http
    a2enmod ssl
   

10. Create reverse proxy in Apache using the configuration below, updating the server IP.

    <IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        ProxyPreserveHost On
        ProxyPass "/joplin" http://localhost:22300
        ProxyPassReverse "/joplin" http://localhost:22300
    
        ServerName <serverIP/hostname>
        SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
    
        SSLEngine on
    
        # Intermediate configuration, tweak to your needs
        SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        SSLHonorCipherOrder     off
        SSLSessionTickets       off
    
        SSLOptions +StrictRequire
    
        # Add vhost name to log entries:
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
        LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
    </VirtualHost>
    </IfModule>
    

11. Enable the site with a2ensite.

    a2ensite 000-default-ssl
    

12. Reboot the server to ensure services will auto-start on their own. Running the command pm2 logs as the joplin user can be used to diagnose any issues.

With the server running, connect to the UI in a web browser at https://<serverIP>. The default user is admin@localhost and the default password is admin. You should change this after logging in successfully. From here, create new users and then set the username, password, and server URL within the Joplin desktop application. If you do not have a signed certificate, check the box to Ignore TLS certificate errors under the Advanced Sync Settings.